Bug 281226
Summary: | REGRESSION(186594@main) Web Inspector: Crash SIGSEGV in g_type_check_instance_is_fundamentally_a | ||
---|---|---|---|
Product: | WebKit | Reporter: | Pablo Saavedra <psaavedra> |
Component: | Web Inspector | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED FIXED | ||
Severity: | Normal | CC: | inspector-bugzilla-changes |
Priority: | P2 | Keywords: | DoNotImportToRadar |
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=281298 |
Pablo Saavedra
While using the Web Remote Inspector in WPEWebKit enabled via `WEBKIT_INSPECTOR_SERVER=0.0.0.0:11311`, the program terminates with a segmentation fault. Below are the details of the issue and backtrace.
#### **Steps to Reproduce:**
1. Set the environment variable to enable the Web Inspector:
```bash
export WEBKIT_INSPECTOR_SERVER=0.0.0.0:11311
```
2. Launch WPEWebKit:
```bash
wpe-launcher https://wpewebkit.org
```
#### **Observed Behavior:**
The program crashes with the following error:
```
Core was generated by `wpe-launcher https://wpewebkit.org'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 g_type_check_instance_is_fundamentally_a (type_instance=type_instance@entry=0xaaab0115c1c0, fundamental_type=fundamental_type@entry=80) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gobject/gtype.c:4184
4184 node = lookup_type_node_I (type_instance->g_class->g_type);
[Current thread is 1 (LWP 1480)]
```
```
#0 g_type_check_instance_is_fundamentally_a (type_instance=type_instance@entry=0xaaab0115c1c0, fundamental_type=fundamental_type@entry=80) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gobject/gtype.c:4184
#1 0x0000ffffaa25db7c in g_object_unref (_object=0xaaab0115c1c0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gobject/gobject.c:3810
#2 0x0000ffffabf6af28 in std::once_flag::_Prepare_execution::_Prepare_execution<std::call_once<Inspector::backendCommands()::{lambda()#1}>(std::once_flag&, Inspector::backendCommands()::{lambda()#1}&&)::{lambda()#1}>(Inspector::backendCommands()::{lambda()#1}&)::{lambda()#1}::_FUN() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#3 0x0000ffffaa113c30 in __pthread_once_slow (once_control=0xffffb0a42dd0 <Inspector::backendCommands()::flag>, init_routine=0xffffa80b61b0 <std::__once_proxy()>) at pthread_once.c:116
#4 0x0000ffffabf6b02c in Inspector::backendCommands() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#5 0x0000ffffabf6b154 in Inspector::backendCommandsHash() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#6 0x0000ffffabf6452c in Inspector::RemoteInspectorServer::setupInspectorClient(WTF::SocketConnection&, char const*) () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#7 0x0000ffffabf64718 in Inspector::RemoteInspectorServer::messageHandlers()::{lambda(WTF::SocketConnection&, _GVariant*, void*)#3}::_FUN(WTF::SocketConnection&, _GVariant*, void*) () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#8 0x0000ffffac9cf938 in WTF::SocketConnection::readMessage() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#9 0x0000ffffac9cfb18 in WTF::SocketConnection::read() () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#10 0x0000ffffac9cfc58 in WTF::Detail::CallableWrapper<WTF::SocketConnection::SocketConnection(WTF::GRefPtr<_GSocketConnection>&&, WTF::HashMap<WTF::CString, std::pair<WTF::CString, void (*)(WTF::SocketConnection&, _GVariant*, void*)>, WTF::DefaultHash<WTF::CString>, WTF::HashTraits<WTF::CString>, WTF::HashTraits<std::pair<WTF::CString, void (*)(WTF::SocketConnection&, _GVariant*, void*)> >, WTF::HashTableTraits> const&, void*)::{lambda(GIOCondition)#1}, int, GIOCondition>::call(GIOCondition) () from /devel1/rootfs/usr/lib/libWPEWebKit-2.0.so.2.4.0
#11 0x0000ffffa9a170c0 in socket_source_dispatch (source=0xaaab01161b50, callback=0xffffac9cccf0 <WTF::GSocketMonitor::socketSourceCallback(_GSocket*, GIOCondition, WTF::GSocketMonitor*)>, user_data=0xffff9b02c5b0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/gio/gsocket.c:4072
#12 0x0000ffffb0b5a138 in g_main_dispatch (context=context@entry=0xaaab0106a6c0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:3476
#13 0x0000ffffb0b5dc44 in g_main_context_dispatch_unlocked (context=0xaaab0106a6c0) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4284
#14 g_main_context_iterate_unlocked (context=0xaaab0106a6c0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4349
#15 0x0000ffffb0b5e740 in g_main_loop_run (loop=loop@entry=0xaaab01078d00) at /usr/src/debug/glib-2.0/1_2.78.1-r0/glib/gmain.c:4551
#16 0x0000aaaad8ce2250 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/wpe-bare-app/git-r0/wpe-bare-app.c:123
```
The crash appears to occur after trying to interact with the Web Inspector resources:
```
recvfrom(30, "\0\0\0>\1SetupInspectorClient\00047ABA4"..., 4096, 0, NULL, NULL) = 67
openat(AT_FDCWD, "/usr/share/wpe-webkit-2.0/inspector.gresource", O_RDONLY|O_CLOEXEC) = 31
newfstatat(31, "", {st_mode=S_IFREG|0644, st_size=1367398, ...}, AT_EMPTY_PATH) = 0
mmap(NULL, 1367398, PROT_READ, MAP_PRIVATE, 31, 0) = 0xffff60682000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0xaaa000000002} ---
Segmentation fault (core dumped)
```
The `/usr/share/wpe-webkit-2.0/inspector.gresource` file exists and appears to be loaded correctly:
```
# ls -l /usr/share/wpe-webkit-2.0/inspector.gresource
-rw-r--r-- 1 root root 1367398 Oct 10 13:26 /usr/share/wpe-webkit-2.0/inspector.gresource
```
#### **Expected Behavior:**
Launch the Remote Web Inspector without crashing.
#### **Additional Notes:**
- WPEWebKit version: upstream
- GLib version: 2.78.1
- The crash seems to occur within the `g_type_check_instance_is_fundamentally_a` function in GLib, when handling a type instance.
- This is related to this change: 8ceb1da47e75 [WPE] Pack inspector resources in a .gresource file instead of a shared library https://bugs.webkit.org/show_bug.cgi?id=186594
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
Pablo Saavedra
Fixed in https://bugs.webkit.org/show_bug.cgi?id=281298