Bug 126687

Summary: Crash opening Pocket in gnome-control-center
Product: WebKit Reporter: Bastien Nocera <bugzilla>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: bugs-noreply, cgarcia, zan
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
test.c
none
test.c
none
test.c none

Bastien Nocera
Reported 2014-01-09 02:46:57 PST
When running "gnome-conbtrol-center online-accounts" with Pocket support under valgrind: ==16384== Invalid write of size 4 ==16384== at 0x7CFF81C: WTFCrash (Assertions.cpp:342) ==16384== by 0x7AEA2C4: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (VMStackBounds.h:60) ==16384== by 0x7C055D7: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:83) ==16384== by 0x5B4393D: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (JSMainThreadExecState.h:74) ==16384== by 0x5B43CC2: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:158) ==16384== by 0x5D3E9D4: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:317) ==16384== by 0x5F2E723: WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) (HTMLScriptRunner.cpp:150) ==16384== by 0x5F2ED8A: WebCore::HTMLScriptRunner::executeParsingBlockingScript() (HTMLScriptRunner.cpp:122) ==16384== by 0x5F2F0D6: WebCore::HTMLScriptRunner::executeParsingBlockingScripts() (HTMLScriptRunner.cpp:201) ==16384== by 0x5F1A20E: WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() (HTMLDocumentParser.cpp:960) ==16384== by 0x5CCE32D: WebCore::Document::didRemoveAllPendingStylesheet() (Document.cpp:2798) ==16384== by 0x5EBE038: WebCore::HTMLLinkElement::sheetLoaded() (HTMLLinkElement.cpp:357) ==16384== Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd ==16384== ==16384== ==16384== Process terminating with default action of signal 11 (SIGSEGV) ==16384== Access not within mapped region at address 0xBBADBEEF ==16384== at 0x7CFF81C: WTFCrash (Assertions.cpp:342) ==16384== by 0x7AEA2C4: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (VMStackBounds.h:60) ==16384== by 0x7C055D7: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:83) ==16384== by 0x5B4393D: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (JSMainThreadExecState.h:74) ==16384== by 0x5B43CC2: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:158) ==16384== by 0x5D3E9D4: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:317) ==16384== by 0x5F2E723: WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) (HTMLScriptRunner.cpp:150) ==16384== by 0x5F2ED8A: WebCore::HTMLScriptRunner::executeParsingBlockingScript() (HTMLScriptRunner.cpp:122) ==16384== by 0x5F2F0D6: WebCore::HTMLScriptRunner::executeParsingBlockingScripts() (HTMLScriptRunner.cpp:201) ==16384== by 0x5F1A20E: WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() (HTMLDocumentParser.cpp:960) ==16384== by 0x5CCE32D: WebCore::Document::didRemoveAllPendingStylesheet() (Document.cpp:2798) ==16384== by 0x5EBE038: WebCore::HTMLLinkElement::sheetLoaded() (HTMLLinkElement.cpp:357)
Attachments
test.c (1.48 KB, text/plain)
2014-01-09 06:19 PST, Bastien Nocera 		no flags
Details
test.c (4.25 KB, text/plain)
2014-01-09 06:32 PST, Bastien Nocera 		no flags
Details
test.c (4.25 KB, text/plain)
2018-03-30 06:49 PDT, Bastien Nocera 		no flags
Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Bastien Nocera
Comment 1 2014-01-09 06:19:30 PST
Created attachment 220720 [details] test.c Test app to generate the URL to reproduce the bug. The user-agent used is: Mozilla/5.0 (GNOME; not Android) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile
Bastien Nocera
Comment 2 2014-01-09 06:32:39 PST
Created attachment 220723 [details] test.c Self-contained test case. Simply right click on the "login" button to get the inspector, and boom.
Bastien Nocera
Comment 3 2014-01-09 06:49:46 PST
Using "JavaScriptCoreUseJIT=0" as an envvar fixes the crash.
Bastien Nocera
Comment 4 2018-03-30 06:49:25 PDT
Created attachment 336851 [details] test.c Updated patch for WebKitGTK+ 2.18
Bastien Nocera
Comment 5 2018-03-30 06:50:09 PDT
This new test throws warnings because I did the minimum required to test it, but it doesn't crash anymore.
Note You need to log in before you can comment on or make changes to this bug.