free(): invalid pointer when authorizing Trello to access GitHub

[eskilandreen]

Thanks for creating vimb! I've been using it as my primary browser for a few months now and I wildly prefer it to Firefox, but I still seem to need Firefox because I can't seem to link Trello and Github (and I require this at work).

The authorization is initiated from Trello. A new window is created with the Github OAuth authorization page. At some point at the end of the flow, but before Trello has received authorization from Github vimb crashes. It does this every time and I haven't found any work-around (except to use Firefox :( ).

Commit: 5cc4709
WebKit compile: 2.22.4
WebKit run: 2.22.5
GTK compile: 3.24.1
GTK run: 3.24.3
libsoup compile: 2.64.2
libsoup run: 2.64.2
Extension dir: /usr/lib/vimb

Steps to reproduce

1. Go to Trello.com and log in or sign up if you need to. Create a new Trello board.
2. On the new board, click "Show Menu" in the top right corner and then click "Power-Ups" in the menu.
3. Find the "GitHub" power-up and press the green "Add" button. The button will disappear and will be replaced by a gear button.
4. Click the gear button and select "Authorize Account" and then "Link Your Github Account". This will open a new window to the GitHub authorization page.
5. Proceed with GitHub authorization.

Expected behaviour

After a bunch of redirects the new window should close and only the window with the Trello board should remain; the Trello GitHub power-up should be enabled and the gear menu for the power-up should look like this (produced with Firefox):

Actual behaviour

Both vimb windows disappear - both the one with your trello board, and the new window with the GitHub authorization page. Re-launching vimb and navigating to Trello, you'll see that the new board is still there, the GitHub power-up is enabled, but clicking the gear button next to the power-up still prompts you to "Authorize Account", implying that the authorization didn't work.

If you try to authorize with Github again then the crash will happen again too.

When running vimb from the console the crash produces this output:

free(): invalid pointer
Aborted (core dumped)

coredumpctl info shows the following:

           PID: 21144 (vimb)
           UID: 1000 (eskil)
           GID: 997 (users)
        Signal: 6 (ABRT)
     Timestamp: Sat 2019-01-19 16:02:34 CET (20s ago)
  Command Line: vimb -p bughunt3
    Executable: /usr/bin/vimb
 Control Group: /user.slice/user-1000.slice/session-1.scope
          Unit: session-1.scope
         Slice: user-1000.slice
       Session: 1
     Owner UID: 1000 (eskil)
       Boot ID: 92e419bb610640238d1187f1ed3e286d
    Machine ID: 5fb2c7cb214945878360133b0c1336ce
      Hostname: grey-17
       Storage: /var/lib/systemd/coredump/core.vimb.1000.92e419bb610640238d1187f1ed3e286d.21144.1547910154000000.lz4
       Message: Process 21144 (vimb) of user 1000 dumped core.
                
                Stack trace of thread 21144:
                #0  0x00007f7549272d7f raise (libc.so.6)
                #1  0x00007f754925d672 abort (libc.so.6)
                #2  0x00007f75492b5878 __libc_message (libc.so.6)
                #3  0x00007f75492bc18a malloc_printerr (libc.so.6)
                #4  0x00007f75492bd97c _int_free (libc.so.6)
                #5  0x00007f7549443c1b g_string_free (libglib-2.0.so.0)
                #6  0x0000558fd1b3611c n/a (vimb)
                #7  0x00007f75495523c5 g_closure_invoke (libgobject-2.0.so.0)
                #8  0x00007f754953f195 n/a (libgobject-2.0.so.0)
                #9  0x00007f754954301e g_signal_emit_valist (libgobject-2.0.so.0)
                #10 0x00007f7549543a80 g_signal_emit (libgobject-2.0.so.0)
                #11 0x00007f754b7c27d3 n/a (libwebkit2gtk-4.0.so.37)
                #12 0x00007f754b8b55b8 n/a (libwebkit2gtk-4.0.so.37)
                #13 0x00007f754b97c29e n/a (libwebkit2gtk-4.0.so.37)
                #14 0x00007f754b8b086f n/a (libwebkit2gtk-4.0.so.37)
                #15 0x00007f754b8b14ba n/a (libwebkit2gtk-4.0.so.37)
                #16 0x00007f754a4ba2f5 _ZN3WTF7RunLoop11performWorkEv (libjavascriptcoregtk-4.0.so.18)
                #17 0x00007f754a4f024a n/a (libjavascriptcoregtk-4.0.so.18)
                #18 0x00007f754946a8d1 g_main_context_dispatch (libglib-2.0.so.0)
                #19 0x00007f754946c5e9 n/a (libglib-2.0.so.0)
                #20 0x00007f754946d5c2 g_main_loop_run (libglib-2.0.so.0)
                #21 0x00007f754ad1193f gtk_main (libgtk-3.so.0)
                #22 0x0000558fd1b2c704 n/a (vimb)
                #23 0x00007f754925f223 __libc_start_main (libc.so.6)
                #24 0x0000558fd1b2c7ee n/a (vimb)
                
