GNOME Bugzilla – Bug 792593
epiphany may segfault with WebKit 2.19.5
Last modified: 2018-01-17 13:36:37 UTC
epiphany segfaults in certificate error page with webkit2gtk 2.19.5 How to reproduce: 1. Visit some site with invalid certificate eg: https://dev.openwrt.org/ 2. In the error page shown, click "Technical Information" -> "Accept Risk and Proceed" Result: epiphany segfaults with the following printed to terminal: 1 0x7ff0f1b1c437 /home/sadiq/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0xb26437) [0x7ff0f1b1c437] 2 0x7ff0f1a13be5 /home/sadiq/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0xa1dbe5) [0x7ff0f1a13be5] 3 0x7ff0f18f317b /home/sadiq/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(+0x8fd17b) [0x7ff0f18f317b] 4 0x7ff0f10aaafc /home/sadiq/jhbuild/install/lib/libjavascriptcoregtk-4.0.so.18(JSValueToNumber+0x3c) [0x7ff0f10aaafc] 5 0x7ff0f891628b /home/sadiq/jhbuild/install/lib/epiphany/libephymain.so(ephy_embed_utils_get_js_result_as_number+0x3f) [0x7ff0f891628b] 6 0x7ff0f8912f9d /home/sadiq/jhbuild/install/lib/epiphany/libephymain.so(+0x74f9d) [0x7ff0f8912f9d] 7 0x7ff0f84145b2 /home/sadiq/jhbuild/install/lib/libgobject-2.0.so.0(g_cclosure_marshal_VOID__BOXED+0xd5) [0x7ff0f84145b2] 8 0x7ff0f840fa18 /home/sadiq/jhbuild/install/lib/libgobject-2.0.so.0(g_closure_invoke+0x18a) [0x7ff0f840fa18] 9 0x7ff0f842d47a /home/sadiq/jhbuild/install/lib/libgobject-2.0.so.0(+0x2e47a) [0x7ff0f842d47a] 10 0x7ff0f842c787 /home/sadiq/jhbuild/install/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x11fd) [0x7ff0f842c787] 11 0x7ff0f842cd0a /home/sadiq/jhbuild/install/lib/libgobject-2.0.so.0(g_signal_emit+0xa6) [0x7ff0f842cd0a] 12 0x7ff0f273bbc9 /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x946bc9) [0x7ff0f273bbc9] 13 0x7ff0f25c6cf3 /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x7d1cf3) [0x7ff0f25c6cf3] 14 0x7ff0f28bfca6 /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0xacaca6) [0x7ff0f28bfca6] 15 0x7ff0f245e72e /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x66972e) [0x7ff0f245e72e] 16 0x7ff0f25570ef /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x7620ef) [0x7ff0f25570ef] 17 0x7ff0f2458ac0 /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x663ac0) [0x7ff0f2458ac0] 18 0x7ff0f2458e1c /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x663e1c) [0x7ff0f2458e1c] 19 0x7ff0f49049d7 /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x2b0f9d7) [0x7ff0f49049d7] 20 0x7ff0f4948f99 /home/sadiq/jhbuild/install/lib/libwebkit2gtk-4.0.so.37(+0x2b53f99) [0x7ff0f4948f99] 21 0x7ff0f8125c72 /home/sadiq/jhbuild/install/lib/libglib-2.0.so.0(+0x55c72) [0x7ff0f8125c72] 22 0x7ff0f8126af7 /home/sadiq/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_dispatch+0x33) [0x7ff0f8126af7] 23 0x7ff0f8126cdb /home/sadiq/jhbuild/install/lib/libglib-2.0.so.0(+0x56cdb) [0x7ff0f8126cdb] 24 0x7ff0f8126d9f /home/sadiq/jhbuild/install/lib/libglib-2.0.so.0(g_main_context_iteration+0x4a) [0x7ff0f8126d9f] 25 0x7ff0f7dad6bb /home/sadiq/jhbuild/install/lib/libgio-2.0.so.0(g_application_run+0x327) [0x7ff0f7dad6bb] 26 0x564c434a3aa8 epiphany(+0x4aa8) [0x564c434a3aa8] 27 0x7ff0f68f7f2a /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7ff0f68f7f2a] 28 0x564c434a289a epiphany(+0x389a) [0x564c434a289a] The culprit seems to be line 4 JSValueToNumber. A segfault was happening in bijiben (in JSValueIsObject when a new note is created), a method of the same class. So I just tried, and the result is same. As this happen on both cases, the issue may probably be in upstream. Thanks
Yeah, I broke 2.19.5 quite badly, sorry. There is 2.19.6 out now, fixing this.