200222 – webkit_cookie_manager_get_cookies gives segmentation fault

Bug 200222 - webkit_cookie_manager_get_cookies gives segmentation fault

Summary: webkit_cookie_manager_get_cookies gives segmentation fault

Status:	RESOLVED WONTFIX

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	Other
Hardware:	PC Linux

Importance:	P2 Minor
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-07-29 05:54 PDT by Harsh Vardhan Rai
Modified:	2019-07-29 11:30 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Sample program (1.56 KB, text/x-csrc) 2019-07-29 05:54 PDT, Harsh Vardhan Rai	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Harsh Vardhan Rai 2019-07-29 05:54:10 PDT

Created attachment 375071 [details]
Sample program

Hi devs,
I was trying the webkit_cookie_manager_get_cookies function call for getting the cookies but I was experiencing seg fault. I tried webkit_cookie_manager_get_domains_with_cookies from which I was able to get the result but I need the cookie's details for the application I am trying to develop. In the sample program with which I am getting the issue, I am just trying to open google.com and get the cookies. (I have attached the program  file). The core dump's size is 1.7G so I am giving a onedrive link for it.(core dump is with debug packages). For a quick preview here is the "thread apply all bt" output after the crash.


Thread 12 (Thread 0x7fff8d7f8700 (LWP 8410)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1c09f90 in WTF::RunLoop::run() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00007ffff1be1aac in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#5  0x00007ffff1c08129 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#6  0x00007ffff478f6ba in start_thread (arg=0x7fff8d7f8700) at pthread_create.c:333
#7  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 11 (Thread 0x7fff8dff9700 (LWP 8409)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1c09f90 in WTF::RunLoop::run() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00007ffff1be1aac in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#5  0x00007ffff1c08129 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#6  0x00007ffff478f6ba in start_thread (arg=0x7fff8dff9700) at pthread_create.c:333
#7  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
---Type <return> to continue, or q <return> to quit---

Thread 10 (Thread 0x7fff8e7fa700 (LWP 8408)):
#0  0x00007ffff1bc623c in WTFCrash () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#1  0x00007ffff5bc6bd6 in WebKit::CallbackMap::put(WTF::Ref<WebKit::CallbackBase, WTF::DumbPtrTraits<WebKit::CallbackBase> >&&) (callback=<optimized out>, this=<optimized out>)
    at /build/webkit2gtk-E_rJ3_/webkit2gtk-2.20.5/Source/WebKit/UIProcess/GenericCallback.h:176
#2  WebKit::CallbackMap::put<WTF::Vector<WebCore::Cookie, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebKit::CallbackBase::Error>(WTF::Function<void (WTF::Vector<WebCore::Cookie, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebKit::CallbackBase::Error)>&&) (function=<optimized out>, this=<optimized out>)
    at /build/webkit2gtk-E_rJ3_/webkit2gtk-2.20.5/Source/WebKit/UIProcess/GenericCallback.h:206
#3  WebKit::WebCookieManagerProxy::getCookies(PAL::SessionID, WebCore::URL const&, WTF::Function<void (WTF::Vector<WebCore::Cookie, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc> const&, WebKit::CallbackBase::Error)>&&) (this=<optimized out>, sessionID=sessionID@entry=..., url=..., 
    callbackFunction=callbackFunction@entry=<unknown type in /usr/lib/debug/.build-id/77/5b4022ee4a85d12697b8791001b40570c25f98.debug, CU 0x2b29da6, DIE 0x2bb7285>)
    at /build/webkit2gtk-E_rJ3_/webkit2gtk-2.20.5/Source/WebKit/UIProcess/WebCookieManagerProxy.cpp:169
#4  0x00007ffff5e4ae7c in webkit_cookie_manager_get_cookies (manager=<optimized out>, uri=<optimized out>, cancellable=<optimized out>, callback=<optimized out>, 
    userData=<optimized out>) at /build/webkit2gtk-E_rJ3_/webkit2gtk-2.20.5/Source/WebKit/UIProcess/API/glib/WebKitCookieManager.cpp:339
#5  0x0000000000400faf in printCookies () at getCookies.c:22
#6  0x00007ffff478f6ba in start_thread (arg=0x7fff8e7fa700) at pthread_create.c:333
#7  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 8 (Thread 0x7fff8f7fc700 (LWP 8405)):
#0  syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38
---Type <return> to continue, or q <return> to quit---
#1  0x00007ffff29e2d9a in g_cond_wait_until () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff2972999 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff2972fbb in g_async_queue_timeout_pop () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007ffff29c56aa in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007ffff29c4c55 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x00007ffff478f6ba in start_thread (arg=0x7fff8f7fc700) at pthread_create.c:333
#7  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 7 (Thread 0x7fff8fffd700 (LWP 8404)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:225
#1  0x00007ffff1c08bea in WTF::ThreadCondition::timedWait(WTF::Mutex&, WTF::WallTime) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#2  0x00007ffff1bddd5c in WTF::ParkingLot::parkConditionallyImpl(void const*, WTF::ScopedLambda<bool ()> const&, WTF::ScopedLambda<void ()> const&, WTF::TimeWithDynamicClockType const&) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#3  0x00007ffff1bca462 in WTF::sleep(WTF::Seconds) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00007ffff5eaebbd in WebKit::MemoryPressureMonitor::<lambda()>::operator() (__closure=<optimized out>)
    at /build/webkit2gtk-E_rJ3_/webkit2gtk-2.20.5/Source/WebKit/UIProcess/linux/MemoryPressureMonitor.cpp:254
#5  WTF::Function<void()>::CallableWrapper<WebKit::MemoryPressureMonitor::MemoryPressureMonitor()::<lambda()> >::call(void) (this=0x7fffddcfa110)
    at /build/webkit2gtk-E_rJ3_/webkit2gtk-2.20.5/obj-x86_64-linux-gnu/DerivedSources/ForwardingHeaders/wtf/Function.h:101
#6  0x00007ffff1be1aac in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#7  0x00007ffff1c08129 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
---Type <return> to continue, or q <return> to quit---
#8  0x00007ffff478f6ba in start_thread (arg=0x7fff8fffd700) at pthread_create.c:333
#9  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 6 (Thread 0x7fffdd3fe700 (LWP 8399)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1c09f90 in WTF::RunLoop::run() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00007ffff1be1aac in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#5  0x00007ffff1c08129 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#6  0x00007ffff478f6ba in start_thread (arg=0x7fffdd3fe700) at pthread_create.c:333
#7  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 5 (Thread 0x7fffddbff700 (LWP 8398)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff1c09f90 in WTF::RunLoop::run() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#4  0x00007ffff1be1aac in WTF::Thread::entryPoint(WTF::Thread::NewThreadContext*) () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#5  0x00007ffff1c08129 in ?? () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
---Type <return> to continue, or q <return> to quit---
#6  0x00007ffff478f6ba in start_thread (arg=0x7fffddbff700) at pthread_create.c:333
#7  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 4 (Thread 0x7fffdf678700 (LWP 8397)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff2d499d6 in ?? () from /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#4  0x00007ffff29c4c55 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007ffff478f6ba in start_thread (arg=0x7fffdf678700) at pthread_create.c:333
#6  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 3 (Thread 0x7fffdfe79700 (LWP 8396)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e49c in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff299e4d9 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007ffff29c4c55 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007ffff478f6ba in start_thread (arg=0x7fffdfe79700) at pthread_create.c:333
#6  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
---Type <return> to continue, or q <return> to quit---

Thread 2 (Thread 0x7fffe14a8700 (LWP 8395)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:225
#1  0x00007ffff1c163c0 in bmalloc::Scavenger::threadRunLoop() () from /usr/lib/x86_64-linux-gnu/libjavascriptcoregtk-4.0.so.18
#2  0x00007fffebe3ac80 in ?? () from /usr/lib/x86_64-linux-gnu/libstdc++.so.6
#3  0x00007ffff478f6ba in start_thread (arg=0x7fffe14a8700) at pthread_create.c:333
#4  0x00007ffff44c541d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7ffff7f18a40 (LWP 8370)):
#0  0x00007ffff44b974d in poll () at ../sysdeps/unix/syscall-template.S:84
#1  0x00007ffff299e38c in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ffff299e712 in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ffff4e09395 in gtk_main () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#4  0x00000000004010df in main (argc=1, argv=0x7fffffffd6c8) at getCookies.c:45





Onedrive link -: https://1drv.ms/u/s!AthhCL-gl6UtiiSsN78k-UBRTQM0?e=vHBCdK. This crash should be reproducible on your system too as I have tested it on two different VMs where also this crash was reproducible. If it is not the case then I hope this core dump helps.

Comment 1 Michael Catanzaro 2019-07-29 10:29:22 PDT

Problem is you can't use WebKit functions on a secondary thread like you're trying to do. It must only be used on the thread that called gtk_init(). Similarly, you need to make sure you only use GTK from the GTK thread. As a rule, most Linux libraries are not threadsafe unless documented otherwise.

You can still do long-running work on a secondary thread, but when you need to use the WebKit or GTK APIs, post the work back to the default main context using g_idle_add() or g_main_context_invoke() (assuming your GTK thread is your main thread; in theory you could use GTK entirely from one secondary thread instead, though I wouldn't recommend it).

Comment 2 Harsh Vardhan Rai 2019-07-29 11:30:04 PDT

Thanks for the quick response Michael. I thought adding it to the main event loop was only needed for GTK functions. I guess it makes sense that webkit funcitons will also require main event lopp since its webkit"GTK". Thanks a lot :)