[Webkit-unassigned] [Bug 20267] New: Crash on some pages due to a plugin
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Aug 3 04:46:46 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20267
Summary: Crash on some pages due to a plugin
Product: WebKit
Version: 526+ (Nightly build)
Platform: PC
OS/Version: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: pterjan at gmail.com
I get a crash on http://www.mandriva.com/en/community and someone reported the
same on another page on http://bugzilla.gnome.org/show_bug.cgi?id=542804
I get it both with midori and epiphany using r35417, the following trace is
from epiphany.
#0 0xb6717bfb in strlen () from /lib/i686/libc.so.6
No symbol table info available.
#1 0xb7818a0e in WebCore::String::fromUTF8 (string=0x696469 <Address 0x696469
out of bounds>) at WebCore/platform/text/String.cpp:590
No locals.
#2 0xb7a568e7 in WebCore::PluginPackage::fetchInfo (this=0xb3365000) at
WebCore/plugins/gtk/PluginPackageGtk.cpp:78
mimeData = (gchar **) 0x8e31280
description = {m_impl = {m_ptr = 0xb33af708}}
extensions = (gchar **) 0x8e34058
extVector = {m_size = 0, m_buffer =
{<WTF::VectorBufferBase<WebCore::String>> = {<WTFNoncopyable::Noncopyable> =
{<No data fields>},
m_buffer = 0x0, m_capacity = 16}, <No data fields>}}
NP_GetMIMEDescription = (NP_GetMIMEDescriptionFuncPtr) 0xb3104c80
<NP_GetMIMEDescription>
NPP_GetValue = (NPP_GetValueProcPtr) 0xb3104c50 <NP_GetValue>
mimeDescs = (gchar **) 0x8e33fd8
buffer = 0x1c0 <Address 0x1c0 out of bounds>
err = 25705
#3 0xb783275c in WebCore::PluginPackage::createPackage (path=@0xb38ba3c8,
lastModified=@0xbf86e3bc) at WebCore/plugins/PluginPackage.cpp:149
No locals.
#4 0xb782bbdf in WebCore::PluginDatabase::refresh (this=0xb4aa9ea0) at
WebCore/plugins/PluginDatabase.cpp:109
lastModified = 1215766805
package = {m_ptr = 0x0}
pluginSetChanged = false
paths = {m_impl = {static m_minTableSize = <optimized out>, static
m_maxLoad = <optimized out>, static m_minLoad = <optimized out>,
m_table = 0xb38ba300, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount =
7, m_deletedCount = 0}}
pathsWithTimes = {m_impl = {static m_minTableSize = <optimized out>,
static m_maxLoad = <optimized out>,
static m_minLoad = <optimized out>, m_table = 0xb33b5400, m_tableSize = 64,
m_tableSizeMask = 63, m_keyCount = 5, m_deletedCount = 0}}
#5 0xb782c9a9 in WebCore::PluginDatabase::installedPlugins () at
WebCore/plugins/PluginDatabase.cpp:44
plugins = (WebCore::PluginDatabase *) 0xb4aa9ea0
#6 0xb7a55ae7 in WebCore::PluginData::initPlugins (this=0xb332f080) at
WebCore/plugins/gtk/PluginDataGtk.cpp:32
db = (WebCore::PluginDatabase *) 0x696469
#7 0xb78289ed in PluginData (this=0xb332f080, page=0xb4aa8d90) at
WebCore/plugins/PluginData.cpp:32
No locals.
#8 0xb77d5c42 in WebCore::Page::pluginData (this=0xb4aa8d90) at
WebCore/plugins/PluginData.h:49
No locals.
#9 0xb7827bec in WebCore::MimeTypeArray::getPluginData (this=0xb34fb558) at
WebCore/plugins/MimeTypeArray.cpp:91
p = (class WebCore::Page *) 0x696469
#10 0xb7827c0f in WebCore::MimeTypeArray::length (this=0xb34fb558) at
WebCore/plugins/MimeTypeArray.cpp:41
data = (WebCore::PluginData *) 0x8df99a8
#11 0xb7b17b4f in WebCore::JSMimeTypeArray::getValueProperty (this=0xb35e25e0,
exec=0xbf86ec9c, token=0)
at DerivedSources/JSMimeTypeArray.cpp:112
No locals.
#12 0xb7c1a634 in KJS::Machine::privateExecute (this=0xb4b2bc40,
flag=KJS::Machine::Normal, exec=0xbf86ec9c, registerFile=0xb4b2bc58,
r=0xb36191f8, scopeChain=0xb33ae350, codeBlock=0xb33b4000,
exception=0xbf86ed00) at JavaScriptCore/kjs/PropertySlot.h:61
dst = 0
ident = (KJS::Identifier &) @0xb33b7ab4: {_ustring = {m_rep = {m_ptr =
0xb4b90a80}}}
result = (class KJS::JSValue *) 0x8df99a8
exceptionValue = (class KJS::JSValue *) 0x0
handlerVPC = (class KJS::Instruction *) 0x0
registerBase = (class KJS::Register *) 0xb3619000
k = (class KJS::Register *) 0xb33b7a50
tickCount = 250
#13 0xb7c20318 in KJS::Machine::execute (this=0xb4b2bc40,
programNode=0xb33b1640, exec=0xb388d640, scopeChain=0xb385f4b0,
thisObj=0xb3600000,
exception=0xbf86ed00) at JavaScriptCore/VM/Machine.cpp:735
oldSize = 0
newSize = <value optimized out>
lastGlobalObject = (class KJS::JSGlobalObject *) 0xb3600020
globalObject = (class KJS::JSGlobalObject *) 0xb3600020
callFrame = <value optimized out>
r = (class KJS::Register *) 0xb361902c
newExec = {<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_globalObject = 0xb3600020, m_globalThisValue = 0xb3600000,
m_exception = 0x0, m_globalData = 0xb4aa3320, m_prev = 0xb388d640,
m_registerFile = 0xb4b2bc58, m_scopeChain = 0xb33ae350,
m_callFrame = 0xb36191c0}
result = <value optimized out>
#14 0xb7ca2d82 in KJS::Interpreter::evaluate (exec=0xb388d640,
scopeChain=@0xb38456dc, sourceURL=@0xbf86ed70, startingLineNumber=6906985,
source={m_ptr = 0x8df99a8}, thisValue=0xb3600000) at
JavaScriptCore/kjs/interpreter.cpp:83
sourceId = 10
errLine = -1
errMsg = {m_rep = {m_ptr = 0xb7f19700}}
programNode = {m_ptr = 0xb33b1640}
thisObj = (class KJS::JSObject *) 0x8df99a8
exception = (class KJS::JSValue *) 0x0
result = (class KJS::JSValue *) 0xb388d640
#15 0xb753f34f in WebCore::ScriptController::evaluate (this=0xb4ab0928,
sourceURL=@0xbf86ee1c, baseLine=6906985, str=@0x696469)
at WebCore/bindings/js/ScriptController.cpp:92
exec = (class KJS::ExecState *) 0xb388d640
savedSourceURL = (const WebCore::String *) 0x0
lock = {<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_lockingForReal = false}
#16 0xb774ff92 in WebCore::FrameLoader::executeScript (this=0xb4ab06a4,
url=@0xbf86ee1c, baseLine=1, script=@0xbf86f048)
at WebCore/loader/FrameLoader.cpp:790
wasRunningScript = false
result = <value optimized out>
#17 0xb7713963 in WebCore::HTMLTokenizer::scriptExecution (this=0xb4af8400,
str=@0xbf86f048, state=
{static EntityShift = <optimized out>, m_bits = 0},
scriptURL=@0xbf86f044, baseLine=1) at WebCore/html/HTMLTokenizer.cpp:546
url = {m_impl = {m_ptr = 0xb4b1a348}}
savedPrependingSrc = (WebCore::SegmentedString *) 0xbf86f120
prependingSrc = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString
= {m_length = 0, m_current = 0x0, m_string = {m_impl = {
m_ptr = 0x0}}, m_doNotExcludeLineNumbers = true}, m_currentChar = 0x0,
m_substrings = {m_start = 0, m_end = 0,
m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x0,
m_capacity = 0}, <No data fields>}}, m_composite = false}
#18 0xb771b908 in WebCore::HTMLTokenizer::notifyFinished (this=0xb4af8400) at
WebCore/html/HTMLTokenizer.cpp:1994
cs = (class WebCore::CachedScript *) 0xb4b1d960
scriptSource = {m_impl = {m_ptr = 0xb4b1a480}}
errorOccurred = 72
cachedScriptUrl = {m_impl = {m_ptr = 0xb4b1a348}}
n = {m_ptr = 0xb4aa35a0}
finished = false
#19 0xb7732093 in WebCore::CachedScript::addClient (this=0xb4b1d960,
c=0xb4af8408) at WebCore/loader/CachedScript.cpp:58
No locals.
