Bug 1728026
| Summary: | NULL dereference in webkitWebViewResourceLoadStarted() | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> | ||||
| Component: | webkit2gtk3 | Assignee: | Eike Rathke <erack> | ||||
| Status: | CLOSED UPSTREAM | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | rawhide | CC: | caillon+fedoraproject, erack, gnome-sig, lucilanga, mcatanzaro+wrong-account-do-not-cc, mcrha, mikhail.v.gavrilov, rhughes, rstrode, sandmann, tpopela, yaneti | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-07-09 15:49:55 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
I have many of those too. The crash is in webkit - WebKit::WebFrameProxy::isMainFrame() , and started happening after the webkit2gtk3-2.25.2 update so I am not sure its evolutions fault. Thanks for a bug report and the backtrace. It really shows a crash in WebKitGTK+ code, thus I move this there for further investigation. I didn't find anything related in the WebKit's bugzilla (using some simple search terms). Milan, do you want to move this to WebKit Bugzilla? Some observations: * The main change in 2.25.2 is PSON (process swap on navigation), which is surely related * We don't know from the backtrace why the WebFrameProxy is invalid, because the invalid message is coming from the web process (from PageResourceLoadClient::didInitiateLoadForResource) * There are at least two bugs here: first that the web process is sending an invalid frame, second that this crashes the UI process. The UI process must be robust to a malicious web process sending invalid messages. (In reply to Michael Catanzaro from comment #3) > Milan, do you want to move this to WebKit Bugzilla? Sure thing. See it for any further updates: https://bugs.webkit.org/show_bug.cgi?id=199621 Michael: "* There are at least two bugs here: first that the web process is sending an invalid frame, second that this crashes the UI process. The UI process must be robust to a malicious web process sending invalid messages." Is "the UI process" there something that's part of Evolution, or part of Webkit? If it's the former, should we file an Evo bug for that? Well the UI process is the evolution process, but it's a WebKit bug. The WebKitWebProcess should not be able to crash the main evolution process due to a missing null check in WebKit. So since this crash was fixed, quite often I click on a mail in Evolution and the preview pane goes to 'Retrieving message "XXXXX"', but never clears and actually shows the message. If I click on another message and then back to the one I was trying to view, it'll usually work. I'm guessing this is probably the same scenario that previously triggered the crash, right? Is there anything I can do to help figure out what's going on and avoid the 'mail doesn't load' problem? *** Bug 1732230 has been marked as a duplicate of this bug. *** I can provide you a test build of Evolution with some added debug prints related to the message load and the web view update. That won't show anything from the webkit code, it would show only things as Evolution sees them. |
Created attachment 1588531 [details] backtrace from coredumpctl/gdb Evolution is crashing regularly for me in Rawhide. It's usually when I click on a folder or email, I think. I'm attaching the best backtrace I could get. abrt doesn't seem to be working in Rawhide ATM, so this is via coredumpctl.