26390 2009-06-14 14:28:39 -0700 WebKitGtk+/JavaScriptCore segfault on a specific page when built with gcc 4.4 2009-08-11 04:39:42 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Normal --- 0 bunk webkit-unassigned gustavo oldest_to_newest 125820 0 bunk 2009-06-14 14:28:39 -0700 - Liferea 1.6 or Midori 0.1.7 - WebKitGtk+ 1.1.9 built with the gcc/g++ 4.4.0-6 from Debian unstable (works when built with gcc 4.3) - go to http://freakonomics.blogs.nytimes.com/2008/08/19/are-the-fbis-probabilities-about-dna-matches-crazy/ Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7ff936e747f0 (LWP 4418)] JSC::RegExp::match (this=0x7ff924d3dd80, s=@0x7fff7ed16ff0, startOffset=0, ovector=0x4) at ../JavaScriptCore/wtf/OwnArrayPtr.h:55 55 void safeDelete() { typedef char known[sizeof(T) ? 1 : -1]; if (sizeof(known)) delete [] m_ptr; } Current language: auto; currently c++ (gdb) bt #0 JSC::RegExp::match (this=0x7ff924d3dd80, s=@0x7fff7ed16ff0, startOffset=0, ovector=0x4) at ../JavaScriptCore/wtf/OwnArrayPtr.h:55 #1 0x00007ff932d0de0e in JSC::RegExpConstructor::performMatch ( this=0x7ff926be1b00, r=0x7ff924d3dd80, s=@0x7fff7ed16ff0, startOffset=22, position=@0x7ff926905660, length=@0x6, ovector=0x0) at ../JavaScriptCore/runtime/RegExpConstructor.cpp:125 #2 0x00007ff932d5b225 in JSC::RegExpObject::match (this=0x7ff924a090c0, exec=<value optimized out>, args=<value optimized out>) at ../JavaScriptCore/runtime/RegExpObject.cpp:147 #3 0x00007ff932d5b409 in JSC::RegExpObject::test (this=0x7ff924a9bc90, exec=0x17, args=@0x16) at ../JavaScriptCore/runtime/RegExpObject.cpp:112 #4 0x00007ff932d5b48c in regExpProtoFuncTest (exec=0x7ff924f65718, thisValue= {m_ptr = 0x7ff924a090c0}, args=@0x7ff926905660) at ../JavaScriptCore/runtime/RegExpPrototype.cpp:63 #5 0x00007ff936db42f4 in ?? () #6 0x00007ff924f656d0 in ?? () #7 0x0000000000000001 in ?? () #8 0x0000000000000000 in ?? () 125945 1 31291 bunk 2009-06-15 08:22:33 -0700 Created attachment 31291 trace with JIT disabled First of all, I forgot to mention that I'm on amd64. With JIT disabled, there's this different trace. 