Bug 56201 - WebKitIconDatabase may trigger crash in cairoImageSurfaceToGdkPixbuf
Summary: WebKitIconDatabase may trigger crash in cairoImageSurfaceToGdkPixbuf
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other All
: P2 Major
Assignee: Christian Dywan
Depends on:
Reported: 2011-03-11 09:17 PST by Christian Dywan
Modified: 2011-03-21 10:11 PDT (History)
1 user (show)

See Also:

Don't attempt to make a pixbuf if there is no image (1.52 KB, patch)
2011-03-11 10:07 PST, Christian Dywan
mrobinson: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Dywan 2011-03-11 09:17:11 PST
So I didn't encounter problem this whilst I was hacking on the feature and once I started to use a patched Midori which exclusively fetches icons from the database I ran into this bug.

Apparently it happens after I close and re-open the browser OR if I open particular websites:

606	    if (! _cairo_surface_is_image (surface)) {
(gdb) bt
#0  0x00007ffff6212e8b in *INT_cairo_image_surface_get_height (surface=0x0) at cairo-image-surface.c:606
#1  0x00007ffff2c8bd86 in cairoImageSurfaceToGdkPixbuf(_cairo_surface*) () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#2  0x00007ffff2ce1916 in webkit_icon_database_get_icon_pixbuf () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#3  0x000000000042adda in katze_load_cached_icon (uri=0xc420e0 "http://www.nekobento.com/", widget=0xaa2af0) at ../katze/katze-utils.c:1525
#4  0x000000000045f34d in katze_array_action_icon_loaded_cb (database=<value optimized out>, web_frame=<value optimized out>, 
    frame_uri=0xc420e0 "http://www.nekobento.com/", toolbutton=0xaa18b0) at ../katze/katze-arrayaction.c:669
#5  0x00007ffff5895d3e in g_closure_invoke (closure=0xaa6340, return_value=0x0, n_param_values=3, param_values=0xbf3990, invocation_hint=0x7fffffffca30) at gclosure.c:767
#6  0x00007ffff58a86aa in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0x705580, emission_return=0x0, instance_and_params=0xbf3990)
    at gsignal.c:3252
#7  0x00007ffff58b1cea in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=0x7fffffffcc50)
    at gsignal.c:2983
#8  0x00007ffff58b2052 in g_signal_emit_by_name (instance=<value optimized out>, detailed_signal=0x7ffff3ad252d "icon-loaded") at gsignal.c:3077
#9  0x00007ffff2cd4b39 in WebKit::FrameLoaderClient::dispatchDidReceiveIcon() () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#10 0x00007ffff31983d8 in WebCore::IconLoader::finishLoading(WebCore::KURL const&, WTF::PassRefPtr<WebCore::SharedBuffer>) ()
   from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#11 0x00007ffff31987bb in WebCore::IconLoader::didReceiveResponse(WebCore::SubresourceLoader*, WebCore::ResourceResponse const&) ()
Comment 1 Christian Dywan 2011-03-11 10:07:11 PST
Created attachment 85487 [details]
Don't attempt to make a pixbuf if there is no image
Comment 2 Sergio Villar Senin 2011-03-15 01:13:17 PDT
(In reply to comment #1)
> Created an attachment (id=85487) [details]
> Don't attempt to make a pixbuf if there is no image

BTW I got the same with a ephy patched version
Comment 3 Martin Robinson 2011-03-15 08:49:49 PDT
Comment on attachment 85487 [details]
Don't attempt to make a pixbuf if there is no image

View in context: https://bugs.webkit.org/attachment.cgi?id=85487&action=review

Looks good. Does  this fix the crasher or are there more?

> Source/WebCore/platform/graphics/gtk/ImageGtk.cpp:157
> +    if (!frameAtIndex(currentFrame()))
> +        return 0;
>      return cairoImageSurfaceToGdkPixbuf(frameAtIndex(currentFrame()));

Please make this simple change before landing.

cairo_surface_t* frame = frameAtIndex(currentFrame());
if (!frame)
    return 0;
return cairoImageSurfaceToGdkPixbuf(frame);
Comment 4 Christian Dywan 2011-03-21 10:11:40 PDT
Committed with the changes as r81589.