Package: epiphany-browser Version: 41.0-2 Severity: normal Here is a proof-of-concept file you can open, assuming you have bash- doc installed:
<!DOCTYPE html> <html> <head> <title>Proof of concept</title> </head> <body> <a href="/usr/share/doc/bash/bash.pdf" target="_blank">Link</a> </body> </html> Clicking the link will try to open a new tab to view the PDF file in, but this causes Epiphany to crash. Here is the backtrace for the relevant thread: #0 0x00007f6619804608 in decide_policy_cb (decision_type=WEBKIT_POLICY_DECISION_TYPE_RESPONSE, user_data=<optimized out>, decision=0x7f6600017e10 [WebKitResponsePolicyDecision], web_view=0x55a90c7f9230 [EphyWebView]) at ../embed/ephy-web-view.c:962 #1 decide_policy_cb (web_view=0x55a90c7f9230 [EphyWebView], decision=0x7f6600017e10 [WebKitResponsePolicyDecision], decision_type=<optimized out>, user_data=<optimized out>) at ../embed/ephy-web-view.c:919 #2 0x00007f66126af9da in ffi_call_unix64 () at ../src/x86/unix64.S:105 #3 0x00007f66126aeb21 in ffi_call_int (cif=0x7ffd473cb370, fn=0x7f66198044b0 <decide_policy_cb>, rvalue=<optimized out>, avalue=<optimized out>, closure=<optimized out>) at ../src/x86/ffi64.c:672 #8 0x00007f6618cb92cf in <emit signal ??? on instance 0x55a90c7f9230 [EphyWebView]> (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at ../../../gobject/gsignal.c:3553 #4 0x00007f6618ca0edc in g_cclosure_marshal_generic (closure=closure@entry=0x55a90c7ef070, return_gvalue=return_gvalue@entry=0x7ffd473cb510, n_param_values=n_param_values@entry=3, param_values=param_values@entry=0x7ffd473cb570, invocation_hint=invocation_hint@entry=0x7ffd473cb4f0, marshal_data=marshal_data@entry=0x0) at ../../../gobject/gclosure.c:1534 #5 0x00007f6618ca06cf in g_closure_invoke (closure=0x55a90c7ef070, return_value=return_value@entry=0x7ffd473cb510, n_param_values=3, param_values=param_values@entry=0x7ffd473cb570, invocation_hint=invocation_hint@entry=0x7ffd473cb4f0) at ../../../gobject/gclosure.c:830 #6 0x00007f6618cb2a8b in signal_emit_unlocked_R (node=<optimized out>, detail=detail@entry=0, instance=instance@entry=0x55a90c7f9230, emission_return=emission_return@entry=0x7ffd473cb670, instance_and_params=instance_and_params@entry=0x7ffd473cb570) at ../../../gobject/gsignal.c:3742 #7 0x00007f6618cb88e9 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7ffd473cb720) at ../../../gobject/gsignal.c:3507 #9 0x00007f661551ee8c in webkitWebViewMakePolicyDecision(_WebKitWebView*, WebKitPolicyDecisionType, _WebKitPolicyDecision*) () at ./Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp:2627 #10 0x00007f66154fcd18 in NavigationClient::decidePolicyForNavigationResponse(WebKit::WebPageProxy&, WTF::Ref<API::NavigationResponse, WTF::RawPtrTraits<API::NavigationResponse> >&&, WTF::Ref<WebKit::WebFramePolicyListenerProxy, WTF::RawPtrTraits<WebKit::WebFramePolicyListenerProxy> >&&, API::Object*) () at ./Source/WebKit/UIProcess/API/glib/WebKitNavigationClient.cpp:150 #11 0x00007f661544ae33 in WebKit::WebPageProxy::decidePolicyForResponseShared(WTF::Ref<WebKit::WebProcessProxy, WTF::RawPtrTraits<WebKit::WebProcessProxy> >&&, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&) () at ./Source/WebKit/UIProcess/WebPageProxy.cpp:5681 #12 0x00007f661544af3e in WebKit::WebPageProxy::decidePolicyForResponse(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&) () at ./Source/WebKit/UIProcess/WebPageProxy.cpp:5625 #13 0x00007f6615184d0d in IPC::callMemberFunctionImpl<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&), std::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse, WebCore::ResourceRequest, bool, WTF::String, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul, 8ul, 9ul, 10ul, 11ul, 12ul>(WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&), std::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse, WebCore::ResourceRequest, bool, WTF::String, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData>&&, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul, 8ul, 9ul, 10ul, 11ul, 12ul>) () at ./Source/WebKit/Platform/IPC/HandleMessage.h:43 #14 IPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&), std::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse, WebCore::ResourceRequest, bool, WTF::String, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData>, std::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul, 8ul, 9ul, 10ul, 11ul, 12ul> >(std::tuple<WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse, WebCore::ResourceRequest, bool, WTF::String, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData>&&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&)) () at ./Source/WebKit/Platform/IPC/HandleMessage.h:49 #15 IPC::handleMessage<Messages::WebPageProxy::DecidePolicyForResponse, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&)>(IPC::Decoder&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WebKit::FrameInfoData&&, WebCore::PolicyCheckIdentifier, unsigned long, WebCore::ResourceResponse const&, WebCore::ResourceRequest const&, bool, WTF::String const&, bool, WebCore::BrowsingContextGroupSwitchDecision, unsigned long, unsigned long, WebKit::UserData const&)) () at ./Source/WebKit/Platform/IPC/HandleMessage.h:119 #16 0x00007f6615153a6d in WebKit::WebPageProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () at ./build/DerivedSources/WebKit/WebPageProxyMessageReceiver.cpp:1093 #17 0x00007f66153829eb in IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) () at ./Source/WebKit/Platform/IPC/MessageReceiverMap.cpp:129 #18 0x00007f661547ef13 in WebKit::WebProcessProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&) () at ./Source/WebKit/UIProcess/WebProcessProxy.cpp:844 #19 0x00007f661537be25 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::Decoder, std::default_delete<IPC::Decoder> >) () at ./Source/WebKit/Platform/IPC/Connection.cpp:1103 #20 0x00007f661537de21 in IPC::Connection::dispatchIncomingMessages() () at ./Source/WebKit/Platform/IPC/Connection.cpp:1217 #21 0x00007f6614621cdd in WTF::Function<void ()>::operator()() const () at ./Source/WTF/wtf/Function.h:82 #22 WTF::RunLoop::performWork() () at ./Source/WTF/wtf/RunLoop.cpp:133 #23 0x00007f6614670879 in operator() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:80 #24 _FUN() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:82 #25 0x00007f661467119f in operator() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:53 #26 _FUN() () at ./Source/WTF/wtf/glib/RunLoopGLib.cpp:56 #27 0x00007f6618babc0f in g_main_dispatch (context=0x55a90b308a40) at ../../../glib/gmain.c:3381 #28 g_main_context_dispatch (context=0x55a90b308a40) at ../../../glib/gmain.c:4099 #29 0x00007f6618babfb8 in g_main_context_iterate (context=context@entry=0x55a90b308a40, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../glib/gmain.c:4175 #30 0x00007f6618bac06f in g_main_context_iteration (context=context@entry=0x55a90b308a40, may_block=may_block@entry=1) at ../../../glib/gmain.c:4240 #31 0x00007f6618dc87d5 in g_application_run (application=0x55a90b3006a0 [EphyShell], argc=1195166532, argc@entry=1, argv=argv@entry=0x7ffd473ccce8) at ../../../gio/gapplication.c:2569 #32 0x000055a9098d5c24 in main (argc=<optimized out>, argv=<optimized out>) at ../src/ephy-main.c:431 I figured on my up-to-date system that this is probably not related to the previous madness with libffi, so I took a look at line 962 of ephy- web-view.c as a starting point: } else if (strcmp (mime_type, "application/pdf") == 0 && strcmp (method, "GET") == 0) { In this case, 'bt full' shows me that method is NULL, which was obtained on line 953 via const char *method = webkit_uri_request_get_http_method (request); I will probably report this to upstream shortly, seeing as none of the Debian patches are pertinent, unless someone suggests I shouldn't. -- System Information: Debian Release: bookworm/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'testing'), (2, 'unstable- debug'), (2, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.14.0-2-amd64 (SMP w/2 CPU threads) Kernel taint flags: TAINT_USER, TAINT_FIRMWARE_WORKAROUND Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages epiphany-browser depends on: ii dbus-user-session [default-dbus-session-bus] 1.12.20-2 ii dbus-x11 [dbus-session-bus] 1.12.20-2 ii epiphany-browser-data 41.0-2 ii gsettings-desktop-schemas 41.0-1 ii iso-codes 4.7.0-1 ii libarchive13 3.4.3-2+b1 ii libatk1.0-0 2.36.0-2 ii libc6 2.32-4 ii libcairo2 1.16.0-5 ii libdazzle-1.0-0 3.42.0-2 ii libgcr-base-3-1 3.40.0-3+b1 ii libgcr-ui-3-1 3.40.0-3+b1 ii libgdk-pixbuf-2.0-0 2.42.6+dfsg-2 ii libglib2.0-0 2.70.0-1+b1 ii libgmp10 2:6.2.1+dfsg-2 ii libgtk-3-0 3.24.30-3 ii libhandy-1-0 1.4.0-1 ii libhogweed6 3.7.3-1 ii libjavascriptcoregtk-4.0-18 2.34.0-1 ii libjson-glib-1.0-0 1.6.6-1 ii libnettle8 3.7.3-1 ii libpango-1.0-0 1.48.10+ds1-1 ii libsecret-1-0 0.20.4-2 ii libsoup2.4-1 2.74.0-2 ii libsqlite3-0 3.36.0-2 ii libwebkit2gtk-4.0-37 2.34.0-1 ii libxml2 2.9.12+dfsg-5 Versions of packages epiphany-browser recommends: ii ca-certificates 20210119 ii evince 41.2-1 ii yelp 41.1-1 epiphany-browser suggests no packages. -- no debconf information
signature.asc
Description: This is a digitally signed message part