Bug 191353 - [GTK] Crash when running with sandbox enabled
Summary: [GTK] Crash when running with sandbox enabled
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks:
 
Reported: 2018-11-07 01:39 PST by Carlos Garcia Campos
Modified: 2018-11-08 00:29 PST (History)
2 users (show)

See Also:

Attachments
Patch (1.45 KB, patch)
2018-11-07 01:43 PST, Carlos Garcia Campos 		mcatanzaro: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos Garcia Campos 2018-11-07 01:39:48 PST 
Thread 1 "MiniBrowser" received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:93
93	../sysdeps/x86_64/multiarch/strlen-avx2.S: No existe el fichero o el directorio.
(gdb) bt
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:93
#1  0x00007ffff14084c1 in g_key_file_parse_string_as_value (key_file=key_file@entry=0x555555c38f80, string=0x2f7273752f3a6769 <error: Cannot access memory at address 0x2f7273752f3a6769>, 
    escape_separator=escape_separator@entry=1) at gkeyfile.c:4340
#2  0x00007ffff140b6fc in g_key_file_set_string_list (key_file=0x555555c38f80, group_name=0x7ffff70b8d7a "Context", key=0x7ffff70bbe81 "shared", list=0x7fffffffcea0, length=8)
    at gkeyfile.c:2129
#3  0x00007ffff527e94f in WebKit::bubblewrapSpawn(_GSubprocessLauncher*, WebKit::ProcessLauncher::LaunchOptions const&, char**, _GError**) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#4  0x00007ffff52834a3 in WebKit::ProcessLauncher::launchProcess() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#5  0x00007ffff5133e08 in WebKit::ChildProcessProxy::connect() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#6  0x00007ffff51b738e in WebKit::WebProcessProxy::create(WebKit::WebProcessPool&, WebKit::WebsiteDataStore&, WebKit::WebProcessProxy::IsPrewarmed) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#7  0x00007ffff5199d45 in WebKit::WebProcessPool::createNewWebProcess(WebKit::WebsiteDataStore&, WebKit::WebProcessProxy::IsPrewarmed) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#8  0x00007ffff519ceb4 in WebKit::WebProcessPool::createWebPage(WebKit::PageClient&, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#9  0x00007ffff5251c83 in webkitWebViewBaseCreateWebPage(_WebKitWebViewBase*, WTF::Ref<API::PageConfiguration, WTF::DumbPtrTraits<API::PageConfiguration> >&&) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#10 0x00007ffff522ee54 in webkitWebContextCreatePageForWebView(_WebKitWebContext*, _WebKitWebView*, _WebKitUserContentManager*, _WebKitWebView*) ()
   from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#11 0x00007ffff5235ec0 in webkitWebViewConstructed(_GObject*) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libwebkit2gtk-4.0.so.37
#12 0x00007ffff16f10b0 in g_object_new_internal (class=class@entry=0x555555c102c0, params=params@entry=0x7fffffffd680, n_params=n_params@entry=4) at gobject.c:1845
#13 0x00007ffff16f2c60 in g_object_new_valist (object_type=<optimized out>, first_property_name=<optimized out>, var_args=var_args@entry=0x7fffffffd7c8) at gobject.c:2128
#14 0x00007ffff16f2fbc in g_object_new (object_type=<optimized out>, first_property_name=<optimized out>) at gobject.c:1648
#15 0x00005555555617ca in main ()

This is in createFlatpakInfo() because g_key_file_set_string_list() is receiving an non null-terminated array.
Comment 1 Carlos Garcia Campos 2018-11-07 01:43:59 PST 
Created attachment 354074 [details]
Patch
Comment 2 Carlos Garcia Campos 2018-11-08 00:29:04 PST 
Committed r237982: <https://trac.webkit.org/changeset/237982>