bug#43989: 28.0.50; X-Widget crashes on opening file

bug#43989: 28.0.50; X-Widget crashes on opening file

[Maximiliano Sandoval via Bug reports for GNU Emacs, the Swiss army knife of text editors]

[-- Attachment #1: Type: text/plain, Size: 5156 bytes --]

When opening a file with xwidget emacs crashes with backtrace:

Fatal error 11: Segmentation fault
Backtrace:
emacs[0x507831]
emacs[0x4253a0]
emacs[0x425d98]
emacs[0x62be31]
/lib64/libjavascriptcoregtk-4.0.so.18(+0x13bf95a)[0x7fd1ba1e495a]
/lib64/libpthread.so.0(+0x141e0)[0x7fd1b88e21e0]
/lib64/libc.so.6(+0x1625b5)[0x7fd1b6c525b5]
emacs[0x5e96e9]
/var/home/deathwish/.config/emacs/.local/cache/eln/28.0.50-x86_64-redhat-linux-gnu-d299cfd6d93a84d46b4eab5ce8de0072/xwidget-f9c86f6983804058a6bbecb811090bde-67a3940b0a98748a2d39ca31a2bfe13d.eln(F787769646765742d7765626b69742d63616c6c6261636b_xwidget_webkit_callback_0+0xd9)[0x7fd1a9c66cd9]
emacs[0x575750]
/var/home/deathwish/.config/emacs/.local/cache/eln/28.0.50-x86_64-redhat-linux-gnu-d299cfd6d93a84d46b4eab5ce8de0072/xwidget-f9c86f6983804058a6bbecb811090bde-67a3940b0a98748a2d39ca31a2bfe13d.eln(F787769646765742d6576656e742d68616e646c6572_xwidget_event_handler_0+0xee)[0x7fd1a9c66bee]
emacs[0x575750]
emacs[0x5757a5]
emacs[0x575750]
emacs[0x575d79]
emacs[0x579b38]
/usr/bin/../lib64/emacs/28.0.50/native-lisp/28.0.50-x86_64-redhat-linux-gnu-d299cfd6d93a84d46b4eab5ce8de0072/simple-5a237ebf745e70a3e39e2b91d2f7a105-30d32e2e4732134b53f3c96b7b1f1bf8.eln(F636f6d6d616e642d65786563757465_command_execute_0+0x251)[0x7fd1b18667a1]
emacs[0x575750]
emacs[0x4f5d2b]
emacs[0x572717]
emacs[0x4efe84]
emacs[0x572659]
emacs[0x4f1153]
emacs[0x63e74f]
emacs[0x4f5847]
emacs[0x42ef19]
/lib64/libc.so.6(__libc_start_main+0xf2)[0x7fd1b6b181a2]
emacs[0x43112e]
Segmentation fault (core dumped)

Steps to reproduce:

-

Create a file ~/some.html with contents:

<head><meta charset="UTF-8"></head>
<p><strong>From</strong>: updates@fedoraproject.org</br><strong>To</strong>: user@email.com</br><strong>Date</strong>: Mon 12 Oct 2020 10:39:34 PM CEST</br><strong>Subject</strong>: [Fedora Update] [comment] toolbox-0.0.96-1.fc33</p><pre>
The following comment has been added to the toolbox-0.0.96-1.fc33 update:

bodhi - 2020-10-12 20:39:34.343089 (karma: 0)
rishi edited this update.

