Bug 28070

Summary: [Gtk] Crash when saving a password
Product: WebKit Reporter: Bastien Nocera <bugzilla>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: gustavo, jmalonzo, xan.lopez
Priority: P2 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 28463    
Attachments:
Description Flags
soupauthfix.diff eric: review+, xan.lopez: commit-queue-

Description Bastien Nocera 2009-08-07 09:07:47 PDT
1. Go to https://fedorahosted.org/rel-eng/
2. Click "log in"
3. Enter my credentials and select "save password"
4. Benco!

libsoup-2.27.5-1.fc12.x86_64
webkitgtk-1.1.12-1.fc12.x86_64
epiphany-2.27.5-1.fc12.x86_64

(gdb) bt
#0  save_password_callback (msg=<value optimized out>, authData=0xea2540) at WebKit/gtk/webkit/webkitsoupauthdialog.c:117
#1  0x00000030d240bb4e in IA__g_closure_invoke (closure=0xee4970, return_value=0x0, n_param_values=1, param_values=0xf00460, invocation_hint=0x7fffffffc610) at gclosure.c:767
#2  0x00000030d2421d06 in signal_emit_unlocked_R (node=0xdf22d0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247
#3  0x00000030d242312e in IA__g_signal_emit_valist (instance=0x994cc0, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffc800) at gsignal.c:2980
#4  0x00000030d24236a3 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=0) at gsignal.c:3037
#5  0x00007ffff57180b0 in io_read (sock=0xe8aae0, msg=0x994cc0) at soup-message-io.c:835
#6  0x00000030d240bb4e in IA__g_closure_invoke (closure=0xe6da00, return_value=0x0, n_param_values=1, param_values=0xe70720, invocation_hint=0x7fffffffca70) at gclosure.c:767
#7  0x00000030d2421d06 in signal_emit_unlocked_R (node=0x9577f0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247
#8  0x00000030d242312e in IA__g_signal_emit_valist (instance=0xe8aae0, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffcc60) at gsignal.c:2980
#9  0x00000030d24236a3 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=0) at gsignal.c:3037
#10 0x00007ffff5722891 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1181
#11 0x00000030d20391be in g_main_dispatch (context=<value optimized out>) at gmain.c:1960
#12 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2513
#13 0x00000030d203cba8 in g_main_context_iterate (context=0x70c250, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591
#14 0x00000030d203cff5 in IA__g_main_loop_run (loop=0x7b06a0) at gmain.c:2799
#15 0x00007ffff6162f07 in IA__gtk_main () at gtkmain.c:1205
#16 0x000000000042d5a5 in main (argc=can't compute CFA for this frame
) at ephy-main.c:781
(gdb) list
112	static void save_password_callback(SoupMessage* msg, WebKitAuthData* authData)
113	{
114	    /* Check only for Success status codes (2xx) */
115	    if (msg->status_code >= 200 && msg->status_code < 300) {
116	        SoupURI* uri = soup_message_get_uri(authData->msg);
117	        gnome_keyring_set_network_password(NULL,
118	                                           authData->username,
119	                                           soup_auth_get_realm(authData->auth),
120	                                           uri->host,
121	                                           NULL,
(gdb) p uri
$3 = (SoupURI *) 0x0

And with fatal warnings:
libsoup-CRITICAL **: soup_message_get_uri: assertion `SOUP_IS_MESSAGE (msg)' failed
aborting...

