Midori Web Browser

segfault adding to the adblock custom list

Bug #977981 reported by vcap on 2012-04-10

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Midori Web Browser	Fix Released	High	André Stösel

Bug Description

this only happens when starting midori with the adblock addon turned off; then if i turn it on and use "Block link"/"Block image" it segfaults.

if i restart midori instead, "Block link"/"Block image" works correctly.

Program terminated with signal 11, Segmentation fault.
#0 0x0808d8ca in midori_extension_is_active (extension=extension@entry=0xb7718ff4)
    at ../midori/midori-extension.c:563
563 g_return_val_if_fail (MIDORI_IS_EXTENSION (extension), FALSE);
(gdb) bt 3
#0 0x0808d8ca in midori_extension_is_active (extension=extension@entry=0xb7718ff4)
    at ../midori/midori-extension.c:563
#1 0x0808da03 in midori_extension_get_app (extension=extension@entry=0xb7718ff4)
    at ../midori/midori-extension.c:622
#2 0xb263cea2 in adblock_custom_block_image_cb (widget=0x9a2be80, extension=0xb7718ff4)
    at ../extensions/adblock.c:843
(More stack frames follow...)
(gdb) p *extension
$1 = {parent_instance = {g_type_instance = {g_class = 0xf7e60}, ref_count = 3078112760,
    qdata = 0xb779a8a0}, priv = 0xb7634eb6}

"extension" doesn't look good here.

See original description

Tags:

vcap (vcappe) on 2012-04-10

description:

updated

Revision history for this message

Alexander Butenko (avb) wrote on 2012-04-10:

diff --git a/extensions/adblock.c b/extensions/adblock.c
index 0d46d9e..9ba8095 100644
--- a/extensions/adblock.c
+++ b/extensions/adblock.c
@@ -840,6 +840,7 @@ adblock_custom_block_image_cb (GtkWidget* widget,
GtkWidget* entry;
gchar* title;

+ g_return_if_fail (MIDORI_IS_EXTENSION (extension));
app = midori_extension_get_app (extension);
browser = katze_object_get_object (app, "browser");

Can you please try this workaround?

callback of midori_browser_foreach () have only 2 arguments, while we expecting 3. which is causing MidoriExtension which we are passing to be null.

Revision history for this message

Cris Dywan (kalikiana) wrote on 2012-04-12:

Pushed commit 08d890e20 which probably fixes this. I haven't seen it crash but the user_data was definitely wrong and it could've ended up with left-over callbacks.

Changed in midori:
status:	New → Fix Committed
tags:	added: adblock

Revision history for this message

vcap (vcappe) wrote on 2012-04-12:

it's the midori_browser_foreach in adblock_app_add_browser_cb:
midori_browser_foreach (browser=0x8185000, callback=0xb2e95f8e <adblock_add_tab_foreach_cb>,
callback_data=0x810ea18)

but, when it gets to adblock_add_tab_foreach_cb it's:
adblock_add_tab_foreach_cb (view=0x82294c8, browser=0x810ea18, extension=0x0)

we would like 0x810ea18 to be extension, not browser

Changed in midori:
status:	Fix Committed → Confirmed

André Stösel (ivaldi) on 2012-04-12

Changed in midori:
importance:	Undecided → High
assignee:	nobody → André Stösel (ivaldi)

Revision history for this message

vcap (vcappe) wrote on 2012-04-12:

or rather, it's adblock_add_tab_foreach_cb that should not take 2 arguments, not 3.

Revision history for this message

vcap (vcappe) wrote on 2012-04-12:

that should take 2, not 3. i mean

Revision history for this message

André Stösel (ivaldi) wrote on 2012-04-13:

0001-Fix-for-tab-registarion-in-adblock.patch Edit (2.7 KiB, text/plain)

And here is the fix.

Revision history for this message

Cris Dywan (kalikiana) wrote on 2012-04-13:

Small gripe with the patch: get_nth_tab is slower than foreach, the former walks the list again exponentially to the number of tabs. But since this is during (de)activation it's less critical than the crashes with the previous code. Thanks!