21240 2008-09-30 05:33:02 -0700 segmentation fault while closing a page with flash object 2008-10-11 13:42:01 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED DUPLICATE 21390 P2 Normal --- 0 riccardo.magliocchetti webkit-unassigned otte oldest_to_newest 93356 0 riccardo.magliocchetti 2008-09-30 05:33:02 -0700 webkit version r37056 (+ patch from bug 20779) How to reproduce: - get and install swfdec 0.8 and swfdec-mozilla - point GtkLauncher to http://www.youtube.com - play the youtube thumbnailer "Videos being watched right now..." - close gtklauncher (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed Loading stream: http://i2.ytimg.com/vi/AJz4GmxXcrs/default.jpg Loading stream: http://i2.ytimg.com/vi/AJz4GmxXcrs/default.jpg Loading stream: http://i3.ytimg.com/vi/vmxz-khEvuU/default.jpg Loading stream: http://i3.ytimg.com/vi/vmxz-khEvuU/default.jpg Loading stream: http://i3.ytimg.com/vi/NKcHftQoQp4/default.jpg Loading stream: http://i3.ytimg.com/vi/NKcHftQoQp4/default.jpg Loading stream: http://i3.ytimg.com/vi/FBivlhYeFcg/default.jpg Loading stream: http://i3.ytimg.com/vi/FBivlhYeFcg/default.jpg Loading stream: http://i2.ytimg.com/vi/u_dVzR-L6Uc/default.jpg Loading stream: http://i2.ytimg.com/vi/u_dVzR-L6Uc/default.jpg SWFDEC: WARN : swfdec_as_interpret.c(875): swfdec_action_call_method: no function named "gotoAndPlay" on object unknown (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): GLib-GObject-WARNING **: invalid unclassed pointer in cast to `GtkWidget' Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5766720 (LWP 27763)] 0xb7390197 in gtk_range_size_allocate (widget=0x8b454c8, allocation=0xbfefe8bc) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c:1228 1228 /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c: No such file or directory. in /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c (gdb) bt full #0 0xb7390197 in gtk_range_size_allocate (widget=0x8b454c8, allocation=0xbfefe8bc) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c:1228 No locals. #1 0xb70410da in IA__g_cclosure_marshal_VOID__BOXED (closure=0x8b0afd8, return_value=0x0, n_param_values=2, param_values=0x9027f90, invocation_hint=0xbfefe6fc, marshal_data=0xb7390160) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:566 data1 = (gpointer) 0x8b454c8 data2 = (gpointer) 0x8b073e0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__BOXED" #2 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b0afd8, return_value=0x0, n_param_values=2, param_values=0x9027f90, invocation_hint=0xbfefe6fc, marshal_data=0x80) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #3 0xb7032b63 in IA__g_closure_invoke (closure=0x8b0afd8, return_value=0x0, n_param_values=2, param_values=0x9027f90, invocation_hint=0xbfefe6fc) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x80 __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #4 0xb7049bde in signal_emit_unlocked_R (node=0x8b0b148, detail=0, instance=0x8b454c8, emission_return=0x0, instance_and_params=0x9027f90) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3174 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x0, instance = 0x8b454c8, ihint = {signal_id = 15, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 145968872} class_closure = (GClosure *) 0x8b0afd8 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 15 max_sequential_handler_number = 299 return_value_altered = 0 #5 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b454c8, signal_id=15, detail=0, var_args=0xbfefe8a0 "����\001") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x9027fa4 node = (SignalNode *) 0x8b0b148 i = 1 n_params = 1 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #6 0xb704bf56 in IA__g_signal_emit (instance=0x8b454c8, signal_id=15, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #7 0xb747c994 in IA__gtk_widget_size_allocate (widget=0x8b454c8, allocation=0xbfefe918) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:3818 aux_info = <value optimized out> real_allocation = {x = 198, y = 0, width = 15, height = 1} old_allocation = {x = 423, y = 103, width = 1, height = 1} size_changed = 1 position_changed = 1 __PRETTY_FUNCTION__ = "IA__gtk_widget_size_allocate" #8 0xb7b686a8 in WebCore::ScrollbarGtk::frameRectsChanged () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #9 0xb7b686f1 in WebCore::ScrollbarGtk::setFrameRect () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #10 0xb7b679a2 in WebCore::ScrollView::updateScrollbars () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #11 0xb791a6ce in WebCore::ScrollView::setScrollbarModes () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #12 0xb78dce2b in WebCore::FrameView::resetScrollbars () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #13 0xb78df523 in WebCore::FrameView::~FrameView () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #14 0xb79c7235 in WebCore::RenderPart::~RenderPart () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #15 0xb79c75bd in WebCore::RenderPartObject::~RenderPartObject () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #16 0xb79c1ecf in WebCore::RenderObject::arenaDelete () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #17 0xb79ed80b in WebCore::RenderWidget::deref () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #18 0xb79ee4f1 in WebCore::RenderWidget::destroy () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #19 0xb775e729 in WebCore::Node::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #20 0xb772a81e in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 ---Type <return> to continue, or q <return> to quit--- No locals. #21 0xb774f3e3 in WebCore::Element::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #22 0xb772a80b in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #23 0xb774f3e3 in WebCore::Element::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #24 0xb772a80b in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #25 0xb774f3e3 in WebCore::Element::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #26 0xb772a80b in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #27 0xb7732bd7 in WebCore::Document::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #28 0xb78d3d4e in WebCore::Frame::setView () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #29 0xb78fa01a in WebCore::Page::~Page () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #30 0xb766fde3 in webkit_web_view_finalize () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #31 0xb7034e23 in IA__g_object_unref (_object=0x8b48010) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:2411 object = (GObject *) 0x8b48010 __PRETTY_FUNCTION__ = "IA__g_object_unref" #32 0xb736f6ee in IA__gtk_object_destroy (object=0x8b48010) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" #33 0xb7262fff in gtk_bin_forall (container=0x8b03928, include_internals=0, callback=0xbfefe8bc, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkbin.c:133 __PRETTY_FUNCTION__ = "gtk_bin_forall" #34 0xb73ae145 in gtk_scrolled_window_forall (container=0x8b03928, include_internals=0, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkscrolledwindow.c:1021 __PRETTY_FUNCTION__ = "gtk_scrolled_window_forall" #35 0xb72aa7f6 in IA__gtk_container_foreach (container=0x8b03928, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1480 __PRETTY_FUNCTION__ = "IA__gtk_container_foreach" #36 0xb72ab0c0 in gtk_container_destroy (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1020 No locals. #37 0xb73affa0 in gtk_scrolled_window_destroy (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkscrolledwindow.c:799 __PRETTY_FUNCTION__ = "gtk_scrolled_window_destroy" #38 0xb7040a34 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b3b0, invocation_hint=0xbfeff07c, marshal_data=0xb73aff00) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:77 data1 = (gpointer) 0x8b03928 data2 = (gpointer) 0x0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__VOID" #39 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b3b0, invocation_hint=0xbfeff07c, marshal_data=0x4c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #40 0xb7032a90 in IA__g_closure_invoke (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b3b0, invocation_hint=0xbfeff07c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x4c __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #41 0xb704a7a8 in signal_emit_unlocked_R (node=0x8b07970, detail=0, instance=0x8b03928, emission_return=0x0, instance_and_params=0x929b3b0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3360 need_unset = 0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0xbfeff4a4, instance = 0x8b03928, ihint = {signal_id = 7, detail = 0, run_type = G_SIGNAL_RUN_CLEANUP}, state = EMISSION_STOP, chain_type = 146008160} class_closure = (GClosure *) 0x8b07928 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 7 max_sequential_handler_number = 291 return_value_altered = 0 #42 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b03928, signal_id=7, detail=0, var_args=0xbfeff21c "�\034X��\034X�(9�\bH���1�G�(9�\b(9�\bh���\200V\006�\200V\006�(9�\bh���oR\003�(9�\bP") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x929b3c4 ---Type <return> to continue, or q <return> to quit--- node = (SignalNode *) 0x8b07970 i = 145669096 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #43 0xb704bf56 in IA__g_signal_emit (instance=0x8b03928, signal_id=7, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #44 0xb736fa01 in gtk_object_dispose (gobject=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:418 No locals. #45 0xb747f131 in gtk_widget_dispose (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:7854 No locals. #46 0xb703526f in IA__g_object_run_dispose (object=0x8b03928) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:785 __PRETTY_FUNCTION__ = "IA__g_object_run_dispose" #47 0xb736f6ee in IA__gtk_object_destroy (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" #48 0xb7267240 in gtk_box_forall (container=0x8b02960, include_internals=0, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkbox.c:799 child = <value optimized out> children = (GList *) 0x8b50020 __PRETTY_FUNCTION__ = "gtk_box_forall" #49 0xb72aa7f6 in IA__gtk_container_foreach (container=0x8b02960, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1480 __PRETTY_FUNCTION__ = "IA__gtk_container_foreach" #50 0xb72ab0c0 in gtk_container_destroy (object=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1020 No locals. #51 0xb7040a34 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b4c0, invocation_hint=0xbfeff4ac, marshal_data=0xb72ab080) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:77 data1 = (gpointer) 0x8b02960 data2 = (gpointer) 0x0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__VOID" #52 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b4c0, invocation_hint=0xbfeff4ac, marshal_data=0x4c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #53 0xb7032a90 in IA__g_closure_invoke (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b4c0, invocation_hint=0xbfeff4ac) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x4c __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #54 0xb704a7a8 in signal_emit_unlocked_R (node=0x8b07970, detail=0, instance=0x8b02960, emission_return=0x0, instance_and_params=0x929b4c0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3360 need_unset = 0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0xbfeff8f4, instance = 0x8b02960, ihint = {signal_id = 7, detail = 0, run_type = G_SIGNAL_RUN_CLEANUP}, state = EMISSION_STOP, chain_type = 145782576} class_closure = (GClosure *) 0x8b07928 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 7 max_sequential_handler_number = 291 return_value_altered = 0 #55 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b02960, signal_id=7, detail=0, var_args=0xbfeff64c "�\034X��\034X�`)�\bx���1�G�`)�\b`)�\b\210���\200V\006�\200V\006�`)�\b\230���oR\003�`)�\bP") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x929b4d4 node = (SignalNode *) 0x8b07970 i = 145669096 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #56 0xb704bf56 in IA__g_signal_emit (instance=0x8b02960, signal_id=7, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #57 0xb736fa01 in gtk_object_dispose (gobject=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:418 No locals. #58 0xb747f131 in gtk_widget_dispose (object=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:7854 No locals. #59 0xb703526f in IA__g_object_run_dispose (object=0x8b02960) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:785 __PRETTY_FUNCTION__ = "IA__g_object_run_dispose" #60 0xb736f6ee in IA__gtk_object_destroy (object=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" ---Type <return> to continue, or q <return> to quit--- #61 0xb7262fff in gtk_bin_forall (container=0x8b29250, include_internals=0, callback=0xbfefe8bc, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkbin.c:133 __PRETTY_FUNCTION__ = "gtk_bin_forall" #62 0xb72aa7f6 in IA__gtk_container_foreach (container=0x8b29250, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1480 __PRETTY_FUNCTION__ = "IA__gtk_container_foreach" #63 0xb72ab0c0 in gtk_container_destroy (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1020 No locals. #64 0xb748fe73 in gtk_window_destroy (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwindow.c:4190 No locals. #65 0xb7040a34 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x9298390, invocation_hint=0xbfeff8fc, marshal_data=0xb748fdf0) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:77 data1 = (gpointer) 0x8b29250 data2 = (gpointer) 0x0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__VOID" #66 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x9298390, invocation_hint=0xbfeff8fc, marshal_data=0x4c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #67 0xb7032b63 in IA__g_closure_invoke (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x9298390, invocation_hint=0xbfeff8fc) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x4c __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #68 0xb704a7a8 in signal_emit_unlocked_R (node=0x8b07970, detail=0, instance=0x8b29250, emission_return=0x0, instance_and_params=0x9298390) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3360 need_unset = 0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x0, instance = 0x8b29250, ihint = {signal_id = 7, detail = 0, run_type = G_SIGNAL_RUN_CLEANUP}, state = EMISSION_STOP, chain_type = 145850432} class_closure = (GClosure *) 0x8b07928 handler_list = (Handler *) 0x8b29c40 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 7 max_sequential_handler_number = 291 return_value_altered = 1 #69 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b29250, signal_id=7, detail=0, var_args=0xbfeffa9c "��G��\034X�P\222�\b����1�G�P\222�\b") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x92983a4 node = (SignalNode *) 0x8b07970 i = 1 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #70 0xb704bf56 in IA__g_signal_emit (instance=0x8b29250, signal_id=7, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #71 0xb736fa01 in gtk_object_dispose (gobject=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:418 No locals. #72 0xb747f131 in gtk_widget_dispose (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:7854 No locals. #73 0xb748c926 in gtk_window_dispose (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwindow.c:1969 No locals. #74 0xb703526f in IA__g_object_run_dispose (object=0x8b29250) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:785 __PRETTY_FUNCTION__ = "IA__g_object_run_dispose" #75 0xb736f6ee in IA__gtk_object_destroy (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" #76 0xb7347a24 in IA__gtk_main_do_event (event=0x91795f8) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkmain.c:1492 event_widget = (GtkWidget *) 0x8b29250 grab_widget = (GtkWidget *) 0x8b29250 window_group = (GtkWindowGroup *) 0x8b7c720 rewritten_event = (GdkEvent *) 0x0 tmp_list = <value optimized out> __PRETTY_FUNCTION__ = "IA__gtk_main_do_event" #77 0xb71b87ea in gdk_event_dispatch (source=0x8b061c0, callback=0, user_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gdk/x11/gdkevents-x11.c:2351 display = <value optimized out> event = <value optimized out> #78 0xb6fa64b1 in IA__g_main_context_dispatch (context=0x8b06208) at /tmp/buildd/glib2.0-2.17.7/glib/gmain.c:2073 No locals. #79 0xb6fa9b43 in g_main_context_iterate (context=0x8b06208, block=1, dispatch=1, self=0x8b1c880) at /tmp/buildd/glib2.0-2.17.7/glib/gmain.c:2706 ---Type <return> to continue, or q <return> to quit--- max_priority = 2147483647 timeout = 15 some_ready = 1 nfds = 3 allocated_nfds = <value optimized out> fds = (GPollFD *) 0x8b739f0 __PRETTY_FUNCTION__ = "g_main_context_iterate" #80 0xb6faa062 in IA__g_main_loop_run (loop=0x8deeeb8) at /tmp/buildd/glib2.0-2.17.7/glib/gmain.c:2929 self = (GThread *) 0x8b1c880 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #81 0xb7347c99 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.11/gtk/gtkmain.c:1163 tmp_list = (GList *) 0x8b073e0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x8b03928 loop = (GMainLoop *) 0x8deeeb8 #82 0x08049b18 in main () 94059 1 cookiecaper 2008-10-04 00:19:44 -0700 This actually doesn't segfault for me with svn r32784. Instead, I get what appears from a very quick Google search may be a compiler bug. Upon close of a page with a swf element, I get: pure virtual method called terminate called without an active exception Aborted The options I added to the compilation were -march=x86_64 -mtune=core2 -funit-at-a-time -pipe -O2 . I suspect it may be caused by -O2 or -funit-at-a-time, though the latter only affects asm blocks afaict from the man page. Anyway, will try to recompile and see if I can reproduce the segfault. I don't experience it in Epiphany (with svn r37092) either and my patch from https://bugs.webkit.org/show_bug.cgi?id=20779 . 94065 2 cookiecaper 2008-10-04 01:04:33 -0700 Neglected to mention that I'm using GCC 4.3.2, glibc 2.8, and ArchLinux 2.6.26. 94154 3 riccardo.magliocchetti 2008-10-05 09:46:00 -0700 (In reply to comment #1) > This actually doesn't segfault for me with svn r32784. do you mean r37284 right? i'm building a newer snapshot right now. My platform is gcc 4.3.2 and glibc is 2.7 from debian sid. 94159 4 riccardo.magliocchetti 2008-10-05 11:12:57 -0700 It still crash, different warning though: (GtkLauncher:16370): GLib-GObject-WARNING **: invalid uninstantiatable type `(null)' in cast to `GtkWidget' Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5793720 (LWP 16370)] 0xb7b9268c in WebCore::ScrollView::platformRemoveChild () from /usr/local/lib/libwebkit-1.0.so.1 Current language: auto; currently asm (gdb) bt full #0 0xb7b9268c in WebCore::ScrollView::platformRemoveChild () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #1 0xb7949f95 in WebCore::ScrollView::removeChild () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #2 0xb794a333 in WebCore::ScrollView::setHasVerticalScrollbar () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #3 0xb7920f4f in WebCore::FrameView::~FrameView () from /usr/local/lib/libwebkit-1.0.so.1 94989 5 jmalonzo 2008-10-11 13:42:01 -0700 *** This bug has been marked as a duplicate of 21390 ***