Program received signal SIGTRAP, Trace/breakpoint trap.
IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>, args1=0x7fffffffc360) at gmessages.c:512
512		  g_private_set (g_log_depth, GUINT_TO_POINTER (depth));
(gdb) bt
#0  IA__g_logv (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>, args1=0x7fffffffc360) at gmessages.c:512
#1  0x00000030d20433d3 in IA__g_log (log_domain=0x7ffff52c2e98 "\300\n", <incomplete sequence \351>, log_level=15565728, format=0xed83a0 "\020\001") at gmessages.c:526
#2  0x00007ffff57137a4 in soup_message_get_uri (msg=<value optimized out>) at soup-message.c:1431
#3  0x00007ffff694634a in save_password_callback (msg=<value optimized out>, authData=0xe92190) at WebKit/gtk/webkit/webkitsoupauthdialog.c:116
#4  0x00000030d240bb4e in IA__g_closure_invoke (closure=0xed63b0, return_value=0x0, n_param_values=1, param_values=0xe6a580, invocation_hint=0x7fffffffc600) at gclosure.c:767
#5  0x00000030d2421d06 in signal_emit_unlocked_R (node=0xdf2140, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247
#6  0x00000030d242312e in IA__g_signal_emit_valist (instance=0x994cc0, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffc7f0) at gsignal.c:2980
#7  0x00000030d24236a3 in IA__g_signal_emit (instance=0x7ffff52c2e98, signal_id=15565728, detail=15565728) at gsignal.c:3037
#8  0x00007ffff57180b0 in io_read (sock=0xe96220, msg=0x994cc0) at soup-message-io.c:835
#9  0x00000030d240bb4e in IA__g_closure_invoke (closure=0xf075d0, return_value=0x0, n_param_values=1, param_values=0xefc4a0, invocation_hint=0x7fffffffca60) at gclosure.c:767
#10 0x00000030d2421d06 in signal_emit_unlocked_R (node=0x957750, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247
#11 0x00000030d242312e in IA__g_signal_emit_valist (instance=0xe96220, signal_id=<value optimized out>, detail=0, var_args=0x7fffffffcc50) at gsignal.c:2980
#12 0x00000030d24236a3 in IA__g_signal_emit (instance=0x7ffff52c2e98, signal_id=15565728, detail=15565728) at gsignal.c:3037
#13 0x00007ffff5722891 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1181
#14 0x00000030d20391be in g_main_dispatch (context=<value optimized out>) at gmain.c:1960
#15 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2513
#16 0x00000030d203cba8 in g_main_context_iterate (context=0x70c2c0, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591
#17 0x00000030d203cff5 in IA__g_main_loop_run (loop=0x7ab6e0) at gmain.c:2799
#18 0x00007ffff6162f07 in IA__gtk_main () at gtkmain.c:1205
#19 0x000000000042d5a5 in main (argc=can't compute CFA for this frame
) at ephy-main.c:781
Comment 1 Jan Alonzo 2009-08-07 20:40:37 PDT
CC'ing Gustavo and Xan who are more familiar with libsoup and gnome-keyring in WebKitGtk.
Comment 2 Xan Lopez 2009-08-13 02:26:24 PDT
This code has been changed in latest trunk, could you try again with it (you'll need libsoup master) and tell us if it still crashes? You can also wait for the 1.1.13 release, which will happen soon.
Comment 3 Xan Lopez 2009-08-25 00:15:03 PDT
Epiphany 2.27.91, libsoup 2.27.91 and WebKitGTK+ 1.1.13 are now released.
Comment 4 Gustavo Noronha (kov) 2009-09-01 07:27:30 PDT
Seems to still happen. I think I found the problem, I am testing the fix (waiting for build to finish).
Comment 5 Gustavo Noronha (kov) 2009-09-01 13:14:48 PDT
I have tried debugging this. We seem to have a problem with the reference counting of authData->auth (we do a g_object_unref on it without doing a g_object_ref), but the fact is adding g_object_ref to the initialization of auth, and to just after authenticated doesn't help. We still reach the save password callback with authData->auth as 0x0. This seems to be caused by memory corruption. I was unable to find out what is the actual problem, though. Valgrind log:

