15408 2007-10-07 01:53:48 -0700 Gtk Port crashes on dailymotion objects 2008-01-15 19:55:27 -0800 1 1 1 Unclassified WebKit WebKitGTK 523.x (Safari 3) PC Linux RESOLVED WORKSFORME P2 Normal --- 0 mh+webkit webkit-unassigned alp oldest_to_newest 58002 0 mh+webkit 2007-10-07 01:53:48 -0700 I'll attach a minimal testcase. The crash occurs in libcurl, but I don't know if this happens because of webkit misuse or because of a real buf in libcurl. Backtrace: #0 0xb6dd85c8 in multi_runsingle (multi=0x80c0a00, easy=0x80af470) at multi.c:1266 gotourl = 0x80c0a00 "\036�\v" disconnect_conn = false connected = 182 async = 221 protocol_connect = false dophase_done = 29 done = true result = CURLM_OK #1 0xb6dd951f in curl_multi_perform (multi_handle=0x80c0a00, running_handles=0xbff18c14) at multi.c:1479 result = <value optimized out> multi = (struct Curl_multi *) 0x0 easy = (struct Curl_one_easy *) 0x80af470 returncode = CURLM_OK t = <value optimized out> #2 0xb7bff908 in WebCore::ResourceHandleManager::downloadTimerCallback (this=0x80c08c8, timer=0x80c08c8) at ../../WebCore/platform/network/curl/ResourceHandleManager.cpp:186 fdread = {fds_bits = {128, 0 <repeats 31 times>}} fdwrite = {fds_bits = {0 <repeats 32 times>}} fdexcep = {fds_bits = {0 <repeats 32 times>}} maxfd = 7 timeout = {tv_sec = 0, tv_usec = 5000} rc = <value optimized out> runningHandles = 0 curlCode = <value optimized out> started = <value optimized out> #3 0xb7bffbcb in WebCore::Timer<WebCore::ResourceHandleManager>::fired (this=0x80c08c8) at ../../WebCore/platform/Timer.h:98 No locals. #4 0xb7b30e6b in WebCore::TimerBase::fireTimers (fireTime=1191747092.172786, firingTimers=@0xbff18ccc) at ../../WebCore/platform/Timer.cpp:336 timer = (class WebCore::TimerBase *) 0x80c08c8 interval = 1 i = 0 size = 1 #5 0xb7b311e8 in WebCore::TimerBase::sharedTimerFired () at ../../WebCore/platform/Timer.cpp:357 fireTime = 1191747092.172786 firingTimers = {m_size = 1, m_impl = {m_buffer = 0x8116e40, m_capacity = 16}} firingTimersSet = {m_impl = {static m_minTableSize = <optimized out>, static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x8116e88, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 1}} #6 0xb7bfc66e in timeout_cb () at ../../WebCore/platform/gtk/SharedTimerLinux.cpp:48 No locals. #7 0xb76f88f6 in g_timeout_dispatch (source=0x8116c28, callback=0, user_data=0x0) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:3488 No locals. #8 0xb76f8186 in IA__g_main_context_dispatch (context=0x806a018) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:2061 No locals. #9 0xb76fb512 in g_main_context_iterate (context=0x806a018, block=1, dispatch=1, self=0x8058ab0) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:2694 got_ownership = <value optimized out> max_priority = 2147483647 timeout = 1 some_ready = 1 nfds = <value optimized out> allocated_nfds = <value optimized out> fds = (GPollFD *) 0x80f98d8 __PRETTY_FUNCTION__ = "g_main_context_iterate" #10 0xb76fb8f7 in IA__g_main_loop_run (loop=0x80f0d08) at /tmp/buildd/glib2.0-2.14.1/glib/gmain.c:2898 got_ownership = 0 self = (GThread *) 0x8058ab0 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #11 0xb749a644 in IA__gtk_main () at /tmp/buildd/gtk+2.0-2.12.0/gtk/gtkmain.c:1144 tmp_list = (GList *) 0x8066200 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x8066ea8 loop = (GMainLoop *) 0x80f0d08 #12 0x08049894 in main (argc=134805888, argv=0x1) at ../../../WebKitTools/GtkLauncher/main.cpp:181 url = (gchar *) 0x806a3b0 "file:///home/mh/webkit-crash.html" menuMain = <value optimized out> menuMainBack = <value optimized out> menuMainForward = <value optimized out> menuMainQuit = <value optimized out> menuMainRoot = <value optimized out> menuBar = <value optimized out> vbox = (GtkWidget *) 0x80661b0 hbox = (GtkWidget *) 0x8066200 urlBarSubmitButton = <value optimized out> scrolledWindow = (GtkWidget *) 0x8066ea8 #13 0xb7129050 in __libc_start_main () from /lib/libc.so.6 No symbol table info available. #14 0x08049131 in _start () No symbol table info available. 58003 1 16573 mh+webkit 2007-10-07 01:54:12 -0700 Created attachment 16573 testcase 60346 2 lars.lindner 2007-11-05 15:29:40 -0800 I can also reliably produce this crash with different other rendering scenarios. 63316 3 zaheer.mot 2007-12-04 21:58:01 -0800 i see the same crash opening http://irctc.com in r26699, i havent checked in latest build though backtrace is following #0 0xb65c0e2d in multi_runsingle (multi=0x80c42f0, easy=0x81ff580) at multi.c:1266 dns = (struct Curl_dns_entry *) 0xb65c1364 connected = 191 async = 178 protocol_connect = false dophase_done = 220 done = true result = CURLM_OK k = (struct Curl_transfer_keeper *) 0x81b9328 #1 0xb65c1dff in curl_multi_perform (multi_handle=0x80c42f0, running_handles=0xbfb223c4) at multi.c:1479 result = <value optimized out> multi = (struct Curl_multi *) 0x0 easy = (struct Curl_one_easy *) 0x81ff580 returncode = CURLM_OK t = <value optimized out> #2 0xb7b67452 in WebCore::ResourceHandleManager::downloadTimerCallback () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #3 0xb7b676fb in WebCore::Timer<WebCore::ResourceHandleManager>::fired () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #4 0xb7a9474b in WebCore::TimerBase::fireTimers () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. #5 0xb7a94ac8 in WebCore::TimerBase::sharedTimerFired () from /home/zaheer/tmp/WebKit-r26653/WebKitBuild/Release/lib/libWebKitGtk.so.1 No symbol table info available. # 67338 4 alp 2008-01-15 19:55:27 -0800 This must have been fixed along the way. Please re-open this bug if the problem persists. 16573 2007-10-07 01:54:12 -0700 2007-10-07 01:54:12 -0700 testcase webkit-crash.html text/html 180 mh+webkit PG9iamVjdCB3aWR0aD0iNDI1IiBoZWlnaHQ9IjI4MyI+PHBhcmFtIG5hbWU9Im1vdmllIiB2YWx1 ZT0iaHR0cDovL3d3dy5kYWlseW1vdGlvbi5jb20vc3dmLzZUZk1seVRIazdsNE1sSUZoIj48L3Bh cmFtPjxwYXJhbSBuYW1lPSJhbGxvd2Z1bGxzY3JlZW4iIHZhbHVlPSJ0cnVlIj48L3BhcmFtPjwv b2JqZWN0Pg0K