                Stack trace of thread 21160:
                #0  0x00007f754932bc21 __poll (libc.so.6)
                #1  0x00007f754946c540 n/a (libglib-2.0.so.0)
                #2  0x00007f754946d5c2 g_main_loop_run (libglib-2.0.so.0)
                #3  0x00007f754a4f0d92 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.0.so.18)
                #4  0x00007f754a4bba90 _ZN3WTF6Thread10entryPointEPNS0_16NewThreadContextE (libjavascriptcoregtk-4.0.so.18)
                #5  0x00007f754a4eedda n/a (libjavascriptcoregtk-4.0.so.18)
                #6  0x00007f7548afca9d start_thread (libpthread.so.0)
                #7  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21176:
                #0  0x00007f754932bc21 __poll (libc.so.6)
                #1  0x00007f754946c540 n/a (libglib-2.0.so.0)
                #2  0x00007f754946d5c2 g_main_loop_run (libglib-2.0.so.0)
                #3  0x00007f754a800cb8 n/a (libgio-2.0.so.0)
                #4  0x00007f754944767b n/a (libglib-2.0.so.0)
                #5  0x00007f7548afca9d start_thread (libpthread.so.0)
                #6  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21146:
                #0  0x00007f7548b02e5b pthread_cond_timedwait@@GLIBC_2.3.2 (libpthread.so.0)
                #1  0x00007f754a4ef76c _ZN3WTF15ThreadCondition9timedWaitERNS_5MutexENS_8WallTimeE (libjavascriptcoregtk-4.0.so.18)
                #2  0x00007f754a4b7525 _ZN3WTF10ParkingLot21parkConditionallyImplEPKvRKNS_12ScopedLambdaIFbvEEERKNS3_IFvvEEERKNS_24TimeWithDynamicClockTypeE (libjavascriptcoregtk-4.0.so.18)
                #3  0x00007f754a4badbb _ZN3WTF5sleepENS_7SecondsE (libjavascriptcoregtk-4.0.so.18)
                #4  0x00007f754bae40c6 n/a (libwebkit2gtk-4.0.so.37)
                #5  0x00007f754a4bba90 _ZN3WTF6Thread10entryPointEPNS0_16NewThreadContextE (libjavascriptcoregtk-4.0.so.18)
                #6  0x00007f754a4eedda n/a (libjavascriptcoregtk-4.0.so.18)
                #7  0x00007f7548afca9d start_thread (libpthread.so.0)
                #8  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21145:
                #0  0x00007f7548b02e5b pthread_cond_timedwait@@GLIBC_2.3.2 (libpthread.so.0)
                #1  0x00007f754a5007ba _ZN7bmalloc9Scavenger13threadRunLoopEv (libjavascriptcoregtk-4.0.so.18)
                #2  0x00007f754a50096a _ZN7bmalloc9Scavenger16threadEntryPointEPS0_ (libjavascriptcoregtk-4.0.so.18)
                #3  0x00007f7546ee7063 execute_native_thread_routine (libstdc++.so.6)
                #4  0x00007f7548afca9d start_thread (libpthread.so.0)
                #5  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21147:
                #0  0x00007f754932bc21 __poll (libc.so.6)
                #1  0x00007f754946c540 n/a (libglib-2.0.so.0)
                #2  0x00007f754946d5c2 g_main_loop_run (libglib-2.0.so.0)
                #3  0x00007f754a4f0d92 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.0.so.18)
                #4  0x00007f754a4bba90 _ZN3WTF6Thread10entryPointEPNS0_16NewThreadContextE (libjavascriptcoregtk-4.0.so.18)
                #5  0x00007f754a4eedda n/a (libjavascriptcoregtk-4.0.so.18)
                #6  0x00007f7548afca9d start_thread (libpthread.so.0)
