When running "gnome-conbtrol-center online-accounts" with Pocket support under valgrind: ==16384== Invalid write of size 4 ==16384== at 0x7CFF81C: WTFCrash (Assertions.cpp:342) ==16384== by 0x7AEA2C4: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (VMStackBounds.h:60) ==16384== by 0x7C055D7: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:83) ==16384== by 0x5B4393D: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (JSMainThreadExecState.h:74) ==16384== by 0x5B43CC2: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:158) ==16384== by 0x5D3E9D4: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:317) ==16384== by 0x5F2E723: WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) (HTMLScriptRunner.cpp:150) ==16384== by 0x5F2ED8A: WebCore::HTMLScriptRunner::executeParsingBlockingScript() (HTMLScriptRunner.cpp:122) ==16384== by 0x5F2F0D6: WebCore::HTMLScriptRunner::executeParsingBlockingScripts() (HTMLScriptRunner.cpp:201) ==16384== by 0x5F1A20E: WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() (HTMLDocumentParser.cpp:960) ==16384== by 0x5CCE32D: WebCore::Document::didRemoveAllPendingStylesheet() (Document.cpp:2798) ==16384== by 0x5EBE038: WebCore::HTMLLinkElement::sheetLoaded() (HTMLLinkElement.cpp:357) ==16384== Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd ==16384== ==16384== ==16384== Process terminating with default action of signal 11 (SIGSEGV) ==16384== Access not within mapped region at address 0xBBADBEEF ==16384== at 0x7CFF81C: WTFCrash (Assertions.cpp:342) ==16384== by 0x7AEA2C4: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (VMStackBounds.h:60) ==16384== by 0x7C055D7: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:83) ==16384== by 0x5B4393D: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (JSMainThreadExecState.h:74) ==16384== by 0x5B43CC2: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:158) ==16384== by 0x5D3E9D4: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:317) ==16384== by 0x5F2E723: WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) (HTMLScriptRunner.cpp:150) ==16384== by 0x5F2ED8A: WebCore::HTMLScriptRunner::executeParsingBlockingScript() (HTMLScriptRunner.cpp:122) ==16384== by 0x5F2F0D6: WebCore::HTMLScriptRunner::executeParsingBlockingScripts() (HTMLScriptRunner.cpp:201) ==16384== by 0x5F1A20E: WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() (HTMLDocumentParser.cpp:960) ==16384== by 0x5CCE32D: WebCore::Document::didRemoveAllPendingStylesheet() (Document.cpp:2798) ==16384== by 0x5EBE038: WebCore::HTMLLinkElement::sheetLoaded() (HTMLLinkElement.cpp:357)
Created attachment 220720 [details] test.c Test app to generate the URL to reproduce the bug. The user-agent used is: Mozilla/5.0 (GNOME; not Android) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile
Created attachment 220723 [details] test.c Self-contained test case. Simply right click on the "login" button to get the inspector, and boom.
Using "JavaScriptCoreUseJIT=0" as an envvar fixes the crash.
Created attachment 336851 [details] test.c Updated patch for WebKitGTK+ 2.18
This new test throws warnings because I did the minimum required to test it, but it doesn't crash anymore.