MantisBT - NetSurf
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002569NetSurfGTK-specificpublic2017-10-27 10:522018-08-29 14:57
ReporterAnthony J. Bentley 
Assigned ToVincent Sanders 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOpenBSDOS Version
Product Version3.7 
Target Version3.8Fixed in Version3.8 
Fixed in CI build #4259
Reported in CI build #
URL of problem page
Summary0002569: Bus error when search box is removed
DescriptionThis bug was reported to me by a user, and I've been able to reproduce it.

If toolbar icons have been customized, NetSurf frequently crashes on startup:

$ netsurf-gtk
Bus error (core dumped)
Steps To ReproduceIf you remove the search bar with the toolbar customise command, it generates the following Choices file:

accept_language:en
toolbar_status_size:6673
button_type:2
toolbar_order:0;0|1;1|2;2|3;3|4;4|5;5|6;6|7;-1|8;7|9;-1|10;-1|11;-1|12;-1|13;-1|14;-1|15;-1|16;-1|17;-1|18;-1|19;-1|20;-1|21;-1|22;-1|23;-1|24;-1|25;-1|26;-1|27;-1|28;-1|29;-1|30;-1|31;-1|32;-1|33;-1|34;-1|35;-1|36;-1|37;-1|38;-1|39;-1|40;-1|41;-1|42;-1|43;-1|44;-1|45;-1|46;-1|47;-1|48;-1|49;-1|50;-1|

If I remove the Choices file it stops crashing. If I copy the Choices file to another machine that NetSurf starts crashing too.
Additional InformationBacktrace:

Program received signal SIGBUS, Bus error.
g_type_check_instance_cast (type_instance=0xdfdfdfdfdfdfdfdf,
    iface_type=7566957525376) at gtype.c:4052
4052 gtype.c: No such file or directory.
(gdb) bt
#0 g_type_check_instance_cast (type_instance=0xdfdfdfdfdfdfdfdf,
    iface_type=7566957525376) at gtype.c:4052
#1 0x000006ded525f5a3 in nsgtk_entry_set_icon_from_stock (
    entry=0xdfdfdfdfdfdfdfdf, icon_pos=GTK_ENTRY_ICON_PRIMARY,
    id=0x6ded5443013 "gtk-find") at frontends/gtk/compat.c:181
0000002 0x000006ded5273d8a in gui_search_web_provider_update (
    provider_name=0x6e0e7e80700 "Google", provider_bitmap=<optimized out>)
    at frontends/gtk/scaffolding.c:2500
#3 0x000006ded524ee83 in search_web_select_provider (
    selection=<optimized out>) at desktop/searchweb.c:405
#4 0x000006ded526fa54 in nsgtk_new_scaffolding (toplevel=<optimized out>)
    at frontends/gtk/scaffolding.c:2282
#5 0x000006ded527c598 in gui_window_create (bw=0x6e15bfa5c00, existing=0x0,
    flags=GW_CREATE_NONE) at frontends/gtk/window.c:774
#6 0x000006ded523cd16 in browser_window_create (flags=BW_CREATE_HISTORY,
    url=0x6e1af260380, referrer=0x0, existing=0x6e1d1d0b980, bw=0x0)
    at desktop/browser.c:880
#7 0x000006ded52645ba in nsgtk_init (argc=<optimized out>,
    argv=0x7f7ffffdc308, respath=<optimized out>) at frontends/gtk/gui.c:343
#8 main (argc=<optimized out>, argv=0x7f7ffffdc308)
    at frontends/gtk/gui.c:1187

The 0xdfdfdfdf indicates a use-after-free (on OpenBSD freed memory is overwritten with 0xdf).
TagsNo tags attached.
Relationships
Attached Files

Notes
(0001698)
Vincent Sanders   
2017-12-10 23:31   
the handling of toolbar configuration is somewhat buggy.

I have generally improved this handling including removing several buggy dialog window calls.

This bug as well as several others in this area are now gone.

Thanks for the report
(0001818)
Vincent Sanders   
2018-08-29 14:57   
Thank you for your report, this has been resolved in the 3.8 release

Issue History
Date ModifiedUsernameFieldChange
2017-10-27 10:52Anthony J. BentleyNew Issue
2017-12-10 23:31Vincent SandersAssigned To => Vincent Sanders
2017-12-10 23:31Vincent SandersReproducibilitysometimes => always
2017-12-10 23:31Vincent SandersStatusnew => resolved
2017-12-10 23:31Vincent SandersFixed in Version => 3.8
2017-12-10 23:31Vincent SandersFixed in CI build # => 4259
2017-12-10 23:31Vincent SandersNote Added: 0001698
2018-01-23 20:40Vincent SandersResolutionopen => fixed
2018-08-28 11:42Vincent SandersTarget Version => 3.8
2018-08-29 14:57Vincent SandersStatusresolved => closed
2018-08-29 14:57Vincent SandersNote Added: 0001818