[Webkit-unassigned] [Bug 65161] New: Midori Segmentation Fault caused by Javascript Core (WebKit GTK+)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 25 21:06:36 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=65161

           Summary: Midori Segmentation Fault caused by Javascript Core
                    (WebKit GTK+)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: archerseven at gmail.com


While loading a google search result, Midori segfaulted while running in gdb, and the segfault seems to be caused by something Javascript in webkitgtk (at which point this goes above my head).

backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4d9b0ea in JSC::StructureStubInfo::deref() () from /usr/lib/libwebkitgtk-1.0.so.0
(gdb) bt*** NSPlugin Viewer  *** ERROR: rpc_end_sync called when not in sync!

#0  0x00007ffff4d9b0ea in JSC::StructureStubInfo::deref() () from /usr/lib/libwebkitgtk-1.0.so.0
#1  0x00007ffff4d98baf in JSC::CodeBlock::~CodeBlock() () from /usr/lib/libwebkitgtk-1.0.so.0
#2  0x00007ffff4e5cfa2 in JSC::FunctionCodeBlock::~FunctionCodeBlock() () from /usr/lib/libwebkitgtk-1.0.so.0
#3  0x00007ffff4e5c647 in JSC::FunctionExecutable::~FunctionExecutable() () from /usr/lib/libwebkitgtk-1.0.so.0
#4  0x00007ffff4e45bb8 in JSC::MarkedBlock::sweep() () from /usr/lib/libwebkitgtk-1.0.so.0
#5  0x00007ffff4e45e7b in JSC::MarkedSpace::sweep() () from /usr/lib/libwebkitgtk-1.0.so.0
#6  0x00007ffff4e47868 in JSC::Heap::reset(JSC::Heap::SweepToggle) () from /usr/lib/libwebkitgtk-1.0.so.0
#7  0x00007ffff4248cc5 in WebCore::collect(void*) () from /usr/lib/libwebkitgtk-1.0.so.0
#8  0x00007ffff47043f2 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /usr/lib/libwebkitgtk-1.0.so.0
#9  0x00007ffff41322c2 in WebCore::timeout_cb(void*) () from /usr/lib/libwebkitgtk-1.0.so.0
#10 0x00007ffff5d32b9b in ?? () from /usr/lib/libglib-2.0.so.0
#11 0x00007ffff5d3129d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#12 0x00007ffff5d31a78 in ?? () from /usr/lib/libglib-2.0.so.0
#13 0x00007ffff5d320ba in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#14 0x00007ffff74542d7 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#15 0x0000000000424a77 in main ()
(gdb) 

and yes, the NSPluginViewer bit did occur right there and I have no idea how it could have.

Will post if I get more information, and please let me know if I can help.

(Haven't found a reliable way to reproduce, but I just started doing this against an un-stripped webkitgtk so perhaps I'll learn more as I get this crash and meaningful backtraces.)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list