Bug 762838 – Browser plugin crash in NPP_Destroy if tab closed when search box is open

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 762838 - Browser plugin crash in NPP_Destroy if tab closed when search box is open


Summary:	Browser plugin crash in NPP_Destroy if tab closed when search box is open


Status:	RESOLVED OBSOLETE

Product:	evince
Classification:	Core
Component:	Browser plugin
Version:	3.18.x
Hardware:	Other Linux

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Evince Maintainers
QA Contact:	Evince Maintainers

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2016-02-28 21:54 UTC by Michael Catanzaro
Modified:	2018-05-22 16:32 UTC

See Also:
GNOME target:	3.20
GNOME version:	---

Description Michael Catanzaro 2016-02-28 21:54:33 UTC

* Open some PDFs in Epiphany
 * Click the search button in one PDF
 * Close the tab while the search box is still open
 * WebKitPluginProcess crashes, other tabs show 'plugin failure'

+ Trace 236015

#0 g_type_class_meta_marshal
at gclosure.c line 992
#4 <emit signal ??? on instance 0x55e6828eec00 [GtkToggleButton]>
at gsignal.c line 3439
#5 gtk_toggle_button_clicked
#6 _g_closure_invoke_va
at gclosure.c line 864
#7 g_signal_emit_valist
at gsignal.c line 3292
#8 g_signal_emit
at gsignal.c line 3439
#9 gtk_toggle_button_set_active
#10 _g_closure_invoke_va
at gclosure.c line 864
#11 g_signal_emit_valist
at gsignal.c line 3292
#12 g_signal_emit
at gsignal.c line 3439
#13 gtk_popover_hide
#17 <emit signal ??? on instance 0x55e682b27bc0 [GtkPopover]>
at gsignal.c line 3439
#18 gtk_widget_hide
#19 gtk_widget_dispose
#20 g_object_unref
at gobject.c line 3142
#21 g_hash_table_remove_all_nodes
#22 g_hash_table_unref
#23 g_hash_table_unref
#24 g_datalist_clear
at gdataset.c line 273
#25 g_object_unref
at gobject.c line 3179
#26 gtk_container_destroy
#30 <emit signal ??? on instance 0x55e682cda4f0 [GtkToolItem]>
at gsignal.c line 3439
#31 gtk_widget_dispose
#32 g_object_run_dispose
at gobject.c line 1081
#33 gtk_toolbar_forall
#34 gtk_container_destroy
#38 <emit signal ??? on instance 0x55e682a627a0 [EvBrowserPluginToolbar]>
at gsignal.c line 3439
#39 gtk_widget_dispose
#40 g_object_run_dispose
at gobject.c line 1081
#41 gtk_box_forall
#42 gtk_container_destroy
#46 <emit signal ??? on instance 0x55e682b363e0 [GtkBox]>
at gsignal.c line 3439
#47 gtk_widget_dispose
#48 g_object_run_dispose
at gobject.c line 1081
#49 gtk_window_forall
#50 gtk_container_destroy
#54 <emit signal ??? on instance 0x55e682b3d4c0 [GtkPlug]>
at gsignal.c line 3439
#55 gtk_widget_dispose
#56 gtk_window_dispose
#57 g_object_run_dispose
at gobject.c line 1081
#58 gtk_plug_send_delete_event
#59 _gtk_plug_remove_from_socket
#60 g_cclosure_marshal_VOID__OBJECTv
at gmarshal.c line 2102
#61 _g_closure_invoke_va
at gclosure.c line 864
#62 g_signal_emit_valist
at gsignal.c line 3292
#63 g_signal_emit
at gsignal.c line 3439
#64 gtk_container_remove
#65 gtk_widget_dispose
#66 gtk_window_dispose
#67 g_object_run_dispose
at gobject.c line 1081
#68 EvBrowserPlugin::~EvBrowserPlugin()
#69 EvBrowserPlugin::~EvBrowserPlugin()
#70 NPP_Destroy
#71 WebKit::NetscapePlugin::destroy()
#72 WebKit::Plugin::destroyPlugin()
#73 WebKit::PluginControllerProxy::destroy()
#74 WebKit::WebProcessConnection::destroyPlugin(unsigned long, bool, WTF::PassRefPtr<Messages::WebProcessConnection::DestroyPlugin::DelayedReply>)
#75 void IPC::handleMessageDelayed<Messages::WebProcessConnection::DestroyPlugin, WebKit::WebProcessConnection, void
#76 WebKit::WebProcessConnection::didReceiveSyncWebProcessConnectionMessage(IPC::Connection&, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&)
#77 WebKit::WebProcessConnection::didReceiveSyncMessage(IPC::Connection&, IPC::MessageDecoder&, std::unique_ptr<IPC::MessageEncoder, std::default_delete<IPC::MessageEncoder> >&)
#78 IPC::Connection::dispatchSyncMessage(IPC::MessageDecoder&)
#79 IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)
#80 IPC::Connection::SyncMessageState::dispatchMessages(IPC::Connection*)
#81 IPC::Connection::SyncMessageState::dispatchMessageAndResetDidScheduleDispatchMessagesForConnection(IPC::Connection&)
#82 WTF::RunLoop::performWork()
#83 WTF::GMainLoopSource::voidCallback()
#84 WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)
#85 g_main_context_dispatch
at gmain.c line 3154
#86 g_main_context_dispatch
at gmain.c line 3769
#87 g_main_context_iterate
at gmain.c line 3840
#88 g_main_loop_run
at gmain.c line 4034
#89 WTF::RunLoop::run()
#90 int WebKit::ChildProcessMain<WebKit::PluginProcess, WebKit::PluginProcessMain>(int, char**)
#91 __libc_start_main
#92 _start