==12869==
==12869== Syscall param write(buf) points to uninitialised byte(s)
==12869==    at 0xCCC852B: (within /lib/libpthread-2.9.so)
==12869==    by 0xE6219E6: unixWrite (sqlite3.c:23842)
==12869==    by 0xE5D713E: writeJournalHdr (sqlite3.c:11929)
==12869==    by 0xE5D722C: pager_open_journal (sqlite3.c:34594)
==12869==    by 0xE5D7357: sqlite3PagerBegin (sqlite3.c:34669)
==12869==    by 0xE5E02B3: sqlite3BtreeBeginTrans (sqlite3.c:39351)
==12869==    by 0xE5F8E65: sqlite3VdbeExec (sqlite3.c:53624)
==12869==    by 0xE5FF887: sqlite3_step (sqlite3.c:49507)
==12869==    by 0xE602A2C: sqlite3_exec (sqlite3.c:72147)
==12869==    by 0x6FBFD38: exec_query_with_try_create_table (soup-cookie-jar-sqlite.c:242)
==12869==    by 0x6FC0118: changed (soup-cookie-jar-sqlite.c:295)
==12869==    by 0xB7E951C: g_closure_invoke (gclosure.c:767)
==12869==  Address 0x14d544c9 is 9 bytes inside a block of size 1,032 alloc'd
==12869==    at 0x4C2391E: malloc (vg_replace_malloc.c:207)
==12869==    by 0xE61FFC1: sqlite3MemMalloc (sqlite3.c:12342)
==12869==    by 0xE5BA748: mallocWithAlarm (sqlite3.c:15530)
==12869==    by 0xE5BA81F: sqlite3Malloc (sqlite3.c:15558)
==12869==    by 0xE5BBE82: pcache1Alloc (sqlite3.c:29512)
==12869==    by 0xE5BBFA5: sqlite3PageMalloc (sqlite3.c:29583)
==12869==    by 0xE5C3FD6: sqlite3PagerSetPagesize (sqlite3.c:32906)
==12869==    by 0xE5DF037: sqlite3BtreeFactory (sqlite3.c:33837)
==12869==    by 0xE5E6837: openDatabase (sqlite3.c:92579)
==12869==    by 0x6FC00E0: changed (soup-cookie-jar-sqlite.c:285)
==12869==    by 0xB7E951C: g_closure_invoke (gclosure.c:767)
==12869==    by 0xB7FF934: signal_emit_unlocked_R (gsignal.c:3177)


libsoup-CRITICAL **: soup_auth_save_password: assertion `SOUP_IS_AUTH (auth)' fa
iled
aborting...
==12869==
==12869== Process terminating with default action of signal 5 (SIGTRAP): dumping
 core
==12869==    at 0xBA668CC: g_logv (gmessages.c:512)
==12869==    by 0xBA66C22: g_log (gmessages.c:526)
==12869==    by 0x512417A: save_password_callback (webkitsoupauthdialog.c:105)
==12869==    by 0xB7E951C: g_closure_invoke (gclosure.c:767)
==12869==    by 0xB80003D: signal_emit_unlocked_R (gsignal.c:3247)
==12869==    by 0xB8015EE: g_signal_emit_valist (gsignal.c:2980)
==12869==    by 0xB801AF2: g_signal_emit (gsignal.c:3037)
==12869==    by 0x6D99B5F: io_read (soup-message-io.c:835)
==12869==    by 0xB7E951C: g_closure_invoke (gclosure.c:767)
==12869==    by 0xB80003D: signal_emit_unlocked_R (gsignal.c:3247)
==12869==    by 0xB8015EE: g_signal_emit_valist (gsignal.c:2980)
==12869==    by 0xB801AF2: g_signal_emit (gsignal.c:3037)
Comment 6 Xan Lopez 2009-09-28 06:30:48 PDT
Created attachment 40230 [details]
soupauthfix.diff

Proposed patch.
Comment 7 Eric Seidel (no email) 2009-09-28 17:15:13 PDT
Comment on attachment 40230 [details]
soupauthfix.diff

Rubber stamp = me.
Comment 8 Xan Lopez 2009-09-28 22:18:00 PDT
Thanks, landed in r48858.