                #7  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21148:
                #0  0x00007f754932bc21 __poll (libc.so.6)
                #1  0x00007f754946c540 n/a (libglib-2.0.so.0)
                #2  0x00007f754946d5c2 g_main_loop_run (libglib-2.0.so.0)
                #3  0x00007f754a4f0d92 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.0.so.18)
                #4  0x00007f754a4bba90 _ZN3WTF6Thread10entryPointEPNS0_16NewThreadContextE (libjavascriptcoregtk-4.0.so.18)
                #5  0x00007f754a4eedda n/a (libjavascriptcoregtk-4.0.so.18)
                #6  0x00007f7548afca9d start_thread (libpthread.so.0)
                #7  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21230:
                #0  0x00007f75493314ed syscall (libc.so.6)
                #1  0x00007f754941b151 g_cond_wait_until (libglib-2.0.so.0)
                #2  0x00007f75494992c3 n/a (libglib-2.0.so.0)
                #3  0x00007f75494994c3 g_async_queue_timeout_pop (libglib-2.0.so.0)
                #4  0x00007f754943e54a n/a (libglib-2.0.so.0)
                #5  0x00007f754944767b n/a (libglib-2.0.so.0)
                #6  0x00007f7548afca9d start_thread (libpthread.so.0)
                #7  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21159:
                #0  0x00007f754932bc21 __poll (libc.so.6)
                #1  0x00007f754946c540 n/a (libglib-2.0.so.0)
                #2  0x00007f754946d5c2 g_main_loop_run (libglib-2.0.so.0)
                #3  0x00007f754a4f0d92 _ZN3WTF7RunLoop3runEv (libjavascriptcoregtk-4.0.so.18)
                #4  0x00007f754a4bba90 _ZN3WTF6Thread10entryPointEPNS0_16NewThreadContextE (libjavascriptcoregtk-4.0.so.18)
                #5  0x00007f754a4eedda n/a (libjavascriptcoregtk-4.0.so.18)
                #6  0x00007f7548afca9d start_thread (libpthread.so.0)
                #7  0x00007f7549336b23 __clone (libc.so.6)
                
                Stack trace of thread 21153:
                #0  0x00007f754932bc21 __poll (libc.so.6)
                #1  0x00007f754946c540 n/a (libglib-2.0.so.0)
                #2  0x00007f754946c62e g_main_context_iteration (libglib-2.0.so.0)
                #3  0x00007f754946c682 n/a (libglib-2.0.so.0)
                #4  0x00007f754944767b n/a (libglib-2.0.so.0)
                #5  0x00007f7548afca9d start_thread (libpthread.so.0)
                #6  0x00007f7549336b23 __clone (libc.so.6)

[fanglingsu]

@eskilandreen Thank you for the detailed bug report. Hope we can create a simpler use case to check what going on.

[fanglingsu]

@eskilandreen I can reproduce this issue by a simple html file with following link <a href="#" onclick="window.close()">Close Pop-Up</a>. If I fire this link, vimb crashes.

[fanglingsu]

@eskilandreen Wow github feature closed this issue by coincidence of special commit message together with the issue number. I've fixed a segfault in case a window was cloase by JavaScript window.close(); so could you please check if this fixes also your issue?

[eskilandreen]

@fanglingsu that seems to have solved it! I can no longer reproduce the problem using make runsandbox on the latest master. 😂 . Good catch!