NEW 253858
[GTK] Crash in webkit_web_view_session_state_new() 
https://bugs.webkit.org/show_bug.cgi?id=253858
Summary [GTK] Crash in webkit_web_view_session_state_new()
Christian Hergert
Reported 2023-03-13 17:10:17 PDT
I'm seeing a crash when restoring sessions with WebKit both in Flatpak `org.gnome.Sdk//master` and host RPMs for Fedora 38 (webkitgtk6.0-2.39.91-1.fc38.x86_64). Not as good of a stacktrace, but from flatpak-coredumpctl. (gdb) bt #0 0x00007f8540691184 in __pthread_kill_implementation () at /usr/lib/x86_64-linux-gnu/libc.so.6 #1 0x00007f854063f00e in raise () at /usr/lib/x86_64-linux-gnu/libc.so.6 #2 0x00007f85406287fc in abort () at /usr/lib/x86_64-linux-gnu/libc.so.6 #3 0x00007f85414ee40f in () at /usr/lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 #4 0x00007f85419ff811 in webkit_web_view_session_state_new () at /usr/lib/x86_64-linux-gnu/libwebkitgtk-6.0.so.4 #5 0x000055d18bcdbb7c in gbp_web_browser_workspace_addin_restore_session_item (addin=0x55d195f99580, session=0x55d18d6ebce0, item=0x55d18ef079f0) at ../src/plugins/web-browser/gbp-web-browser-workspace-addin.c:164 #6 0x000055d18baab202 in ide_workspace_addin_real_restore_sesion (addin=0x55d195f99580, session=0x55d18d6ebce0) at ../src/libide/gui/ide-workspace-addin.c:85 #7 0x000055d18baf6153 in ide_extension_set_adapter_foreach (self=0x55d18ec74120, foreach_func=0x55d18babde10 <ide_workspace_addin_restore_session_cb>, user_data=0x55d18d6ebce0) at ../src/libide/plugins/ide-extension-set-adapter.c:724 #8 0x000055d18babe53e in _ide_workspace_restore_session (self=0x55d1930bbf20, session=0x55d18d6ebce0) at ../src/libide/gui/ide-workspace-session.c:280 #9 0x000055d18baa0b62 in ide_workbench_foreach_workspace (self=<optimized out>, callback=0x55d18ba9d3d0 <ide_workbench_restore_workspace_session_cb>, user_data=0x55d18d6ebce0) at ../src/libide/gui/ide-workbench.c:708 #10 0x000055d18baa38a3 in ide_workbench_load_project_completed (self=0x55d18d86a290, task=0x55d192ef0d10) at ../src/libide/gui/ide-workbench.c:1070 #11 0x000055d18baa411b in ide_workbench_load_project_cb (object=object@entry=0x55d18d7be380, result=result@entry=0x55d18f4738c0, user_data=user_data@entry=0x55d192ef0d10) at ../src/libide/gui/ide-workbench.c:1117 #12 0x000055d18bb3269a in ide_task_return_cb (user_data=<optimized out>) at ../src/libide/threading/ide-task.c:1004 #13 0x00007f854623dd99 in g_main_context_dispatch () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #14 0x00007f854623e2f8 in g_main_context_iterate.constprop () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #15 0x00007f854623e393 in g_main_context_iteration () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0 #16 0x00007f854648272d in g_application_run () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0 #17 0x000055d18b9ae1ca in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:298 and a better stracktrace when building against host WebKit (gdb) bt #0 0x00007ffff22afb94 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff225eaee in raise () from /lib64/libc.so.6 #2 0x00007ffff224787f in abort () from /lib64/libc.so.6 #3 0x00007ffff2ed810c in webkit_web_view_session_state_new[cold] () from /lib64/libwebkitgtk-6.0.so.4 #4 0x00005555558c03ac in gbp_web_browser_workspace_addin_restore_session_item (addin=0x5555574eb100, session=0x55555719ac90, item=0x5555571d4040) at ../src/plugins/web-browser/gbp-web-browser-workspace-addin.c:164 #5 0x00005555556c4c0a in ide_workspace_addin_real_restore_sesion (addin=0x5555574eb100, session=0x55555719ac90) at ../src/libide/gui/ide-workspace-addin.c:85 #6 0x00005555557096c3 in ide_extension_set_adapter_foreach (self=0x5555574ea770, foreach_func=foreach_func@entry=0x5555556d66b0 <ide_workspace_addin_restore_session_cb>, user_data=user_data@entry=0x55555719ac90) at ../src/libide/plugins/ide-extension-set-adapter.c:724 #7 0x00005555556d6dea in _ide_workspace_restore_session (self=0x5555571e89a0, session=0x55555719ac90) at ../src/libide/gui/ide-workspace-session.c:280 #8 0x00005555556baeb2 in ide_workbench_foreach_workspace (self=self@entry=0x555555ef7610, callback=callback@entry=0x5555556b8040 <ide_workbench_restore_workspace_session_cb>, user_data=0x55555719ac90) at ../src/libide/gui/ide-workbench.c:708 #9 0x00005555556bd783 in ide_workbench_load_project_completed (self=0x555555ef7610, task=0x55555631f900) at ../src/libide/gui/ide-workbench.c:1070 #10 0x00005555556bdefb in ide_workbench_load_project_cb (object=object@entry=0x555555f11230, result=result@entry=0x55555719bef0, user_data=user_data@entry=0x55555631f900) at ../src/libide/gui/ide-workbench.c:1117 #11 0x00005555557418ab in ide_task_return_cb (user_data=<optimized out>) at ../src/libide/threading/ide-task.c:1004 #12 0x00007ffff7ca5504 in g_main_dispatch (context=0x555555b91d00) at ../../../../Projects/glib/glib/gmain.c:3460 #13 g_main_context_dispatch (context=0x555555b91d00) at ../../../../Projects/glib/glib/gmain.c:4200 #14 0x00007ffff7ca58b8 in g_main_context_iterate (context=context@entry=0x555555b91d00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../Projects/glib/glib/gmain.c:4276 #15 0x00007ffff7ca593f in g_main_context_iteration (context=context@entry=0x555555b91d00, may_block=may_block@entry=1) at ../../../../Projects/glib/glib/gmain.c:4343 #16 0x00007ffff7ecc04d in g_application_run (application=application@entry=0x555555cc7690, argc=<optimized out>, argv=<optimized out>) at ../../../../Projects/glib/gio/gapplication.c:2573 #17 0x00005555555d6dc4 in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:298 GNOME Builder related issue: https://gitlab.gnome.org/GNOME/gnome-builder/-/issues/2005
Attachments
Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2023-03-14 06:35:35 PDT
tbh the backtrace is not good enough. Could you install debuginfo in one environment or the other? In the flatpak environment you should just need org.gnome.Sdk.Debug while on the host you can either manually install the debuginfo package or just wait for debuginfod to do its thing.
Christian Hergert
Comment 2 2023-03-14 11:15:19 PDT
No problem. #0 0x00007ffff22afb94 in __pthread_kill_implementation () from /lib64/libc.so.6 #1 0x00007ffff225eaee in raise () from /lib64/libc.so.6 #2 0x00007ffff224787f in abort () from /lib64/libc.so.6 #3 0x00007ffff2ed810c in WTFCrashWithInfo () at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/redhat-linux-build/webkitgtk-6.0/WTF/Headers/wtf/Assertions.h:758 #4 WebKit::FrameState::FrameState (this=0x7fffffffce98) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/Shared/SessionState.h:68 #5 WebKit::PageState::PageState (this=0x7fffffffce90) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/Shared/SessionState.h:113 #6 WebKit::BackForwardListItemState::BackForwardListItemState (this=0x7fffffffce80) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/Shared/SessionState.h:121 #7 decodeBackForwardListItemState (version=<optimized out>, backForwardListState=..., backForwardListStateIter=0x5555582e35c0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:393 #8 decodeSessionState (sessionState=..., data=0x0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:428 #9 webkit_web_view_session_state_new (data=data@entry=0x5555582e59f0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:463 #10 0x00005555558c049c in gbp_web_browser_workspace_addin_restore_session_item (addin=0x55555752cd20, session=0x555556358650, item=0x5555571e0b30) at ../src/plugins/web-browser/gbp-web-browser-workspace-addin.c:164 #11 0x00005555556c4c0a in ide_workspace_addin_real_restore_sesion (addin=0x55555752cd20, session=0x555556358650) at ../src/libide/gui/ide-workspace-addin.c:85 #12 0x00005555557097d3 in ide_extension_set_adapter_foreach (self=0x55555752c390, foreach_func=foreach_func@entry=0x5555556d67c0 <ide_workspace_addin_restore_session_cb>, user_data=user_data@entry=0x555556358650) at ../src/libide/plugins/ide-extension-set-adapter.c:724 #13 0x00005555556d6efa in _ide_workspace_restore_session (self=0x5555571ef910, session=0x555556358650) at ../src/libide/gui/ide-workspace-session.c:280 #14 0x00005555556baeb2 in ide_workbench_foreach_workspace (self=self@entry=0x555555efbcf0, callback=callback@entry=0x5555556b8040 <ide_workbench_restore_workspace_session_cb>, user_data=0x555556358650) at ../src/libide/gui/ide-workbench.c:708 #15 0x00005555556bd783 in ide_workbench_load_project_completed (self=0x555555efbcf0, task=0x5555563072b0) at ../src/libide/gui/ide-workbench.c:1070 #16 0x00005555556bdefb in ide_workbench_load_project_cb (object=object@entry=0x555555f168f0, result=result@entry=0x55555720a7c0, user_data=user_data@entry=0x5555563072b0) at ../src/libide/gui/ide-workbench.c:1117 #17 0x00005555557419bb in ide_task_return_cb (user_data=<optimized out>) at ../src/libide/threading/ide-task.c:1004 #18 0x00007ffff7ca5504 in g_main_dispatch (context=0x555555b92bf0) at ../../../../Projects/glib/glib/gmain.c:3460 #19 g_main_context_dispatch (context=0x555555b92bf0) at ../../../../Projects/glib/glib/gmain.c:4200 #20 0x00007ffff7ca58b8 in g_main_context_iterate (context=context@entry=0x555555b92bf0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../Projects/glib/glib/gmain.c:4276 #21 0x00007ffff7ca593f in g_main_context_iteration (context=context@entry=0x555555b92bf0, may_block=may_block@entry=1) at ../../../../Projects/glib/glib/gmain.c:4343 #22 0x00007ffff7ecc04d in g_application_run (application=application@entry=0x555555c92660, argc=<optimized out>, argv=<optimized out>) at ../../../../Projects/glib/gio/gapplication.c:2573 #23 0x00005555555d6dc4 in main (argc=<optimized out>, argv=<optimized out>) at ../src/main.c:298
Michael Catanzaro
Comment 3 2023-03-14 11:25:54 PDT
I think the only way this can happen is if you call webkit_web_view_session_state_new(NULL) which is not allowed. decodeSessionState is only called directly from webkit_web_view_session_state_new() and nowhere else. So that must be what's happening, right? Nope: #8 decodeSessionState (sessionState=..., data=0x0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:428 #9 webkit_web_view_session_state_new (data=data@entry=0x5555582e59f0) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp:463 There in frame 8 it's NULL but in frame 9 it's not. Even though it's passed directly without any modification. What gives? Also, if it was NULL in frame 8 then we have a g_return_val_if_fail() that should catch it. One interesting thing: the parameters (sessionState=..., data=0x0) are printed in reverse order that they appear in the code. That's maybe weird?
Christian Hergert
Comment 4 2023-03-14 11:28:11 PDT
(In reply to Michael Catanzaro from comment #3) > I think the only way this can happen is if you call > webkit_web_view_session_state_new(NULL) which is not allowed. It's definitely non-NULL, and non-zero in size. 306 bytes is what printf() tells me. > One interesting thing: the parameters (sessionState=..., data=0x0) are > printed in reverse order that they appear in the code. That's maybe weird? I think that is just gdb's internal "decoding" helpers, they don't try to maintain order of call-site.
Christian Hergert
Comment 5 2023-03-14 11:55:01 PDT
Here is the contents of the bytes. It is a simple state that was saved by going to https://google.com and then saving the session state. 11:54:12.3224 gbp-web-browser-workspace-addin[ 783770]: TRACE: state = 0x557db53b7818 [306] 11:54:12.3224 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000000: 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . . . . . . . . . . 11:54:12.3224 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000010: 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 h t t p s : / / w w w . g o o g 11:54:12.3224 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000020: 6c 65 2e 63 6f 6d 2f 00 68 74 74 70 3a 2f 2f 67 l e . c o m / . h t t p : / / g 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000030: 6f 6f 67 6c 65 2e 63 6f 6d 2f 00 00 00 0c 00 00 o o g l e . c o m / . . . . . . 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000040: 00 02 05 00 00 80 73 74 61 74 65 04 03 00 00 80 . . . . . . s t a t e . . . . . 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000050: 75 72 6c 10 01 00 00 80 2f 08 00 00 80 6d 65 74 u r l . . . . . / . . . . m e t 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000060: 61 64 61 74 61 02 07 00 00 80 65 6e 74 72 79 49 a d a t a . . . . . e n t r y I 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000070: 64 0a 00 10 6e a8 d6 6d 78 42 06 00 00 80 70 75 d . . . n . . m x B . . . . p u 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000080: 73 68 49 64 0a 00 20 6e a8 d6 6d 78 42 07 00 00 s h I d . . n . . m x B . . . 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000090: 80 73 74 61 63 6b 49 64 0a 00 30 6e a8 d6 6d 78 . s t a c k I d . . 0 n . . m x 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 0000a0: 42 0a 00 00 80 73 74 61 63 6b 49 6e 64 65 78 06 B . . . . s t a c k I n d e x . 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 0000b0: ff ff ff ff 0b 00 00 80 70 6c 75 67 69 6e 53 74 . . . . . . . . p l u g i n S t 11:54:12.3225 gbp-web-browser-workspace-addin[ 783770]: TRACE: 0000c0: 61 74 65 02 02 00 00 80 68 73 01 01 00 00 00 00 a t e . . . . . h s . . . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 0000d0: 00 00 00 0a 00 20 6e a8 d6 6d 78 42 ff ff ff ff . . . . . n . . m x B . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 0000e0: ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00 . . . . . . . . . . . . . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 0000f0: 64 cb 22 e8 d0 f6 05 00 63 cb 22 e8 d0 f6 05 00 d . " . . . . . c . " . . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 . . . . . . . . . . . . . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000110: 00 01 d9 00 2d 00 2d 00 2c 00 2b 00 18 00 00 00 . . . . - . - . , . + . . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000120: 01 00 00 00 16 01 01 00 20 01 00 00 00 00 00 00 . . . . . . . . . . . . . . . 11:54:12.3226 gbp-web-browser-workspace-addin[ 783770]: TRACE: 000130: 2a 01 * .
Christian Hergert
Comment 6 2023-03-14 13:47:11 PDT
This appears to be caused by: #4 WebKit::FrameState::FrameState (this=0x7fffffffce98) at /usr/src/debug/webkitgtk-2.39.91-1.fc38.x86_64/Source/WebKit/Shared/SessionState.h:68 which is asserting RunLoop::isMain(). This assertion apparently fails because we are trying to create a session state object *before* a WebKitWebView has ever been created. Presumably the creation of that widget is forcing other initialization to happen, which doesn't happen when you flow through the session state deserialization. Is there an init function I can force-call? For the time being in Builder, I'll just force create the webview before the session state as a workaround for GNOME 44.
Michael Catanzaro
Comment 7 2023-03-14 14:06:05 PDT
(In reply to Christian Hergert from comment #6) > Is there an init function I can force-call? No. We need to call webkitInitialize() but it's not public. I really want to add this to class init in WTFGType.h to ensure every public type calls the init function, but can't do that because WTF cannot depend on WebKit stuff. Could have WebKit register some delegate function, but to do that, it would have to first be initialized, chicken/egg, so that's no good. Probably not a good idea to use a library constructor. So I think best we can do is manually call it at the top of class init for all API types, or at least all types that really need it. Currently that's done only for a few types: $ git grep webkitInitialize WebKit/UIProcess/API/glib/WebKitInitialize.cpp:void webkitInitialize() WebKit/UIProcess/API/glib/WebKitInitialize.h:void webkitInitialize(); WebKit/UIProcess/API/glib/WebKitInputMethodContext.cpp: WebKit::webkitInitialize(); WebKit/UIProcess/API/glib/WebKitNetworkSession.cpp: webkitInitialize(); WebKit/UIProcess/API/glib/WebKitSettings.cpp: webkitInitialize(); WebKit/UIProcess/API/glib/WebKitUserContentFilterStore.cpp: webkitInitialize(); WebKit/UIProcess/API/glib/WebKitUserContentManager.cpp: webkitInitialize(); WebKit/UIProcess/API/glib/WebKitWebContext.cpp: webkitInitialize(); WebKit/UIProcess/API/glib/WebKitWebsiteDataManager.cpp: webkitInitialize(); WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp: // Usually starting a context triggers webkitInitialize, but in case WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp: WebKit::webkitInitialize(); I first tried this: -G_DEFINE_BOXED_TYPE(WebKitWebViewSessionState, webkit_web_view_session_state, webkit_web_view_session_state_ref, webkit_web_view_session_state_unref) +G_DEFINE_BOXED_TYPE_WITH_CODE(WebKitWebViewSessionState, webkit_web_view_session_state, webkit_web_view_session_state_ref, webkit_web_view_session_state_unref, webkitInitialize()) But it's not enough because the crash occurs in webkit_web_view_session_state_new() before the WebKitWebViewSessionState object is actually created. That's an awkward location for a webkitInitialize() call, but it seems unavoidable. So fix is: diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp b/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp index c34347b08ab3..b58bc19b44c0 100644 --- a/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp +++ b/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp @@ -20,6 +20,7 @@ #include "config.h" #include "WebKitWebViewSessionState.h" +#include "WebKitInitialize.h" #include "WebKitWebViewSessionStatePrivate.h" #include <WebCore/BackForwardItemIdentifier.h> #include <wtf/glib/GRefPtr.h> @@ -459,6 +460,8 @@ WebKitWebViewSessionState* webkit_web_view_session_state_new(GBytes* data) { g_return_val_if_fail(data, nullptr); + webkitInitialize(); + SessionState sessionState; if (!decodeSessionState(data, sessionState)) return nullptr; Normally this is where I would prepare a pull request, but we have to fix bug #253758 first.
