WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED INVALID
36412
[GTK] Crashes reproducibly in www.formula1.com with Adobe's Flash plugin
https://bugs.webkit.org/show_bug.cgi?id=36412
Summary
[GTK] Crashes reproducibly in www.formula1.com with Adobe's Flash plugin
Gustavo Noronha (kov)
Reported
2010-03-20 06:49:42 PDT
Here's the backtrace: #0 0x00007ffff1d8af45 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007ffff1d8dd80 in *__GI_abort () at abort.c:88 #2 0x00007ffff2814a4a in g_logv () from /lib/libglib-2.0.so.0 #3 0x00007ffff2814ad3 in g_log () from /lib/libglib-2.0.so.0 #4 0x00007ffff3addda2 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #5 0x00007ffff72abb3c in _XError () from /usr/lib/libX11.so.6 #6 0x00007ffff72b2edc in ?? () from /usr/lib/libX11.so.6 #7 0x00007ffff72b3580 in _XReply () from /usr/lib/libX11.so.6 #8 0x00007ffff72a70d3 in XSync () from /usr/lib/libX11.so.6 #9 0x00007ffff517da3c in WebCore::PluginView::updatePluginWidget ( this=0x7fffd4d02000) at ../WebCore/plugins/gtk/PluginViewGtk.cpp:144 #10 0x00007ffff4f416ec in WebCore::PluginView::setFrameRect ( this=0x7fffd4d02000, rect=...) at ../WebCore/plugins/PluginView.cpp:135 #11 0x00007ffff4ffaff9 in WebCore::RenderWidget::setWidgetGeometry ( this=0x7fffd4c5f040, frame=...) at ../WebCore/rendering/RenderWidget.cpp:159 #12 0x00007ffff4ffb1c5 in WebCore::RenderWidget::updateWidgetPosition ( this=0x7fffd4c5f040) at ../WebCore/rendering/RenderWidget.cpp:317 #13 0x00007ffff4ff6e6d in WebCore::RenderView::updateWidgetPositions ( this=0x7fffe36f8420) at ../WebCore/rendering/RenderView.cpp:543 #14 0x00007ffff4ea0095 in WebCore::FrameView::performPostLayoutTasks ( this=0x7fffe36c6a00) at ../WebCore/page/FrameView.cpp:1490 #15 0x00007ffff4ea1fd6 in WebCore::FrameView::layout (this=0x7fffe36c6a00, allowSubtree=<value optimized out>) at ../WebCore/page/FrameView.cpp:751 #16 0x00007ffff4c9f468 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7fffe3791c00) at ../WebCore/dom/Document.cpp:1460 #17 0x00007ffff4db5b8d in WebCore::HTMLObjectElement::renderWidgetForJSBindings (this=0x7fffd503dea0) at ../WebCore/html/HTMLObjectElement.cpp:64 #18 0x00007ffff4dc15f4 in WebCore::HTMLPlugInElement::getInstance (this=0x243b) at ../WebCore/html/HTMLPlugInElement.cpp:84 #19 0x00007ffff4bcce8b in WebCore::pluginInstance (node=<value optimized out>) at ../WebCore/bindings/js/JSPluginElementFunctions.cpp:46 #20 0x00007ffff4bccfac in getRuntimeObject (exec=0x7fffe0a952a8, node=0x243b) at ../WebCore/bindings/js/JSPluginElementFunctions.cpp:54 #21 0x00007ffff4bcd1ad in WebCore::runtimeObjectCustomGetOwnPropertySlot ( exec=0x243b, propertyName=..., slot=..., element=0xffffffffffffffff) at ../WebCore/bindings/js/JSPluginElementFunctions.cpp:72 #22 0x00007ffff54a2f29 in WebCore::JSHTMLObjectElement::getOwnPropertySlot ( this=0x243b, exec=0x243b, propertyName=..., slot=...) at DerivedSources/JSHTMLObjectElement.cpp:173 #23 0x00007ffff5266d1e in JSC::JSValue::get(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) const () from /usr/lib/libwebkit-1.0.so.2 #24 0x00007ffff52600e4 in cti_op_get_by_id (args=<value optimized out>) at ../JavaScriptCore/jit/JITStubs.cpp:1291 #25 0x00007fffd502213f in ?? () #26 0x0000000000000002 in ?? () #27 0x00007fffd06418c0 in ?? () #28 0x00007fffd4e83e88 in ?? () #29 0x00007fff00000002 in ?? () #30 0x0000000000000019 in ?? () #31 0x00007ffff5366e27 in WTF::TCMalloc_ThreadCache::GetThreadHeap ( ptr=0x7fffffffa630) at ../JavaScriptCore/wtf/FastMalloc.cpp:2942 #32 WTF::TCMalloc_ThreadCache::GetCacheIfPresent (ptr=0x7fffffffa630) at ../JavaScriptCore/wtf/FastMalloc.cpp:2962 #33 do_free (ptr=0x7fffffffa630) at ../JavaScriptCore/wtf/FastMalloc.cpp:3534 #34 WTF::fastFree (ptr=0x7fffffffa630) at ../JavaScriptCore/wtf/FastMalloc.cpp:3735 #35 0x00007ffff526da80 in JSC::JITCode::execute (this=0x7fffe36aa1b8, program=0x7fffe377fc30, callFrame=0x7fffe0a95048, scopeChain=0x7fffd073a370, thisObj=<value optimized out>, exception=<value optimized out>) at ../JavaScriptCore/jit/JITCode.h:77 #36 JSC::Interpreter::execute (this=0x7fffe36aa1b8, program=0x7fffe377fc30, callFrame=0x7fffe0a95048, scopeChain=0x7fffd073a370, thisObj=<value optimized out>, exception=<value optimized out>) at ../JavaScriptCore/interpreter/Interpreter.cpp:621 #37 0x00007ffff531f13d in JSC::evaluate (exec=0x7fffe36c9088, scopeChain=..., source=<value optimized out>, thisValue=...) at ../JavaScriptCore/runtime/Completion.cpp:62 #38 0x00007ffff4bf9748 in _NPN_Evaluate (instance=<value optimized out>, o=<value optimized out>, s=<value optimized out>, variant=0x7fffffffa830) at ../WebCore/bridge/NP_jsobject.cpp:278 #39 0x00007fffd6a37f4a in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #40 0x00007fffd6a3b215 in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #41 0x00007fffd6bd2842 in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #42 0x00007fffd6d41961 in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #43 0x00007fffd6c5e08c in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #44 0x00007fffd6d08ba5 in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #45 0x00007fffd6daf6d0 in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #46 0x00007fffd6a36a18 in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #47 0x00007fffd6a3852c in ?? () from /usr/lib/flashplugin-nonfree/libflashplayer.so #48 0x00007ffff4f3d493 in WebCore::PluginStream::destroyStream ( this=0x7fffe3761580) at ../WebCore/plugins/PluginStream.cpp:273 #49 0x00007ffff4f3d7e3 in WebCore::PluginStream::didFinishLoading ( this=0x7fffe3761580, loader=<value optimized out>) at ../WebCore/plugins/PluginStream.cpp:461 #50 0x00007ffff4e525c5 in WebCore::NetscapePlugInStreamLoader::didFinishLoading (this=0x7fffd4c6e000) at ../WebCore/loader/NetscapePlugInStreamLoader.cpp:103 #51 0x00007ffff51b33b6 in finishedCallback (session=<value optimized out>, msg=0x11b7ab0, data=<value optimized out>) at ../WebCore/platform/network/soup/ResourceHandleSoup.cpp:326 #52 0x00007ffff3d66aad in final_finished (req=0x11b7ab0, user_data=<value optimized out>) at soup-session-async.c:384 #53 0x00007ffff2ea944e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #54 0x00007ffff2ebdb00 in ?? () from /usr/lib/libgobject-2.0.so.0 #55 0x00007ffff2ebe8cf in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #56 0x00007ffff2ebedd3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #57 0x00007ffff3d5cb0f in soup_message_io_finished (msg=0x11b7ab0) at soup-message-io.c:177 #58 0x00007ffff2ea944e in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #59 0x00007ffff2ebd513 in ?? () from /usr/lib/libgobject-2.0.so.0 #60 0x00007ffff2ebe8cf in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #61 0x00007ffff2ebedd3 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #62 0x00007ffff3d68b91 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1245 #63 0x00007ffff280a90e in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #64 0x00007ffff280e2c8 in ?? () from /lib/libglib-2.0.so.0 #65 0x00007ffff280e725 in g_main_loop_run () from /lib/libglib-2.0.so.0 #66 0x00007ffff40d69e7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #67 0x0000000000435193 in main (argc=1, argv=0x7fffffffdce8) at /tmp/buildd/epiphany-browser-2.29.91/src/ephy-main.c:741
Attachments
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2011-02-22 10:46:32 PST
Is this still reproducible? See also
bug 33562
,
bug 41903
.
Gustavo Noronha (kov)
Comment 2
2013-08-09 14:02:55 PDT
I can't reproduce this anymore, no.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug