Dragging from the installer Webkit widget crashes Ubiquity [worked around by bug 448703]

Confirmed. It seems to have something to do with the new-window-policy-decision-requested handler we install. I get this on stderr:

  python: malloc.c:4591: _int_malloc: Assertion `(unsigned long)(size) >= (unsigned long)(nb)' failed.

This *appears* to be a bug in the Python webkit bindings. Attached is a reduced test case. You'll need to have the ubiquity-slideshow-ubuntu package installed to run this.

I faced the same problem.
And I tried #4 script.

Then the window also crashed and returned below.

1st time

$ python webkit-bug.py

python: malloc.c:3074: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed.
Aborted (core dumped)

2nd time

$ python webkit-bug.py
python: malloc.c:4591: _int_malloc: Assertion `(unsigned long)(size) >= (unsigned long)(nb)' failed.
Aborted (core dumped)

I have reproduced it (but not every time) against the new version (1.1.7) of python-webkit. I'll ask the upstream author to have a look at it.

This bug actually has a much simpler workaround: use CSS to disable image-dragging in ubiquity-slideshow-ubuntu. There's no rational reason that a user would need to drag and drop images from the installer.

The attached patch does this, for all <img> elements in ubiquity-slideshow-ubuntu. I initially stuck it on the "icon" class, but that doesn't disable the drag and drop on the firefox.html slide, because that slide's <img> element has no class.

[1] http://developer.apple.com/mac/library/documentation/AppleApplications/Reference/SafariCSSRef/Articles/StandardCSSProperties.html#//apple_ref/css/property/-webkit-user-drag

(sorry -- the "[1]" link above was from a block of text that I ended up deleting from my comment. It's the documentation for the -webkit-user-drag property, for controlling drag-and-drop.)

Since this bug is located in the "pywebkitgtk" component and seems to be about the underlying crash, I've moved my band-aid patch (from comment 7) to bug 448703. Let's keep this bug here focused on the underlying crash, while bug 448703 can be about a cosmetic fix to avoid the crash in ubiquity. Sorry for the bugspam.

FWIW, this bug only seems to happen with non-square images. The second slide in the slideshow, for Firefox, uses a square PNG file -- and it doesn't crash if you drag it. The first slide, on the other hand ("welcome" and "f-spot") use rectangular images (taller than they are wide), and they crash.

Through some trial and error, I've found that I can make the first slide fine by editing its underlying PNG image in Gimp to make it square. Absolute size doesn't seem to matter -- 100x100 is fine, 237x237 is fine, but 100x237 up to 235x237 will crash.)

Also, FWIW -- evand has checked in the fix for bug 448703, so I assume this bug will be worked around in the next version of ubiquity-slideshow-ubuntu. For the purposes of testing this bug here, use a version of ubiquity-slideshow-ubuntu <= 0.8, the current version.

> The first slide, on the other hand ("welcome" and "f-spot")
Sorry -- I meant "The first and third slides" (as examples)

> 237x237 is fine, but 100x237 up to 235x237 will crash.
Smaller widths will crash as well -- I didn't mean to imply that 100 was an absolute minimum there.