Comment 1 Matthias Clasen 2016-03-01 19:23:43 UTC

putting crashes on the target list

Comment 2 Carlos Garcia Campos 2016-03-13 09:24:44 UTC

I haven't been able to reproduce the crash, but I see several critical warnings when closing the tab while the search popover is visible. I've just pushed a patch to fix those warnings. Could you confirm that the crash is also fixed for you?

Comment 3 Michael Catanzaro 2016-03-13 15:36:46 UTC

It's kind of fixed. The plugin process still crashes 100%, but it's a different crash now:

+ Trace 236069

#0 gdk_window_has_impl
at gdkwindow.c line 613
#1 _gdk_window_has_impl
at gdkwindow.c line 627
#2 gdk_x11_window_get_xid
at gdkwindow-x11.c line 5542
#3 WebKit::NetscapePluginX11::visibilityDidChange()
at ../../Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp line 267
#4 WebKit::NetscapePlugin::platformVisibilityDidChange()
at ../../Source/WebKit2/WebProcess/Plugins/Netscape/unix/NetscapePluginUnix.cpp line 87
#5 WebKit::NetscapePlugin::visibilityDidChange(bool)
at ../../Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp line 820
#6 WebKit::PluginControllerProxy::visibilityDidChange(bool)
at ../../Source/WebKit2/PluginProcess/PluginControllerProxy.cpp line 437
#7 void IPC::callMemberFunctionImpl<WebKit::PluginControllerProxy, void
#8 void IPC::callMemberFunction<WebKit::PluginControllerProxy, void
#9 void IPC::handleMessage<Messages::PluginControllerProxy::VisibilityDidChange, WebKit::PluginControllerProxy, void
#10 WebKit::PluginControllerProxy::didReceivePluginControllerProxyMessage(IPC::Connection&, IPC::MessageDecoder&)
at DerivedSources/WebKit2/PluginControllerProxyMessageReceiver.cpp line 53
#11 WebKit::WebProcessConnection::didReceiveMessage(IPC::C---Type <return> to continue, or q <return> to quit--- onnection&, IPC::MessageDecoder&)
at ../../Source/WebKit2/PluginProcess/WebProcessConnection.cpp line 141
#12 IPC::Connection::dispatchMessage(IPC::MessageDecoder&)
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 891
#13 IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 922
#14 IPC::Connection::dispatchOneMessage()
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 953
#15 IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::\$_10::operator()() const
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 885
#16 std::_Function_handler<void
#17 std::function<void
#18 WTF::RunLoop::performWork()
at ../../Source/WTF/wtf/RunLoop.cpp line 105
#19 WTF::RunLoop::RunLoop()::$_1::operator()(void*) const
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 66
#20 WTF::RunLoop::RunLoop()::$_1::__invoke(void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 65
#21 WTF::$_0::operator()(_GSource*, int
#22 WTF::$_0::__invoke(_GSource*, int (*)(void*), void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 39
#23 g_main_dispatch
at gmain.c line 3154
#24 g_main_context_dispatch
at gmain.c line 3769
#25 g_main_context_iterate
at gmain.c line 3840
#26 g_main_loop_run
at gmain.c line 4034
#27 WTF::RunLoop::run()
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 94
#28 int WebKit::ChildProcessMain<WebKit::PluginProcess, WebKit::PluginProcessMain>(int, char**)
at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h line 61
#29 PluginProcessMainUnix
at ../../Source/WebKit2/PluginProcess/unix/PluginProcessMainUnix.cpp line 112
#30 main
at ../../Source/WebKit2/PluginProcess/EntryPoint/unix/PluginProcessMain.cpp line 32
#0 WTFCrash
at ../../Source/WTF/wtf/Assertions.cpp line 322
#1 IPC::Connection::connectionDidClose()
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 757
#2 IPC::Connection::postConnectionDidCloseOnConnectionWorkQueue()::$_8::operator()() const
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 745
#3 std::_Function_handler<void
#4 std::function<void
#5 WTF::WorkQueue::dispatch(std::function<void
#6 std::_Function_handler<void
#7 std::function<void
#8 WTF::RunLoop::performWork()
at ../../Source/WTF/wtf/RunLoop.cpp line 105
#9 WTF::RunLoop::RunLoop()::$_1::operator()(void*) const
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 66
#10 WTF::RunLoop::RunLoop()::$_1::__invoke(void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 65
#11 WTF::$_0::operator()(_GSource*, int
#12 WTF::$_0::__invoke(_GSource*, int (*)(void*), void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 39
#13 g_main_dispatch
at gmain.c line 3154
#14 g_main_context_dispatch
at gmain.c line 3769
#15 g_main_context_iterate
at gmain.c line 3840
#16 g_main_loop_run
at gmain.c line 4034
#17 WTF::RunLoop::run()
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 94
#18 WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::$_0::operator()() const
at ../../Source/WTF/wtf/glib/WorkQueueGLib.cpp line 60
#19 std::_Function_handler<void
#20 std::function<void
#21 WTF::threadEntryPoint(void*)
at ../../Source/WTF/wtf/Threading.cpp line 58
#22 WTF::wtfThreadEntryPoint(void*)
at ../../Source/WTF/wtf/ThreadingPthreads.cpp line 164
#23 start_thread
at pthread_create.c line 334
#24 clone
from /lib64/libc.so.6

