RESOLVED FIXED 209471
[GTK] MiniBrowser: valgrind claims 'Invalid write of size 8' on close 
https://bugs.webkit.org/show_bug.cgi?id=209471
Summary [GTK] MiniBrowser: valgrind claims 'Invalid write of size 8' on close
Milan Crha
Reported 2020-03-24 02:39:37 PDT
I am at r258908 and closing the MiniBrowser shows Invalid write in valgrind. Steps: a) run MiniBrowser b) right-click an image and pick "Open Image in New Window" c) close the window with the image d) close the MiniBrowser With both "close" I use the mouse and click on the "x" button in the window title. valgrind report: ==17379== Thread 1: ==17379== Invalid write of size 8 ==17379== at 0x10417E63B: g_nullify_pointer (gutils.c:2239) ==17379== by 0x10409FFF8: weak_refs_notify (gobject.c:2950) ==17379== by 0x104116EFE: g_data_set_internal (gdataset.c:407) ==17379== by 0x1041173E9: g_datalist_id_set_data_full (gdataset.c:670) ==17379== by 0x10409BC3E: g_object_real_dispose (gobject.c:1200) ==17379== by 0x1038E806B: gtk_window_dispose (gtkwindow.c:3164) ==17379== by 0x10409BE8D: g_object_run_dispose (gobject.c:1257) ==17379== by 0x1040975CF: g_cclosure_marshal_VOID__VOID (gmarshal.c:117) ==17379== by 0x104094231: g_closure_invoke (gclosure.c:810) ==17379== by 0x1040B25A0: signal_emit_unlocked_R (gsignal.c:3635) ==17379== by 0x1040B1892: g_signal_emit_valist (gsignal.c:3391) ==17379== by 0x1040B1E15: g_signal_emit (gsignal.c:3447) ==17379== by 0x413457: browserWindowTryClose (BrowserWindow.c:281) ==17379== by 0x4133BD: browserWindowDeleteEvent (BrowserWindow.c:1120) ==17379== by 0x10391E9EE: _gtk_marshal_BOOLEAN__BOXEDv (gtkmarshalers.c:129) ==17379== by 0x104094925: g_type_class_meta_marshalv (gclosure.c:1034) ==17379== by 0x1040944D3: _g_closure_invoke_va (gclosure.c:873) ==17379== by 0x1040B0BCA: g_signal_emit_valist (gsignal.c:3300) ==17379== by 0x1040B1E15: g_signal_emit (gsignal.c:3447) ==17379== by 0x1038CAD12: gtk_widget_event_internal (gtkwidget.c:7744) ==17379== by 0x1038CAD12: gtk_widget_event_internal (gtkwidget.c:7613) ==17379== by 0x103789128: gtk_main_do_event (gtkmain.c:1817) ==17379== by 0x103789128: gtk_main_do_event (gtkmain.c:1685) ==17379== by 0x103C85EC8: _gdk_event_emit (gdkevents.c:73) ==17379== by 0x103CB7C35: gdk_event_source_dispatch (gdkeventsource.c:367) ==17379== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==17379== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867) ==17379== by 0x10413B214: g_main_context_iterate (gmain.c:3940) ==17379== by 0x10413B63B: g_main_loop_run (gmain.c:4136) ==17379== by 0x1037881AC: gtk_main (gtkmain.c:1323) ==17379== by 0x416539: main (main.c:649) ==17379== Address 0x151ab47f8 is 840 bytes inside a block of size 904 free'd ==17379== at 0x100839A0C: free (vg_replace_malloc.c:540) ==17379== by 0x104142E6F: g_free (gmem.c:192) ==17379== by 0x10415E1ED: g_slice_free1 (gslice.c:1135) ==17379== by 0x1040B76D4: g_type_free_instance (gtype.c:1936) ==17379== by 0x1040A0FFA: g_object_unref (gobject.c:3541) ==17379== by 0x1037890E7: gtk_main_do_event (gtkmain.c:1832) ==17379== by 0x1037890E7: gtk_main_do_event (gtkmain.c:1685) ==17379== by 0x103C85EC8: _gdk_event_emit (gdkevents.c:73) ==17379== by 0x103CB7C35: gdk_event_source_dispatch (gdkeventsource.c:367) ==17379== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==17379== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867) ==17379== by 0x10413B214: g_main_context_iterate (gmain.c:3940) ==17379== by 0x10413B63B: g_main_loop_run (gmain.c:4136) ==17379== by 0x1037881AC: gtk_main (gtkmain.c:1323) ==17379== by 0x416539: main (main.c:649) ==17379== Block was alloc'd at ==17379== at 0x10083880B: malloc (vg_replace_malloc.c:309) ==17379== by 0x104142D14: g_malloc (gmem.c:99) ==17379== by 0x10415DFB1: g_slice_alloc (gslice.c:1024) ==17379== by 0x10415DFF1: g_slice_alloc0 (gslice.c:1050) ==17379== by 0x1040B727E: g_type_create_instance (gtype.c:1836) ==17379== by 0x10409D255: g_object_new_internal (gobject.c:1959) ==17379== by 0x10409E138: g_object_new_valist (gobject.c:2287) ==17379== by 0x10409CE0D: g_object_new (gobject.c:1797) ==17379== by 0x4119F2: browser_window_new (BrowserWindow.c:1140) ==17379== by 0x415217: webViewCreate (BrowserWindow.c:340) ==17379== by 0x107601B27: ffi_call_unix64 (in /usr/lib64/libffi.so.6.0.2) ==17379== by 0x107601338: ffi_call (in /usr/lib64/libffi.so.6.0.2) ==17379== by 0x1040959D9: g_cclosure_marshal_generic (gclosure.c:1500) ==17379== by 0x104094231: g_closure_invoke (gclosure.c:810) ==17379== by 0x1040B25A0: signal_emit_unlocked_R (gsignal.c:3635) ==17379== by 0x1040B1928: g_signal_emit_valist (gsignal.c:3401) ==17379== by 0x1040B1E15: g_signal_emit (gsignal.c:3447) ==17379== by 0x1011EF898: webkitWebViewCreateNewPage(_WebKitWebView*, WebCore::WindowFeatures const&, _WebKitNavigationAction*) (WebKitWebView.cpp:2327) ==17379== by 0x1011E11D5: UIClient::createNewPage(WebKit::WebPageProxy&, WebCore::WindowFeatures&&, WTF::Ref<API::NavigationAction, WTF::DumbPtrTraits<API::NavigationAction> >&&, WTF::CompletionHandler<void (WTF::RefPtr<WebKit::WebPageProxy, WTF::DumbPtrTraits<WebKit::WebPageProxy> >&&)>&&) (WebKitUIClient.cpp:67) ==17379== by 0x101128084: operator() (WebPageProxy.cpp:5487) ==17379== by 0x101128084: call (Function.h:52) ==17379== by 0x101128084: operator() (Function.h:84) ==17379== by 0x101128084: trySOAuthorization (WebPageProxy.cpp:5453) ==17379== by 0x101128084: WebKit::WebPageProxy::createNewPage(WebKit::FrameInfoData&&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest&&, WebCore::WindowFeatures&&, WebKit::NavigationActionData&&, WTF::CompletionHandler<void (WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > const&, WTF::Optional<WebKit::WebPageCreationParameters> const&)>&&) (WebPageProxy.cpp:5486) ==17379== by 0x100EF4822: callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::FrameInfoData &&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest &&, WebCore::WindowFeatures &&, WebKit::NavigationActionData &&, WTF::CompletionHandler<void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &)> &&), void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &), std::tuple<WebKit::FrameInfoData, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest, WebCore::WindowFeatures, WebKit::NavigationActionData>, 0, 1, 2, 3, 4> (HandleMessage.h:55) ==17379== by 0x100EF4822: callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::FrameInfoData &&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest &&, WebCore::WindowFeatures &&, WebKit::NavigationActionData &&, WTF::CompletionHandler<void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &)> &&), void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &), std::tuple<WebKit::FrameInfoData, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest, WebCore::WindowFeatures, WebKit::NavigationActionData>, std::integer_sequence<unsigned long, 0, 1, 2, 3, 4> > (HandleMessage.h:61) ==17379== by 0x100EF4822: handleMessageSynchronous<Messages::WebPageProxy::CreateNewPage, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WebKit::FrameInfoData &&, WTF::Optional<WTF::ObjectIdentifier<WebKit::WebPageProxyIdentifierType> >, WebCore::ResourceRequest &&, WebCore::WindowFeatures &&, WebKit::NavigationActionData &&, WTF::CompletionHandler<void (const WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> > &, const WTF::Optional<WebKit::WebPageCreationParameters> &)> &&)> (HandleMessage.h:142) ==17379== by 0x100EF4822: WebKit::WebPageProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (WebPageProxyMessageReceiver.cpp:2201) ==17379== by 0x101082C9E: IPC::MessageReceiverMap::dispatchSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (MessageReceiverMap.cpp:140) ==17379== by 0x10116218F: didReceiveSyncMessage (WebProcessProxy.cpp:767) ==17379== by 0x10116218F: non-virtual thunk to WebKit::WebProcessProxy::didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder, std::default_delete<IPC::Encoder> >&) (WebProcessProxy.cpp:0) ==17379== by 0x10107B31E: IPC::Connection::dispatchSyncMessage(IPC::Decoder&) (Connection.cpp:929) ==17379== by 0x10107B863: IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) (Connection.cpp:1075) ==17379== by 0x1010778EF: dispatch (Connection.cpp:119) ==17379== by 0x1010778EF: IPC::Connection::SyncMessageState::dispatchMessagesAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&) (Connection.cpp:197) ==17379== by 0x105650358: operator() (Lock.h:84) ==17379== by 0x105650358: WTF::RunLoop::performWork() (RunLoop.cpp:119) ==17379== by 0x10569FA15: operator() (RunLoopGLib.cpp:68) ==17379== by 0x10569FA15: WTF::RunLoop::RunLoop()::$_0::__invoke(void*) (RunLoopGLib.cpp:67) ==17379== by 0x10413A139: g_main_dispatch (gmain.c:3202) ==17379== by 0x10413B02F: g_main_context_dispatch (gmain.c:3867)
Attachments
Patch (1.94 KB, patch)
2020-04-01 03:06 PDT, Carlos Garcia Campos 		aperez: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Carlos Garcia Campos
Comment 1 2020-04-01 03:06:08 PDT
Created attachment 395156 [details] Patch
Carlos Garcia Campos
Comment 2 2020-04-01 05:15:48 PDT
Committed r259339: <https://trac.webkit.org/changeset/259339>
Note You need to log in before you can comment on or make changes to this bug.