122801 – [GTK] [WebKit2] Crash when printing to a file via javascript

Bug 122801 - [GTK] [WebKit2] Crash when printing to a file via javascript

Summary: [GTK] [WebKit2] Crash when printing to a file via javascript

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P3 Normal
Assignee:	Nobody

URL:	http://people.igalia.com/clopez/print...
Keywords:

Depends on:
Blocks:

Reported:	2013-10-14 18:08 PDT by Carlos Alberto Lopez Perez
Modified:	2013-11-11 00:22 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (1.74 KB, patch) 2013-11-08 06:55 PST, Carlos Garcia Campos	mrobinson: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos Alberto Lopez Perez 2013-10-14 18:08:45 PDT

On a print dialog created by the javascript method "window.print();" if you click on "print to file" a segmentation fault happens.


How to reproduce?

1. Load the following url: http://people.igalia.com/clopez/print_test.html
2. Click on the button "print this page"
3. On the print dialog click on "print to file"
4. Crash.

I was able to reproduce the crash both with webkitgtk-2.0.4 and webkitgtk-2.2.0

Is interesting to note that if the print dialog is launched manually by pressing CTRL+p (on epiphany for example) the crash don't happens.

Comment 1 Carlos Alberto Lopez Perez 2013-10-14 18:12:12 PDT

This is the stack trace with the MiniBrowser and WebkitGTK compiled from sources (webkitgtk-2.2.0.tar.xz tarball) on Debian/testing AMD64.


$ ./Programs/MiniBrowser http://people.igalia.com/clopez/print_test.html

** (MiniBrowser:25015): WARNING **: GDBus.Error:org.freedesktop.DBus.Error.Spawn.FileInvalid: Cannot do system-bus activation with no user

Segmentation fault (core dumped)


$ gdb -ex "thread apply all bt" --batch ./Programs/MiniBrowser core
[New LWP 25015]
[New LWP 25069]
[New LWP 25053]
[New LWP 25052]
[New LWP 25051]
[New LWP 25201]
[New LWP 25050]
[New LWP 25202]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffb918a000
Core was generated by `./Programs/MiniBrowser http://people.igalia.com/clopez/print_test.html'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f981463b7f0 in gtk_print_settings_get () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0

Thread 8 (Thread 0x7f979b5ea700 (LWP 25202)):
#0  0x00007f98121e21bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f981291f1fc in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f981291f6da in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f9812ef1526 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#4  0x00007f9812942f35 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#6  0x00007f98124b9e0e in start_thread (arg=0x7f979b5ea700) at pthread_create.c:311
#7  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 7 (Thread 0x7f9804045700 (LWP 25050)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f9811de57fd in WTF::TCMalloc_PageHeap::scavengerThread() () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libjavascriptcoregtk-3.0.so.0
#2  0x00007f9811de5829 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libjavascriptcoregtk-3.0.so.0
#3  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#4  0x00007f98124b9e0e in start_thread (arg=0x7f9804045700) at pthread_create.c:311
#5  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 6 (Thread 0x7f979bdeb700 (LWP 25201)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x00007f981295eb45 in g_cond_wait_until () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f98128f4b71 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f98128f51ba in g_async_queue_timeout_pop () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007f9812943732 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007f9812942f35 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#7  0x00007f98124b9e0e in start_thread (arg=0x7f979bdeb700) at pthread_create.c:311
#8  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 5 (Thread 0x7f97c3736700 (LWP 25051)):
#0  0x00007f98121e21bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f981291f1fc in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f981291f6da in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f9811dfd0b1 in WTF::wtfThreadEntryPoint(void*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libjavascriptcoregtk-3.0.so.0
#4  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#5  0x00007f98124b9e0e in start_thread (arg=0x7f97c3736700) at pthread_create.c:311
#6  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 4 (Thread 0x7f97c21a2700 (LWP 25052)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f981639f91b in WebCore::IconDatabase::syncThreadMainLoop() () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#2  0x00007f98163a08ad in WebCore::IconDatabase::iconDatabaseSyncThread() () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#3  0x00007f9811dfd0b1 in WTF::wtfThreadEntryPoint(void*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libjavascriptcoregtk-3.0.so.0
#4  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#5  0x00007f98124b9e0e in start_thread (arg=0x7f97c21a2700) at pthread_create.c:311
#6  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 3 (Thread 0x7f97c19a1700 (LWP 25053)):
#0  0x00007f98121e21bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f981291f1fc in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f981291f6da in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f9811dfd0b1 in WTF::wtfThreadEntryPoint(void*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libjavascriptcoregtk-3.0.so.0
#4  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#5  0x00007f98124b9e0e in start_thread (arg=0x7f97c19a1700) at pthread_create.c:311
#6  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 2 (Thread 0x7f97c0dd7700 (LWP 25069)):
#0  0x00007f98121e21bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007f981291f1fc in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007f981291f6da in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f9811dfd0b1 in WTF::wtfThreadEntryPoint(void*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libjavascriptcoregtk-3.0.so.0
#4  0x00007f980f3b4124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#5  0x00007f98124b9e0e in start_thread (arg=0x7f97c0dd7700) at pthread_create.c:311
#6  0x00007f98121ed95d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 1 (Thread 0x7f9817c04a00 (LWP 25015)):
#0  0x00007f981463b7f0 in gtk_print_settings_get () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#1  0x00007f97c03cc0c0 in ?? () from /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/printbackends/libprintbackend-file.so
#2  0x00007f97c03cc4ce in ?? () from /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/printbackends/libprintbackend-file.so
#3  0x00007f981474e3e8 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#4  0x00007f9812be28e7 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x00007f9812bfb2b6 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x00007f9812bfbf82 in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#7  0x00007f98146fe52c in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#8  0x00007f9814702aa8 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#9  0x00007f98145f93be in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#10 0x00007f9812be28e7 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007f9812bfb2b6 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00007f9812bfbf82 in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x00007f9814719664 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#14 0x00007f98145f76bc in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#15 0x00007f98145f8fa5 in gtk_main_do_event () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#16 0x00007f9814233e12 in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#17 0x00007f981291ef25 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#18 0x00007f981291f268 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007f981291f6da in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007f98145887f0 in gtk_dialog_run () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#21 0x00007f9815cf7e89 in webkitPrintOperationRunDialogForFrame(_WebKitPrintOperation*, _GtkWindow*, WebKit::WebFrameProxy*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#22 0x00007f9815d0bab0 in webkitWebViewPrintFrame(_WebKitWebView*, WebKit::WebFrameProxy*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#23 0x00007f9815d6a34e in WebKit::WebPageProxy::printFrame(unsigned long) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#24 0x00007f9815e29ab6 in WebKit::WebPageProxy::didReceiveSyncMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&, WTF::OwnPtr<CoreIPC::MessageEncoder>&) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#25 0x00007f9816f6e7ea in CoreIPC::MessageReceiverMap::dispatchSyncMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&, WTF::OwnPtr<CoreIPC::MessageEncoder>&) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#26 0x00007f9815d8a399 in WebKit::WebProcessProxy::didReceiveSyncMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&, WTF::OwnPtr<CoreIPC::MessageEncoder>&) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#27 0x00007f9816f6836d in CoreIPC::Connection::dispatchSyncMessage(CoreIPC::MessageDecoder&) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#28 0x00007f9816f684d5 in CoreIPC::Connection::dispatchMessage(WTF::PassOwnPtr<CoreIPC::MessageDecoder>) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#29 0x00007f9816f685c4 in CoreIPC::Connection::dispatchOneMessage() () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#30 0x00007f9816e50cb9 in WebCore::RunLoop::performWork() () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#31 0x00007f9816e6bc89 in WebCore::RunLoop::queueWork(WebCore::RunLoop*) () from /stuff/webkit/builds/webkitgtk-2.2.0/.libs/libwebkit2gtk-3.0.so.25
#32 0x00007f981291ef25 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#33 0x00007f981291f268 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#34 0x00007f981291f6da in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#35 0x00007f98145f845d in gtk_main () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#36 0x0000000000407641 in main ()

Comment 2 Carlos Alberto Lopez Perez 2013-10-15 03:24:47 PDT

Just tested to build nightly webkit (r157444) and it happens the same bug.