No symbol table info available.

Comment 4 Michael Catanzaro 2016-03-13 15:38:23 UTC

Ignore that last post. Looks like Bugzilla gets very confused if you post two stacktraces in the same post, and merges them together. Here is the plugin process crash:

+ Trace 236070

#0 gdk_window_has_impl
at gdkwindow.c line 613
#1 _gdk_window_has_impl
at gdkwindow.c line 627
#2 gdk_x11_window_get_xid
at gdkwindow-x11.c line 5542
#3 WebKit::NetscapePluginX11::visibilityDidChange()
at ../../Source/WebKit2/WebProcess/Plugins/Netscape/x11/NetscapePluginX11.cpp line 267
#4 WebKit::NetscapePlugin::platformVisibilityDidChange()
at ../../Source/WebKit2/WebProcess/Plugins/Netscape/unix/NetscapePluginUnix.cpp line 87
#5 WebKit::NetscapePlugin::visibilityDidChange(bool)
at ../../Source/WebKit2/WebProcess/Plugins/Netscape/NetscapePlugin.cpp line 820
#6 WebKit::PluginControllerProxy::visibilityDidChange(bool)
at ../../Source/WebKit2/PluginProcess/PluginControllerProxy.cpp line 437
#7 void IPC::callMemberFunctionImpl<WebKit::PluginControllerProxy, void
#8 void IPC::callMemberFunction<WebKit::PluginControllerProxy, void
#9 void IPC::handleMessage<Messages::PluginControllerProxy::VisibilityDidChange, WebKit::PluginControllerProxy, void
#10 WebKit::PluginControllerProxy::didReceivePluginControllerProxyMessage(IPC::Connection&, IPC::MessageDecoder&)
at DerivedSources/WebKit2/PluginControllerProxyMessageReceiver.cpp line 53
#11 WebKit::WebProcessConnection::didReceiveMessage(IPC::C---Type <return> to continue, or q <return> to quit--- onnection&, IPC::MessageDecoder&)
at ../../Source/WebKit2/PluginProcess/WebProcessConnection.cpp line 141
#12 IPC::Connection::dispatchMessage(IPC::MessageDecoder&)
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 891
#13 IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 922
#14 IPC::Connection::dispatchOneMessage()
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 953
#15 IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::\$_10::operator()() const
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 885
#16 std::_Function_handler<void
#17 std::function<void
#18 WTF::RunLoop::performWork()
at ../../Source/WTF/wtf/RunLoop.cpp line 105
#19 WTF::RunLoop::RunLoop()::$_1::operator()(void*) const
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 66
#20 WTF::RunLoop::RunLoop()::$_1::__invoke(void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 65
#21 WTF::$_0::operator()(_GSource*, int
#22 WTF::$_0::__invoke(_GSource*, int (*)(void*), void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 39
#23 g_main_dispatch
at gmain.c line 3154
#24 g_main_context_dispatch
at gmain.c line 3769
#25 g_main_context_iterate
at gmain.c line 3840
#26 g_main_loop_run
at gmain.c line 4034
#27 WTF::RunLoop::run()
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 94
#28 int WebKit::ChildProcessMain<WebKit::PluginProcess, WebKit::PluginProcessMain>(int, char**)
at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h line 61
#29 PluginProcessMainUnix
at ../../Source/WebKit2/PluginProcess/unix/PluginProcessMainUnix.cpp line 112
#30 main
at ../../Source/WebKit2/PluginProcess/EntryPoint/unix/PluginProcessMain.cpp line 32

Comment 5 Michael Catanzaro 2016-03-13 15:38:39 UTC

Then the web process crashes here:

ASSERTION FAILED: m_shouldWaitForSyncReplies
../../Source/WebKit2/Platform/IPC/Connection.cpp(757) : void IPC::Connection::connectionDidClose()

+ Trace 236071

#0 WTFCrash
at ../../Source/WTF/wtf/Assertions.cpp line 322
#1 IPC::Connection::connectionDidClose()
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 757
#2 IPC::Connection::postConnectionDidCloseOnConnectionWorkQueue()::\$_8::operator()() const
at ../../Source/WebKit2/Platform/IPC/Connection.cpp line 745
#3 std::_Function_handler<void
#4 std::function<void
#5 WTF::WorkQueue::dispatch(std::function<void
#6 std::_Function_handler<void
#7 std::function<void
#8 WTF::RunLoop::performWork()
at ../../Source/WTF/wtf/RunLoop.cpp line 105
#9 WTF::RunLoop::RunLoop()::$_1::operator()(void*) const
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 66
#10 WTF::RunLoop::RunLoop()::$_1::__invoke(void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 65
#11 WTF::$_0::operator()(_GSource*, int
#12 WTF::$_0::__invoke(_GSource*, int (*)(void*), void*)
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 39
#13 g_main_dispatch
at gmain.c line 3154
#14 g_main_context_dispatch
at gmain.c line 3769
#15 g_main_context_iterate
at gmain.c line 3840
#16 g_main_loop_run
at gmain.c line 4034
#17 WTF::RunLoop::run()
at ../../Source/WTF/wtf/glib/RunLoopGLib.cpp line 94
#18 WTF::WorkQueue::platformInitialize(char const*, WTF::WorkQueue::Type, WTF::WorkQueue::QOS)::$_0::operator()() const
at ../../Source/WTF/wtf/glib/WorkQueueGLib.cpp line 60
#19 std::_Function_handler<void
#20 std::function<void
#21 WTF::threadEntryPoint(void*)
at ../../Source/WTF/wtf/Threading.cpp line 58
#22 WTF::wtfThreadEntryPoint(void*)
at ../../Source/WTF/wtf/ThreadingPthreads.cpp line 164
#23 start_thread
at pthread_create.c line 334
#24 clone
from /lib64/libc.so.6

Comment 6 André Klapper 2017-08-21 19:03:14 UTC

(In reply to Michael Catanzaro from comment #0)
> * Open some PDFs in Epiphany
>  * Click the search button in one PDF
>  * Close the tab while the search box is still open

Which tab? Here Evince 3.24 opens each PDF in a separate window.
Is there some setting? Or has the application behavior changed?

>  * WebKitPluginProcess crashes, other tabs show 'plugin failure'

Comment 7 André Klapper 2017-08-21 19:03:42 UTC

Argh. *Epiphany*, not *Evince*. Please ignore my last comment!

Comment 8 GNOME Infrastructure Team 2018-05-22 16:32:17 UTC

-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/evince/issues/658.