Dragging from the installer Webkit widget crashes Ubiquity [worked around by bug 448703]

Bug #434413 reported by andre on 2009-09-22
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
pywebkitgtk (Ubuntu)
Medium
Unassigned

Bug Description

Binary package hint: ubiquity

Ubuntu 9.10 Karmic Alpha 6 Desktop Installer CD
Architecture: amd64

Ubiquity
Version: 1.99.21

The problem
========

When the installer is running (partitioning, copying files, etc), trying to drag an image from the Webkit control crashes Ubiquity.

Steps to reproduce
===========

Just drag the Ubuntu logo from the 'Installing system' window.

What should happen
============

Not crash :)

I didn't find any relevant information in the log files because Ubiquity just dies, but I'm attaching a gdb backtrace.

andre (andrerobot) wrote :
Colin Watson (cjwatson) wrote :

Confirmed. It seems to have something to do with the new-window-policy-decision-requested handler we install. I get this on stderr:

  python: malloc.c:4591: _int_malloc: Assertion `(unsigned long)(size) >= (unsigned long)(nb)' failed.

Changed in ubiquity (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
Colin Watson (cjwatson) wrote :

This *appears* to be a bug in the Python webkit bindings. Attached is a reduced test case. You'll need to have the ubiquity-slideshow-ubuntu package installed to run this.

affects: ubiquity (Ubuntu) → pywebkitgtk (Ubuntu)
Nobuto Murata (nobuto) wrote :

I faced the same problem.
And I tried #4 script.

Then the window also crashed and returned below.

1st time

$ python webkit-bug.py

python: malloc.c:3074: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

2nd time

$ python webkit-bug.py
python: malloc.c:4591: _int_malloc: Assertion `(unsigned long)(size) >= (unsigned long)(nb)' failed.
Aborted (core dumped)

I have reproduced it (but not every time) against the new version (1.1.7) of python-webkit. I'll ask the upstream author to have a look at it.

Daniel Holbert (dholbert) wrote :

This bug actually has a much simpler workaround: use CSS to disable image-dragging in ubiquity-slideshow-ubuntu. There's no rational reason that a user would need to drag and drop images from the installer.

The attached patch does this, for all <img> elements in ubiquity-slideshow-ubuntu. I initially stuck it on the "icon" class, but that doesn't disable the drag and drop on the firefox.html slide, because that slide's <img> element has no class.

[1] http://developer.apple.com/mac/library/documentation/AppleApplications/Reference/SafariCSSRef/Articles/StandardCSSProperties.html#//apple_ref/css/property/-webkit-user-drag

Daniel Holbert (dholbert) wrote :

(sorry -- the "[1]" link above was from a block of text that I ended up deleting from my comment. It's the documentation for the -webkit-user-drag property, for controlling drag-and-drop.)

Daniel Holbert (dholbert) wrote :

Since this bug is located in the "pywebkitgtk" component and seems to be about the underlying crash, I've moved my band-aid patch (from comment 7) to bug 448703. Let's keep this bug here focused on the underlying crash, while bug 448703 can be about a cosmetic fix to avoid the crash in ubiquity. Sorry for the bugspam.

summary: - Dragging from the installer Webkit widget crashes Ubiquity
+ Dragging from the installer Webkit widget crashes Ubiquity [worked
+ around by bug 448703]
Daniel Holbert (dholbert) wrote :

FWIW, this bug only seems to happen with non-square images. The second slide in the slideshow, for Firefox, uses a square PNG file -- and it doesn't crash if you drag it. The first slide, on the other hand ("welcome" and "f-spot") use rectangular images (taller than they are wide), and they crash.

Through some trial and error, I've found that I can make the first slide fine by editing its underlying PNG image in Gimp to make it square. Absolute size doesn't seem to matter -- 100x100 is fine, 237x237 is fine, but 100x237 up to 235x237 will crash.)

Also, FWIW -- evand has checked in the fix for bug 448703, so I assume this bug will be worked around in the next version of ubiquity-slideshow-ubuntu. For the purposes of testing this bug here, use a version of ubiquity-slideshow-ubuntu <= 0.8, the current version.

Daniel Holbert (dholbert) wrote :

> The first slide, on the other hand ("welcome" and "f-spot")
Sorry -- I meant "The first and third slides" (as examples)

> 237x237 is fine, but 100x237 up to 235x237 will crash.
Smaller widths will crash as well -- I didn't mean to imply that 100 was an absolute minimum there.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers