Bug#803185: libwebkitgtk-3.0-0: SIGSEGV "/Source/WebCore/html/ImageDocument.cpp: No such file or directory" when loading some images

2015-11-03 Thread Alberto Garcia 
On Tue, Oct 27, 2015 at 08:18:33PM +0100, Stefan Schörghofer wrote:
> Package: libwebkitgtk-3.0-0
> Version: 2.4.9-2+b1
> Severity: normal
> 
> When opening some images in my browser (xombrero) i get an SIGSEGV from 
> webkit. See the following gdb output:

Hey, thanks for the bug report.

Do you have a reliable way to reproduce this crash? Is it always with
a particular document / image or it just crashes randomly?

Berto

Bug#803185: libwebkitgtk-3.0-0: SIGSEGV "/Source/WebCore/html/ImageDocument.cpp: No such file or directory" when loading some images

2015-10-27 Thread Stefan Schörghofer 
Package: libwebkitgtk-3.0-0
Version: 2.4.9-2+b1
Severity: normal

When opening some images in my browser (xombrero) i get an SIGSEGV from webkit. 
See the following gdb output:

(gdb) run
Starting program: /usr/bin/xombrero 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe2902700 (LWP 4707)]
[New Thread 0x7fffa20ff700 (LWP 4708)]
[New Thread 0x7fffa14e1700 (LWP 4709)]
[New Thread 0x7fffa089d700 (LWP 4710)]
[New Thread 0x7fff93fff700 (LWP 4711)]
[New Thread 0x7fff8ac86700 (LWP 4712)]
[New Thread 0x7fff8a485700 (LWP 4713)]
[New Thread 0x7fff89c84700 (LWP 4714)]
[New Thread 0x7fff89483700 (LWP 4715)]
[New Thread 0x7fff7bfff700 (LWP 4793)]

Program received signal SIGSEGV, Segmentation fault.
0x765d755a in WebCore::ImageDocumentParser::appendBytes 
(this=0x77ed8d00) at ../Source/WebCore/html/ImageDocument.cpp:130
130 ../Source/WebCore/html/ImageDocument.cpp: No such file or directory.
(gdb) backtrace
#0  0x765d755a in 
WebCore::ImageDocumentParser::appendBytes(WebCore::DocumentWriter&, char 
const*, unsigned long) (this=0x77ed8d00) at 
../Source/WebCore/html/ImageDocument.cpp:130
#1  0x76746b0f in WebCore::DocumentLoader::commitData(char const*, 
unsigned long) (this=this@entry=0x77e4f900, bytes=bytes@entry=0xaa5a00 
"\211PNG\r\n\032\n", length=length@entry=512)
at ../Source/WebCore/loader/DocumentLoader.cpp:843
#2  0x7608e2ee in 
WebKit::FrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, 
int) (this=0x9df6b0, loader=0x77e4f900, data=0xaa5a00 "\211PNG\r\n\032\n", 
length=512)
at ../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:164
#3  0x767452a6 in WebCore::DocumentLoader::commitLoad(char const*, int) 
(this=0x77e4f900, data=0xaa5a00 "\211PNG\r\n\032\n", length=512) at 
../Source/WebCore/loader/DocumentLoader.cpp:773
#4  0x7672af0f in 
WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned 
int) (this=0x77e75a00, data=0xaa5a00 "\211PNG\r\n\032\n", length=512)
at ../Source/WebCore/loader/cache/CachedRawResource.cpp:110
#5  0x7672b101 in 
WebCore::CachedRawResource::addDataBuffer(WebCore::ResourceBuffer*) 
(this=0x77e75a00, data=0x77e19708) at 
../Source/WebCore/loader/cache/CachedRawResource.cpp:66
#6  0x7679a1fd in 
WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, 
WTF::PassRefPtr, long long, WebCore::DataPayloadType) 
(this=0x77e1f400, data=0x0, length=0, prpBuffer=..., 
encodedDataLength=, dataPayloadType=WebCore::DataPayloadBytes) 
at ../Source/WebCore/loader/SubresourceLoader.cpp:274
#7  0x7679a3b9 in 
WebCore::SubresourceLoader::didReceiveBuffer(WTF::PassRefPtr,
 long long, WebCore::DataPayloadType) (this=, buffer=..., 
encodedDataLength=, dataPayloadType=) at 
../Source/WebCore/loader/SubresourceLoader.cpp:255
#8  0x7678f660 in 
WebCore::ResourceLoader::didReceiveBuffer(WebCore::ResourceHandle*, 
WTF::PassRefPtr, int) (this=this@entry=0x77e1f400, 
buffer=..., encodedDataLength=encodedDataLength@entry=512)
at ../Source/WebCore/loader/ResourceLoader.cpp:511
#9  0x76f9e233 in WebCore::readCallback(GObject*, GAsyncResult*, 
gpointer) (asyncResult=, data=0x77e19b58) at 
../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1365
#10 0x73cf8fda in async_ready_callback_wrapper 
(source_object=0x7fff70003380 [SoupClientInputStream], res=0x1238120, 
user_data=0x77e19b58) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./gio/ginputstream.c:529
#11 0x73d1f5f3 in g_task_return_now (task=0x1238120 [GTask]) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./gio/gtask.c:1104
#12 0x73d1f629 in complete_in_idle_cb (task=0x1238120) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./gio/gtask.c:1118
#13 0x73781e9a in g_main_context_dispatch (context=0x6c8c40) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./glib/gmain.c:3154
#14 0x73781e9a in g_main_context_dispatch 
(context=context@entry=0x6c8c40) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./glib/gmain.c:3769
#15 0x73782240 in g_main_context_iterate (context=0x6c8c40, 
block=block@entry=1, dispatch=dispatch@entry=1, self=) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./glib/gmain.c:3840
#16 0x73782562 in g_main_loop_run (loop=0x8efe40) at 
/build/glib2.0-l3js1a/glib2.0-2.46.1/./glib/gmain.c:4034
#17 0x7552f745 in gtk_main () at /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#18 0x0040c2e9 in  ()
#19 0x72a5db45 in __libc_start_main (main=0x40b850, argc=1, 
argv=0x7fffe448, init=, fini=, 
rtld_fini=, stack_end=0x7fffe438) at libc-start.c:287
#20 0x0040c934 in  ()
(gdb) quit


-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: