Safari plugin crashing when System Integrity Protection is turned on. OS X 10.11.4

jonawebb

My Firebreath plugin for Safari, which uses Qt 5.5.1, crashes when System Integrity Protection is turned on. It works in other browsers, and in Safari with System Integrity Protection turned off. This is running OS X El Capitan, v10.11.4.
I'm attaching the crash report. The top of the call stack is

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x00007fff91594f06 __pthread_kill + 10
1 libsystem_pthread.dylib 0x00007fff9604a4ec pthread_kill + 90
2 libsystem_c.dylib 0x00007fff9211e6e7 abort + 129
3 org.qt-project.QtCore 0x000000010c6dbab9 qt_message_fatal(QtMsgType, QMessageLogContext const&, QString const&) + 9
4 org.qt-project.QtCore 0x000000010c6dd487 QMessageLogger::fatal(char const*, ...) const + 231
5 org.qt-project.QtGui 0x000000010c108527 QGuiApplicationPrivate::createPlatformIntegration() + 6359
6 org.qt-project.QtGui 0x000000010c10854b QGuiApplicationPrivate::createEventDispatcher() + 27
7 org.qt-project.QtCore 0x000000010c8984ec QCoreApplication::init() + 204
8 org.qt-project.QtCore 0x000000010c898407 QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) + 39
9 org.qt-project.QtGui 0x000000010c1059ee QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) + 14
10 org.qt-project.QtWidgets 0x000000010b869b6e QApplication::QApplication(int&, char**, int) + 206

I see this in Console:
com.apple.WebKit.Plugin.64: Failed to connect (colorGridView) outlet from (NSApplication) to (NSColorPickerGridView): missing setter or instance variable
com.apple.WebKit.Plugin.64: Failed to connect (view) outlet from (NSApplication) to (NSColorPickerGridView): missing setter or instance variable

Maybe there's an issue with Qt 5.5.1 & SIP with OS X El Capitan? Or I need to do something to initialize it before instantiating QApplication? (The call to QApplication is practically the first thing my plugin does.)

Any ideas, please let me know. Also, BTW, I'm not very familiar with the Mac so if someone could tell me how to get the debug version of the Qt libraries linked in there so I see line numbers in the Qt code that would help.

Process:               com.apple.WebKit.Plugin.64 [823]
Path:                  /System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Plugin.64.xpc/Contents/MacOS/com.apple.WebKit.Plugin.64
Identifier:            com.apple.WebKit.Plugin.64
Version:               11601 (11601.5.17.1)
Build Info:            WebKit2-7601005017001000~1
Code Type:             X86-64 (Native)
Parent Process:        ??? [1]
Responsible:           Safari [282]
User ID:               501

PlugIn Path:             /Developer/SDKs/Qt/5.5/clang_64/lib/QtCore.framework/Versions/5/QtCore
PlugIn Identifier:       org.qt-project.QtCore
PlugIn Version:          5.5 (5.5.1)

Date/Time:             2016-08-16 14:47:45.858 -0400
OS Version:            Mac OS X 10.11.4 (15E65)
Report Version:        11
Anonymous UUID:        EB1C754A-EF31-1BE9-1CC7-16F10B48F84D


Time Awake Since Boot: 1000 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000
Exception Note:        EXC_CORPSE_NOTIFY

