Bug 126687 - Crash opening Pocket in gnome-control-center
Summary: Crash opening Pocket in gnome-control-center
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKitGTK (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-01-09 02:46 PST by Bastien Nocera
Modified: 2018-03-30 06:50 PDT (History)
3 users (show)

See Also:


Attachments
test.c (1.48 KB, text/plain)
2014-01-09 06:19 PST, Bastien Nocera
no flags Details
test.c (4.25 KB, text/plain)
2014-01-09 06:32 PST, Bastien Nocera
no flags Details
test.c (4.25 KB, text/plain)
2018-03-30 06:49 PDT, Bastien Nocera
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Bastien Nocera 2014-01-09 02:46:57 PST
When running "gnome-conbtrol-center online-accounts" with Pocket support under valgrind:

==16384== Invalid write of size 4
==16384==    at 0x7CFF81C: WTFCrash (Assertions.cpp:342)
==16384==    by 0x7AEA2C4: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (VMStackBounds.h:60)
==16384==    by 0x7C055D7: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:83)
==16384==    by 0x5B4393D: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (JSMainThreadExecState.h:74)
==16384==    by 0x5B43CC2: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:158)
==16384==    by 0x5D3E9D4: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:317)
==16384==    by 0x5F2E723: WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) (HTMLScriptRunner.cpp:150)
==16384==    by 0x5F2ED8A: WebCore::HTMLScriptRunner::executeParsingBlockingScript() (HTMLScriptRunner.cpp:122)
==16384==    by 0x5F2F0D6: WebCore::HTMLScriptRunner::executeParsingBlockingScripts() (HTMLScriptRunner.cpp:201)
==16384==    by 0x5F1A20E: WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() (HTMLDocumentParser.cpp:960)
==16384==    by 0x5CCE32D: WebCore::Document::didRemoveAllPendingStylesheet() (Document.cpp:2798)
==16384==    by 0x5EBE038: WebCore::HTMLLinkElement::sheetLoaded() (HTMLLinkElement.cpp:357)
==16384==  Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd
==16384== 
==16384== 
==16384== Process terminating with default action of signal 11 (SIGSEGV)
==16384==  Access not within mapped region at address 0xBBADBEEF
==16384==    at 0x7CFF81C: WTFCrash (Assertions.cpp:342)
==16384==    by 0x7AEA2C4: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) (VMStackBounds.h:60)
==16384==    by 0x7C055D7: JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) (Completion.cpp:83)
==16384==    by 0x5B4393D: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (JSMainThreadExecState.h:74)
==16384==    by 0x5B43CC2: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:158)
==16384==    by 0x5D3E9D4: WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) (ScriptElement.cpp:317)
==16384==    by 0x5F2E723: WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) (HTMLScriptRunner.cpp:150)
==16384==    by 0x5F2ED8A: WebCore::HTMLScriptRunner::executeParsingBlockingScript() (HTMLScriptRunner.cpp:122)
==16384==    by 0x5F2F0D6: WebCore::HTMLScriptRunner::executeParsingBlockingScripts() (HTMLScriptRunner.cpp:201)
==16384==    by 0x5F1A20E: WebCore::HTMLDocumentParser::executeScriptsWaitingForStylesheets() (HTMLDocumentParser.cpp:960)
==16384==    by 0x5CCE32D: WebCore::Document::didRemoveAllPendingStylesheet() (Document.cpp:2798)
==16384==    by 0x5EBE038: WebCore::HTMLLinkElement::sheetLoaded() (HTMLLinkElement.cpp:357)
Comment 1 Bastien Nocera 2014-01-09 06:19:30 PST
Created attachment 220720 [details]
test.c

Test app to generate the URL to reproduce the bug.

The user-agent used is:
Mozilla/5.0 (GNOME; not Android) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile
Comment 2 Bastien Nocera 2014-01-09 06:32:39 PST
Created attachment 220723 [details]
test.c

Self-contained test case. Simply right click on the "login" button to get the inspector, and boom.
Comment 3 Bastien Nocera 2014-01-09 06:49:46 PST
Using "JavaScriptCoreUseJIT=0" as an envvar fixes the crash.
Comment 4 Bastien Nocera 2018-03-30 06:49:25 PDT
Created attachment 336851 [details]
test.c

Updated patch for WebKitGTK+ 2.18
Comment 5 Bastien Nocera 2018-03-30 06:50:09 PDT
This new test throws warnings because I did the minimum required to test it, but it doesn't crash anymore.