21240 – segmentation fault while closing a page with flash object

RESOLVED DUPLICATE of bug 21390 21240

segmentation fault while closing a page with flash object

https://bugs.webkit.org/show_bug.cgi?id=21240

Summary segmentation fault while closing a page with flash object

Riccardo Magliocchetti

Reported 2008-09-30 05:33:02 PDT

webkit version r37056 (+ patch from bug 20779) How to reproduce: - get and install swfdec 0.8 and swfdec-mozilla - point GtkLauncher to http://www.youtube.com - play the youtube thumbnailer "Videos being watched right now..." - close gtklauncher (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed Loading stream: http://i2.ytimg.com/vi/AJz4GmxXcrs/default.jpg Loading stream: http://i2.ytimg.com/vi/AJz4GmxXcrs/default.jpg Loading stream: http://i3.ytimg.com/vi/vmxz-khEvuU/default.jpg Loading stream: http://i3.ytimg.com/vi/vmxz-khEvuU/default.jpg Loading stream: http://i3.ytimg.com/vi/NKcHftQoQp4/default.jpg Loading stream: http://i3.ytimg.com/vi/NKcHftQoQp4/default.jpg Loading stream: http://i3.ytimg.com/vi/FBivlhYeFcg/default.jpg Loading stream: http://i3.ytimg.com/vi/FBivlhYeFcg/default.jpg Loading stream: http://i2.ytimg.com/vi/u_dVzR-L6Uc/default.jpg Loading stream: http://i2.ytimg.com/vi/u_dVzR-L6Uc/default.jpg SWFDEC: WARN : swfdec_as_interpret.c(875): swfdec_action_call_method: no function named "gotoAndPlay" on object unknown (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): Gtk-CRITICAL **: gtk_widget_queue_draw_area: assertion `GTK_IS_WIDGET (widget)' failed (GtkLauncher:27763): GLib-GObject-WARNING **: invalid unclassed pointer in cast to `GtkWidget' Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5766720 (LWP 27763)] 0xb7390197 in gtk_range_size_allocate (widget=0x8b454c8, allocation=0xbfefe8bc) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c:1228 1228 /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c: No such file or directory. in /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c (gdb) bt full #0 0xb7390197 in gtk_range_size_allocate (widget=0x8b454c8, allocation=0xbfefe8bc) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkrange.c:1228 No locals. #1 0xb70410da in IA__g_cclosure_marshal_VOID__BOXED (closure=0x8b0afd8, return_value=0x0, n_param_values=2, param_values=0x9027f90, invocation_hint=0xbfefe6fc, marshal_data=0xb7390160) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:566 data1 = (gpointer) 0x8b454c8 data2 = (gpointer) 0x8b073e0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__BOXED" #2 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b0afd8, return_value=0x0, n_param_values=2, param_values=0x9027f90, invocation_hint=0xbfefe6fc, marshal_data=0x80) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #3 0xb7032b63 in IA__g_closure_invoke (closure=0x8b0afd8, return_value=0x0, n_param_values=2, param_values=0x9027f90, invocation_hint=0xbfefe6fc) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x80 __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #4 0xb7049bde in signal_emit_unlocked_R (node=0x8b0b148, detail=0, instance=0x8b454c8, emission_return=0x0, instance_and_params=0x9027f90) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3174 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x0, instance = 0x8b454c8, ihint = {signal_id = 15, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 145968872} class_closure = (GClosure *) 0x8b0afd8 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 15 max_sequential_handler_number = 299 return_value_altered = 0 #5 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b454c8, signal_id=15, detail=0, var_args=0xbfefe8a0 "����\001") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x9027fa4 node = (SignalNode *) 0x8b0b148 i = 1 n_params = 1 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #6 0xb704bf56 in IA__g_signal_emit (instance=0x8b454c8, signal_id=15, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #7 0xb747c994 in IA__gtk_widget_size_allocate (widget=0x8b454c8, allocation=0xbfefe918) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:3818 aux_info = <value optimized out> real_allocation = {x = 198, y = 0, width = 15, height = 1} old_allocation = {x = 423, y = 103, width = 1, height = 1} size_changed = 1 position_changed = 1 __PRETTY_FUNCTION__ = "IA__gtk_widget_size_allocate" #8 0xb7b686a8 in WebCore::ScrollbarGtk::frameRectsChanged () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #9 0xb7b686f1 in WebCore::ScrollbarGtk::setFrameRect () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #10 0xb7b679a2 in WebCore::ScrollView::updateScrollbars () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #11 0xb791a6ce in WebCore::ScrollView::setScrollbarModes () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #12 0xb78dce2b in WebCore::FrameView::resetScrollbars () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #13 0xb78df523 in WebCore::FrameView::~FrameView () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #14 0xb79c7235 in WebCore::RenderPart::~RenderPart () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #15 0xb79c75bd in WebCore::RenderPartObject::~RenderPartObject () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #16 0xb79c1ecf in WebCore::RenderObject::arenaDelete () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #17 0xb79ed80b in WebCore::RenderWidget::deref () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #18 0xb79ee4f1 in WebCore::RenderWidget::destroy () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #19 0xb775e729 in WebCore::Node::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #20 0xb772a81e in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 ---Type <return> to continue, or q <return> to quit--- No locals. #21 0xb774f3e3 in WebCore::Element::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #22 0xb772a80b in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #23 0xb774f3e3 in WebCore::Element::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #24 0xb772a80b in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #25 0xb774f3e3 in WebCore::Element::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #26 0xb772a80b in WebCore::ContainerNode::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #27 0xb7732bd7 in WebCore::Document::detach () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #28 0xb78d3d4e in WebCore::Frame::setView () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #29 0xb78fa01a in WebCore::Page::~Page () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #30 0xb766fde3 in webkit_web_view_finalize () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #31 0xb7034e23 in IA__g_object_unref (_object=0x8b48010) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:2411 object = (GObject *) 0x8b48010 __PRETTY_FUNCTION__ = "IA__g_object_unref" #32 0xb736f6ee in IA__gtk_object_destroy (object=0x8b48010) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" #33 0xb7262fff in gtk_bin_forall (container=0x8b03928, include_internals=0, callback=0xbfefe8bc, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkbin.c:133 __PRETTY_FUNCTION__ = "gtk_bin_forall" #34 0xb73ae145 in gtk_scrolled_window_forall (container=0x8b03928, include_internals=0, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkscrolledwindow.c:1021 __PRETTY_FUNCTION__ = "gtk_scrolled_window_forall" #35 0xb72aa7f6 in IA__gtk_container_foreach (container=0x8b03928, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1480 __PRETTY_FUNCTION__ = "IA__gtk_container_foreach" #36 0xb72ab0c0 in gtk_container_destroy (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1020 No locals. #37 0xb73affa0 in gtk_scrolled_window_destroy (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkscrolledwindow.c:799 __PRETTY_FUNCTION__ = "gtk_scrolled_window_destroy" #38 0xb7040a34 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b3b0, invocation_hint=0xbfeff07c, marshal_data=0xb73aff00) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:77 data1 = (gpointer) 0x8b03928 data2 = (gpointer) 0x0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__VOID" #39 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b3b0, invocation_hint=0xbfeff07c, marshal_data=0x4c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #40 0xb7032a90 in IA__g_closure_invoke (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b3b0, invocation_hint=0xbfeff07c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x4c __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #41 0xb704a7a8 in signal_emit_unlocked_R (node=0x8b07970, detail=0, instance=0x8b03928, emission_return=0x0, instance_and_params=0x929b3b0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3360 need_unset = 0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0xbfeff4a4, instance = 0x8b03928, ihint = {signal_id = 7, detail = 0, run_type = G_SIGNAL_RUN_CLEANUP}, state = EMISSION_STOP, chain_type = 146008160} class_closure = (GClosure *) 