Bug 36717

Summary:	[GTK] Segment violation at JSC::DateInstance::calculateGregorianDateTimeUTC
Product:	WebKit	Reporter:	Ismael Luceno <ismael.luceno>
Component:	JavaScriptCore	Assignee:	Nobody <webkit-unassigned>
Status:	UNCONFIRMED
Severity:	Major	CC:	barraclough, bugs-noreply
Priority:	P2
Version:	528+ (Nightly build)
Hardware:	All
OS:	Linux

Ismael Luceno

Reported 2010-03-27 22:13:34 PDT

Program received signal SIGSEGV, Segmentation fault. 0x00007ffff384200a in JSC::DateInstance::calculateGregorianDateTimeUTC(JSC::ExecState*) const () from /usr/lib/libwebkit-1.0.so.2 (gdb) bt #0 0x00007ffff384200a in JSC::DateInstance::calculateGregorianDateTimeUTC(JSC::ExecState*) const () from /usr/lib/libwebkit-1.0.so.2 #1 0x00007ffff3845cfb in JSC::dateProtoFuncToGMTString(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) () from /usr/lib/libwebkit-1.0.so.2 #2 0x00007ffff7e001b4 in ?? () #3 0x00007fffe29da2f0 in ?? () #4 0x0000000000000000 in ?? () (gdb)

Attachments
Add attachment proposed patch, testcase, etc.

Ismael Luceno

Comment 1 2010-03-27 22:14:26 PDT

WebkitGTK+ 1.1.90

Alexey Proskuryakov

Comment 2 2010-03-28 10:44:53 PDT

Is this reproducible? On which site? Please see <http://webkit.org/quality/bugwriting.html>.

Ismael Luceno

Comment 3 2010-03-28 14:57:36 PDT

Almost any site with Javascript. Some I tried: * gmail.com * wikidot.com * wikipedia.org * facebook.com * webkit.org etc.

Gavin Barraclough

Comment 4 2011-08-12 13:14:29 PDT

Hi, does this still repro for you?

Ismael Luceno

Comment 5 2011-08-12 23:34:29 PDT

Looks like it's still valid. Tested with webkitgtk 1.4.2, built using gcc 4.6.1. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff39f65f0 in JSC::DateInstance::calculateGregorianDateTimeUTC(JSC::ExecState*) const () from /usr/lib/libwebkitgtk-1.0.so.0 (gdb) bt #0 0x00007ffff39f65f0 in JSC::DateInstance::calculateGregorianDateTimeUTC(JSC::ExecState*) const () from /usr/lib/libwebkitgtk-1.0.so.0 #1 0x00007ffff39fbde0 in JSC::dateProtoFuncToGMTString(JSC::ExecState*) () from /usr/lib/libwebkitgtk-1.0.so.0 #2 0x00007fffa20881e8 in ?? () #3 0x00007fffa1c88130 in ?? () #4 0x00007fffa20af7c0 in ?? () #5 0x7fffffff0000001a in ?? () #6 0x00007fffe2b29550 in ?? () #7 0x00007fffe211d1a0 in ?? () #8 0x00007fff00000002 in ?? () #9 0x00007fffa209f000 in ?? () #10 0x00007fffa08e4f00 in ?? () #11 0x000000000000829c in ?? () #12 0x00007ffff39745ea in JSC::RegisterFile::setGlobalObject(JSC::JSGlobalObject*) () from /usr/lib/libwebkitgtk-1.0.so.0 #13 0x00007fffea7a3480 in ?? () #14 0x00007fffe2210150 in ?? () #15 0x00007fffea6ec000 in ?? () #16 0x00007fffea71dd20 in ?? () #17 0x00007ffff396f449 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) () from /usr/lib/libwebkitgtk-1.0.so.0 #18 0x00007ffff39f397f in JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue) () ---Type <return> to continue, or q <return> to quit--- from /usr/lib/libwebkitgtk-1.0.so.0 #19 0x00007ffff2e78bf4 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) () from /usr/lib/libwebkitgtk-1.0.so.0 #20 0x00007ffff2e79433 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /usr/lib/libwebkitgtk-1.0.so.0 #21 0x00007ffff2f96370 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () from /usr/lib/libwebkitgtk-1.0.so.0 #22 0x00007ffff30e6ff0 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) () from /usr/lib/libwebkitgtk-1.0.so.0 #23 0x00007ffff30e7597 in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () from /usr/lib/libwebkitgtk-1.0.so.0 #24 0x00007ffff30e7a57 in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () from /usr/lib/libwebkitgtk-1.0.so.0 #25 0x00007ffff30de3cd in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () from /usr/lib/libwebkitgtk-1.0.so.0 #26 0x00007ffff318ff9c in WebCore::CachedScript::checkNotify() () from /usr/lib/libwebkitgtk-1.0.so.0 #27 0x00007ffff318f008 in WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*, double) () from /usr/lib/libwebkitgtk-1.0.so.0 #28 0x00007ffff31df714 in WebCore::SubresourceLoader::didFinishLoading(double) () from /usr/lib/libwebkitgtk-1.0.so.0 #29 0x00007ffff2d04249 in WebCore::readCallback(_GObject*, _GAsyncResult*, void*) () from /usr/lib/libwebkitgtk-1.0.so.0 [...]

Ismael Luceno

Comment 6 2013-02-25 13:59:17 PST

Still happening with webkitgtk 1.10.2. Compiled with GCC 4.7.2. Program received signal SIGSEGV, Segmentation fault. 0x00007ffff2c7058c in JSC::DateInstance::calculateGregorianDateTimeUTC(JSC::ExecState*) const () from /usr/lib/libjavascriptcoregtk-3.0.so.0 (gdb) bt #0 0x00007ffff2c7058c in JSC::DateInstance::calculateGregorianDateTimeUTC(JSC::ExecState*) const () from /usr/lib/libjavascriptcoregtk-3.0.so.0 #1 0x00007ffff2c7465d in JSC::dateProtoFuncToGMTString(JSC::ExecState*) () from /usr/lib/libjavascriptcoregtk-3.0.so.0

Note You need to log in before you can comment on or make changes to this bug.