Comment 3 Carlos Alberto Lopez Perez 2013-10-17 05:37:59 PDT

This is the backtrace log of MiniBrowser on r157567 with debugsymbols:


$ ./WebKitBuild/Debug/Programs/MiniBrowser http://people.igalia.com/clopez/print_test.html

** (MiniBrowser:4287): WARNING **: GDBus.Error:org.freedesktop.DBus.Error.Spawn.FileInvalid: Cannot do system-bus activation with no user

Segmentation fault (core dumped)
LEAK: 11 RenderObject
LEAK: 1 Page
LEAK: 1 Frame
LEAK: 1 CachedResource
LEAK: 19 WebCoreNode
LEAK: 1 JSLazyEventListener
LEAK: 1 WebPage
LEAK: 1 WebFrame



$ gdb -ex "thread apply all bt" --batch ./WebKitBuild/Debug/Programs/MiniBrowser core
[New LWP 4287]
[New LWP 4324]
[New LWP 4460]
[New LWP 4322]
[New LWP 4323]
[New LWP 4461]
[New LWP 4376]

warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fff157fe000
Core was generated by `./WebKitBuild/Debug/Programs/MiniBrowser http://people.igalia.com/clopez/print_'.
Program terminated with signal 11, Segmentation fault.
#0  gtk_print_settings_get (settings=settings@entry=0x0, key=key@entry=0x7fba908febe9 "output-basename") at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkprintsettings.c:174
174	/tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkprintsettings.c: No such file or directory.

Thread 7 (Thread 0x7fba924c2700 (LWP 4376)):
#0  0x00007fbae6ee51bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fbae76221fc in g_main_context_poll (n_fds=3, fds=0x7fba70001100, timeout=-1, context=0x1952c80, priority=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3995
#2  g_main_context_iterate (context=0x1952c80, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3696
#3  0x00007fbae76226da in g_main_loop_run (loop=0x18fd7c0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3895
#4  0x00007fbaed9c5afe in WorkQueue::workQueueThreadBody (this=0x19106f0) at ../../Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp:173
#5  0x00007fbaed9c5ad8 in WorkQueue::startWorkQueueThread (workQueue=0x19106f0) at ../../Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp:168
#6  0x00007fbae67ad6c9 in WTF::threadEntryPoint (contextData=0x1952d40) at ../../Source/WTF/wtf/Threading.cpp:69
#7  0x00007fbae67adc56 in WTF::wtfThreadEntryPoint (param=0x1771fc0) at ../../Source/WTF/wtf/ThreadingPthreads.cpp:195
#8  0x00007fbae36ea124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#9  0x00007fbae71bce0e in start_thread (arg=0x7fba924c2700) at pthread_create.c:311
#10 0x00007fbae6ef095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 6 (Thread 0x7fba748fc700 (LWP 4461)):
#0  0x00007fbae6ee51bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fbae76221fc in g_main_context_poll (n_fds=3, fds=0x7fba6c0010e0, timeout=-1, context=0x7fba68023160, priority=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3995
#2  g_main_context_iterate (context=0x7fba68023160, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3696
#3  0x00007fbae76226da in g_main_loop_run (loop=0x7fba68022e70) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3895
#4  0x00007fbae7bf4526 in gdbus_shared_thread_func (user_data=0x7fba68023130) at /tmp/buildd/glib2.0-2.36.1/./gio/gdbusprivate.c:278
#5  0x00007fbae7645f35 in g_thread_proxy (data=0x7fba68003590) at /tmp/buildd/glib2.0-2.36.1/./glib/gthread.c:798
#6  0x00007fbae36ea124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#7  0x00007fbae71bce0e in start_thread (arg=0x7fba748fc700) at pthread_create.c:311
#8  0x00007fbae6ef095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 5 (Thread 0x7fba93fff700 (LWP 4323)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007fbae67ae3e2 in WTF::ThreadCondition::wait (this=0x179aa80, mutex=...) at ../../Source/WTF/wtf/ThreadingPthreads.cpp:378
#2  0x00007fbaecaaf5fa in WebCore::IconDatabase::syncThreadMainLoop (this=0x179a9c0) at ../../Source/WebCore/loader/icon/IconDatabase.cpp:1454
#3  0x00007fbaecaad9e5 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x179a9c0) at ../../Source/WebCore/loader/icon/IconDatabase.cpp:1054
#4  0x00007fbaecaad62e in WebCore::IconDatabase::iconDatabaseSyncThreadStart (vIconDatabase=0x179a9c0) at ../../Source/WebCore/loader/icon/IconDatabase.cpp:975
#5  0x00007fbae67ad6c9 in WTF::threadEntryPoint (contextData=0x17a9b80) at ../../Source/WTF/wtf/Threading.cpp:69
#6  0x00007fbae67adc56 in WTF::wtfThreadEntryPoint (param=0x179a230) at ../../Source/WTF/wtf/ThreadingPthreads.cpp:195
#7  0x00007fbae36ea124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#8  0x00007fbae71bce0e in start_thread (arg=0x7fba93fff700) at pthread_create.c:311
#9  0x00007fbae6ef095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 4 (Thread 0x7fba99833700 (LWP 4322)):
#0  0x00007fbae6ee51bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fbae76221fc in g_main_context_poll (n_fds=1, fds=0x7fba94001120, timeout=-1, context=0x17917d0, priority=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3995
#2  g_main_context_iterate (context=0x17917d0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3696
#3  0x00007fbae76226da in g_main_loop_run (loop=0x176da20) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3895
#4  0x00007fbaed9c5afe in WorkQueue::workQueueThreadBody (this=0x1791700) at ../../Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp:173
#5  0x00007fbaed9c5ad8 in WorkQueue::startWorkQueueThread (workQueue=0x1791700) at ../../Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp:168
#6  0x00007fbae67ad6c9 in WTF::threadEntryPoint (contextData=0x1791900) at ../../Source/WTF/wtf/Threading.cpp:69
#7  0x00007fbae67adc56 in WTF::wtfThreadEntryPoint (param=0x1778770) at ../../Source/WTF/wtf/ThreadingPthreads.cpp:195
#8  0x00007fbae36ea124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#9  0x00007fbae71bce0e in start_thread (arg=0x7fba99833700) at pthread_create.c:311
#10 0x00007fbae6ef095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 3 (Thread 0x7fba750fd700 (LWP 4460)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x00007fbae7661b45 in g_cond_wait_until (cond=cond@entry=0x1989f88, mutex=mutex@entry=0x1989f80, end_time=end_time@entry=239890738236) at /tmp/buildd/glib2.0-2.36.1/./glib/gthread-posix.c:865
#2  0x00007fbae75f7b71 in g_async_queue_pop_intern_unlocked (queue=queue@entry=0x1989f80, wait=wait@entry=1, end_time=end_time@entry=239890738236) at /tmp/buildd/glib2.0-2.36.1/./glib/gasyncqueue.c:424
#3  0x00007fbae75f81ba in g_async_queue_timeout_pop (queue=0x1989f80, timeout=timeout@entry=15000000) at /tmp/buildd/glib2.0-2.36.1/./glib/gasyncqueue.c:545
#4  0x00007fbae7646732 in g_thread_pool_wait_for_new_pool () at /tmp/buildd/glib2.0-2.36.1/./glib/gthreadpool.c:169
#5  g_thread_pool_thread_proxy (data=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gthreadpool.c:366
#6  0x00007fbae7645f35 in g_thread_proxy (data=0x1a75ca0) at /tmp/buildd/glib2.0-2.36.1/./glib/gthread.c:798
#7  0x00007fbae36ea124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#8  0x00007fbae71bce0e in start_thread (arg=0x7fba750fd700) at pthread_create.c:311
#9  0x00007fbae6ef095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 2 (Thread 0x7fba937fe700 (LWP 4324)):
#0  0x00007fbae6ee51bd in poll () at ../sysdeps/unix/syscall-template.S:81
#1  0x00007fbae76221fc in g_main_context_poll (n_fds=1, fds=0x7fba84001100, timeout=-1, context=0x179b570, priority=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3995
#2  g_main_context_iterate (context=0x179b570, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3696
#3  0x00007fbae76226da in g_main_loop_run (loop=0x179a320) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3895
#4  0x00007fbaed9c5afe in WorkQueue::workQueueThreadBody (this=0x179b4a0) at ../../Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp:173
#5  0x00007fbaed9c5ad8 in WorkQueue::startWorkQueueThread (workQueue=0x179b4a0) at ../../Source/WebKit2/Platform/gtk/WorkQueueGtk.cpp:168
#6  0x00007fbae67ad6c9 in WTF::threadEntryPoint (contextData=0x17a9bd0) at ../../Source/WTF/wtf/Threading.cpp:69
#7  0x00007fbae67adc56 in WTF::wtfThreadEntryPoint (param=0x179a8a0) at ../../Source/WTF/wtf/ThreadingPthreads.cpp:195
#8  0x00007fbae36ea124 in ?? () from /usr/lib/x86_64-linux-gnu/libGL.so.1
#9  0x00007fbae71bce0e in start_thread (arg=0x7fba937fe700) at pthread_create.c:311
#10 0x00007fbae6ef095d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

Thread 1 (Thread 0x7fbaf1192a00 (LWP 4287)):
#0  gtk_print_settings_get (settings=settings@entry=0x0, key=key@entry=0x7fba908febe9 "output-basename") at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkprintsettings.c:174
#1  0x00007fba908fe0c0 in output_file_from_settings (settings=settings@entry=0x0, default_format=<optimized out>) at /tmp/buildd/gtk+3.0-3.8.5/./modules/printbackends/file/gtkprintbackendfile.c:247
#2  0x00007fba908fe4ce in file_printer_get_options (printer=0x1a3a640, settings=0x0, page_setup=<optimized out>, capabilities=<optimized out>) at /tmp/buildd/gtk+3.0-3.8.5/./modules/printbackends/file/gtkprintbackendfile.c:723
#3  0x00007fbae94513e8 in selected_printer_changed (selection=<optimized out>, dialog=0x1994040) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkprintunixdialog.c:1961
#4  0x00007fbae78e58e7 in _g_closure_invoke_va (closure=0x19ac880, return_value=0x0, instance=0x19ab450, args=0x7fff157fa048, n_params=0, param_types=0x0) at /tmp/buildd/glib2.0-2.36.1/./gobject/gclosure.c:840
#5  0x00007fbae78fe2b6 in g_signal_emit_valist (instance=0x19ab450, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff157fa048) at /tmp/buildd/glib2.0-2.36.1/./gobject/gsignal.c:3234
#6  0x00007fbae78fef82 in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at /tmp/buildd/glib2.0-2.36.1/./gobject/gsignal.c:3384
#7  0x00007fbae93ed07f in _gtk_tree_selection_internal_select_node (selection=<optimized out>, node=<optimized out>, tree=<optimized out>, path=path@entry=0x1d15820, mode=<optimized out>, override_browse_mode=override_browse_mode@entry=0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtktreeselection.c:1604
#8  0x00007fbae940152c in gtk_tree_view_real_set_cursor (tree_view=tree_view@entry=0x19ae280, path=path@entry=0x1d15820, flags=flags@entry=(CLEAR_AND_SELECT | CLAMP_NODE)) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtktreeview.c:13208
#9  0x00007fbae9405aa8 in gtk_tree_view_button_press (widget=0x19ae280, event=0x1d3f0a0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtktreeview.c:3127
#10 0x00007fbae92fc3be in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x173ba80, return_value=0x7fff157fa3a0, instance=<optimized out>, args=<optimized out>, marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x173bab0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkmarshalers.c:130
#11 0x00007fbae78e58e7 in _g_closure_invoke_va (closure=0x173ba80, return_value=0x7fff157fa3a0, instance=0x19ae280, args=0x7fff157fa568, n_params=1, param_types=0x173bab0) at /tmp/buildd/glib2.0-2.36.1/./gobject/gclosure.c:840
#12 0x00007fbae78fe2b6 in g_signal_emit_valist (instance=0x19ae280, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff157fa568) at /tmp/buildd/glib2.0-2.36.1/./gobject/gsignal.c:3234
#13 0x00007fbae78fef82 in g_signal_emit (instance=instance@entry=0x19ae280, signal_id=<optimized out>, detail=detail@entry=0) at /tmp/buildd/glib2.0-2.36.1/./gobject/gsignal.c:3384
#14 0x00007fbae941c664 in gtk_widget_event_internal (widget=widget@entry=0x19ae280, event=event@entry=0x1d3f0a0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkwidget.c:6722
#15 0x00007fbae941c939 in gtk_widget_event (widget=widget@entry=0x19ae280, event=event@entry=0x1d3f0a0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkwidget.c:6379
#16 0x00007fbae92fa6bc in propagate_event_up (topmost=<optimized out>, event=<optimized out>, widget=0x19ae280) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkmain.c:2403
#17 propagate_event (widget=<optimized out>, event=0x1d3f0a0, captured=<optimized out>, topmost=0x0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkmain.c:2511
#18 0x00007fbae92fbfa5 in gtk_main_do_event (event=0x1d3f0a0) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkmain.c:1716
#19 0x00007fbae8f36e12 in gdk_event_source_dispatch (source=source@entry=0x178a380, callback=<optimized out>, user_data=<optimized out>) at /tmp/buildd/gtk+3.0-3.8.5/./gdk/x11/gdkeventsource.c:364
#20 0x00007fbae7621f25 in g_main_dispatch (context=0x17578e0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3054
#21 g_main_context_dispatch (context=context@entry=0x17578e0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3630
#22 0x00007fbae7622268 in g_main_context_iterate (context=0x17578e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3701
#23 0x00007fbae76226da in g_main_loop_run (loop=0x19a1fa0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3895
#24 0x00007fbae928b7f0 in gtk_dialog_run (dialog=0x1994040) at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkdialog.c:1110
#25 0x00007fbaec02e7ed in webkitPrintOperationRunDialog (printOperation=0x197dc00, parent=0x183c010) at ../../Source/WebKit2/UIProcess/API/gtk/WebKitPrintOperation.cpp:240
#26 0x00007fbaec02eba1 in webkitPrintOperationRunDialogForFrame (printOperation=0x197dc00, parent=0x183c010, webFrame=0x179be60) at ../../Source/WebKit2/UIProcess/API/gtk/WebKitPrintOperation.cpp:291
#27 0x00007fbaec04d765 in webkitWebViewPrintFrame (webView=0x17a10e0, frame=0x179be60) at ../../Source/WebKit2/UIProcess/API/gtk/WebKitWebView.cpp:1646
#28 0x00007fbaec03a053 in printFrame (page=0x1834420, frame=0x179be60) at ../../Source/WebKit2/UIProcess/API/gtk/WebKitUIClient.cpp:141
#29 0x00007fbaec1606b2 in WebKit::WebUIClient::printFrame (this=0x18345c0, page=0x1834420, frame=0x179be60) at ../../Source/WebKit2/UIProcess/WebUIClient.cpp:405
#30 0x00007fbaec112e6d in WebKit::WebPageProxy::printFrame (this=0x1834420, frameID=1) at ../../Source/WebKit2/UIProcess/WebPageProxy.cpp:2794
#31 0x00007fbaec2bde7d in CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long), unsigned long>(std::tuple<unsigned long>&&, std::tuple<>&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long)) (args=..., object=0x1834420, function=(void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long)) 0x7fbaec112d86 <WebKit::WebPageProxy::printFrame(unsigned long)>) at ../../Source/WebKit2/Platform/CoreIPC/HandleMessage.h:94
#32 0x00007fbaec2b7418 in CoreIPC::handleMessage<Messages::WebPageProxy::PrintFrame, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long)> (decoder=..., replyEncoder=..., object=0x1834420, function=(void (WebKit::WebPageProxy::*)(WebKit::WebPageProxy * const, unsigned long)) 0x7fbaec112d86 <WebKit::WebPageProxy::printFrame(unsigned long)>) at ../../Source/WebKit2/Platform/CoreIPC/HandleMessage.h:385
#33 0x00007fbaec2b0310 in WebKit::WebPageProxy::didReceiveSyncMessage (this=0x1834420, connection=0x19104a0, decoder=..., replyEncoder=...) at DerivedSources/WebKit2/WebPageProxyMessageReceiver.cpp:768
#34 0x00007fbaed9bf138 in CoreIPC::MessageReceiverMap::dispatchSyncMessage (this=0x179b188, connection=0x19104a0, decoder=..., replyEncoder=...) at ../../Source/WebKit2/Platform/CoreIPC/MessageReceiverMap.cpp:103
#35 0x00007fbaebfad236 in WebKit::ChildProcessProxy::dispatchSyncMessage (this=0x179b150, connection=0x19104a0, decoder=..., replyEncoder=...) at ../../Source/WebKit2/Shared/ChildProcessProxy.cpp:112
#36 0x00007fbaec1526ae in WebKit::WebProcessProxy::didReceiveSyncMessage (this=0x179b150, connection=0x19104a0, decoder=..., replyEncoder=...) at ../../Source/WebKit2/UIProcess/WebProcessProxy.cpp:364
#37 0x00007fbaed9ae39d in CoreIPC::Connection::dispatchSyncMessage (this=0x19104a0, decoder=...) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:749
#38 0x00007fbaed9ae6fb in CoreIPC::Connection::dispatchMessage (this=0x19104a0, message=...) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:807
#39 0x00007fbaed9ae922 in CoreIPC::Connection::dispatchOneMessage (this=0x19104a0) at ../../Source/WebKit2/Platform/CoreIPC/Connection.cpp:835
#40 0x00007fbaed9be305 in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7fba70001cc0, c=0x19104a0) at ../../Source/WTF/wtf/Functional.h:218
#41 0x00007fbaed9bde8a in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() (this=0x7fba70001cb0) at ../../Source/WTF/wtf/Functional.h:496
#42 0x00007fbaec22c31f in WTF::Function<void ()>::operator()() const (this=0x7fff157fb440) at ../../Source/WTF/wtf/Functional.h:704
#43 0x00007fbaed86c51d in WebCore::RunLoop::performWork (this=0x1796a70) at ../../Source/WebCore/platform/RunLoop.cpp:104
#44 0x00007fbaed88e7e8 in WebCore::RunLoop::queueWork (runLoop=0x1796a70) at ../../Source/WebCore/platform/gtk/RunLoopGtk.cpp:104
#45 0x00007fbae7621f25 in g_main_dispatch (context=0x17578e0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3054
#46 g_main_context_dispatch (context=context@entry=0x17578e0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3630
#47 0x00007fbae7622268 in g_main_context_iterate (context=0x17578e0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3701
#48 0x00007fbae76226da in g_main_loop_run (loop=0x1952bb0) at /tmp/buildd/glib2.0-2.36.1/./glib/gmain.c:3895
#49 0x00007fbae92fb45d in gtk_main () at /tmp/buildd/gtk+3.0-3.8.5/./gtk/gtkmain.c:1156
#50 0x000000000040ee85 in main (argc=1, argv=0x7fff157fb6e8) at ../../Tools/MiniBrowser/gtk/main.c:281

Comment 4 Lorenzo Tilve 2013-11-07 07:13:36 PST

It is not only crashing when selecting the option to print to file, but also when effectively printing to any device.

Calling a javascript window.print() lanuches the GTK print menu, and if the "print to file" option is selected the GTK function gtk_print_settings_get (gtk/gtkprintsettings.c) crashes due to the print settings array being empty when getting the output filename at return g_hash_table_lookup (settings->hash, key);

When the webkitPrintOperationRunDialog is called externally like at the epiphany print command, the operation goes fine. Forcing the setting of the print_settings like ephy does:

   settings = gtk_print_settings_new ();
   gtk_print_settings_set (settings,
                           GTK_PRINT_SETTINGS_OUTPUT_BASENAME,
                          ephy_web_view_get_title (view));
   webkit_print_operation_set_print_settings (operation, settings);

fixes the first crash, but it's still failing at the moment of dumping the print file.

Comment 5 Carlos Alberto Lopez Perez 2013-11-07 09:38:22 PST

> It is not only crashing when selecting the option to print to file, but also when effectively printing to any device.

Retitled to reflect that.

The error only happens with WebKit2GTK+, with WebKit1Gtk+ (GtkLauncher) it works perfectly

Comment 6 Carlos Garcia Campos 2013-11-07 09:40:44 PST

I'll looks at it

Comment 7 Carlos Garcia Campos 2013-11-08 06:47:01 PST

They are actually two different crashes here, one is a bug in GTK+ (see https://bugzilla.gnome.org/show_bug.cgi?id=703784) and the other is in WebKit. I'll create a new bug for the latter.

Comment 8 Carlos Garcia Campos 2013-11-08 06:50:25 PST

Even if it's a GTK+ bug we can workaround it, by ensuring the print dialog is always created with a valid GtkPrintSettings object.

Comment 9 Carlos Garcia Campos 2013-11-08 06:55:55 PST

Created attachment 216392 [details]
Patch

Comment 10 WebKit Commit Bot 2013-11-08 06:58:23 PST

Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API

Comment 11 Martin Robinson 2013-11-08 08:39:21 PST

Comment on attachment 216392 [details]
Patch

Hrm. What's the sequence of events that causes the printSettings to be null?

Comment 12 Carlos Garcia Campos 2013-11-08 08:56:46 PST

(In reply to comment #11)
> (From update of attachment 216392 [details])
> Hrm. What's the sequence of events that causes the printSettings to be null?

webkit_print_operation_new() + webkitPrintOperationRunDialogForFrame(). It's perfectly ok for the settings to be NULL, it's a bug in the file print backend of GTK, see https://bugzilla.gnome.org/show_bug.cgi?id=703784. This patch si simply a workaround to not have to bump the gtk reqs to fix the crash

Comment 13 Martin Robinson 2013-11-08 09:10:57 PST

Comment on attachment 216392 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=216392&action=review

> Source/WebKit2/UIProcess/API/gtk/WebKitPrintOperation.cpp:233
> +    if (!priv->printSettings)
> +        priv->printSettings = adoptGRef(gtk_print_settings_new());
> +    gtk_print_unix_dialog_set_settings(printDialog, priv->printSettings.get());

Okay. Do you mind putting a comment here with a link to the GTK+ bug and a small bit explaining what's going on. I think it will be nice to have if we ever bump the GTK+ requirement, so that we can remove the work-around.

Comment 14 Carlos Garcia Campos 2013-11-08 09:25:50 PST

(In reply to comment #13)
> (From update of attachment 216392 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=216392&action=review
> 
> > Source/WebKit2/UIProcess/API/gtk/WebKitPrintOperation.cpp:233
> > +    if (!priv->printSettings)
> > +        priv->printSettings = adoptGRef(gtk_print_settings_new());
> > +    gtk_print_unix_dialog_set_settings(printDialog, priv->printSettings.get());
> 
> Okay. Do you mind putting a comment here with a link to the GTK+ bug and a small bit explaining what's going on. I think it will be nice to have if we ever bump the GTK+ requirement, so that we can remove the work-around.

Sure!

Comment 15 Carlos Garcia Campos 2013-11-11 00:22:38 PST

Committed r159041: <http://trac.webkit.org/changeset/159041>