49144 – [gtk?] segfault in JSC::JSCell::put JavaScriptCore/runtime/JSCell.cpp:143

Bug 49144 - [gtk?] segfault in JSC::JSCell::put JavaScriptCore/runtime/JSCell.cpp:143

Summary: [gtk?] segfault in JSC::JSCell::put JavaScriptCore/runtime/JSCell.cpp:143

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-11-07 09:31 PST by Frederik Himpe
Modified:	2010-11-09 16:47 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frederik Himpe 2010-11-07 09:31:09 PST

Using Epiphany 2.30.6 and webkigtk 1.2.5 on Debian Squeeze AMD64, I experienced this crash when loading the identi.ca log in page. The crash probably happend while it was loading my password from GNOME's keyring. 

Program terminated with signal 11, Segmentation fault.
#0  0x00007f4fa5869117 in JSC::JSCell::put (this=<value optimized out>, exec=0x7f4f83cb5748, identifier=..., value=..., 
    slot=<value optimized out>) at ../JavaScriptCore/runtime/JSCell.cpp:143
143	../JavaScriptCore/runtime/JSCell.cpp: No such file or directory.
	in ../JavaScriptCore/runtime/JSCell.cpp
Current language:  auto
The current source language is "auto; currently c++".
(gdb) thread apply all bt

Thread 6 (Thread 19546):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4f8afc5d4e in queue_processor(void*) () from /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#3  0x00007f4fa1eb902d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()

Thread 5 (Thread 19547):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4f8afc5d4e in queue_processor(void*) () from /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#3  0x00007f4fa1eb902d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()
Current language:  auto
The current source language is "auto; currently asm".

Thread 4 (Thread 19548):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4f8afc5d4e in queue_processor(void*) () from /usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#3  0x00007f4fa1eb902d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()

Thread 3 (Thread 19522):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4fa5598278 in WebCore::IconDatabase::syncThreadMainLoop (this=0x7f4f92646a00) at ../WebCore/loader/icon/IconDatabase.cpp:1412
#2  0x00007f4fa5598341 in WebCore::IconDatabase::iconDatabaseSyncThread (this=0x7f4f92646a00) at ../WebCore/loader/icon/IconDatabase.cpp:1030
#3  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#4  0x00007f4fa1eb902d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 2 (Thread 19521):
#0  0x00007f4fa1e8a78d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007f4fa1e8a600 in __sleep (seconds=<value optimized out>) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007f4fa58a91b6 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7f4fa610b160) at ../JavaScriptCore/wtf/FastMalloc.cpp:2382
#3  0x00007f4fa58a9249 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7f4f92f36d60) at ../JavaScriptCore/wtf/FastMalloc.cpp:1501
#4  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at pthread_create.c:300
#5  0x00007f4fa1eb902d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
---Type <return> to continue, or q <return> to quit---
#6  0x0000000000000000 in ??
Thread 1 (Thread 19520):
#0  0x00007f4fa5869117 in JSC::JSCell::put (this=<value optimized out>, exec=0x7f4f83cb5748, identifier=..., value=..., 
    slot=<value optimized out>) at ../JavaScriptCore/runtime/JSCell.cpp:143
#1  0x00007f4fa5762399 in JSObjectSetProperty (ctx=0x7f4f83cb5748, object=0x7f4f88ecf080, propertyName=<value optimized out>, 
    value=<value optimized out>, attributes=0, exception=0x0) at ../JavaScriptCore/API/JSObjectRef.cpp:280
#2  0x0000000000481a0d in fill_form_cb (retval=<value optimized out>, results=<value optimized out>, user_data=<value optimized out>)
    at ephy-web-view.c:776
#3  0x00007f4fa67c3d81 in ?? () from /usr/lib/libgnome-keyring.so.0
#4  0x00007f4fa67c743e in ?? () from /usr/lib/libgnome-keyring.so.0
#5  0x00007f4fa67be96c in ?? () from /usr/lib/libgnome-keyring.so.0
#6  0x00007f4fa635fdca in complete_pending_call_and_unlock (connection=0x1376250, pending=0x3afa1a0, message=<value optimized out>)
    at dbus-connection.c:2234
#7  0x00007f4fa636202f in dbus_connection_dispatch (connection=0x1376250) at dbus-connection.c:4397
#8  0x00007f4fa67c8d75 in ?? () from /usr/lib/libgnome-keyring.so.0
#9  0x00007f4fa28ac6f2 in g_main_dispatch (context=0xfca4e0) at /scratch/build-area/glib2.0-2.24.2/glib/gmain.c:1960
#10 IA__g_main_context_dispatch (context=0xfca4e0) at /scratch/build-area/glib2.0-2.24.2/glib/gmain.c:2513
#11 0x00007f4fa28b0568 in g_main_context_iterate (context=0xfca4e0, block=<value optimized out>, dispatch=<value optimized out>, 
    self=<value optimized out>) at /scratch/build-area/glib2.0-2.24.2/glib/gmain.c:2591
#12 0x00007f4fa28b0a75 in IA__g_main_loop_run (loop=0x106db10) at /scratch/build-area/glib2.0-2.24.2/glib/gmain.c:2799
#13 0x00007f4fa463c6b7 in IA__gtk_main () at /scratch/build-area/gtk+2.0-2.20.1/gtk/gtkmain.c:1219
#14 0x00000000004359a3 in main (argc=1, argv=0x7fff208f3518) at ephy-main.c:741
Current language:  auto
The current source language is "auto; currently c++".

Comment 1 Alexey Proskuryakov 2010-11-07 16:58:10 PST

Is this reproducible?

Comment 2 Xan Lopez 2010-11-07 20:49:19 PST

We don't do this anymore, so this is fixed upstream. Besides, it's almost certain that the bug was in the way we used JSC, not in JSC itself. Thanks for reporting it though!

Comment 3 Frederik Himpe 2010-11-09 10:13:45 PST

It's reproducable like this:

- go to http://identi.ca
- click on register
- click on login

Epiphany fills in my saved username in the login form, but before the password is filled in, it crashes.

The crash only happens when I have loaded the register page before opening the login page.

Comment 4 Xan Lopez 2010-11-09 16:47:52 PST

(In reply to comment #3)
> It's reproducable like this:
> 
> - go to http://identi.ca
> - click on register
> - click on login
> 
> Epiphany fills in my saved username in the login form, but before the password is filled in, it crashes.
> 
> The crash only happens when I have loaded the register page before opening the login page.

You need to use Epiphany 2.91.x for this bug to be fixed.