Part of an investigation into why Epiphany likes to crash during startup....

The network process crashes immediately when run with asan. The problem is in webkitSoupCookieJarSqliteLoad, calling WebCore::SQLiteStatement::getColumnText. The return value of sqlite3_column_text16 [1] is invalid. I don't know why.

While investigating this I discovered bug #148620, but that is unfortunately NOT the cause of this issue.

I also tried omitting the call to sqlite3_column_bytes16, and switched to the WTF::String constructor that expects a null-terminated UTF-16 string. That also did not help.

[1] https://sqlite.org/c3ref/column_blob.html

==22362==ERROR: AddressSanitizer: unknown-crash on address 0x7f5d63813983 at pc 0x00000048530a bp 0x7ffca75e8b30 sp 0x7ffca75e82e8
WRITE of size 1408 at 0x7f5d63813983 thread T0
    #0 0x485309 in __asan_memcpy (/home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess+0x485309)
    #1 0x7f5d77d0fe79 in WTF::Ref<WTF::StringImpl> WTF::StringImpl::createInternal<unsigned short>(unsigned short const*, unsigned int) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/text/StringImpl.cpp:248:5
    #2 0x7f5d77d0231d in WTF::StringImpl::create(unsigned short const*, unsigned int) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/text/StringImpl.cpp:254:12
    #3 0x7f5d77d1acdb in WTF::String::String(unsigned short const*) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/text/WTFString.cpp:56:14
    #4 0x7f5d80107884 in WebCore::SQLiteStatement::getColumnText(int) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebCore/platform/sql/SQLiteStatement.cpp:349:5
    #5 0x7f5d7ed68311 in webkitSoupCookieJarSqliteLoad(_WebKitSoupCookieJarSqlite*) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/WebProcess/Cookies/soup/WebKitSoupCookieJarSqlite.cpp:110:93
    #6 0x7f5d7ed68014 in webkitSoupCookieJarSqliteNew /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/WebProcess/Cookies/soup/WebKitSoupCookieJarSqlite.cpp:222:5
    #7 0x7f5d7ed6787f in WebKit::WebCookieManager::setCookiePersistentStorage(WTF::String const&, unsigned int) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/WebProcess/Cookies/soup/WebCookieManagerSoup.cpp:79:25
    #8 0x7f5d7ee2a58e in void IPC::callMemberFunctionImpl<WebKit::WebCookieManager, void (WebKit::WebCookieManager::*)(WTF::String const&, unsigned int), std::tuple<WTF::String, unsigned int>, 0ul, 1ul>(WebKit::WebCookieManager*, void (WebKit::WebCookieManager::*)(WTF::String const&, unsigned int), std::tuple<WTF::String, unsigned int>&&, std::index_sequence<0ul, 1ul>) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/HandleMessage.h:16:5
    #9 0x7f5d7ee2a4e8 in void IPC::callMemberFunction<WebKit::WebCookieManager, void (WebKit::WebCookieManager::*)(WTF::String const&, unsigned int), std::tuple<WTF::String, unsigned int>, std::make_index_sequence<2ul> >(std::tuple<WTF::String, unsigned int>&&, WebKit::WebCookieManager*, void (WebKit::WebCookieManager::*)(WTF::String const&, unsigned int)) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/HandleMessage.h:22:5
    #10 0x7f5d7ee2a3ad in void IPC::handleMessage<Messages::WebCookieManager::SetCookiePersistentStorage, WebKit::WebCookieManager, void (WebKit::WebCookieManager::*)(WTF::String const&, unsigned int)>(IPC::MessageDecoder&, WebKit::WebCookieManager*, void (WebKit::WebCookieManager::*)(WTF::String const&, unsigned int)) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/HandleMessage.h:92:5
    #11 0x7f5d7ee2975e in WebKit::WebCookieManager::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/DerivedSources/WebKit2/WebCookieManagerMessageReceiver.cpp:74:9
    #12 0x7f5d7ee299ac in non-virtual thunk to WebKit::WebCookieManager::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/DerivedSources/WebKit2/WebCookieManagerMessageReceiver.cpp:81:1
    #13 0x7f5d7e60ace6 in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::MessageDecoder&) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/MessageReceiverMap.cpp:97:9
    #14 0x7f5d7ebcc110 in WebKit::NetworkProcess::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/NetworkProcess/NetworkProcess.cpp:127:9
    #15 0x7f5d7e5f061c in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/Connection.cpp:898:5
    #16 0x7f5d7e5e9e18 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/Connection.cpp:929:9
    #17 0x7f5d7e5f077a in IPC::Connection::dispatchOneMessage() /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/Connection.cpp:960:5
    #18 0x7f5d7e5f0a70 in IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::$_10::operator()() const /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Platform/IPC/Connection.cpp:892:9
    #19 0x7f5d7e5f08b0 in std::_Function_handler<void (), IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::$_10>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/functional:1871:4
    #20 0x7f5d7e54007b in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/functional:2271:14
    #21 0x7f5d81385c7e in WTF::RunLoop::performWork() /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/RunLoop.cpp:121:9
    #22 0x7f5d8138c780 in WTF::RunLoop::wakeUp()::$_0::operator()() const /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/glib/RunLoopGLib.cpp:96:9
    #23 0x7f5d8138c5c0 in std::_Function_handler<void (), WTF::RunLoop::wakeUp()::$_0>::_M_invoke(std::_Any_data const&) /usr/bin/../lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/functional:1871:4
    #24 0x7f5d7e54007b in std::function<void ()>::operator()() const /usr/bin/../lib/gcc/x86_64-redhat-linux/5.1.1/../../../../include/c++/5.1.1/functional:2271:14
    #25 0x7f5d77d31f2e in WTF::GMainLoopSource::voidCallback() /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/glib/GMainLoopSource.cpp:365:5
    #26 0x7f5d77d2ff1c in WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/glib/GMainLoopSource.cpp:456:5
    #27 0x7f5d736d9430 in g_idle_dispatch /home/mcatanzaro/jhbuild/checkout/glib/glib/gmain.c:5441
    #28 0x7f5d736d6a78 in g_main_dispatch /home/mcatanzaro/jhbuild/checkout/glib/glib/gmain.c:3154
    #29 0x7f5d736d78bc in g_main_context_dispatch /home/mcatanzaro/jhbuild/checkout/glib/glib/gmain.c:3769
    #30 0x7f5d736d7aa0 in g_main_context_iterate /home/mcatanzaro/jhbuild/checkout/glib/glib/gmain.c:3840
    #31 0x7f5d736d7ec6 in g_main_loop_run /home/mcatanzaro/jhbuild/checkout/glib/glib/gmain.c:4034
    #32 0x7f5d8138b9e8 in WTF::RunLoop::run() /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WTF/wtf/glib/RunLoopGLib.cpp:67:9
    #33 0x7f5d7ec445a3 in int WebKit::ChildProcessMain<WebKit::NetworkProcess, WebKit::NetworkProcessMain>(int, char**) /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61:5
    #34 0x7f5d7ec44478 in NetworkProcessMainUnix /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/NetworkProcess/gtk/NetworkProcessMainGtk.cpp:62:12
    #35 0x4b9f76 in main /home/mcatanzaro/WebKit/WebKitBuild/GNOME/../../Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:44:12
    #36 0x7f5d6cfa66ff in __libc_start_main (/lib64/libc.so.6+0x206ff)
    #37 0x4b9e78 in _start (/home/mcatanzaro/jhbuild/install/libexec/webkit2gtk-4.0/WebKitNetworkProcess+0x4b9e78)

AddressSanitizer can not describe address in more detail (wild memory access suspected).
SUMMARY: AddressSanitizer: unknown-crash ??:0 __asan_memcpy
Shadow bytes around the buggy address:
  0x0fec2c6fa6e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa6f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa710: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa720: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fec2c6fa730:[03]00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa740: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa750: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa760: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa770: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fec2c6fa780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  ASan internal:           fe
==22362==ABORTING