Bug 301822

Summary: REGRESSION(302307@main): [GLib] Introduced null pointer derefs in UIProcess
Product: WebKit Reporter: Philippe Normand <philn>
Component: WebKitGTKAssignee: Philippe Normand <philn>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=301088

Philippe Normand
Reported 2025-11-02 03:31:37 PST
(gdb) bt #0 0x00007f2c50ffc1b4 in WTF::Detail::CallableWrapper<webkitFaviconDatabaseGetFaviconInternal(_WebKitFaviconDatabase*, char const*, bool, _GCancellable*, void (*)(_GObject*, _GAsyncResult*, void*), void*)::$_0, void, WTF::Vector<sk_sp<SkImage>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&>::call(WTF::Vector<sk_sp<SkImage>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) () at /var/home/phil/WebKit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #1 0x00007f2c50feb9be in WTF::CompletionHandler<void (WTF::Vector<sk_sp<SkImage>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)>::operator()(WTF::Vector<sk_sp<SkImage>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) () at /var/home/phil/WebKit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #2 0x00007f2c50feb711 in WTF::Detail::CallableWrapper<WebKit::IconDatabase::loadIconsForPageURL(WTF::String const&, WebKit::IconDatabase::AllowDatabaseWrite, WTF::CompletionHandler<void (WTF::Vector<sk_sp<SkImage>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&)>&&)::$_0::operator()()::{lambda()#1}, void>::call() () at /var/home/phil/WebKit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #3 0x00007f2c4b30d73a in WTF::RunLoop::performWork() () at /var/home/phil/WebKit/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1 #4 0x00007f2c4b3f8309 in WTF::RunLoop::RunLoop()::$_0::__invoke(void*) () at /var/home/phil/WebKit/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1 #5 0x00007f2c4b3f681d in WTF::RunLoop::$_1::__invoke(_GSource*, int (*)(void*), void*) () at /var/home/phil/WebKit/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1 #6 0x00007f2c4b5fa2a3 in g_main_dispatch (context=0x32b42c20) at ../glib/gmain.c:3565 #7 g_main_context_dispatch_unlocked (context=0x32b42c20) at ../glib/gmain.c:4425 #8 0x00007f2c4b6031f8 in g_main_context_iterate_unlocked (context=context@entry=0x32b42c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:4490 #9 0x00007f2c4b6033a3 in g_main_context_iteration (context=context@entry=0x32b42c20, may_block=may_block@entry=1) at ../glib/gmain.c:4556 #10 0x00007f2c4b81d11d in g_application_run (application=0x32c4e9d0, argc=<optimized out>, argv=<optimized out>) at ../gio/gapplication.c:2741 #11 0x000000000021c447 in main () Repro: https://webvideo-demo.pages.dev/
Attachments
Add attachment proposed patch, testcase, etc.
Philippe Normand
Comment 1 2025-11-02 03:34:37 PST
Pull request: https://github.com/WebKit/WebKit/pull/53309
EWS
Comment 2 2025-11-02 05:44:05 PST
Committed 302452@main (f241d8685cb9): <https://commits.webkit.org/302452@main> Reviewed commits have been landed. Closing PR #53309 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.