0x8b07928 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 7 max_sequential_handler_number = 291 return_value_altered = 0 #42 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b03928, signal_id=7, detail=0, var_args=0xbfeff21c "�\034X��\034X�(9�\bH���1�G�(9�\b(9�\bh���\200V\006�\200V\006�(9�\bh���oR\003�(9�\bP") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x929b3c4 ---Type <return> to continue, or q <return> to quit--- node = (SignalNode *) 0x8b07970 i = 145669096 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #43 0xb704bf56 in IA__g_signal_emit (instance=0x8b03928, signal_id=7, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #44 0xb736fa01 in gtk_object_dispose (gobject=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:418 No locals. #45 0xb747f131 in gtk_widget_dispose (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:7854 No locals. #46 0xb703526f in IA__g_object_run_dispose (object=0x8b03928) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:785 __PRETTY_FUNCTION__ = "IA__g_object_run_dispose" #47 0xb736f6ee in IA__gtk_object_destroy (object=0x8b03928) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" #48 0xb7267240 in gtk_box_forall (container=0x8b02960, include_internals=0, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkbox.c:799 child = <value optimized out> children = (GList *) 0x8b50020 __PRETTY_FUNCTION__ = "gtk_box_forall" #49 0xb72aa7f6 in IA__gtk_container_foreach (container=0x8b02960, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1480 __PRETTY_FUNCTION__ = "IA__gtk_container_foreach" #50 0xb72ab0c0 in gtk_container_destroy (object=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1020 No locals. #51 0xb7040a34 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b4c0, invocation_hint=0xbfeff4ac, marshal_data=0xb72ab080) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:77 data1 = (gpointer) 0x8b02960 data2 = (gpointer) 0x0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__VOID" #52 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b4c0, invocation_hint=0xbfeff4ac, marshal_data=0x4c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #53 0xb7032a90 in IA__g_closure_invoke (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x929b4c0, invocation_hint=0xbfeff4ac) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x4c __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #54 0xb704a7a8 in signal_emit_unlocked_R (node=0x8b07970, detail=0, instance=0x8b02960, emission_return=0x0, instance_and_params=0x929b4c0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3360 need_unset = 0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0xbfeff8f4, instance = 0x8b02960, ihint = {signal_id = 7, detail = 0, run_type = G_SIGNAL_RUN_CLEANUP}, state = EMISSION_STOP, chain_type = 145782576} class_closure = (GClosure *) 0x8b07928 handler_list = (Handler *) 0x0 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 7 max_sequential_handler_number = 291 return_value_altered = 0 #55 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b02960, signal_id=7, detail=0, var_args=0xbfeff64c "�\034X��\034X�`)�\bx���1�G�`)�\b`)�\b\210���\200V\006�\200V\006�`)�\b\230���oR\003�`)�\bP") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x929b4d4 node = (SignalNode *) 0x8b07970 i = 145669096 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #56 0xb704bf56 in IA__g_signal_emit (instance=0x8b02960, signal_id=7, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #57 0xb736fa01 in gtk_object_dispose (gobject=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:418 No locals. #58 0xb747f131 in gtk_widget_dispose (object=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:7854 No locals. #59 0xb703526f in IA__g_object_run_dispose (object=0x8b02960) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:785 __PRETTY_FUNCTION__ = "IA__g_object_run_dispose" #60 0xb736f6ee in IA__gtk_object_destroy (object=0x8b02960) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" ---Type <return> to continue, or q <return> to quit--- #61 0xb7262fff in gtk_bin_forall (container=0x8b29250, include_internals=0, callback=0xbfefe8bc, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkbin.c:133 __PRETTY_FUNCTION__ = "gtk_bin_forall" #62 0xb72aa7f6 in IA__gtk_container_foreach (container=0x8b29250, callback=0xb747f3b0 <IA__gtk_widget_destroy>, callback_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1480 __PRETTY_FUNCTION__ = "IA__gtk_container_foreach" #63 