Application Specific Information:
abort() called

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff91594f06 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff9604a4ec pthread_kill + 90
2   libsystem_c.dylib             	0x00007fff9211e6e7 abort + 129
3   org.qt-project.QtCore         	0x000000010c6dbab9 qt_message_fatal(QtMsgType, QMessageLogContext const&, QString const&) + 9
4   org.qt-project.QtCore         	0x000000010c6dd487 QMessageLogger::fatal(char const*, ...) const + 231
5   org.qt-project.QtGui          	0x000000010c108527 QGuiApplicationPrivate::createPlatformIntegration() + 6359
6   org.qt-project.QtGui          	0x000000010c10854b QGuiApplicationPrivate::createEventDispatcher() + 27
7   org.qt-project.QtCore         	0x000000010c8984ec QCoreApplication::init() + 204
8   org.qt-project.QtCore         	0x000000010c898407 QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) + 39
9   org.qt-project.QtGui          	0x000000010c1059ee QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) + 14
10  org.qt-project.QtWidgets      	0x000000010b869b6e QApplication::QApplication(int&, char**, int) + 206
11  com.CtxPresenterPluginLib.CONTEX-Presenter-Plugin-x86-64	0x0000000108c7aaa1 Presenter::QPresenterPlugin::globalInit() + 257 (qpresenterplugin.cpp:39)
12  com.CtxPresenterPluginLib.CONTEX-Presenter-Plugin-x86-64	0x0000000108c064cf CtxPresenterPlugin::StaticInitialize() + 127 (CtxPresenterPlugin.cpp:35)
13  com.CtxPresenterPluginLib.CONTEX-Presenter-Plugin-x86-64	0x0000000108c759a1 PluginFactory::globalPluginInitialize() + 17 (Factory.cpp:34)
14  com.CtxPresenterPluginLib.CONTEX-Presenter-Plugin-x86-64	0x0000000108d1dc37 FB::Npapi::NpapiPluginModule::GetModule(void const*) + 103 (NpapiPluginModule.cpp:34)
15  com.CtxPresenterPluginLib.CONTEX-Presenter-Plugin-x86-64	0x0000000108cc61c9 NP_Initialize + 57 (np_macmain.cpp:70)
16  com.apple.WebKit              	0x00007fff975b3556 WebKit::NetscapePluginModule::tryLoad() + 206
17  com.apple.WebKit              	0x00007fff975b3423 WebKit::NetscapePluginModule::load() + 31
18  com.apple.WebKit              	0x00007fff975b33da WebKit::NetscapePluginModule::getOrCreate(WTF::String const&) + 192
19  com.apple.WebKit              	0x00007fff975b32a1 WebKit::PluginProcess::netscapePluginModule() + 37
20  com.apple.WebKit              	0x00007fff975b31f8 WebKit::PluginProcess::createWebProcessConnection() + 310
21  com.apple.WebKit              	0x00007fff97604f56 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 102
22  com.apple.WebKit              	0x00007fff97607482 IPC::Connection::dispatchOneMessage() + 114
23  com.apple.JavaScriptCore      	0x00007fff861a1cb2 WTF::RunLoop::performWork() + 898
24  com.apple.JavaScriptCore      	0x00007fff861a21c2 WTF::RunLoop::performWork(void*) + 34
25  com.apple.CoreFoundation      	0x00007fff83b3e881 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
26  com.apple.CoreFoundation      	0x00007fff83b1dfbc __CFRunLoopDoSources0 + 556
27  com.apple.CoreFoundation      	0x00007fff83b1d4df __CFRunLoopRun + 927
28  com.apple.CoreFoundation      	0x00007fff83b1ced8 CFRunLoopRunSpecific + 296
29  com.apple.HIToolbox           	0x00007fff94588935 RunCurrentEventLoopInMode + 235
30  com.apple.HIToolbox           	0x00007fff9458876f ReceiveNextEventCommon + 432
31  com.apple.HIToolbox           	0x00007fff945885af _BlockUntilNextEventMatchingListInModeWithFilter + 71
32  com.apple.AppKit              	0x00007fff90746efa _DPSNextEvent + 1067
33  com.apple.AppKit              	0x00007fff9074632a -[NSApplication _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 454
34  com.apple.AppKit              	0x00007fff9073ae84 -[NSApplication run] + 682
35  com.apple.AppKit              	0x00007fff9070446c NSApplicationMain + 1176
36  libxpc.dylib                  	0x00007fff8236245e _xpc_objc_main + 793
37  libxpc.dylib                  	0x00007fff82360e8a xpc_main + 494
38  com.apple.WebKit.Plugin.64    	0x0000000104c08b4a 0x104c08000 + 2890
39  libdyld.dylib                 	0x00007fff840bd5ad start + 1

