RESOLVED FIXED 56201
WebKitIconDatabase may trigger crash in cairoImageSurfaceToGdkPixbuf 
https://bugs.webkit.org/show_bug.cgi?id=56201
Summary WebKitIconDatabase may trigger crash in cairoImageSurfaceToGdkPixbuf
Christian Dywan
Reported 2011-03-11 09:17:11 PST
So I didn't encounter problem this whilst I was hacking on the feature and once I started to use a patched Midori which exclusively fetches icons from the database I ran into this bug. Apparently it happens after I close and re-open the browser OR if I open particular websites: 606 if (! _cairo_surface_is_image (surface)) { (gdb) bt #0 0x00007ffff6212e8b in *INT_cairo_image_surface_get_height (surface=0x0) at cairo-image-surface.c:606 #1 0x00007ffff2c8bd86 in cairoImageSurfaceToGdkPixbuf(_cairo_surface*) () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0 #2 0x00007ffff2ce1916 in webkit_icon_database_get_icon_pixbuf () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0 #3 0x000000000042adda in katze_load_cached_icon (uri=0xc420e0 "http://www.nekobento.com/", widget=0xaa2af0) at ../katze/katze-utils.c:1525 #4 0x000000000045f34d in katze_array_action_icon_loaded_cb (database=<value optimized out>, web_frame=<value optimized out>, frame_uri=0xc420e0 "http://www.nekobento.com/", toolbutton=0xaa18b0) at ../katze/katze-arrayaction.c:669 #5 0x00007ffff5895d3e in g_closure_invoke (closure=0xaa6340, return_value=0x0, n_param_values=3, param_values=0xbf3990, invocation_hint=0x7fffffffca30) at gclosure.c:767 #6 0x00007ffff58a86aa in signal_emit_unlocked_R (node=<value optimized out>, detail=0, instance=0x705580, emission_return=0x0, instance_and_params=0xbf3990) at gsignal.c:3252 #7 0x00007ffff58b1cea in g_signal_emit_valist (instance=<value optimized out>, signal_id=<value optimized out>, detail=<value optimized out>, var_args=0x7fffffffcc50) at gsignal.c:2983 #8 0x00007ffff58b2052 in g_signal_emit_by_name (instance=<value optimized out>, detailed_signal=0x7ffff3ad252d "icon-loaded") at gsignal.c:3077 #9 0x00007ffff2cd4b39 in WebKit::FrameLoaderClient::dispatchDidReceiveIcon() () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0 #10 0x00007ffff31983d8 in WebCore::IconLoader::finishLoading(WebCore::KURL const&, WTF::PassRefPtr<WebCore::SharedBuffer>) () from /home/kalikiana/gtk/lib/libwebkitgtk-1.0.so.0 #11 0x00007ffff31987bb in WebCore::IconLoader::didReceiveResponse(WebCore::SubresourceLoader*, WebCore::ResourceResponse const&) ()
Attachments
Don't attempt to make a pixbuf if there is no image (1.52 KB, patch)
2011-03-11 10:07 PST, Christian Dywan 		mrobinson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Christian Dywan
Comment 1 2011-03-11 10:07:11 PST
Created attachment 85487 [details] Don't attempt to make a pixbuf if there is no image
Sergio Villar Senin
Comment 2 2011-03-15 01:13:17 PDT
(In reply to comment #1) > Created an attachment (id=85487) [details] > Don't attempt to make a pixbuf if there is no image BTW I got the same with a ephy patched version
Martin Robinson
Comment 3 2011-03-15 08:49:49 PDT
Comment on attachment 85487 [details] Don't attempt to make a pixbuf if there is no image View in context: https://bugs.webkit.org/attachment.cgi?id=85487&action=review Looks good. Does this fix the crasher or are there more? > Source/WebCore/platform/graphics/gtk/ImageGtk.cpp:157 > + if (!frameAtIndex(currentFrame())) > + return 0; > return cairoImageSurfaceToGdkPixbuf(frameAtIndex(currentFrame())); Please make this simple change before landing. cairo_surface_t* frame = frameAtIndex(currentFrame()); if (!frame) return 0; return cairoImageSurfaceToGdkPixbuf(frame);
Christian Dywan
Comment 4 2011-03-21 10:11:40 PDT
Committed with the changes as r81589.
Note You need to log in before you can comment on or make changes to this bug.