RESOLVED INVALID Bug 154883
[GTK] Plugin process crash in WebKit::NPObjectMessageReceiver::hasProperty 
https://bugs.webkit.org/show_bug.cgi?id=154883
Summary [GTK] Plugin process crash in WebKit::NPObjectMessageReceiver::hasProperty
Michael Catanzaro
Reported 2016-03-01 15:31:51 PST
Version-Release number of selected component: webkitgtk4-2.10.4-1.fc23 Additional info: reporter: libreport-2.6.3 backtrace_rating: 4 cmdline: /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess 17 /usr/lib64/mozilla/plugins/libgnome-shell-browser-plugin.so crash_function: WebKit::NPObjectMessageReceiver::hasProperty executable: /usr/libexec/webkit2gtk-4.0/WebKitPluginProcess global_pid: 5739 kernel: 4.2.6-301.fc23.x86_64 runlevel: N 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 WebKit::NPObjectMessageReceiver::hasProperty at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Shared/Plugins/NPObjectMessageReceiver.cpp:133 #1 IPC::callMemberFunctionImpl<WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&), std::tuple<WebKit::NPIdentifierData>, 0ul, std::tuple<bool>, 0ul>(WebKit::NPObjectMessageReceiver*, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&), std::tuple<WebKit::NPIdentifierData>&&, std::tuple<bool>&, std::index_sequence<0ul>, std::index_sequence<0ul>) at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/HandleMessage.h:30 #2 IPC::callMemberFunction<WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&), std::tuple<WebKit::NPIdentifierData>, std::make_index_sequence<1ul>, std::tuple<bool>, std::make_index_sequence<1ul> >(std::tuple<WebKit::NPIdentifierData>&&, std::tuple<bool>&, WebKit::NPObjectMessageReceiver*, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&)) at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/HandleMessage.h:36 #3 IPC::handleMessage<Messages::NPObjectMessageReceiver::RemoveProperty, WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, bool&)> at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/HandleMessage.h:105 #4 WebKit::NPObjectMessageReceiver::didReceiveSyncNPObjectMessageReceiverMessage at /usr/src/debug/webkitgtk-2.10.4/x86_64-redhat-linux-gnu/DerivedSources/WebKit2/NPObjectMessageReceiverMessageReceiver.cpp:73 #5 WebKit::NPRemoteObjectMap::didReceiveSyncMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Shared/Plugins/NPRemoteObjectMap.cpp:226 #6 WebKit::WebProcessConnection::didReceiveSyncMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/PluginProcess/WebProcessConnection.cpp:156 #7 IPC::Connection::dispatchSyncMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/Connection.cpp:838 #8 IPC::Connection::dispatchMessage at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/Connection.cpp:901 #9 IPC::Connection::SyncMessageState::dispatchMessages at /usr/src/debug/webkitgtk-2.10.4/Source/WebKit2/Platform/IPC/Connection.cpp:174 Another GNOME Shell browser plugin crash. This one was reported in December, so again, most likely with GNOME Shell 3.18.3. Possibly the same underlying issue as in bug #154882. Full backtrace downstream.
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2016-03-01 16:43:57 PST
Another one the crash server thinks is fixed. Sorry for not checking this before reporting. :)
Michael Catanzaro
Comment 2 2016-03-09 07:44:56 PST
Got a report of this affecting 2.10.7.
Michael Catanzaro
Comment 3 2016-07-09 14:18:13 PDT
(In reply to comment #2) > Got a report of this affecting 2.10.7. Got a report of this affecting 2.12.3.
Michael Catanzaro
Comment 4 2016-07-25 07:45:50 PDT
335 reports of this in Fedora, first report is last December. Probably another regression from GNOME Shell browser plugin changes.
Carlos Garcia Campos
Comment 5 2016-10-28 06:23:39 PDT
This is a bug in the plugin, see the meta bug.
Note You need to log in before you can comment on or make changes to this bug.