SGaist

Hi,

I haven't wrote plugins for Safari but from the error message it's likely related to the platform plugin not being loaded. If possible you should define the Q_DEBUG_PLUGINS environment variable and see if you can get any information about the plugins being loaded.

jonawebb

I tried turning Q_DEBUG_PLUGINS on but all it did was make my plugin not generate a crash report. Still didn't work, though.
I also tried using a previous (Qt4) version of the plugin, which also doesn't work. I got more information from it. The following message appears in the Console log:
8/17/16 1:11:24.555 PM com.apple.WebKit.Plugin.64[480]: Error loading /Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin: dlopen(/Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin, 262): Library not loaded: QtWebKit.framework/Versions/4/QtWebKit
Referenced from: /Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin
Reason: unsafe use of relative rpath QtWebKit.framework/Versions/4/QtWebKit in /Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin with restricted binary

I wonder if this has something to do with it. It sounds like the sort of problem System Integrity Protection is designed to prevent.

jonawebb

A bit more info: I got the Qt5 version to give more info about what's not being loaded. It looks like it's unable to load the QtWebKitWidgets framework for some reason. I checked -- it and the platforms etc. are in the executable:

8/17/16 2:57:48.687 PM com.apple.WebKit.Plugin.64[1563]: Error loading /Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin: dlopen(/Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin, 262): Library not loaded: @rpath/QtWebKitWidgets.framework/Versions/5/QtWebKitWidgets
Referenced from: /Library/Internet Plug-Ins/npCtxPresenterPlugin.plugin/Contents/MacOS/npCtxPresenterPlugin
Reason: image not found

jonawebb

I think I'm beginning to get a handle on what's going on. It looks like macdeployqt is inserting @rpath references to the Qt frameworks. These don't seem to be working with System Integrity Protection turned on.
I don't know why the behavior seems to be different for my internet plug-in than what must be happening with other Mac executables. Maybe /Developer/Internet Plug-Ins is a protected location under System Integrity Protection? Not sure.
Anyway, when I replace the @rpath references with @loader_path the load seems to get farther. I'll know more when I get them all set.

SGaist

Interesting !

Once you cleared that part, that might something to make the macOS Qt dev aware. You should take a look at the bug report system to see if there's already something. If not please consider opening a new report providing your use case and findings.

jonawebb

I'm pretty sure that macdeployqt isn't working correctly for code that's protected. It appears that the @rpath items in the executable are not being allowed for this code. You can use @loader_path instead. But fixing that would require not only fixing the paths in the executable itself, but also in the Framework libraries.
I'll file a bug report for this, though I'm really not familiar with OSX it appears this is the way things are supposed to work.
BTW I'm STILL seeing the crash in the plugin--unfortunately I'm not getting any useful crash report. It looks like what happened earlier; the code is failing in createPlatformIntegration. I see these messages in the Console log:

8/18/16 3:14:17.054 PM com.apple.xpc.launchd[1]: (com.apple.WebKit.Plugin.64.E77BAC61-F958-4FF7-9D28-01F88EAF0E5C[2660]) Service exited due to signal: Abort trap: 6
8/18/16 3:14:18.154 PM com.apple.WebKit.Plugin.64[2661]: Failed to connect (colorGridView) outlet from (NSApplication) to (NSColorPickerGridView): missing setter or instance variable
8/18/16 3:14:18.154 PM com.apple.WebKit.Plugin.64[2661]: Failed to connect (view) outlet from (NSApplication) to (NSColorPickerGridView): missing setter or instance variable
8/18/16 3:14:18.000 PM kernel[0]: Process[2661] crashed: com.apple.WebKit. Too many corpses being created.