UNCONFIRMED 65161
Midori Segmentation Fault caused by Javascript Core (WebKit GTK+) 
https://bugs.webkit.org/show_bug.cgi?id=65161
Summary Midori Segmentation Fault caused by Javascript Core (WebKit GTK+)
Max
Reported 2011-07-25 21:06:36 PDT
While loading a google search result, Midori segfaulted while running in gdb, and the segfault seems to be caused by something Javascript in webkitgtk (at which point this goes above my head). backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff4d9b0ea in JSC::StructureStubInfo::deref() () from /usr/lib/libwebkitgtk-1.0.so.0 (gdb) bt*** NSPlugin Viewer *** ERROR: rpc_end_sync called when not in sync! #0 0x00007ffff4d9b0ea in JSC::StructureStubInfo::deref() () from /usr/lib/libwebkitgtk-1.0.so.0 #1 0x00007ffff4d98baf in JSC::CodeBlock::~CodeBlock() () from /usr/lib/libwebkitgtk-1.0.so.0 #2 0x00007ffff4e5cfa2 in JSC::FunctionCodeBlock::~FunctionCodeBlock() () from /usr/lib/libwebkitgtk-1.0.so.0 #3 0x00007ffff4e5c647 in JSC::FunctionExecutable::~FunctionExecutable() () from /usr/lib/libwebkitgtk-1.0.so.0 #4 0x00007ffff4e45bb8 in JSC::MarkedBlock::sweep() () from /usr/lib/libwebkitgtk-1.0.so.0 #5 0x00007ffff4e45e7b in JSC::MarkedSpace::sweep() () from /usr/lib/libwebkitgtk-1.0.so.0 #6 0x00007ffff4e47868 in JSC::Heap::reset(JSC::Heap::SweepToggle) () from /usr/lib/libwebkitgtk-1.0.so.0 #7 0x00007ffff4248cc5 in WebCore::collect(void*) () from /usr/lib/libwebkitgtk-1.0.so.0 #8 0x00007ffff47043f2 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /usr/lib/libwebkitgtk-1.0.so.0 #9 0x00007ffff41322c2 in WebCore::timeout_cb(void*) () from /usr/lib/libwebkitgtk-1.0.so.0 #10 0x00007ffff5d32b9b in ?? () from /usr/lib/libglib-2.0.so.0 #11 0x00007ffff5d3129d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #12 0x00007ffff5d31a78 in ?? () from /usr/lib/libglib-2.0.so.0 #13 0x00007ffff5d320ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #14 0x00007ffff74542d7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #15 0x0000000000424a77 in main () (gdb) and yes, the NSPluginViewer bit did occur right there and I have no idea how it could have. Will post if I get more information, and please let me know if I can help. (Haven't found a reliable way to reproduce, but I just started doing this against an un-stripped webkitgtk so perhaps I'll learn more as I get this crash and meaningful backtraces.)
Attachments
Add attachment proposed patch, testcase, etc.
Martin Robinson
Comment 1 2011-07-27 23:04:57 PDT
What version of WebKitGTK+ did you observe this with?
Max
Comment 2 2011-07-28 17:07:47 PDT
observed on webkitgtk 1.4.2
Max
Comment 3 2011-07-28 17:08:49 PDT
Refreshing pages on Google Plus seems to be a reliable way to reproduce. Navigating to Google+ does not seem to cause any issues, but quite often a refresh on a Google+ page will.
Martin Robinson
Comment 4 2012-03-31 12:43:04 PDT
(In reply to comment #3) > Refreshing pages on Google Plus seems to be a reliable way to reproduce. Navigating to Google+ does not seem to cause any issues, but quite often a refresh on a Google+ page will. Do you still see this issue with the 1.8 release?
Note You need to log in before you can comment on or make changes to this bug.