Bug 763933 – Crash loading HTML message with WebKitGTK 2.4.10

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 763933 - Crash loading HTML message with WebKitGTK 2.4.10


Summary:	Crash loading HTML message with WebKitGTK 2.4.10


Status:	RESOLVED FIXED

Product:	geary
Classification:	Other
Component:	conversations
Version:	master
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	0.11.0
Assigned To:	Geary Maintainers
QA Contact:	Geary Maintainers

URL:
Whiteboard:

Duplicates:	763990 764393 765686 (view as bug list)
Depends on:
Blocks:

Reported:	2016-03-20 03:18 UTC by Michael Gratton
Modified:	2016-06-16 01:05 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Workaround to fix the crash (898 bytes, patch) 2016-03-20 03:40 UTC, Michael Gratton	none	Details \| Review
Updated workaround patch using git format-patch (1.50 KB, patch) 2016-03-21 00:27 UTC, Michael Gratton	none	Details \| Review

Description Michael Gratton 2016-03-20 03:18:03 UTC

Geary will crash somewhat randomly when displaying HTML messages when using WebKitGTK+ 2.4.10. This did not occur using earlier version of WebKitGTK+.

This stack trace is representative:

Thread 1 "geary" received signal SIGSEGV, Segmentation fault.
WebCore::AXObjectCache::handleAttributeChanged (this=0x7fff9191b500, attrName=..., element=0x5df8210)
    at ../Source/WebCore/accessibility/AXObjectCache.cpp:880
880	    if (!attrName.localName().string().startsWith("aria-"))
(gdb) bt

+ Trace 236097

#0 WebCore::AXObjectCache::handleAttributeChanged(WebCore::QualifiedName const&, WebCore::Element*)
at ../Source/WebCore/accessibility/AXObjectCache.cpp line 880
#1 WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason)
at ../Source/WebCore/dom/Element.cpp line 1137
#2 WebCore::Element::didModifyAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&)
at ../Source/WebCore/dom/Element.cpp line 2851
#3 WebCore::Element::setAttributeInternal(unsigned int, WebCore::QualifiedName const&, WTF::AtomicString const&, WebCore::Element::SynchronizationOfLazyAttribute)
at ../Source/WebCore/dom/Element.cpp line 1075
#4 WebCore::Element::setAttribute(WTF::AtomicString const&, WTF::AtomicString const&, int&)
at ../Source/WebCore/dom/Element.cpp line 1027
#5 webkit_dom_element_set_attribute(WebKitDOMElement*, gchar const*, gchar const*, GError**)
at DerivedSources/webkitdom/WebKitDOMElement.cpp line 533
#6 conversation_viewer_show_images_email
at /home/mjg/local/src/geary/src/client/conversation-viewer/conversation-viewer.vala line 1497
#7 conversation_viewer_add_message
at /home/mjg/local/src/geary/src/client/conversation-viewer/conversation-viewer.vala line 698
#8 conversation_viewer_select_conversation_async_co
at /home/mjg/local/src/geary/src/client/conversation-viewer/conversation-viewer.vala line 514
#9 g_simple_async_result_complete
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gsimpleasyncresult.c line 801
#10 conversation_viewer_list_full_messages_async_co
at /home/mjg/local/src/geary/src/client/conversation-viewer/conversation-viewer.vala line 606
#11 g_simple_async_result_complete
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gsimpleasyncresult.c line 801
#12 geary_app_email_store_list_email_by_sparse_id_async_co
at /home/mjg/local/src/geary/src/engine/app/app-email-store.vala line 72
#13 g_simple_async_result_complete
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gsimpleasyncresult.c line 801
#14 geary_app_email_store_do_folder_operation_async_co
at /home/mjg/local/src/geary/src/engine/app/app-email-store.vala line 155
#15 g_simple_async_result_complete
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gsimpleasyncresult.c line 801
#16 geary_imap_engine_minimal_folder_real_close_async_co
at /home/mjg/local/src/geary/src/engine/imap-engine/imap-engine-minimal-folder.vala line 787
#17 g_simple_async_result_complete
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gsimpleasyncresult.c line 801
#18 geary_imap_engine_replay_operation_wait_for_ready_async_co
at /home/mjg/local/src/geary/src/engine/imap-engine/imap-engine-replay-operation.vala line 134
#19 g_simple_async_result_complete
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gsimpleasyncresult.c line 801
#20 geary_nonblocking_abstract_semaphore_real_wait_async_co
at /home/mjg/local/src/geary/src/engine/nonblocking/nonblocking-abstract-semaphore.vala line 128
#21 _geary_scheduler_scheduled_instance_on_callback_gsource_func
at /home/mjg/local/src/geary/src/engine/util/util-scheduler.vala line 66
#22 _geary_scheduler_scheduled_instance_on_callback_gsource_func
at /home/mjg/local/src/geary/build/src/engine/util/util-scheduler.c line 212
#23 g_main_context_dispatch
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./glib/gmain.c line 3154
#24 g_main_context_dispatch
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./glib/gmain.c line 3769
#25 g_main_context_iterate
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./glib/gmain.c line 3840
#26 g_main_context_iteration
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./glib/gmain.c line 3901
#27 g_application_run
at /build/glib2.0-SNH0tt/glib2.0-2.47.6/./gio/gapplication.c line 2363
#28 _vala_main
at /home/mjg/local/src/geary/src/client/application/main.vala line 25
#29 __libc_start_main
at libc-start.c line 289
#30 _start

Comment 1 Michael Gratton 2016-03-20 03:40:42 UTC

Created attachment 324354 [details] [review]
Workaround to fix the crash

This has been reported to WebKitGTK+: https://bugs.webkit.org/show_bug.cgi?id=155694

In the meantime, this seems to fix the crash, may need some more testing though.

Comment 2 Adam Dingle 2016-03-20 22:33:53 UTC

Michael, thanks very much for the patch.  I found that the crashing made Geary unusable, and when I rebuilt with the patch the problem went away.

Should we land this in master now?

Comment 3 Adam Dingle 2016-03-20 22:35:38 UTC

Actually this really looks pretty safe.  I'll land this.

Comment 4 Adam Dingle 2016-03-20 22:38:33 UTC

Review of attachment 324354 [details] [review]:

Please reattach the patch in 'git format-patch' format.  Otherwise this looks fine.

Comment 5 Michael Gratton 2016-03-21 00:27:53 UTC

Created attachment 324401 [details] [review]
Updated workaround patch using git format-patch

Comment 6 Michael Gratton 2016-03-21 00:29:05 UTC

Land away! It hasn't crashed once for me since.

Comment 7 Adam Dingle 2016-03-21 11:08:09 UTC

I've landed the patch, so you can close this now.

Comment 8 Alex 2016-03-26 04:03:35 UTC

Yay, really pleased to see work back on upstream Geary, I'd hit this bug recently and was afraid I'd have to migrate to the Pantheon fork. Any chance you'll be pushing new builds out?

Comment 9 Michael Gratton 2016-03-26 04:32:09 UTC

(In reply to Alex from comment #8)
> Yay, really pleased to see work back on upstream Geary, I'd hit this bug
> recently and was afraid I'd have to migrate to the Pantheon fork. Any chance
> you'll be pushing new builds out?

Yes, good point. Seems like people are starting to run in to it, especially now distros are packaging 2.4.10. Will look into it.

Comment 10 Michael Gratton 2016-04-03 13:06:28 UTC

*** Bug 764393 has been marked as a duplicate of this bug. ***

Comment 11 Michael Gratton 2016-04-28 04:04:49 UTC

*** Bug 765686 has been marked as a duplicate of this bug. ***

Comment 12 Michael Gratton 2016-06-16 01:05:04 UTC

*** Bug 763990 has been marked as a duplicate of this bug. ***