To reply to this comment, please visit the URL at the bottom of this mail

================================================================================
     FEDORA-2020-12c4232ccb
================================================================================
    Release: Fedora 33
     Status: testing
       Type: bugfix
   Severity: high
      Karma: 4
    Request: stable
      Notes: * Don't break GNU Readline's ctrl-p shortcut * Enable system tests
           : on Fedora 33 * Fix containers with missing `/media`
           : possibly due to a failed RPM transaction * Give access
           : to the udev database * Unbreak X11 applications with
           : GNOME 3.38 * Update default release to 31 for non-
           : Fedora hosts
  Submitter: rishi
  Submitted: 2020-10-02 13:56:36.076520
   Comments: bodhi - 2020-10-12 20:39:34.343089 (karma 0)
             rishi edited this update.
             Fixes issues with x11, no notable regressions.
             bodhi - 2020-10-07 14:20:29.828510 (karma 0)
             This update has been submitted for stable by bodhi.
             pnemade - 2020-10-07 14:20:29.375296 (karma 1)
             I can run x11 applications now. Rest usage of toolbox
             looks fine.
             cairo - 2020-10-02 22:57:21.043782 (karma 1)
             bodhi - 2020-10-02 22:20:59.046677 (karma 0)
             This update can be pushed to stable now if the
             maintainer wishes
             bodhi - 2020-10-02 22:18:06.993838 (karma 0)
             This update has been pushed to testing.
             feborges - 2020-10-02 14:34:52.612994 (karma 1)
             After commenting out `default_sysctls = ...` from
             /usr/share/containers/containers.conf I was able to
             test and verify that this update works. I was pointed
             out to
             https://github.com/containers/podman/issues/7766  I am
             able to run x11 applications again! Ctrl + P also
             works as expected. /media is present, same for udev
             database.
             bodhi - 2020-10-02 14:24:41.395885 (karma 0)
             This update's test gating status has been changed to
             'ignored'.
             bodhi - 2020-10-02 13:56:36.568529 (karma 0)
             This update's test gating status has been changed to
             'waiting'.
             bodhi - 2020-10-02 13:56:36.499889 (karma 0)
             This update's test gating status has been changed to
             'ignored'.
             bodhi - 2020-10-02 13:56:36.193084 (karma 0)
             This update has been submitted for testing by rishi.

  https://bodhi.fedoraproject.org/updates/FEDORA-2020-12c4232ccb

</pre>

- git clone the master branch of emacs
- build with ./configure --with-cairo --with-modules --with-xwidgets
- run as emacs -Q
- execute from emacs (xwidget-webkit-browse-url "file://~/some.html")
- See backtrace

The backtrace linked above was from a native-comp build, but this is reproducible without it.

See https://github.com/masm11/emacs/issues/69 for relevant info and a possible fix to the null pointer.

– Maximiliano Sandoval R.

[-- Attachment #2: Type: text/html, Size: 7721 bytes --]

bug#43989:

[Fejfighter]

[-- Attachment #1.1: Type: text/plain, Size: 86 bytes --]

This attached patch prevents NULL being passed to make string and stops the
seg fault

[-- Attachment #1.2: Type: text/html, Size: 111 bytes --]

[-- Attachment #2: 0001-Prevent-segfault-by-NULL-pointer-dereference.patch --]
[-- Type: text/x-patch, Size: 886 bytes --]

From 048b2331415bc8e7c5c9a471230f0926f12f3839 Mon Sep 17 00:00:00 2001
From: Jeff Walsh <fejfighter@gmail.com>
Date: Wed, 14 Oct 2020 21:26:37 +1100
Subject: [PATCH] Prevent segfault by NULL pointer dereference

* src/xwidget.c (Fxwidget_webkit_title): pass emptry string when no
title is returned
---
 src/xwidget.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/xwidget.c b/src/xwidget.c
index 154b3e9c82..86875387d1 100644
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -793,7 +793,9 @@ DEFUN ("xwidget-webkit-title",
   WEBKIT_FN_INIT ();
 #ifdef USE_GTK
   WebKitWebView *wkwv = WEBKIT_WEB_VIEW (xw->widget_osr);
-  return build_string (webkit_web_view_get_title (wkwv));
+  const gchar *title = webkit_web_view_get_title (wkwv);
+
+  return build_string (title?: "");
 #elif defined NS_IMPL_COCOA
   return nsxwidget_webkit_title (xw);
 #endif
-- 
2.28.0

bug#43989:

[Lars Ingebrigtsen]

Fejfighter <fejfighter@gmail.com> writes:

> * src/xwidget.c (Fxwidget_webkit_title): pass emptry string when no
> title is returned

Thanks, applied to Emacs 28 with one change:

>    WebKitWebView *wkwv = WEBKIT_WEB_VIEW (xw->widget_osr);
> -  return build_string (webkit_web_view_get_title (wkwv));
> +  const gchar *title = webkit_web_view_get_title (wkwv);
> +
> +  return build_string (title?: "");

The "Elvis operator" is a gcc-only extension to C, I think?  So I
rewrote it to use a traditional ternary instead.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no