RESOLVED FIXED 118052
[WK2][GTK] SIGSEV in webkitWebViewBaseSizeAllocate 
https://bugs.webkit.org/show_bug.cgi?id=118052
Summary [WK2][GTK] SIGSEV in webkitWebViewBaseSizeAllocate
Sergio Villar Senin
Reported 2013-06-26 01:59:09 PDT
Got this when browsing: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff20c3764 in WebCore::IntSize::isEmpty () from /opt/gnome3/lib64/libwebkit2gtk-3.0.so.25 (gdb) bt #0 0x00007ffff20c3764 in WebCore::IntSize::isEmpty () from /opt/gnome3/lib64/libwebkit2gtk-3.0.so.25 #1 0x00007ffff2185b74 in webkitWebViewBaseSizeAllocate () from /opt/gnome3/lib64/libwebkit2gtk-3.0.so.25 #2 0x00007fffed6bd21b in g_cclosure_marshal_VOID__BOXEDv (closure=0x708860, return_value=0x0, instance=0x167a9a0, args=0x7fffffff9848, marshal_data=0x7ffff2185a99 <webkitWebViewBaseSizeAllocate()>, n_params=1, param_types=0x6f4350) at gmarshal.c:1160 #3 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x708860, return_value=0x0, instance=0x167a9a0, args=0x7fffffff9848, marshal_data=0xd8, n_params=1, param_types=0x6f4350) at gclosure.c:997 #4 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x708860, return_value=0x0, instance=0x167a9a0, args=0x7fffffff9848, n_params=1, param_types=0x6f4350) at gclosure.c:840 #5 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x167a9a0, signal_id=10, detail=0, var_args=0x7fffffff9848) at gsignal.c:3234 #6 0x00007fffed6d61b4 in g_signal_emit (instance=0x167a9a0, signal_id=10, detail=0) at gsignal.c:3382 #7 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x167a9a0, allocation=0x7fffffff9ad0, baseline=-1) at gtkwidget.c:5516 #8 0x00007fffef8129b3 in gtk_widget_size_allocate (widget=0x167a9a0, allocation=0x7fffffff9ad0) at gtkwidget.c:5583 #9 0x00007fffef505fb1 in gtk_bin_size_allocate (widget=0x16eb100, allocation=0x7fffffffa110) at gtkbin.c:321 #10 0x00007fffef6a075f in gtk_overlay_size_allocate (widget=0x16eb100, allocation=0x7fffffffa110) at gtkoverlay.c:358 #11 0x00007fffed6bd21b in g_cclosure_marshal_VOID__BOXEDv (closure=0x708860, return_value=0x0, instance=0x16eb100, args=0x7fffffff9f88, marshal_data=0x7fffef6a06f7 <gtk_overlay_size_allocate>, n_params=1, param_types=0x6f4350) at gmarshal.c:1160 #12 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x708860, return_value=0x0, instance=0x16eb100, args=0x7fffffff9f88, marshal_data=0xd8, n_params=1, param_types=0x6f4350) at gclosure.c:997 #13 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x708860, return_value=0x0, instance=0x16eb100, args=0x7fffffff9f88, n_params=1, param_types=0x6f4350) at gclosure.c:840 #14 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x16eb100, signal_id=10, detail=0, var_args=0x7fffffff9f88) at gsignal.c:3234 #15 0x00007fffed6d61b4 in g_signal_emit (instance=0x16eb100, signal_id=10, detail=0) at gsignal.c:3382 #16 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x16eb100, allocation=0x7fffffffa240, baseline=-1) at gtkwidget.c:5516 #17 0x00007fffef8129b3 in gtk_widget_size_allocate (widget=0x16eb100, allocation=0x7fffffffa240) at gtkwidget.c:5583 #18 0x00007fffef6a4b1f in gtk_paned_child_allocate (child=0x16eb100, child_window=0x1716640, window_allocation=0x7fffffffa250, child_allocation=0x7fffffffa240) at gtkpaned.c:1140 #19 0x00007fffef6a53cf in gtk_paned_size_allocate (widget=0x15d4a20, allocation=0x7fffffffa8e0) at gtkpaned.c:1355 #20 0x00007fffed6bd21b in g_cclosure_marshal_VOID__BOXEDv (closure=0x708860, return_value=0x0, instance=0x15d4a20, args=0x7fffffffa758, marshal_data=0x7fffef6a4b21 <gtk_paned_size_allocate>, n_params=1, param_types=0x6f4350) at gmarshal.c:1160 #21 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x708860, return_value=0x0, instance=0x15d4a20, args=0x7fffffffa758, marshal_data=0xd8, n_params=1, param_types=0x6f4350) at gclosure.c:997 #22 