#20 0xb77163b0 in WebCore::HTMLTokenizer::scriptHandler (this=0xb4af8400,
state={static EntityShift = <optimized out>, m_bits = 6906985})
at WebCore/html/HTMLTokenizer.cpp:474
savedRequestingScript = false
doScriptExec = false
followingFrameset = false
cs = (class WebCore::CachedScript *) 0xb4b1d960
scriptCode = {m_impl = {m_ptr = 0xb4aa42b8}}
savedPrependingSrc = (WebCore::SegmentedString *) 0x0
prependingSrc = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString
= {m_length = 0, m_current = 0x0, m_string = {m_impl = {
m_ptr = 0x0}}, m_doNotExcludeLineNumbers = true}, m_currentChar = 0x0,
m_substrings = {m_start = 0, m_end = 0,
m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x0,
m_capacity = 0}, <No data fields>}}, m_composite = false}
#21 0xb7716f6f in WebCore::HTMLTokenizer::parseSpecial (this=0xb4af8400,
src=@0xb4af8d4c, state=
{static EntityShift = <optimized out>, m_bits = 128}) at
WebCore/html/HTMLTokenizer.cpp:334
ch = 62
lastDecodedEntityPosition = -1
#22 0xb771924c in WebCore::HTMLTokenizer::parseTag (this=0xb4af8400,
src=@0xb4af8d4c, state=
{static EntityShift = <optimized out>, m_bits = 148871592}) at
WebCore/html/HTMLTokenizer.cpp:1517
tagName = {m_string = {m_impl = {m_ptr = 0xb4ab7018}}}
isSelfClosingScript = false
beginTag = true
n = {m_ptr = 0xb4aa35a0}
cBufferPos = 0
lastIsSlash = false
#23 0xb7719e47 in WebCore::HTMLTokenizer::write (this=0xb4af8400,
str=@0xbf86f464, appendData=true) at WebCore/html/HTMLTokenizer.cpp:1735
cc = 39336
source = {m_pushedChar1 = 0, m_pushedChar2 = 0, m_currentString =
{m_length = 0, m_current = 0x0, m_string = {m_impl = {m_ptr = 0x0}},
m_doNotExcludeLineNumbers = true}, m_currentChar = 0x0, m_substrings =
{m_start = 0, m_end = 0,
m_buffer = {<WTF::VectorBufferBase<WebCore::SegmentedSubstring>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>},
m_buffer = 0xb34c0688, m_capacity = 0}, <No data fields>}}, m_composite
= false}
wasInWrite = false
processedCount = 2
startTime = 1217763892.2606039
frame = (class WebCore::Frame *) 0xb4aa60b8
#24 0xb7713760 in WebCore::HTMLTokenizer::timerFired (this=0xb4af8400) at
WebCore/html/HTMLTokenizer.cpp:1814
No locals.
#25 0xb771bb0f in WebCore::Timer<WebCore::HTMLTokenizer>::fired
(this=0xb4af851c) at WebCore/platform/Timer.h:99
No locals.
#26 0xb7826c39 in WebCore::TimerBase::fireTimers (fireTime=1217763889.214427,
firingTimers=@0xbf86f534) at WebCore/platform/Timer.cpp:347
timer = (class WebCore::TimerBase *) 0xb4af851c
interval = 0
#27 0xb7826d23 in WebCore::TimerBase::sharedTimerFired () at
WebCore/platform/Timer.cpp:368
fireTime = 1217763889.214427
firingTimers = {m_size = 6,
m_buffer = {<WTF::VectorBufferBase<WebCore::TimerBase*>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0xb4aa2e80,
m_capacity = 16}, <No data fields>}}
firingTimersSet = {m_impl = {static m_minTableSize = <optimized out>,
static m_maxLoad = <optimized out>,
static m_minLoad = <optimized out>, m_table = 0xb4aac600, m_tableSize = 64,
m_tableSizeMask = 63, m_keyCount = 0, m_deletedCount = 6}}
#28 0xb7a6d6ab in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48
No locals.
#29 0xb684e7d0 in g_idle_dispatch (source=0x8e0ff60, callback=0x696469,
user_data=0x0) at gmain.c:4173
No locals.
#30 0xb685079a in IA__g_main_context_dispatch (context=0x88ecac8) at
gmain.c:2068
No locals.
#31 0xb6853eb8 in g_main_context_iterate (context=0x88ecac8, block=1,
dispatch=1, self=0x88c7048) at gmain.c:2701
max_priority = 0
timeout = 0
some_ready = 1
nfds = 11
allocated_nfds = <value optimized out>
fds = (GPollFD *) 0x8958dc0
__PRETTY_FUNCTION__ = "g_main_context_iterate"
#32 0xb68543cb in IA__g_main_loop_run (loop=0x8939ce8) at gmain.c:2924
self = (GThread *) 0x88c7048
__PRETTY_FUNCTION__ = "IA__g_main_loop_run"
#33 0xb6fd2b4f in IA__gtk_main () at gtkmain.c:1172
tmp_list = (GList *) 0x27
functions = (GList *) 0x0
init = (GtkInitFunction *) 0x0
loop = (GMainLoop *) 0x8939ce8
#34 0x080699ca in main (argc=Cannot access memory at address 0x1
) at ephy-main.c:742
program = <value optimized out>
option_context = <value optimized out>
option_group = <value optimized out>
proxy = <value optimized out>
error = (GError *) 0x0
user_time = 3213297796
env = <value optimized out>
enable_pango = <value optimized out>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list