0xb72ab0c0 in gtk_container_destroy (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkcontainer.c:1020 No locals. #64 0xb748fe73 in gtk_window_destroy (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwindow.c:4190 No locals. #65 0xb7040a34 in IA__g_cclosure_marshal_VOID__VOID (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x9298390, invocation_hint=0xbfeff8fc, marshal_data=0xb748fdf0) at /tmp/buildd/glib2.0-2.17.7/gobject/gmarshal.c:77 data1 = (gpointer) 0x8b29250 data2 = (gpointer) 0x0 __PRETTY_FUNCTION__ = "IA__g_cclosure_marshal_VOID__VOID" #66 0xb70312d9 in g_type_class_meta_marshal (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x9298390, invocation_hint=0xbfeff8fc, marshal_data=0x4c) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:878 callback = <value optimized out> #67 0xb7032b63 in IA__g_closure_invoke (closure=0x8b07928, return_value=0x0, n_param_values=1, param_values=0x9298390, invocation_hint=0xbfeff8fc) at /tmp/buildd/glib2.0-2.17.7/gobject/gclosure.c:767 marshal = (GClosureMarshal) 0xb7031290 <g_type_class_meta_marshal> marshal_data = (gpointer) 0x4c __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #68 0xb704a7a8 in signal_emit_unlocked_R (node=0x8b07970, detail=0, instance=0x8b29250, emission_return=0x0, instance_and_params=0x9298390) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3360 need_unset = 0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x0, instance = 0x8b29250, ihint = {signal_id = 7, detail = 0, run_type = G_SIGNAL_RUN_CLEANUP}, state = EMISSION_STOP, chain_type = 145850432} class_closure = (GClosure *) 0x8b07928 handler_list = (Handler *) 0x8b29c40 return_accu = (GValue *) 0x0 accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 7 max_sequential_handler_number = 291 return_value_altered = 1 #69 0xb704bac6 in IA__g_signal_emit_valist (instance=0x8b29250, signal_id=7, detail=0, var_args=0xbfeffa9c "��G��\034X�P\222�\b����1�G�P\222�\b") at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:2977 signal_return_type = 4 param_values = (GValue *) 0x92983a4 node = (SignalNode *) 0x8b07970 i = 1 n_params = 0 __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #70 0xb704bf56 in IA__g_signal_emit (instance=0x8b29250, signal_id=7, detail=0) at /tmp/buildd/glib2.0-2.17.7/gobject/gsignal.c:3034 No locals. #71 0xb736fa01 in gtk_object_dispose (gobject=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:418 No locals. #72 0xb747f131 in gtk_widget_dispose (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwidget.c:7854 No locals. #73 0xb748c926 in gtk_window_dispose (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkwindow.c:1969 No locals. #74 0xb703526f in IA__g_object_run_dispose (object=0x8b29250) at /tmp/buildd/glib2.0-2.17.7/gobject/gobject.c:785 __PRETTY_FUNCTION__ = "IA__g_object_run_dispose" #75 0xb736f6ee in IA__gtk_object_destroy (object=0x8b29250) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkobject.c:403 __PRETTY_FUNCTION__ = "IA__gtk_object_destroy" #76 0xb7347a24 in IA__gtk_main_do_event (event=0x91795f8) at /build/buildd/gtk+2.0-2.12.11/gtk/gtkmain.c:1492 event_widget = (GtkWidget *) 0x8b29250 grab_widget = (GtkWidget *) 0x8b29250 window_group = (GtkWindowGroup *) 0x8b7c720 rewritten_event = (GdkEvent *) 0x0 tmp_list = <value optimized out> __PRETTY_FUNCTION__ = "IA__gtk_main_do_event" #77 0xb71b87ea in gdk_event_dispatch (source=0x8b061c0, callback=0, user_data=0x0) at /build/buildd/gtk+2.0-2.12.11/gdk/x11/gdkevents-x11.c:2351 display = <value optimized out> event = <value optimized out> #78 0xb6fa64b1 in IA__g_main_context_dispatch (context=0x8b06208) at /tmp/buildd/glib2.0-2.17.7/glib/gmain.c:2073 No locals. #79 0xb6fa9b43 in g_main_context_iterate (context=0x8b06208, block=1, dispatch=1, self=0x8b1c880) at /tmp/buildd/glib2.0-2.17.7/glib/gmain.c:2706 ---Type <return> to continue, or q <return> to quit--- max_priority = 2147483647 timeout = 15 some_ready = 1 nfds = 3 allocated_nfds = <value optimized out> fds = (GPollFD *) 0x8b739f0 __PRETTY_FUNCTION__ = "g_main_context_iterate" #80 0xb6faa062 in IA__g_main_loop_run (loop=0x8deeeb8) at /tmp/buildd/glib2.0-2.17.7/glib/gmain.c:2929 self = (GThread *) 0x8b1c880 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #81 0xb7347c99 in IA__gtk_main () at /build/buildd/gtk+2.0-2.12.11/gtk/gtkmain.c:1163 tmp_list = (GList *) 0x8b073e0 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x8b03928 loop = (GMainLoop *) 0x8deeeb8 #82 0x08049b18 in main ()

Attachments
Add attachment proposed patch, testcase, etc.

Jeff Cook

Comment 1 2008-10-04 00:19:44 PDT

This actually doesn't segfault for me with svn r32784. Instead, I get what appears from a very quick Google search may be a compiler bug. Upon close of a page with a swf element, I get: pure virtual method called terminate called without an active exception Aborted The options I added to the compilation were -march=x86_64 -mtune=core2 -funit-at-a-time -pipe -O2 . I suspect it may be caused by -O2 or -funit-at-a-time, though the latter only affects asm blocks afaict from the man page. Anyway, will try to recompile and see if I can reproduce the segfault. I don't experience it in Epiphany (with svn r37092) either and my patch from https://bugs.webkit.org/show_bug.cgi?id=20779 .

Jeff Cook

Comment 2 2008-10-04 01:04:33 PDT

Neglected to mention that I'm using GCC 4.3.2, glibc 2.8, and ArchLinux 2.6.26.

Riccardo Magliocchetti

Comment 3 2008-10-05 09:46:00 PDT

(In reply to comment #1) > This actually doesn't segfault for me with svn r32784. do you mean r37284 right? i'm building a newer snapshot right now. My platform is gcc 4.3.2 and glibc is 2.7 from debian sid.

Riccardo Magliocchetti

Comment 4 2008-10-05 11:12:57 PDT

It still crash, different warning though: (GtkLauncher:16370): GLib-GObject-WARNING **: invalid uninstantiatable type `(null)' in cast to `GtkWidget' Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb5793720 (LWP 16370)] 0xb7b9268c in WebCore::ScrollView::platformRemoveChild () from /usr/local/lib/libwebkit-1.0.so.1 Current language: auto; currently asm (gdb) bt full #0 0xb7b9268c in WebCore::ScrollView::platformRemoveChild () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #1 0xb7949f95 in WebCore::ScrollView::removeChild () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #2 0xb794a333 in WebCore::ScrollView::setHasVerticalScrollbar () from /usr/local/lib/libwebkit-1.0.so.1 No locals. #3 0xb7920f4f in WebCore::FrameView::~FrameView () from /usr/local/lib/libwebkit-1.0.so.1

Jan Alonzo

Comment 5 2008-10-11 13:42:01 PDT

*** This bug has been marked as a duplicate of 21390 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 21390

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Linux

Product WebKit

Component WebKitGTK

Assignee

Nobody

Reported

2008-09-30 05:33 PDT

Modified

2008-10-11 13:42 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks