Bug 56201 - WebKitIconDatabase may trigger crash in cairoImageSurfaceToGdkPixbuf
Summary: WebKitIconDatabase may trigger crash in cairoImageSurfaceToGdkPixbuf
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other All
: P2 Major
Assignee: Christian Dywan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-11 09:17 PST by Christian Dywan
Modified: 2011-03-21 10:11 PDT (History)
1 user (show)

See Also:

Attachments
Don't attempt to make a pixbuf if there is no image (1.52 KB, patch)
2011-03-11 10:07 PST, Christian Dywan 		mrobinson: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Dywan 2011-03-11 09:17:11 PST 
So I didn't encounter problem this whilst I was hacking on the feature and once I started to use a patched Midori which exclusively fetches icons from the database I ran into this bug.

Apparently it happens after I close and re-open the browser OR if I open particular websites:

606	    if (! _cairo_surface_is_image (surface)) {
(gdb) bt
#0  0x00007ffff6212e8b in *INT_cairo_image_surface_get_height (surface=0x0) at cairo-image-surface.c:606
#1  0x00007ffff2c8bd86 in cairoImageSurfaceToGdkPixbuf(_cairo_surface*) () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#2  0x00007ffff2ce1916 in webkit_icon_database_get_icon_pixbuf () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#3  0x000000000042adda in katze_load_cached_icon (uri=0xc420e0 "http://www.nekobento.com/", widget=0xaa2af0) at ../katze/katze-utils.c:1525
#4  0x000000000045f34d in katze_array_action_icon_loaded_cb (database=<value optimized out>, web_frame=<value optimized out>, 
    frame_uri=0xc420e0 "http://www.nekobento.com/", toolbutton=0xaa18b0) at ../katze/katze-arrayaction.c:669
#5  0x00007ffff5895d3e in g_closure_invoke (closure=0xaa6340, return_value=0x0, n_param_values=3, param_values=0xbf3990, invocation_hint=0x7fffffffca30) at gclosure.c:767
#6  0x00007ffff58a86aa in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0x705580, emission_return=0x0, instance_and_params=0xbf3990)
    at gsignal.c:3252
#7  0x00007ffff58b1cea in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=0x7fffffffcc50)
    at gsignal.c:2983
#8  0x00007ffff58b2052 in g_signal_emit_by_name (instance=<value optimized out>, detailed_signal=0x7ffff3ad252d "icon-loaded") at gsignal.c:3077
#9  0x00007ffff2cd4b39 in WebKit::FrameLoaderClient::dispatchDidReceiveIcon() () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#10 0x00007ffff31983d8 in WebCore::IconLoader::finishLoading(WebCore::KURL const&, WTF::PassRefPtr<WebCore::SharedBuffer>) ()
   from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0
#11 0x00007ffff31987bb in WebCore::IconLoader::didReceiveResponse(WebCore::SubresourceLoader*, WebCore::ResourceResponse const&) ()
Comment 1 Christian Dywan 2011-03-11 10:07:11 PST 
Created attachment 85487 [details]
Don't attempt to make a pixbuf if there is no image
Comment 2 Sergio Villar Senin 2011-03-15 01:13:17 PDT 
(In reply to comment #1)
> Created an attachment (id=85487) [details]
> Don't attempt to make a pixbuf if there is no image

BTW I got the same with a ephy patched version
Comment 3 Martin Robinson 2011-03-15 08:49:49 PDT 
Comment on attachment 85487 [details]
Don't attempt to make a pixbuf if there is no image

View in context: https://bugs.webkit.org/attachment.cgi?id=85487&action=review

Looks good. Does  this fix the crasher or are there more?

> Source/WebCore/platform/graphics/gtk/ImageGtk.cpp:157
> +    if (!frameAtIndex(currentFrame()))
> +        return 0;
>      return cairoImageSurfaceToGdkPixbuf(frameAtIndex(currentFrame()));

Please make this simple change before landing.

cairo_surface_t* frame = frameAtIndex(currentFrame());
if (!frame)
    return 0;
return cairoImageSurfaceToGdkPixbuf(frame);
Comment 4 Christian Dywan 2011-03-21 10:11:40 PDT 
Committed with the changes as r81589.