Bug 304962

Summary: [GTK MiniBrowser] assertion 'g_utf8_validate (string, -1, NULL)' failed in g_variant_new_string under browserWindowCreateBackForwardMenu
Product: WebKit Reporter: Fujii Hironori <fujii>
Component: WebKitGTKAssignee: Fujii Hironori <fujii>
Status: RESOLVED FIXED    
Severity: Normal CC: bugs-noreply
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Fujii Hironori
Reported 2026-01-05 16:42:10 PST
I tested with GTK MiniBrowser 305089@main 1. Load https://unboxholics.com/ 2. Open a random article and history back 3. Repeat step 2 sevaral times > (MiniBrowser:21769): GLib-CRITICAL **: 09:32:19.989: g_variant_new_string: assertion 'g_utf8_validate (string, -1, NULL)' failed With G_DEBUG=fatal-warnings, I got the following backtrace. #0 0x00007fa732ac46b1 in g_logv () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #1 0x00007fa732ac4963 in g_log () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #2 0x00007fa732b0646a in g_variant_new_string () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #3 0x00007fa732cfad70 in g_menu_item_set_label () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #4 0x00007fa732cfb00b in g_menu_item_new () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #5 0x000055cda5d5e09a in browserWindowCreateBackForwardMenu () #6 0x000055cda5d5dc02 in browserWindowUpdateNavigationMenu () #7 0x00007fa72a4acb16 in ffi_call_unix64 () at ../src/x86/unix64.S:104 #8 0x00007fa72a4a93ef in ffi_call_int (cif=cif@entry=0x7ffd7de48300, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>, closure=closure@entry=0x0) at ../src/x86/ffi64.c:673 #9 0x00007fa72a4ac0be in ffi_call (cif=0x7ffd7de48300, fn=<optimized out>, rvalue=<optimized out>, avalue=<optimized out>) at ../src/x86/ffi64.c:710 #10 0x00007fa732bc6db2 in g_cclosure_marshal_generic () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #11 0x00007fa732bc02fa in g_closure_invoke () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #12 0x00007fa732bef90c in ??? () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #13 0x00007fa732be0591 in ??? () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #14 0x00007fa732be07c1 in g_signal_emit_valist () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #15 0x00007fa732be0883 in g_signal_emit () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0 #16 0x00007fa73638b56d in webkitBackForwardListChanged(_WebKitBackForwardList*, WebKit::WebBackForwardListItem*, WTF::Vector<WTF::Ref<WebKit::WebBackForwardListItem, WTF::RawPtrTraits<WebKit::WebBackForwardListItem>, WTF::DefaultRefDerefTraits<WebKit::WebBackForwardListItem> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #17 0x00007fa73639c5d4 in NavigationClient::didChangeBackForwardList(WebKit::WebPageProxy&, WebKit::WebBackForwardListItem*, WTF::Vector<WTF::Ref<WebKit::WebBackForwardListItem, WTF::RawPtrTraits<WebKit::WebBackForwardListItem>, WTF::DefaultRefDerefTraits<WebKit::WebBackForwardListItem> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #18 0x00007fa7362723d8 in WebKit::WebPageProxy::didChangeBackForwardList(WebKit::WebBackForwardListItem*, WTF::Vector<WTF::Ref<WebKit::WebBackForwardListItem, WTF::RawPtrTraits<WebKit::WebBackForwardListItem>, WTF::DefaultRefDerefTraits<WebKit::WebBackForwardListItem> >, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #19 0x00007fa7362446e9 in WebKit::WebBackForwardList::goToItem(WebKit::WebBackForwardListItem&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #20 0x00007fa736246e37 in WebKit::WebBackForwardList::backForwardGoToItemShared(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long>, unsigned long> >, WTF::CompletionHandler<void (WebKit::WebBackForwardListCounts const&)>&&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #21 0x00007fa736246d30 in WebKit::WebBackForwardList::backForwardGoToItem(WebCore::ProcessQualified<WTF::ObjectIdentifierGeneric<WebCore::BackForwardItemIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long>, unsigned long> >, WTF::CompletionHandler<void (WebKit::WebBackForwardListCounts const&)>&&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #22 0x00007fa735cbe63f in WebKit::WebBackForwardList::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #23 0x00007fa73619b02c in IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #24 0x00007fa73630842c in WebKit::WebProcessProxy::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #25 0x00007fa735cf2a69 in WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, WTF::UniqueRef<IPC::Encoder>&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #26 0x00007fa73619315b in IPC::Connection::dispatchSyncMessage(IPC::Decoder&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #27 0x00007fa736193674 in IPC::Connection::dispatchMessage(WTF::UniqueRef<IPC::Decoder>) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #28 0x00007fa73618dc23 in IPC::Connection::SyncMessageState::ConnectionAndIncomingMessage::dispatch() () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #29 0x00007fa73618e620 in IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #30 0x00007fa7361938d6 in IPC::Connection::dispatchSyncStateMessages() () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libwebkitgtk-6.0.so.4 #31 0x00007fa7327127d5 in WTF::RunLoop::performWork() () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1 #32 0x00007fa7327dcf99 in WTF::RunLoop::RunLoop()::$_0::__invoke(void*) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1 #33 0x00007fa7327db919 in WTF::RunLoop::$_3::__invoke(_GSource*, int (*)(void*), void*) () at /sdk/webkit/WebKitBuild/GTK/Release/lib/libjavascriptcoregtk-6.0.so.1 #34 0x00007fa732abf49e in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #35 0x00007fa732b1e737 in ??? () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #36 0x00007fa732abea63 in g_main_context_iteration () at /lib/x86_64-linux-gnu/libglib-2.0.so.0 #37 0x00007fa732cf587d in g_application_run () at /lib/x86_64-linux-gnu/libgio-2.0.so.0 #38 0x000055cda5d5e6c9 in main ()
Attachments
Add attachment proposed patch, testcase, etc.
Fujii Hironori
Comment 1 2026-05-01 06:18:39 PDT
Pull request: https://github.com/WebKit/WebKit/pull/64044
EWS
Comment 2 2026-05-04 03:12:47 PDT
Committed 312512@main (9508413124c4): <https://commits.webkit.org/312512@main> Reviewed commits have been landed. Closing PR #64044 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.