Michael Catanzaro
Comment 8 2023-03-14 14:07:08 PDT
(In reply to Michael Catanzaro from comment #7) > I really want to add this to class init in WTFGType.h to ensure every public > type calls the init function, but can't do that because WTF cannot depend on > WebKit stuff. And that wouldn't work anyway because this is a boxed type and so doesn't have a class_init.
Carlos Garcia Campos
Comment 9 2023-03-14 22:53:17 PDT
(In reply to Michael Catanzaro from comment #7) > (In reply to Christian Hergert from comment #6) > > Is there an init function I can force-call? > > No. We need to call webkitInitialize() but it's not public. > > I really want to add this to class init in WTFGType.h to ensure every public > type calls the init function, but can't do that because WTF cannot depend on > WebKit stuff. Could have WebKit register some delegate function, but to do > that, it would have to first be initialized, chicken/egg, so that's no good. > Probably not a good idea to use a library constructor. So I think best we > can do is manually call it at the top of class init for all API types, or at > least all types that really need it. Currently that's done only for a few > types: > > $ git grep webkitInitialize > WebKit/UIProcess/API/glib/WebKitInitialize.cpp:void webkitInitialize() > WebKit/UIProcess/API/glib/WebKitInitialize.h:void webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitInputMethodContext.cpp: > WebKit::webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitNetworkSession.cpp: webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitSettings.cpp: webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitUserContentFilterStore.cpp: > webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitUserContentManager.cpp: > webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitWebContext.cpp: webkitInitialize(); > WebKit/UIProcess/API/glib/WebKitWebsiteDataManager.cpp: > webkitInitialize(); > WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp: // Usually starting a > context triggers webkitInitialize, but in case > WebKit/UIProcess/API/gtk/WebKitWebViewBase.cpp: > WebKit::webkitInitialize(); > > I first tried this: > > -G_DEFINE_BOXED_TYPE(WebKitWebViewSessionState, > webkit_web_view_session_state, webkit_web_view_session_state_ref, > webkit_web_view_session_state_unref) > +G_DEFINE_BOXED_TYPE_WITH_CODE(WebKitWebViewSessionState, > webkit_web_view_session_state, webkit_web_view_session_state_ref, > webkit_web_view_session_state_unref, webkitInitialize()) > > But it's not enough because the crash occurs in > webkit_web_view_session_state_new() before the WebKitWebViewSessionState > object is actually created. That's an awkward location for a > webkitInitialize() call, but it seems unavoidable. So fix is: > > diff --git a/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp > b/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp > index c34347b08ab3..b58bc19b44c0 100644 > --- a/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp > +++ b/Source/WebKit/UIProcess/API/glib/WebKitWebViewSessionState.cpp > @@ -20,6 +20,7 @@ > #include "config.h" > #include "WebKitWebViewSessionState.h" > > +#include "WebKitInitialize.h" > #include "WebKitWebViewSessionStatePrivate.h" > #include <WebCore/BackForwardItemIdentifier.h> > #include <wtf/glib/GRefPtr.h> > @@ -459,6 +460,8 @@ WebKitWebViewSessionState* > webkit_web_view_session_state_new(GBytes* data) > { > g_return_val_if_fail(data, nullptr); > > + webkitInitialize(); > + > SessionState sessionState; > if (!decodeSessionState(data, sessionState)) > return nullptr; This is indeed the right fix. > Normally this is where I would prepare a pull request, but we have to fix > bug #253758 first.
Note You need to log in before you can comment on or make changes to this bug.