[webkit-gtk] Segfault rendering to GtkOffscreenWindow (regression 2.46.1 vs. 2.48.1)

[Albrecht Dreß]

After upgrading libwebkit2gtk-4.1-0 on Debian Bookworm from version 2.46.1 
(Debian package 2.46.1-2~bpo12+1) to version 2.48.1 (2.48.1-2~deb12u1), code 
rendering a WebKitWebView into a GtkOffscreenWindow (used for dumping and 
inspection without a “real” display) crashes with a Segfault.

A minimal example to reproduce the bug is attached.  In gdb, it produces the 
following backtrace:

<snip>
#0  0x00007ffff3660794 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0
#1  0x00007ffff366ab1a in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0
#2  0x00007ffff366da00 in  () at /lib/x86_64-linux-gnu/libwebkit2gtk-4.1.so.0
#3  0x00007ffff7f544e0 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x00007ffff7f6dbbf in g_signal_emit_valist () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#5  0x00007ffff7f6ddbf in g_signal_emit () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#6  0x00007ffff2179fa2 in gtk_widget_map () at 
/lib/x86_64-linux-gnu/libgtk-3.so.0
#7  0x00007ffff2193050 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#8  0x00007ffff7f545a9 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#9  0x00007ffff7f6dbbf in g_signal_emit_valist () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#10 0x00007ffff7f6ddbf in g_signal_emit () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#11 0x00007ffff2179fa2 in gtk_widget_map () at 
/lib/x86_64-linux-gnu/libgtk-3.so.0
#12 0x00007ffff203d793 in  () at /lib/x86_64-linux-gnu/libgtk-3.so.0
#13 0x00007ffff7f543b0 in g_closure_invoke () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007ffff7f66d2d in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#15 0x00007ffff7f6dbf5 in g_signal_emit_valist () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#16 0x00007ffff7f6ddbf in g_signal_emit () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#17 0x00007ffff2173d16 in gtk_widget_show () at 
/lib/x86_64-linux-gnu/libgtk-3.so.0
#18 0x0000555555555446 in activate (app=<optimized out>, user_data=<optimized 
out>) at sample.c:37
        context = 0x5555556a91c0
        offline_window = 0x555555a7a500
        view = 0x555555625710
        surface = 0x0
#19 0x00007ffff7f543b0 in g_closure_invoke () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#20 0x00007ffff7f67076 in  () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#21 0x00007ffff7f6dbf5 in g_signal_emit_valist () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#22 0x00007ffff7f6ddbf in g_signal_emit () at 
/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#23 0x00007ffff1bc5438 in  () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#24 0x00007ffff1bc55c6 in g_application_run () at 
/lib/x86_64-linux-gnu/libgio-2.0.so.0
#25 0x0000555555555251 in main (argc=<optimized out>, argv=<optimized out>) at 
sample.c:75
        app = 0x5555555860f0
        status = <optimized out>
</snip>

Unfortunately, there seems to be no libwebkit2gtk-4.1-0-dbgsym package, so I 
cannot tell where the crash actually occurs in libwebkit2gtk-4.1.so.0.

Running the same code on Trixie with version 2.46.6, a CRITICAL is emitted 
(both Bookworm versions do not print any messages), but the dumped PNG file is 
again fine:

<snip>
test@trixie:~/WebkitGTK$ ./sample 
** Message: 19:06:10.878: create window...

(sample:15756): Gdk-CRITICAL **: 19:06:11.365: gdk_window_get_origin: assertion 
'GDK_IS_WINDOW (window)' failed
** Message: 19:06:11.369: load HTML...
** Message: 19:06:12.174: get snapshot...
** Message: 19:06:12.590: dump_snapshot: 0x55b228fbeab0 (no error)
** Message: 19:06:12.590: done
** Message: 19:06:12.659: write surface to 'sample.png': 0
</snip>

Upgrading to the Trixie version 2.48.1 again crashes.

The CRITICAL on Trixie might indicate that my code is actually wrong, although 
it worked perfectly for years meanwhile.  Any insight would be highly 
appreciated!

TIA, Albrecht.

// gcc -Wall -Werror -O3 -g sample.c -o sample $(pkg-config --cflags --libs webkit2gtk-4.1)

#include <webkit2/webkit2.h>

#define HTML 			"<html><head><title>Test</title></head><body><p>Hi, There!</p></body></html>"
#define IMAGE_WIDTH		1600
#define IMAGE_HEIGHT	900

static void
dump_snapshot(GObject *source_object, GAsyncResult *res, gpointer user_data)
{
	WebKitWebView *webview = WEBKIT_WEB_VIEW(source_object);
	cairo_surface_t **surface = (cairo_surface_t **) user_data;
	GError *error = NULL;

	*surface = webkit_web_view_get_snapshot_finish(webview, res, &error);
	g_message("%s: %p (%s)", __func__, *surface, error ? error->message : "no error");
}

static void
activate (GtkApplication* app, gpointer user_data)
{
	WebKitWebContext *context;
	GtkWidget *offline_window;
	WebKitWebView *view;
	cairo_surface_t *surface = NULL;

	/* create an offscreen window and add the WebView to it */
	g_message("create window...");
	context = webkit_web_context_new();
	offline_window = gtk_offscreen_window_new();
	gtk_window_set_default_size(GTK_WINDOW(offline_window), IMAGE_WIDTH, IMAGE_HEIGHT);
	view = WEBKIT_WEB_VIEW(webkit_web_view_new_with_context(context));
	gtk_widget_set_size_request(GTK_WIDGET(view), IMAGE_WIDTH, IMAGE_HEIGHT);
	gtk_widget_set_vexpand(GTK_WIDGET(view), TRUE);
	gtk_container_add(GTK_CONTAINER(offline_window), GTK_WIDGET(view));
	gtk_widget_show_all(offline_window);

	/* load a trivial HTML */
	g_message("load HTML...");
	webkit_web_view_load_html(view, HTML, NULL);
	while (webkit_web_view_is_loading(view)) {
		gtk_main_iteration_do(FALSE);
		g_usleep(100);
	}

	/* get the rendered view */
	g_message("get snapshot...");
	webkit_web_view_get_snapshot(view, WEBKIT_SNAPSHOT_REGION_VISIBLE, WEBKIT_SNAPSHOT_OPTIONS_NONE, NULL, dump_snapshot, &surface);
	while (surface == NULL) {
		gtk_main_iteration_do(FALSE);
		g_usleep(100);
	}

	/* clean up */
	g_message("done");
	if (surface != NULL) {
		cairo_status_t status;

		status = cairo_surface_write_to_png(surface, "sample.png");
		g_message("write surface to 'sample.png': %d", status);
		cairo_surface_destroy(surface);
	}
	gtk_widget_destroy(offline_window);
	g_object_unref(context);
}

int main(int argc, char **argv)
{
	GtkApplication *app;
	int status;

	app = gtk_application_new("org.gtk.example", G_APPLICATION_DEFAULT_FLAGS);
	g_signal_connect(app, "activate", G_CALLBACK(activate), NULL);
	status = g_application_run(G_APPLICATION(app), 0, NULL);
	g_object_unref(app);

	return status;
}

openpgp-digital-signature.asc
Description: This is a digitally signed message part.

_______________________________________________
webkit-gtk mailing list
webkit-gtk@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-gtk