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x708860, return_value=0x0, instance=0x15d4a20, args=0x7fffffffa758, n_params=1, param_types=0x6f4350) at gclosure.c:840 #23 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x15d4a20, signal_id=10, detail=0, var_args=0x7fffffffa758) at gsignal.c:3234 #24 0x00007fffed6d61b4 in g_signal_emit (instance=0x15d4a20, signal_id=10, detail=0) at gsignal.c:3382 #25 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x15d4a20, allocation=0x7fffffffaa30, baseline=-1) at gtkwidget.c:5516 #26 0x00007fffef50c866 in gtk_box_size_allocate (widget=0x1541340, allocation=0x7fffffffb0c0) at gtkbox.c:774 #27 0x00007fffed6bd21b in g_cclosure_marshal_VOID__BOXEDv (closure=0x708860, return_value=0x0, instance=0x1541340, args=0x7fffffffaf38, marshal_data=0x7fffef50bb67 <gtk_box_size_allocate>, n_params=1, param_types=0x6f4350) at gmarshal.c:1160 #28 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x708860, return_value=0x0, instance=0x1541340, args=0x7fffffffaf38, marshal_data=0xd8, n_params=1, param_types=0x6f4350) at gclosure.c:997 #29 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x708860, return_value=0x0, instance=0x1541340, args=0x7fffffffaf38, n_params=1, param_types=0x6f4350) at gclosure.c:840 #30 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x1541340, signal_id=10, detail=0, var_args=0x7fffffffaf38) at gsignal.c:3234 #31 0x00007fffed6d61b4 in g_signal_emit (instance=0x1541340, signal_id=10, detail=0) at gsignal.c:3382 #32 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x1541340, allocation=0x7fffffffb1f0, baseline=-1) at gtkwidget.c:5516 #33 0x00007fffef8129b3 in gtk_widget_size_allocate (widget=0x1541340, allocation=0x7fffffffb1f0) at gtkwidget.c:5583 #34 0x00007fffef68f01a in gtk_notebook_size_allocate (widget=0x143b1d0, allocation=0x7fffffffb830) at gtknotebook.c:2562 #35 0x00007fffed6bd21b in g_cclosure_marshal_VOID__BOXEDv (closure=0x708860, return_value=0x0, instance=0x143b1d0, args=0x7fffffffb6a8, marshal_data=0x7fffef68ea3d <gtk_notebook_size_allocate>, n_params=1, param_types=0x6f4350) at gmarshal.c:1160 #36 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x708860, return_value=0x0, instance=0x143b1d0, args=0x7fffffffb6a8, marshal_data=0xd8, n_params=1, param_types=0x6f4350) at gclosure.c:997 #37 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x708860, return_value=0x0, instance=0x143b1d0, args=0x7fffffffb6a8, n_params=1, param_types=0x6f4350) at gclosure.c:840 #38 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x143b1d0, signal_id=10, detail=0, var_args=0x7fffffffb6a8) at gsignal.c:3234 #39 0x00007fffed6d61b4 in g_signal_emit (instance=0x143b1d0, signal_id=10, detail=0) at gsignal.c:3382 #40 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x143b1d0, allocation=0x7fffffffb980, baseline=-1) at gtkwidget.c:5516 #41 0x00007fffef50c866 in gtk_box_size_allocate (widget=0x141f0f0, allocation=0x7fffffffc010) at gtkbox.c:774 #42 0x00007fffed6bd21b in g_cclosure_marshal_VOID__BOXEDv (closure=0x708860, return_value=0x0, instance=0x141f0f0, args=0x7fffffffbe88, marshal_data=0x7fffef50bb67 <gtk_box_size_allocate>, n_params=1, param_types=0x6f4350) at gmarshal.c:1160 #43 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x708860, return_value=0x0, instance=0x141f0f0, args=0x7fffffffbe88, marshal_data=0xd8, n_params=1, param_types=0x6f4350) at gclosure.c:997 #44 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x708860, return_value=0x0, instance=0x141f0f0, args=0x7fffffffbe88, n_params=1, param_types=0x6f4350) at gclosure.c:840 #45 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x141f0f0, signal_id=10, detail=0, var_args=0x7fffffffbe88) at gsignal.c:3234 #46 0x00007fffed6d61b4 in g_signal_emit (instance=0x141f0f0, signal_id=10, detail=0) at gsignal.c:3382 #47 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x141f0f0, allocation=0x7fffffffc110, baseline=-1) at gtkwidget.c:5516 #48 0x00007fffef8129b3 in gtk_widget_size_allocate (widget=0x141f0f0, allocation=0x7fffffffc110) at gtkwidget.c:5583 #49 0x00007fffef836481 in gtk_window_size_allocate (widget=0x1412430, allocation=0x7fffffffc8b0) at gtkwindow.c:6472 #50 0x00007fffef4fb482 in gtk_application_window_real_size_allocate (widget=0x1412430, allocation=0x7fffffffc8b0) at gtkapplicationwindow.c:738 #51 0x00007fffed6bd0f5 in g_cclosure_marshal_VOID__BOXED (closure=0x708860, return_value=0x0, n_param_values=2, param_values=0x7fffffffc460, invocation_hint=0x7fffffffc390, marshal_data=0x7fffef4fb2bd <gtk_application_window_real_size_allocate>) at gmarshal.c:1120 #52 0x00007fffed6b8f05 in g_type_class_meta_marshal (closure=0x708860, return_value=0x0, n_param_values=2, param_values=0x7fffffffc460, invocation_hint=0x7fffffffc390, marshal_data=0xd8) at gclosure.c:970 #53 0x00007fffed6b88b5 in g_closure_invoke (closure=0x708860, return_value=0x0, n_param_values=2, param_values=0x7fffffffc460, invocation_hint=0x7fffffffc390) at gclosure.c:777 #54 0x00007fffed6d6718 in signal_emit_unlocked_R (node=0x6f4370, detail=0, instance=0x1412430, emission_return=0x0, instance_and_params=0x7fffffffc460) at gsignal.c:3512 #55 0x00007fffed6d5c6c in g_signal_emit_valist (instance=0x1412430, signal_id=10, detail=0, var_args=0x7fffffffc728) at gsignal.c:3326 #56 0x00007fffed6d61b4 in g_signal_emit (instance=0x1412430, signal_id=10, detail=0) at gsignal.c:3382 #57 0x00007fffef81277b in gtk_widget_size_allocate_with_baseline (widget=0x1412430, allocation=0x7fffffffca70, baseline=-1) at gtkwidget.c:5516 #58 0x00007fffef8129b3 in gtk_widget_size_allocate (widget=0x1412430, allocation=0x7fffffffca70) at gtkwidget.c:5583 #59 0x00007fffef83a13e in gtk_window_move_resize (window=0x1412430) at gtkwindow.c:8510 #60 0x00007fffef837da6 in gtk_window_check_resize (container=0x1412430) at gtkwindow.c:7282 #61 0x00007fffed6bb9c3 in g_cclosure_marshal_VOID__VOIDv (closure=0x707e00, return_value=0x0, instance=0x1412430, args=0x7fffffffcf08, marshal_data=0x7fffef837d09 <gtk_window_check_resize>, n_params=0, param_types=0x0) at gmarshal.c:115 #62 0x00007fffed6b8f8a in g_type_class_meta_marshalv (closure=0x707e00, return_value=0x0, instance=0x1412430, args=0x7fffffffcf08, marshal_data=0x348, n_params=0, param_types=0x0) at gclosure.c:997 #63 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x707e00, return_value=0x0, instance=0x1412430, args=0x7fffffffcf08, n_params=0, param_types=0x0) at gclosure.c:840 #64 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x1412430, signal_id=74, detail=0, var_args=0x7fffffffcf08) at gsignal.c:3234 #65 0x00007fffed6d61b4 in g_signal_emit (instance=0x1412430, signal_id=74, detail=0) at gsignal.c:3382 #66 0x00007fffef5710e4 in gtk_container_check_resize (container=0x1412430) at gtkcontainer.c:1844 #67 0x00007fffef570ab3 in gtk_container_idle_sizer (clock=0x751540, container=0x1412430) at gtkcontainer.c:1680 #68 0x00007fffed6bb9c3 in g_cclosure_marshal_VOID__VOIDv (closure=0x18ff090, return_value=0x0, instance=0x751540, args=0x7fffffffd408, marshal_data=0x0, n_params=0, param_types=0x0) at gmarshal.c:115 #69 0x00007fffed6b8b4d in _g_closure_invoke_va (closure=0x18ff090, return_value=0x0, instance=0x751540, args=0x7fffffffd408, n_params=0, param_types=0x0) at gclosure.c:840 #70 0x00007fffed6d4feb in g_signal_emit_valist (instance=0x751540, signal_id=139, detail=0, var_args=0x7fffffffd408) at gsignal.c:3234 #71 0x00007fffed6d6320 in g_signal_emit_by_name (instance=0x751540, detailed_signal=0x7fffeef66613 "layout") at gsignal.c:3422 #72 0x00007fffeeef8930 in gdk_frame_clock_paint_idle (data=0x751540) at gdkframeclockidle.c:408 #73 0x00007fffeeee60a9 in gdk_threads_dispatch (data=0x1aeb740) at gdk.c:804 #74 0x00007fffed3adba6 in