65161 – Midori Segmentation Fault caused by Javascript Core (WebKit GTK+)

Bug 65161 - Midori Segmentation Fault caused by Javascript Core (WebKit GTK+)

Summary: Midori Segmentation Fault caused by Javascript Core (WebKit GTK+)

Status:	UNCONFIRMED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKitGTK (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	Gtk

Depends on:
Blocks:

Reported:	2011-07-25 21:06 PDT by Max
Modified:	2017-03-11 10:59 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Max 2011-07-25 21:06:36 PDT

While loading a google search result, Midori segfaulted while running in gdb, and the segfault seems to be caused by something Javascript in webkitgtk (at which point this goes above my head).

backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4d9b0ea in JSC::StructureStubInfo::deref() () from /usr/lib/libwebkitgtk-1.0.so.0
(gdb) bt*** NSPlugin Viewer  *** ERROR: rpc_end_sync called when not in sync!

#0  0x00007ffff4d9b0ea in JSC::StructureStubInfo::deref() () from /usr/lib/libwebkitgtk-1.0.so.0
#1  0x00007ffff4d98baf in JSC::CodeBlock::~CodeBlock() () from /usr/lib/libwebkitgtk-1.0.so.0
#2  0x00007ffff4e5cfa2 in JSC::FunctionCodeBlock::~FunctionCodeBlock() () from /usr/lib/libwebkitgtk-1.0.so.0
#3  0x00007ffff4e5c647 in JSC::FunctionExecutable::~FunctionExecutable() () from /usr/lib/libwebkitgtk-1.0.so.0
#4  0x00007ffff4e45bb8 in JSC::MarkedBlock::sweep() () from /usr/lib/libwebkitgtk-1.0.so.0
#5  0x00007ffff4e45e7b in JSC::MarkedSpace::sweep() () from /usr/lib/libwebkitgtk-1.0.so.0
#6  0x00007ffff4e47868 in JSC::Heap::reset(JSC::Heap::SweepToggle) () from /usr/lib/libwebkitgtk-1.0.so.0
#7  0x00007ffff4248cc5 in WebCore::collect(void*) () from /usr/lib/libwebkitgtk-1.0.so.0
#8  0x00007ffff47043f2 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /usr/lib/libwebkitgtk-1.0.so.0
#9  0x00007ffff41322c2 in WebCore::timeout_cb(void*) () from /usr/lib/libwebkitgtk-1.0.so.0
#10 0x00007ffff5d32b9b in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00007ffff5d3129d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0x00007ffff5d31a78 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0x00007ffff5d320ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x00007ffff74542d7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x0000000000424a77 in main ()
(gdb) 

and yes, the NSPluginViewer bit did occur right there and I have no idea how it could have.

Will post if I get more information, and please let me know if I can help.

(Haven't found a reliable way to reproduce, but I just started doing this against an un-stripped webkitgtk so perhaps I'll learn more as I get this crash and meaningful backtraces.)

Comment 1 Martin Robinson 2011-07-27 23:04:57 PDT

What version of WebKitGTK+ did you observe this with?

Comment 2 Max 2011-07-28 17:07:47 PDT

observed on webkitgtk 1.4.2

Comment 3 Max 2011-07-28 17:08:49 PDT

Refreshing pages on Google Plus seems to be a reliable way to reproduce.   Navigating to Google+ does not seem to cause any issues, but quite often a refresh on a Google+ page will.

Comment 4 Martin Robinson 2012-03-31 12:43:04 PDT

(In reply to comment #3)
> Refreshing pages on Google Plus seems to be a reliable way to reproduce.   Navigating to Google+ does not seem to cause any issues, but quite often a refresh on a Google+ page will.

Do you still see this issue with the 1.8 release?