RESOLVED FIXED269699
[GTK] Crash in WebPageProxy::getLoadDecisionForIcon 
https://bugs.webkit.org/show_bug.cgi?id=269699
Summary [GTK] Crash in WebPageProxy::getLoadDecisionForIcon
Kdwk
Reported 2024-02-19 04:07:42 PST
Created attachment 469957 [details] gdb (bt full; c).txt 1. Using Gnome Web 46.alpha-8-gfe080d446 (jhbuild), WebKitGTK 2.43.4 (270164@main) (jhbuild), GStreamer 1.22.9 2. Visit reddit.com, wait for a while 3. Crash
Attachments
gdb (bt full; c).txt (10.81 KB, text/plain)
2024-02-19 04:07 PST, Kdwk 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2024-02-19 08:28:07 PST
Notably bytes=0x0
Michael Catanzaro
Comment 2 2024-02-20 06:42:24 PST
(In reply to Kdwk from comment #0) > WebKitGTK 2.43.4 (270164@main) (jhbuild) Please double check this. One or the other is not right.
Michael Catanzaro
Comment 3 2024-02-20 06:44:19 PST
OK, I can reproduce. It crashes after just a few seconds when using 274884@main with GStreamer 1.22.8.
Kdwk
Comment 4 2024-02-20 06:45:19 PST
(In reply to Michael Catanzaro from comment #2) > (In reply to Kdwk from comment #0) > > WebKitGTK 2.43.4 (270164@main) (jhbuild) > > Please double check this. One or the other is not right. What’s not right? I copied this from About Web -> Troubleshooting-> Debugging Information
Michael Catanzaro
Comment 5 2024-02-20 08:37:00 PST
270164@main is three months old. WebKitGTK 2.43.4 is recent.
Kdwk
Comment 6 2024-02-27 06:42:46 PST
I believe this is still happening with WebKitGTK 2.43.4 (274974@main)
Philippe Normand
Comment 7 2024-02-28 09:44:42 PST
(In reply to Kdwk from comment #6) > I believe this is still happening with WebKitGTK 2.43.4 (274974@main) Oh yes, with current main, GTK MiniBrowser crashes when loading YT...
Philippe Normand
Comment 8 2024-02-28 10:00:48 PST
The iconData m_buffer is non-contiguous, so SharedBufferReference::data() returns null... (gdb) p iconData $1 = (const IPC::SharedBufferReference &) @0x7fff4f063cb0: {m_size = 2783, m_buffer = {static isRefPtr = <optimized out>, m_ptr = 0x7f0a850e1280}, m_memory = {static isRefPtr = <optimized out>, m_ptr = 0x0}} (gdb) p iconData.m_buffer $2 = {static isRefPtr = <optimized out>, m_ptr = 0x7f0a850e1280} (gdb) p *$2.m_ptr $3 = {<WTF::ThreadSafeRefCounted<WebCore::FragmentedSharedBuffer, (WTF::DestructionThread)0>> = {<WTF::ThreadSafeRefCountedBase> = {m_refCount = std::atomic<unsigned int> = { 1 }, m_deletionHasBegun = std::atomic<bool> = { false }, m_isAllocatedMemory = std::atomic<WTF::ThreadSafeRefCountedBase::IsAllocatedMemory> = { WTF::ThreadSafeRefCountedBase::IsAllocatedMemory::Yes }}, <No data fields>}, m_segments = WTF::Vector of length 2, capacity 16 = {{beginPosition = 0, segment = {static isRef = <optimized out>, m_ptr = 0x7f0a85025cb0}}, {beginPosition = 512, segment = {static isRef = <optimized out>, m_ptr = 0x7f0a85025ce0}}}, m_contiguous = false, m_size = 2783}
Philippe Normand
Comment 9 2024-02-28 10:04:21 PST
I suppose it's not an issue on Apple ports because the don't USE(UNIX_DOMAIN_SOCKETS) so a different code path is taken?
Philippe Normand
Comment 10 2024-02-28 10:18:19 PST
This naïve patch seems to work... http://sprunge.us/bpmStR
Adrian Perez
Comment 11 2024-02-28 12:09:07 PST
(In reply to Philippe Normand from comment #10) > This naïve patch seems to work... http://sprunge.us/bpmStR rs=me
Philippe Normand
Comment 12 2024-02-28 12:21:00 PST
Pull request: https://github.com/WebKit/WebKit/pull/25248
Carlos Garcia Campos
Comment 13 2024-02-29 02:54:33 PST
Pull request: https://github.com/WebKit/WebKit/pull/25289
EWS
Comment 14 2024-03-01 00:30:34 PST
Committed 275540@main (6a7b2d62c794): <https://commits.webkit.org/275540@main> Reviewed commits have been landed. Closing PR #25289 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.