RESOLVED WORKSFORME 15408
Gtk Port crashes on dailymotion objects 
https://bugs.webkit.org/show_bug.cgi?id=15408
Summary Gtk Port crashes on dailymotion objects
Mike Hommey
Reported 2007-10-07 01:53:48 PDT
I'll attach a minimal testcase. The crash occurs in libcurl, but I don't know if this happens because of webkit misuse or because of a real buf in libcurl. Backtrace: #0 0xb6dd85c8 in multi_runsingle (multi=0x80c0a00, easy=0x80af470) at multi.c:1266 gotourl = 0x80c0a00 "\036&#65533;\v" disconnect_conn = false connected = 182 async = 221 protocol_connect = false dophase_done = 29 done = true result = CURLM_OK #1 0xb6dd951f in curl_multi_perform (multi_handle=0x80c0a00, running_handles=0xbff18c14) at multi.c:1479 result = <value optimized out> multi = (struct Curl_multi *) 0x0 easy = (struct Curl_one_easy *) 0x80af470 returncode = CURLM_OK t = <value optimized out> #2 0xb7bff908 in WebCore::ResourceHandleManager::downloadTimerCallback (this=0x80c08c8, timer=0x80c08c8) at ../../WebCore/platform/network/curl/ResourceHandleManager.cpp:186 fdread = {fds_bits = {128, 0 <repeats 31 times>}} fdwrite = {fds_bits = {0 <repeats 32 times>}} fdexcep = {fds_bits = {0 <repeats 32 times>}} maxfd = 7 timeout = {tv_sec = 0, tv_usec = 5000} rc = <value optimized out> runningHandles = 0 curlCode = <value optimized out> started = <value optimized out> #3 0xb7bffbcb in WebCore::Timer<WebCore::ResourceHandleManager>::fired (this=0x80c08c8) at ../../WebCore/platform/Timer.h:98 No locals. #4 0xb7b30e6b in WebCore::TimerBase::fireTimers (fireTime=1191747092.172786, firingTimers=@0xbff18ccc) at ../../WebCore/platform/Timer.cpp:336 timer = (class WebCore::TimerBase *) 0x80c08c8 interval = 1 i = 0 size = 1 #5 0xb7b311e8 in WebCore::TimerBase::sharedTimerFired () at ../../WebCore/platform/Timer.cpp:357 fireTime = 1191747092.172786 firingTimers = {m_size = 1, m_impl = {m_buffer = 0x8116e40, m_capacity = 16}} firingTimersSet = {m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x8116e88, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 1}} #6 0xb7bfc66e in timeout_cb () at ../../WebCore/platform/gtk/SharedTimerLinux.cpp:48 No locals. #7 0xb76f88f6 in g_timeout_dispatch (source=0x8116c28, callback=0, user_data=0x0) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:3488 No locals. #8 0xb76f8186 in IA__g_main_context_dispatch (context=0x806a018) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:2061 No locals. #9 0xb76fb512 in g_main_context_iterate (context=0x806a018, block=1, dispatch=1, self=0x8058ab0) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:2694 got_ownership = <value optimized out> max_priority = 2147483647 timeout = 1 some_ready = 1 nfds = <value optimized out> allocated_nfds = <value optimized out> fds = (GPollFD *) 0x80f98d8 __PRETTY_FUNCTION__ = "g_main_context_iterate" #10 0xb76fb8f7 in IA__g_main_loop_run (loop=0x80f0d08) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:2898 got_ownership = 0 self = (GThread *) 0x8058ab0 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #11 0xb749a644 in IA__gtk_main () at /tmp/buildd/gtk+2.0-2.12.0/gtk/gtkmain.c:1144 tmp_list = (GList *) 0x8066200 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x8066ea8 loop = (GMainLoop *) 0x80f0d08 #12 0x08049894 in main (argc=134805888, argv=0x1) at ../../../WebKitTools/GtkLauncher/main.cpp:181 url = (gchar *) 0x806a3b0 "file:///home/mh/webkit-crash.html" menuMain = <value optimized out> menuMainBack = <value optimized out> menuMainForward = <value optimized out> menuMainQuit = <value optimized out> menuMainRoot = <value optimized out> menuBar = <value optimized out> vbox = (GtkWidget *) 0x80661b0 hbox = (GtkWidget *) 0x8066200 urlBarSubmitButton = <value optimized out> scrolledWindow = (GtkWidget *) 0x8066ea8 #13 0xb7129050 in __libc_start_main () from /lib/libc.so.6 No symbol table info available. #14 0x08049131 in _start () No symbol table info available.
Attachments
testcase (180 bytes, text/html)
2007-10-07 01:54 PDT, Mike Hommey 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Mike Hommey
Comment 1 2007-10-07 01:54:12 PDT
Created attachment 16573 [details] testcase
Lars Lindner
Comment 2 2007-11-05 15:29:40 PST
I can also reliably produce this crash with different other rendering scenarios.
zaheer
Comment 3 2007-12-04 21:58:01 PST
i see the same crash opening http://irctc.com in r26699, i havent checked in latest build though backtrace is following #0 0xb65c0e2d in multi_runsingle (multi=0x80c42f0, easy=0x81ff580) at multi.c:1266 dns = (struct Curl_dns_entry *) 0xb65c1364 connected = 191 async = 178 protocol_connect = false dophase_done = 220 done = true result = CURLM_OK k = (struct Curl_transfer_keeper *) 0x81b9328 #1 0xb65c1dff in curl_multi_perform (multi_handle=0x80c42f0, running_handles=0xbfb223c4) at multi.c:1479 result = <value optimized out> multi = (struct Curl_multi *) 0x0 easy = (struct Curl_one_easy *) 0x81ff580 returncode = CURLM_OK t = <value optimized out> #2 0xb7b67452 in WebCore::ResourceHandleManager::downloadTimerCallback () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #3 0xb7b676fb in WebCore::Timer<WebCore::ResourceHandleManager>::fired () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #4 0xb7a9474b in WebCore::TimerBase::fireTimers () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #5 0xb7a94ac8 in WebCore::TimerBase::sharedTimerFired () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #
Alp Toker
Comment 4 2008-01-15 19:55:27 PST
This must have been fixed along the way. Please re-open this bug if the problem persists.
Note You need to log in before you can comment on or make changes to this bug.