NEW167307
[GTK] UI process crash in webkit_back_forward_list_get_current_item 
https://bugs.webkit.org/show_bug.cgi?id=167307
Summary [GTK] UI process crash in webkit_back_forward_list_get_current_item
Michael Catanzaro
Reported 2017-01-23 08:24:35 PST
I have 51 reports of this UI process crash in webkit_back_forward_list_get_current_item. Looks like this occurs when performing a delayed page load (loading a saved tab for the first time after opening Epiphany): Thread 1 (Thread 0x7f7119147fc0 (LWP 2493)): #0 0x00007f71154d8a3c in WTFCrash() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Assertions.cpp:323 #1 0x00007f7115c8c199 in WTF::CrashOnOverflow::crash() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/CheckedArithmetic.h:85 #2 0x00007f7115c8c199 in WTF::CrashOnOverflow::overflowed() () at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/CheckedArithmetic.h:78 #3 0x00007f7115c8c199 in WTF::Vector<WTF::RefPtr<WebKit::WebBackForwardListItem>, 0ul, WTF::CrashOnOverflow, 16ul>::at(unsigned long) const (i=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:661 #4 0x00007f7115c8c199 in WTF::Vector<WTF::RefPtr<WebKit::WebBackForwardListItem>, 0ul, WTF::CrashOnOverflow, 16ul>::operator[](unsigned long) const (i=<optimized out>, this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WTF/wtf/Vector.h:676 #5 0x00007f7115c8c199 in WebKit::WebBackForwardList::currentItem() const (this=<optimized out>) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/UIProcess/WebBackForwardList.cpp:212 #6 0x00007f7115e66fd4 in webkit_back_forward_list_get_current_item(WebKitBackForwardList*) (backForwardList=0x560cbd098720 [WebKitBackForwardList]) at /usr/src/debug/webkitgtk-2.14.2/Source/WebKit2/UIProcess/API/gtk/WebKitBackForwardList.cpp:166 #7 0x0000560cbbc45fa2 in load_delayed_request_if_mapped (user_data=user_data@entry=0x560cbc98f2d0) at ephy-embed.c:648 embed = 0x560cbc98f2d0 [EphyEmbed] web_view = 0x560cbd0063d0 [EphyWebView] item = <optimized out> #8 0x00007f71111f688d in g_timeout_dispatch (source=0x560cbcf6c120, callback=0x560cbbc45f00 <load_delayed_request_if_mapped>, user_data=0x560cbc98f2d0) at gmain.c:4674 timeout_source = 0x560cbcf6c120 again = <optimized out> I considered that this might be an Epiphany bug, but I don't think it is. We are careful to ensure that callback is not called after the EphyEmbed is disposed. I think the WebBackForwardList has been somehow corrupted, possibly due to a problem with session state.
Attachments
Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.