Bug 173805

Summary: Systematic crashes on some pages of francetvinfo.fr
Product: WebKit Reporter: Gwendal <QDohEbmrivC69wkZk4pjM57Jw_webkitbugzilla>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bugs-noreply, mcatanzaro
Priority: P2    
Version: Other   
Hardware: PC   
OS: Linux   

Description Gwendal 2017-06-23 23:54:11 PDT 
Using Eolie or Epiphany (with adblockers disabled), visiting some articles on http://www.francetvinfo.fr/ lead to a systematic crash of Webkit.

To reproduce:
- visit http://www.francetvinfo.fr/politique/la-france-insoumise/vous-ne-pouvez-pas-dire-vive-la-france-une-interview-d-une-deputee-insoumise-suscite-la-polemique_2250759.html
- scroll down
- it should crash at some point
Comment 1 Michael Catanzaro 2017-06-24 05:36:16 PDT 
(gdb) bt
#0  0x00007f070037cdb6 in JSC::JSValue::isString() const (this=0x7ffd47aeef10)
    at /usr/src/debug/webkitgtk-2.16.3/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:576
#1  0x00007f070037cdb6 in JSC::JSValue::toStringOrNull(JSC::ExecState*) const (exec=0x7ffd47aef170, this=0x7ffd47aeef10)
    at /usr/src/debug/webkitgtk-2.16.3/Source/JavaScriptCore/runtime/JSString.h:773
#2  0x00007f070037cdb6 in JSC::toStringView<JSC::DFG::operationParseIntGeneric(JSC::ExecState*, JSC::EncodedJSValue, int32_t)::<lambda(WTF::StringView)> > (callback=..., value=..., exec=0x7ffd47aef170)
    at /usr/src/debug/webkitgtk-2.16.3/Source/JavaScriptCore/runtime/ParseInt.h:219
#3  0x00007f070037cdb6 in JSC::DFG::operationParseIntGeneric(JSC::ExecState*, JSC::EncodedJSValue, int32_t) (exec=0x7ffd47aef170, value=0, radix=10)
    at /usr/src/debug/webkitgtk-2.16.3/Source/JavaScriptCore/dfg/DFGOperations.cpp:904
#4  0x00007f069855f0ef in  ()

It's bug #173643.

*** This bug has been marked as a duplicate of bug 173643 ***