g_timeout_dispatch (source=0x1ae9950, callback=0x7fffeeee6064 <gdk_threads_dispatch>, user_data=0x1aeb740) at gmain.c:4443 #75 0x00007fffed3abe49 in g_main_dispatch (context=0x730f80) at gmain.c:3058 #76 0x00007fffed3acbae in g_main_context_dispatch (context=0x730f80) at gmain.c:3634 #77 0x00007fffed3acd9e in g_main_context_iterate (context=0x730f80, block=1, dispatch=1, self=0x778d80) at gmain.c:3705 #78 0x00007fffed3ace62 in g_main_context_iteration (context=0x730f80, may_block=1) at gmain.c:3766 #79 0x00007fffedbd46ec in g_application_run (application=0x8f2270, argc=1, argv=0x7fffffffd938) at gapplication.c:1638 #80 0x00000000004342c2 in main (argc=1, argv=0x7fffffffd938) at ephy-main.c:489
Attachments
Patch (1.78 KB, patch)
2013-07-01 04:56 PDT, Alberto Garcia 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alberto Garcia
Comment 1 2013-06-27 01:58:15 PDT
I think the problem is that pageProxy->drawingArea() can be null and we're not checking for that. We used to do that check but that changed in r106816: http://trac.webkit.org/changeset/106816/trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewBase.cpp Martin wrote that patch, did you overlook that or is there something else that I'm missing?
Martin Robinson
Comment 2 2013-06-27 02:55:36 PDT
(In reply to comment #1) > Martin wrote that patch, did you overlook that or is there something else that I'm missing? The check is still in resizeWebKitWebViewBaseFromAllocation, so probably an oversight on my part.
Alberto Garcia
Comment 3 2013-06-27 03:15:10 PDT
(In reply to comment #2) > The check is still in resizeWebKitWebViewBaseFromAllocation, so > probably an oversight on my part. I guess we can get back to the old code here? if (!priv->pageProxy->drawingArea()) return; What's the purpose of the check that we have now?
Martin Robinson
Comment 4 2013-06-28 07:10:14 PDT
(In reply to comment #3) > (In reply to comment #2) > > The check is still in resizeWebKitWebViewBaseFromAllocation, so > > probably an oversight on my part. > > I guess we can get back to the old code here? > > if (!priv->pageProxy->drawingArea()) > return; Seems reasonable? > What's the purpose of the check that we have now? Which check?
Alberto Garcia
Comment 5 2013-06-28 07:33:14 PDT
(In reply to comment #4) > > I guess we can get back to the old code here? > > > > if (!priv->pageProxy->drawingArea()) > > return; > > Seems reasonable? I'm actually trying to figure out why that condition could be false, the drawing area is created with the web view. > > What's the purpose of the check that we have now? > > Which check? The size().isEmpty() bit in (sizeChanged && !gtk_widget_get_mapped(widget) && !webViewBase->priv->pageProxy->drawingArea()->size().isEmpty())
Alberto Garcia
Comment 6 2013-07-01 04:56:58 PDT
Created attachment 205799 [details] Patch I actually think that the problem is that !drawingArea()->size().isEmpty() test. Why do we need to check that at all? If the point is to know if the web view must be resized when the widget is mapped then I don't see the purpose of this. About why the SIGSEGV is happening: the drawingArea can be null if the web process crashes. A check was added some time ago (bug 62541) in order to prevent that but it was later moved to resizeWebKitWebViewBaseFromAllocation() (bug 77743).
WebKit Commit Bot
Comment 7 2013-07-01 04:58:57 PDT
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Carlos Garcia Campos
Comment 8 2013-07-15 00:52:23 PDT
Comment on attachment 205799 [details] Patch Makes sense, thanks!
WebKit Commit Bot
Comment 9 2013-07-15 01:14:06 PDT
Comment on attachment 205799 [details] Patch Clearing flags on attachment: 205799 Committed r152626: <http://trac.webkit.org/changeset/152626>
WebKit Commit Bot
Comment 10 2013-07-15 01:14:08 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.