Notes |
|
(0000968)
|
Dave Higton
|
2015-10-20 19:19
(Last edited: 2015-10-20 19:26) |
|
Andrew Pinder also reported a crash when visiting http://www.lonelyplanet.com/jordan/shopping/souvenir-gifts with JS enabled but was unable to report the bug. I have reproduced his crash and attached the resulting log as APinder.zip
A null node is pushed. The next bit of code attempts to reference this node, which is presumably the point at which the crash occurs.
It seems to me that two things can be done:
1) Working forwards: Don't push null nodes; this should be enough to prevent the crash.
2) Working backwards: find out why there was an attempt to push a null node. This is not so easy!
|
|
|
|
(5.445954) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function
(5.445961) build-Linux-gtk/duktape/event_target.c:45 dukky_event_target___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445967) build-Linux-gtk/duktape/node.c:46 dukky_node___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445972) build-Linux-gtk/duktape/element.c:47 dukky_element___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445978) build-Linux-gtk/duktape/html_element.c:46 dukky_html_element___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445983) build-Linux-gtk/duktape/html_div_element.c:46 dukky_html_div_element___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445995) javascript/duktape/dukky.c:77 dukky_create_object: name=NETSURF_DUKTAPE_PROTOTYPE_NODELIST nargs=1
(5.446003) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function
(5.446015) build-Linux-gtk/duktape/node_list.c:45 dukky_node_list___init: Initialise 0x1f8cec0 (priv=0x1c15420)
(5.446021) javascript/duktape/dukky.c:90 dukky_create_object: created
(5.446028) NodeList.bnd:22 dukky_node_list___fini: Finalise 0x1f8cec0
(5.446043) javascript/duktape/dukky.c:219 dukky_push_node: Pushing node 0x1f938a0
(5.446054) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function
(5.446061) build-Linux-gtk/duktape/event_target.c:45 dukky_event_target___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446066) build-Linux-gtk/duktape/node.c:46 dukky_node___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446072) build-Linux-gtk/duktape/element.c:47 dukky_element___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446077) build-Linux-gtk/duktape/html_element.c:46 dukky_html_element___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446082) build-Linux-gtk/duktape/html_div_element.c:46 dukky_html_div_element___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446091) javascript/duktape/dukky.c:219 dukky_push_node: Pushing node (nil)
|
|
|
|
#0 dukky_push_node (ctx=ctx@entry=0x128ceb0, node=0x0) at javascript/duktape/dukky.c:245
#1 0x00000000004f7ddd in dukky_node_lastChild_getter (ctx=0x128ceb0) at Node.bnd:149
0000002 0x0000000000593581 in duk_handle_call (thr=0x128ceb0, num_stack_args=1, call_flags=0) at duk_js_call.c:1364
#3 0x00000000005a48f4 in duk_hobject_getprop (thr=thr@entry=0x128ceb0, tv_obj=0x7fffffffb680,
tv_key=0x7fffffffb690) at duk_hobject_props.c:2582
#4 0x000000000059130f in duk_js_execute_bytecode (exec_thr=exec_thr@entry=0x128ceb0) at duk_js_executor.c:2848
#5 0x0000000000593841 in duk_handle_call (thr=0x128ceb0, num_stack_args=0, call_flags=0) at duk_js_call.c:1471
#6 0x00000000005af269 in duk_eval_raw (ctx=ctx@entry=0x128ceb0, src_buffer=src_buffer@entry=0x0,
src_length=src_length@entry=0, flags=flags@entry=1) at duk_api_compile.c:44
#7 0x000000000058a3bf in eval_top_string (ctx=0x128ceb0,
ctx@entry=<error reading variable: Cannot access memory at address 0xa2>) at javascript/duktape/dukky.c:355
#8 0x0000000000597dc4 in duk_handle_safe_call (
thr=<error reading variable: Cannot access memory at address 0xa2>,
func=func@entry=0x58a3a0 <eval_top_string>, num_stack_args=num_stack_args@entry=1,
num_stack_rets=num_stack_rets@entry=1) at duk_js_call.c:1876
#9 0x0000000000598064 in duk_safe_call (ctx=<optimized out>, func=func@entry=0x58a3a0 <eval_top_string>,
nargs=nargs@entry=1, nrets=nrets@entry=1) at duk_api_call.c:221
#10 0x000000000058ad91 in js_exec (ctx=0xe31070,
txt=0x7fffe42e4010 "/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license\r\n//@ sourceMappingURL=jquery.min.map\r\n*/\r\n(function (e, t) {\r\n\tvar n, r, i = typeof t, o = e.document, a = e.location"..., txtlen=<optimized out>) at javascript/duktape/dukky.c:366 |
|
|
|
I've been able to generate a crash just by trying to go straight to www.lonelyplanet.com |
|
|
|
kinnison resolved our null node handling so the jquery no longer causes the segfault. lonely planet rendering is still utterly broken though. |
|
|
|
Confirmed resolved in 3.4 release |
|