Closed falsifian closed 6 months ago
Found another page that triggers this consistently: Github's two-factor-authentication.
If I go to https://www.github.com/login and enter my username and password, then vimb starts loading the page to enter my second factor, and then crashes.
(A minor difference in this case is that I also see ** (WebKitWebProcess:58042): WARNING **: 16:47:33.921: Failed to emit signal 'VerticalScroll': The connection is closed
after the vimb process aborts. I guess that indicates the webkit process is still alive when vimb dies?)
Another piece of the puzzle:
I have the following in my vimb config:
autocmd LoadCommitted * shellcmd /bin/sh -c 'printf "%s LC %s\n" "\$(date -u +%FT%TZ)" "$VIMB_URI" >> ~/var/log/vimb'
If I comment out that line from ~/.config/vimb/config
, these crashes do not happen.
Okay, this is enough to trigger the crash:
:sh echo hello
@falsifian Could be an issue in https://github.com/fanglingsu/vimb/blob/master/src/ex.c#L1105. Does it make a difference when you run the command asynchron by shellcmd! /bin/sh -c '...'
(! changes shellcmd to not consider the output and can therefore run in backgorund).
No, it still crashes with :sh!
.
The assertion error is being triggered by the call to g_variant_get
in ext_proxy_get_current_selection
when it is called by ex_shellcmd
; the jsreturn
variable is NULL. I guess ext_proxy_eval_script_sync
is returning NULL
and that should be checked. (I found this out with gdb + G_DEBUG=fatal-criticals
in the environment.) I don't know if this is related to the double free.
EDIT: I've narrowed down the cause; see https://github.com/fanglingsu/vimb/issues/745#issuecomment-1614950018
Note that this is actually vimb 3.7.0 despite the below
--bug-info
output; see #743.Possibly relevant: OpenBSD's libc makes some effort to detect double frees and use after frees. So, if this crash is not observed on other platforms, maybe the double free is still happening undetected? I am curious whether others are seeing at least the
g_variant_get: assertion 'value != NULL' failed
in the output (stderr?) of vimb.Steps to reproduce
With Vimb 3.7.0 on OpenBSD-current (amd64), after logging in to Facebook, I can trigger the following behaviour consistently with
:open facebook.com
. (The crash happens right away upon loading the page; no interaction is needed.) If it would help, I can try to find other sites that consistently trigger this; facebook.com is just the first one where I noticed it happens every single time.Expected behaviour
vimb doesn't die
Actual behaviour
Here is what I see in the terminal:
Here are backtraces I generated by opening the core dump with gdb and using the
bt
command. There are three of them, based on openingvimb
three separate times and navigating to facebook.com in each case.1.
2.
3.