138935 2 bunk 2009-08-11 04:39:42 -0700 Just checked the status of this issue: Crashes still happen with 1.1.10. No crashes with 1.1.11 and 1.1.12. It seems whatever caused it was fixed in WebKitGTK+ 1.1.11. 31291 2009-06-15 08:22:33 -0700 2009-06-15 08:22:33 -0700 trace with JIT disabled midori-trace-26390-nojit text/plain 5205 bunk UHJvZ3JhbSByZWNlaXZlZCBzaWduYWwgU0lHU0VHViwgU2VnbWVudGF0aW9uIGZhdWx0LgpbU3dp dGNoaW5nIHRvIFRocmVhZCAweDdmOWU2N2U5MzdmMCAoTFdQIDMwNTAwKV0KMHgwMDAwN2Y5ZTYz Y2ZhMzc1IGluIEpTQzo6SW50ZXJwcmV0ZXI6OnByaXZhdGVFeGVjdXRlICh0aGlzPTB4N2Y5ZTU3 ZjllYjAwLCAKICAgIGZsYWc9SlNDOjpJbnRlcnByZXRlcjo6Tm9ybWFsLCByZWdpc3RlckZpbGU9 MHg3ZjllNTdmOWViMTAsIAogICAgY2FsbEZyYW1lPTB4N2Y5ZTU2MGE5MjIwLCBleGNlcHRpb249 MHg3ZmZmYmIyZTA3MDApCiAgICBhdCBKYXZhU2NyaXB0Q29yZS9pbnRlcnByZXRlci9JbnRlcnBy ZXRlci5jcHA6MzExOQozMTE5ICAgICAgICAgICAgICAgICAgICBhcmdTdG9yZVtpXSA9IGNhbGxG cmFtZS0+cmVnaXN0ZXJzKClbaSAtIFJlZ2lzdGVyRmlsZTo6Q2FsbEZyYW1lSGVhZGVyU2l6ZSAt IGV4cGVjdGVkUGFyYW1zIC0gYXJnQ291bnQgLSAxXTsKQ3VycmVudCBsYW5ndWFnZTogIGF1dG87 IGN1cnJlbnRseSBjKysKKGdkYikgYnQKIzAgIDB4MDAwMDdmOWU2M2NmYTM3NSBpbiBKU0M6Oklu dGVycHJldGVyOjpwcml2YXRlRXhlY3V0ZSAoCiAgICB0aGlzPTB4N2Y5ZTU3ZjllYjAwLCBmbGFn PUpTQzo6SW50ZXJwcmV0ZXI6Ok5vcm1hbCwgCiAgICByZWdpc3RlckZpbGU9MHg3ZjllNTdmOWVi MTAsIGNhbGxGcmFtZT0weDdmOWU1NjBhOTIyMCwgCiAgICBleGNlcHRpb249MHg3ZmZmYmIyZTA3 MDApCiAgICBhdCBKYXZhU2NyaXB0Q29yZS9pbnRlcnByZXRlci9JbnRlcnByZXRlci5jcHA6MzEx OQojMSAgMHgwMDAwN2Y5ZTYzY2U3YWY2IGluIEpTQzo6SW50ZXJwcmV0ZXI6OmV4ZWN1dGUgKHRo aXM9MHg3ZjllNTdmOWViMDAsIAogICAgcHJvZ3JhbU5vZGU9MHg3ZjllNTgwMDg5NjAsIGNhbGxG cmFtZT0weDdmOWU1N2Y3MDU4OCwgCiAgICBzY29wZUNoYWluPTB4N2Y5ZTU2NGYxYjE4LCB0aGlz T2JqPTB4N2Y5ZTU3YmQwMDAwLCAKICAgIGV4Y2VwdGlvbj0weDdmZmZiYjJlMDcwMCkgYXQgSmF2 YVNjcmlwdENvcmUvaW50ZXJwcmV0ZXIvSW50ZXJwcmV0ZXIuY3BwOjY0NgojMiAgMHgwMDAwN2Y5 ZTYzZGEwZmVmIGluIEpTQzo6ZXZhbHVhdGUgKGV4ZWM9MHg3ZjllNTdmNzA1ODgsIAogICAgc2Nv cGVDaGFpbj1AMHg3ZjllNTdmNzA1NDAsIHNvdXJjZT1AMHg3ZmZmYmIyZTBiZTAsIAogICAgdGhp c1ZhbHVlPTx2YWx1ZSBvcHRpbWl6ZWQgb3V0PikKICAgIGF0IEphdmFTY3JpcHRDb3JlL3J1bnRp bWUvQ29tcGxldGlvbi5jcHA6NjcKIzMgIDB4MDAwMDdmOWU2M2UxMzkyNiBpbiBXZWJDb3JlOjpT Y3JpcHRDb250cm9sbGVyOjpldmFsdWF0ZSAoCiAgICB0aGlzPTB4N2Y5ZTU3Zjk0YmIwLCBzb3Vy Y2VDb2RlPTx2YWx1ZSBvcHRpbWl6ZWQgb3V0PikKICAgIGF0IFdlYkNvcmUvYmluZGluZ3MvanMv U2NyaXB0Q29udHJvbGxlci5jcHA6MTAyCiM0ICAweDAwMDA3ZjllNjQwMTRlMGQgaW4gV2ViQ29y ZTo6RnJhbWVMb2FkZXI6OmV4ZWN1dGVTY3JpcHQgKAogICAgdGhpcz0weDdmOWU1N2Y5NDg1MCwg c291cmNlQ29kZT1AMHg3ZmZmYmIyZTBiZTApCiAgICBhdCBXZWJDb3JlL2xvYWRlci9GcmFtZUxv YWRlci5jcHA6ODA4CiM1ICAweDAwMDA3ZjllNjNmY2Q5NGEgaW4gV2ViQ29yZTo6SFRNTFRva2Vu aXplcjo6c2NyaXB0RXhlY3V0aW9uICgKICAgIHRoaXM9MHg3ZjllNTdmNzM0MDAsIHNvdXJjZUNv ZGU9QDB4N2ZmZmJiMmUwYmUwLCAKICAgIHN0YXRlPTx2YWx1ZSBvcHRpbWl6ZWQgb3V0PikgYXQg V2ViQ29yZS9odG1sL0hUTUxUb2tlbml6ZXIuY3BwOjU2MAojNiAgMHgwMDAwN2Y5ZTYzZmNlMDli IGluIFdlYkNvcmU6OkhUTUxUb2tlbml6ZXI6Om5vdGlmeUZpbmlzaGVkICgKICAgIHRoaXM9MHg3 ZjllNTdmNzM0MDApIGF0IFdlYkNvcmUvaHRtbC9IVE1MVG9rZW5pemVyLmNwcDoxOTk4CiM3ICAw eDAwMDA3ZjllNjNmZmM3NWMgaW4gV2ViQ29yZTo6Q2FjaGVkU2NyaXB0OjpjaGVja05vdGlmeSAo CiAgICB0aGlzPTB4N2Y5ZTU2NTdlZTAwKSBhdCBXZWJDb3JlL2xvYWRlci9DYWNoZWRTY3JpcHQu Y3BwOjEwNgojOCAgMHgwMDAwN2Y5ZTY0MDQ5YTNjIGluIFdlYkNvcmU6OkxvYWRlcjo6SG9zdDo6 ZGlkRmluaXNoTG9hZGluZyAoCiAgICB0aGlzPTB4N2Y5ZTU3ZjQ3NzgwLCBsb2FkZXI9PHZhbHVl IG9wdGltaXplZCBvdXQ+KQogICAgYXQgV2ViQ29yZS9sb2FkZXIvbG9hZGVyLmNwcDozMjUKIzkg IDB4MDAwMDdmOWU2NDAzOWExMyBpbiBXZWJDb3JlOjpTdWJyZXNvdXJjZUxvYWRlcjo6ZGlkRmlu aXNoTG9hZGluZyAoCiAgICB0aGlzPTB4N2Y5ZTU2MDE0ZGMwKSBhdCBXZWJDb3JlL2xvYWRlci9T dWJyZXNvdXJjZUxvYWRlci5jcHA6MTgzCiMxMCAweDAwMDA3ZjllNjQzMzY5NzYgaW4gZmluaXNo ZWRDYWxsYmFjayAoc2Vzc2lvbj08dmFsdWUgb3B0aW1pemVkIG91dD4sIAogICAgbXNnPTB4MTYy YzBlMCwgZGF0YT08dmFsdWUgb3B0aW1pemVkIG91dD4pCiAgICBhdCBXZWJDb3JlL3BsYXRmb3Jt L25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwOjM1MQojMTEgMHgwMDAwN2Y5ZTY1 MGI0MGI1IGluIGZpbmFsX2ZpbmlzaGVkIChyZXE9MHgxNjJjMGUwLCAKICAgIHVzZXJfZGF0YT08 dmFsdWUgb3B0aW1pemVkIG91dD4pIGF0IHNvdXAtc2Vzc2lvbi1hc3luYy5jOjMzNQojMTIgMHgw MDAwN2Y5ZTY1N2ExMTFkIGluIElBX19nX2Nsb3N1cmVfaW52b2tlIChjbG9zdXJlPTB4MTY4YTJi MCwgCiAgICByZXR1cm5fdmFsdWU9MHgwLCBuX3BhcmFtX3ZhbHVlcz0xLCBwYXJhbV92YWx1ZXM9 MHgxNzQ2MzIwLCAKICAgIGludm9jYXRpb25faGludD0weDdmZmZiYjJlMGYyMCkKICAgIGF0IC90 bXAvYnVpbGRkL2dsaWIyLjAtMi4yMC4zL2dvYmplY3QvZ2Nsb3N1cmUuYzo3NjcKIzEzIDB4MDAw MDdmOWU2NTdiNTFhYyBpbiBzaWduYWxfZW1pdF91bmxvY2tlZF9SIChub2RlPTB4MTY5Y2UwMCwg ZGV0YWlsPTAsIAogICAgaW5zdGFuY2U9MHgxNjJjMGUwLCBlbWlzc2lvbl9yZXR1cm49MHgwLCBp bnN0YW5jZV9hbmRfcGFyYW1zPTB4MTc0NjMyMCkKICAgIGF0IC90bXAvYnVpbGRkL2dsaWIyLjAt Mi4yMC4zL2dvYmplY3QvZ3NpZ25hbC5jOjMzMTcKIzE0IDB4MDAwMDdmOWU2NTdiNjAyMiBpbiBJ QV9fZ19zaWduYWxfZW1pdF92YWxpc3QgKGluc3RhbmNlPTB4MTYyYzBlMCwgCiAgICBzaWduYWxf aWQ9PHZhbHVlIG9wdGltaXplZCBvdXQ+LCBkZXRhaWw9MCwgdmFyX2FyZ3M9MHg3ZmZmYmIyZTEx MDApCiAgICBhdCAvdG1wL2J1aWxkZC9nbGliMi4wLTIuMjAuMy9nb2JqZWN0L2dzaWduYWwuYzoy OTgwCiMxNSAweDAwMDA3ZjllNjU3YjY0ZjMgaW4gSUFfX2dfc2lnbmFsX2VtaXQgKGluc3RhbmNl PTB4N2Y5ZTU2MGE5MjIwLCAKICAgIHNpZ25hbF9pZD00Mjk0OTY3Mjk1LCBkZXRhaWw9NDI5NDk2 NzIxNikKICAgIGF0IC90bXAvYnVpbGRkL2dsaWIyLjAtMi4yMC4zL2dvYmplY3QvZ3NpZ25hbC5j OjMwMzcKIzE2IDB4MDAwMDdmOWU2NTBhYjY3NSBpbiBzb3VwX21lc3NhZ2VfaW9fZmluaXNoZWQg KG1zZz0weDE2MmMwZTApCiAgICBhdCBzb3VwLW1lc3NhZ2UtaW8uYzoxNzAKIzE3IDB4MDAwMDdm OWU2NTdhMTExZCBpbiBJQV9fZ19jbG9zdXJlX2ludm9rZSAoY2xvc3VyZT0weDE2OWQ1YTAsIAog ICAgcmV0dXJuX3ZhbHVlPTB4MCwgbl9wYXJhbV92YWx1ZXM9MSwgcGFyYW1fdmFsdWVzPTB4MTcy YjMyMCwgCiAgICBpbnZvY2F0aW9uX2hpbnQ9MHg3ZmZmYmIyZTEzMzApCiAgICBhdCAvdG1wL2J1 aWxkZC9nbGliMi4wLTIuMjAuMy9nb2JqZWN0L2djbG9zdXJlLmM6NzY3CiMxOCAweDAwMDA3Zjll NjU3YjRjMmIgaW4gc2lnbmFsX2VtaXRfdW5sb2NrZWRfUiAobm9kZT0weDE3MjczODAsIGRldGFp bD0wLCAKICAgIGluc3RhbmNlPTB4MTcyY2IyMCwgZW1pc3Npb25fcmV0dXJuPTB4MCwgaW5zdGFu Y2VfYW5kX3BhcmFtcz0weDE3MmIzMjApCiAgICBhdCAvdG1wL2J1aWxkZC9nbGliMi4wLTIuMjAu My9nb2JqZWN0L2dzaWduYWwuYzozMjQ3CiMxOSAweDAwMDA3ZjllNjU3YjYwMjIgaW4gSUFfX2df c2lnbmFsX2VtaXRfdmFsaXN0IChpbnN0YW5jZT0weDE3MmNiMjAsIAogICAgc2lnbmFsX2lkPTx2 YWx1ZSBvcHRpbWl6ZWQgb3V0PiwgZGV0YWlsPTAsIHZhcl9hcmdzPTB4N2ZmZmJiMmUxNTEwKQog ICAgYXQgL3RtcC9idWlsZGQvZ2xpYjIuMC0yLjIwLjMvZ29iamVjdC9nc2lnbmFsLmM6Mjk4MAoj MjAgMHgwMDAwN2Y5ZTY1N2I2NGYzIGluIElBX19nX3NpZ25hbF9lbWl0IChpbnN0YW5jZT0weDdm OWU1NjBhOTIyMCwgCiAgICBzaWduYWxfaWQ9NDI5NDk2NzI5NSwgZGV0YWlsPTQyOTQ5NjcyMTYp CiAgICBhdCAvdG1wL2J1aWxkZC9nbGliMi4wLTIuMjAuMy9nb2JqZWN0L2dzaWduYWwuYzozMDM3 CiMyMSAweDAwMDA3ZjllNjUwYjVmMjIgaW4gc29ja2V0X3JlYWRfd2F0Y2ggKGNoYW49PHZhbHVl IG9wdGltaXplZCBvdXQ+LCAKICAgIGNvbmQ9MCwgdXNlcl9kYXRhPTx2YWx1ZSBvcHRpbWl6ZWQg b3V0PikgYXQgc291cC1zb2NrZXQuYzoxMTUyCiMyMiAweDAwMDA3ZjllNjUzMDZmN2EgaW4gSUFf X2dfbWFpbl9jb250ZXh0X2Rpc3BhdGNoIChjb250ZXh0PTB4MTQyN2UyMCkKICAgIGF0IC90bXAv YnVpbGRkL2dsaWIyLjAtMi4yMC4zL2dsaWIvZ21haW4uYzoxODE0CiMyMyAweDAwMDA3ZjllNjUz MGE1ZjggaW4gZ19tYWluX2NvbnRleHRfaXRlcmF0ZSAoY29udGV4dD0weDE0MjdlMjAsIGJsb2Nr PTEsIAogICAgZGlzcGF0Y2g9MSwgc2VsZj08dmFsdWUgb3B0aW1pemVkIG91dD4pCiAgICBhdCAv dG1wL2J1aWxkZC9nbGliMi4wLTIuMjAuMy9nbGliL2dtYWluLmM6MjQ0NQojMjQgMHgwMDAwN2Y5 ZTY1MzBhYWVkIGluIElBX19nX21haW5fbG9vcF9ydW4gKGxvb3A9MHgxNGQzZmEwKQogICAgYXQg L3RtcC9idWlsZGQvZ2xpYjIuMC0yLjIwLjMvZ2xpYi9nbWFpbi5jOjI2NTMKIzI1IDB4MDAwMDdm OWU2NzIyNjcyNyBpbiBJQV9fZ3RrX21haW4gKCkKICAgIGF0IC9zY3JhdGNoL2J1aWxkLWFyZWEv Z3RrKzIuMC0yLjE2LjEvZ3RrL2d0a21haW4uYzoxMjA1CiMyNiAweDAwMDAwMDAwMDA0MWU1YWUg aW4gbWFpbiAoKQooZ2RiKSBwcmludCBpCiQxID0gMAooZ2RiKSBwcmludCBpbnBsYWNlQXJncwok MiA9IDAKKGdkYikgcHJpbnQgYXJnQ291bnQKJDMgPSAxCihnZGIpIHByaW50IGV4cGVjdGVkUGFy YW1zCiQ0ID0gMAooZ2RiKSAK