NEW278187
REGRESSION(278818@main): Crash in Epiphany when closing a tab before gesture completes 
https://bugs.webkit.org/show_bug.cgi?id=278187
Summary REGRESSION(278818@main): Crash in Epiphany when closing a tab before gesture ...
darkblaze69
Reported 2024-08-15 14:11:08 PDT
Created attachment 472182 [details] gdb.log * Epiphany version: 47.beta-30-g8f6b6395d * WebKitGTK version: 2.45.6 * Distributor: Arch Linux Crash when closing a tab.
Attachments
gdb.log (156.96 KB, text/x-log)
2024-08-15 14:11 PDT, darkblaze69 		no flags
Details
gdb-142753.log (132.94 KB, text/x-log)
2024-08-17 02:37 PDT, darkblaze69 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Michael Catanzaro
Comment 1 2024-08-16 05:01:21 PDT
So the problem here is: * Gesture begins * Tab is closed, web view is destroyed * Gesture finishes, WebPageProxy::didEndViewGesture calls WebPageProxy::protectedPageClient * PageClient::ref attempts to g_object_ref() the destroyed web view * object_ref: assertion '!object_already_finalized' failed
Michael Catanzaro
Comment 2 2024-08-16 09:39:17 PDT
Any chance you're able to reproduce this? (Probably not, but if so, that would make this easier....)
Michael Catanzaro
Comment 3 2024-08-16 10:03:15 PDT
Some thoughts: * PageClientImpl really needs to hold a GWeakPtr to the WebKitWebView, rather than a raw pointer * Separately, there's likely an error somewhere in ViewGestureController or the related code. The gesture should keep things alive if necessary.
darkblaze69
Comment 4 2024-08-17 02:35:24 PDT
I don't have a way to reproduce the crash yet, but had a crash again today. Looks similar. I will add the new gdb log.
darkblaze69
Comment 5 2024-08-17 02:37:36 PDT
Created attachment 472198 [details] gdb-142753.log
darkblaze69
Comment 6 2024-08-17 03:04:10 PDT
I found a way to reproduce the crash. 1. do the back gesture and keep holding 2 fingers (don't finish the gesture) 2. ctrl-w to close the tab
darkblaze69
Comment 7 2024-08-17 03:10:38 PDT
Looks like regression in 2.45. In 2.44 it just closes the tab.
darkblaze69
Comment 8 2024-08-17 12:26:08 PDT
2.45.2 is good 2.45.3 is bad Bisected to [d74204522d48951c10bb31282e991ce3a7df96d7] [macOS] Add a mechanism to temporarily suppress text indicators during scrolling/resizing/zooming. Though it's for macOS. But previous commit 9a38b690ee9a is good and it proves the bisection.
Michael Catanzaro
Comment 9 2024-08-18 05:33:22 PDT
Thanks. That helps.
Michael Catanzaro
Comment 10 2024-08-18 06:08:33 PDT
Ultimately I think this is a bug in WebPageProxy. m_pageClient is a WeakPtr, but WebPageProxy::protectedPageClient allows converting to a Ref without checking whether it's valid. Using WebPageProxy::optionalProtectedPageClient would avoid this. Surely WebPageProxy::protectedPageClient should be removed, but that's going to be annoying to change.
Note You need to log in before you can comment on or make changes to this bug.