Bug 63020

Summary: [GTK] Windowless plugins sometimes crash with a BadMatch error
Product: WebKit Reporter: Martin Robinson <mrobinson>
Component: WebKitGTKAssignee: Martin Robinson <mrobinson>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit.review.bot
Priority: P3 Keywords: Gtk
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Patch
none
Patch none

Martin Robinson
Reported 2011-06-20 15:35:34 PDT
#0 gdk_x_error (display=0x42a420, error=0x7fffffffc490) at /build/buildd/gtk+2.0-2.24.4/gdk/x11/gdkmain-x11.c:458 #1 0x00007fffed1aad3f in _XError () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #2 0x00007fffed1a7fb1 in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #3 0x00007fffed1a7ff5 in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #4 0x00007fffed1a89a0 in _XReply () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #5 0x00007fffed1a4103 in XSync () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #6 0x00007fffed1a41ab in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #7 0x00007fffed1a98df in ?? () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #8 0x00007fffed184c4a in XCreatePixmap () from /usr/lib/x86_64-linux-gnu/libX11.so.6 #9 0x00007ffff5342ede in WebCore::PluginView::updatePluginWidget (this=0x7fffe07289f0) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:149 #10 0x00007ffff5345b7c in WebCore::PluginView::platformStart (this=0x7fffe07289f0) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:906 #11 0x00007ffff5b15764 in WebCore::PluginView::start (this=0x7fffe07289f0) at ../../Source/WebCore/plugins/PluginView.cpp:269 #12 0x00007ffff5b15309 in WebCore::PluginView::startOrAddToUnstartedList (this=0x7fffe07289f0) at ../../Source/WebCore/plugins/PluginView.cpp:224 #13 0x00007ffff5b15210 in WebCore::PluginView::init (this=0x7fffe07289f0) at ../../Source/WebCore/plugins/PluginView.cpp:202 #14 0x00007ffff53445b0 in WebCore::PluginView::setParent (this=0x7fffe07289f0, parent=0x7fffe04a9ef0) at ../../Source/WebCore/plugins/gtk/PluginViewGtk.cpp:469 #15 0x00007ffff5ad8f09 in WebCore::ScrollView::addChild (this=0x7fffe04a9ef0, prpChild=...) at ../../Source/WebCore/platform/ScrollView.cpp:72 #16 0x00007ffff5c55914 in WebCore::moveWidgetToParentSoon (child=0x7fffe07289f0, parent=0x7fffe04a9ef0) at ../../Source/WebCore/rendering/RenderWidget.cpp:90 #17 0x00007ffff5c56302 in WebCore::RenderWidget::setWidget (this=0x7fffe06e36b8, widget=...) at ../../Source/WebCore/rendering/RenderWidget.cpp:213 #18 0x00007ffff5c0b7fa in WebCore::RenderPart::setWidget (this=0x7fffe06e36b8, widget=...) at ../../Source/WebCore/rendering/RenderPart.cpp:50 #19 0x00007ffff59a7519 in WebCore::SubframeLoader::loadPlugin (this=0x7fffe04fdbe0, pluginElement=0x7fffe06d7790, url=..., mimeType="(null)", paramNames=WTF::Vector of length 5, capacity 16 = {...}, paramValues=WTF::Vector of length 5, capacity 16 = {...}, useFallback=false) at ../../Source/WebCore/loader/SubframeLoader.cpp:347 #20 0x00007ffff59a6652 in WebCore::SubframeLoader::requestObject (this=0x7fffe04fdbe0, ownerElement=0x7fffe06d7790, url="http://www.kickstarter.com/swf/kickplayer.swf?skin=http%3A%2F%2Fwww.kickstarter.com%2Fswf%2Fkickskin.swf&file=http%3A%2F%2Fs3.amazonaws.com%2Fksr%2Fprojects%2F34423%2Fvideo-39745-h264_high.mp4&allowfu"..., frameName="(null)", mimeType="(null)", paramNames=WTF::Vector of length 5, capacity 16 = {...}, paramValues=WTF::Vector of length 5, capacity 16 = {...}) at ../../Source/WebCore/loader/SubframeLoader.cpp:132 #21 0x00007ffff57f38ec in WebCore::HTMLEmbedElement::updateWidget (this=0x7fffe06d7790, pluginCreationOption=WebCore::CreateAnyWidgetType) at ../../Source/WebCore/html/HTMLEmbedElement.cpp:184 #22 0x00007ffff5a0d6cf in WebCore::FrameView::updateWidget (this=0x7fffe04a9ef0, object=0x7fffe06e36b8) at ../../Source/WebCore/page/FrameView.cpp:1854 #23 0x00007ffff5a0d8d5 in WebCore::FrameView::updateWidgets (this=0x7fffe04a9ef0) at ../../Source/WebCore/page/FrameView.cpp:1886 #24 0x00007ffff5a0db38 in WebCore::FrameView::performPostLayoutTasks (this=0x7fffe04a9ef0) at ../../Source/WebCore/page/FrameView.cpp:1930 #25 0x00007ffff5a0a749 in WebCore::FrameView::layout (this=0x7fffe04a9ef0, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:962 #26 0x00007ffff5c57096 in WebCore::RenderWidget::updateWidgetPosition (this=0x7fffe0524b48) at ../../Source/WebCore/rendering/RenderWidget.cpp:353 #27 0x00007ffff5c4d56d in WebCore::RenderView::updateWidgetPositions (this=0x7fffe00280b8) at ../../Source/WebCore/rendering/RenderView.cpp:614 #28 0x00007ffff5a0db23 in WebCore::FrameView::performPostLayoutTasks (this=0x7fffe0026bf0) at ../../Source/WebCore/page/FrameView.cpp:1927 #29 0x00007ffff5a0a749 in WebCore::FrameView::layout (this=0x7fffe0026bf0, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:962 #30 0x00007ffff565283d in WebCore::Document::updateLayout (this=0x7fffe02dcca0) at ../../Source/WebCore/dom/Document.cpp:1613 #31 0x00007ffff5bdf704 in WebCore::RenderLayer::hitTest (this=0x7fffe002e108, request=..., result=...) at ../../Source/WebCore/rendering/RenderLayer.cpp:2697 #32 0x00007ffff565697a in WebCore::Document::prepareMouseEvent (this=0x7fffe02dcca0, request=..., documentPoint=..., event=...) at ../../Source/WebCore/dom/Document.cpp:2746 #33 0x00007ffff59f216c in WebCore::EventHandler::prepareMouseEvent (this=0x46ba60, request=..., mev=...) at ../../Source/WebCore/page/EventHandler.cpp:1823 #34 0x00007ffff59f0a5b in WebCore::EventHandler::handleMouseMoveEvent (this=0x46ba60, mouseEvent=..., hoveredNode=0x7fffffffd8e0) at ../../Source/WebCore/page/EventHandler.cpp:1542 #35 0x00007ffff59f0615 in WebCore::EventHandler::mouseMoved (this=0x46ba60, event=...) at ../../Source/WebCore/page/EventHandler.cpp:1474 #36 0x00007ffff539402a in webkit_web_view_motion_event (widget=0x4b2030, event=0x7fffe02b7260) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:925 #37 0x00007ffff4421578 in _gtk_marshal_BOOLEAN__BOXED (closure=0x465b00, return_value=0x7fffffffdbb0, n_param_values=<value optimized out>, param_values=0x7fffe013b210, invocation_hint=<value optimized out>, marshal_data=<value optimized out>) at /build/buildd/gtk+2.0-2.24.4/gtk/gtkmarshalers.c:86 #38 0x00007ffff25ef81c in g_closure_invoke () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #39 0x00007ffff2600e1f in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #40 0x00007ffff2609fa9 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #41 0x00007ffff260a41f in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0 #42 0x00007ffff453d4d1 in gtk_widget_event_internal (widget=0x4b2030, event=0x7fffe02b7260) at /build/buildd/gtk+2.0-2.24.4/gtk/gtkwidget.c:4988 #43 0x00007ffff441f763 in IA__gtk_propagate_event (widget=0x4b2030, event=0x7fffe02b7260) at /build/buildd/gtk+2.0-2.24.4/gtk/gtkmain.c:2495 #44 0x00007ffff441fa5b in IA__gtk_main_do_event (event=0x7fffe02b7260) at /build/buildd/gtk+2.0-2.24.4/gtk/gtkmain.c:1685 #45 0x00007ffff40925cc in gdk_event_dispatch (source=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at /build/buildd/gtk+2.0-2.24.4/gdk/x11/gdkevents-x11.c:2377 #46 0x00007ffff1d23bcd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #47 0x00007ffff1d243a8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 ---Type <return> to continue, or q <return> to quit---win #48 0x00007ffff1d249f2 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #49 0x00007ffff441eaf7 in IA__gtk_main () at /build/buildd/gtk+2.0-2.24.4/gtk/gtkmain.c:1257 #50 0x00000000004028d3 in main (argc=1, argv=0x7fffffffe1d8) at ../../Tools/GtkLauncher/main.c:252 I'm seeing this when browsing the front page of BoingBoing right now with a debug stable branch build.
Attachments
Patch (1.54 KB, patch)
2011-06-20 15:56 PDT, Martin Robinson 		no flags
DetailsFormatted DiffDiff
Patch (1.46 KB, patch)
2011-06-20 16:03 PDT, Martin Robinson 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Martin Robinson
Comment 1 2011-06-20 15:45:25 PDT
Here's the GDK BadMatch output: This probably reflects a bug in the program. The error was 'BadValue (integer parameter out of range for operation)'. (Details: serial 3852 error_code 2 request_code 53 minor_code 0) (Note to programmers: normally, X errors are reported asynchronously; that is, you will receive the error a while after causing it. To debug your program, run it with the --sync command line option to change this behavior. You can then get a meaningful backtrace from your debugger if you break on the gdk_x_error() function.)
Martin Robinson
Comment 2 2011-06-20 15:54:00 PDT
(In reply to comment #1) > Here's the GDK BadMatch output: > > This probably reflects a bug in the program. > The error was 'BadValue (integer parameter out of range for operation)'. > (Details: serial 3852 error_code 2 request_code 53 minor_code 0) > (Note to programmers: normally, X errors are reported asynchronously; > that is, you will receive the error a while after causing it. > To debug your program, run it with the --sync command line > option to change this behavior. You can then get a meaningful > backtrace from your debugger if you break on the gdk_x_error() function.) The issue here seems to be that the height argument of the XCreatePixmap call is zero.
Martin Robinson
Comment 3 2011-06-20 15:56:49 PDT
Created attachment 97877 [details] Patch
Martin Robinson
Comment 4 2011-06-20 16:03:43 PDT
Created attachment 97879 [details] Patch
Xan Lopez
Comment 5 2011-06-20 16:05:12 PDT
Comment on attachment 97879 [details] Patch r=me
WebKit Review Bot
Comment 6 2011-06-20 17:34:24 PDT
Comment on attachment 97879 [details] Patch Clearing flags on attachment: 97879 Committed r89319: <http://trac.webkit.org/changeset/89319>
WebKit Review Bot
Comment 7 2011-06-20 17:34:28 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.