MantisBT - NetSurf
View Issue Details
0002666NetSurfGTK-specificpublic2019-06-07 13:172019-07-19 08:28
ReporterVincent Sanders 
Assigned ToDaniel Silverstone 
PrioritynormalSeveritycrashReproducibilityalways
StatusclosedResolutionfixed 
PlatformDebianOSLinuxOS Version8
Product Version3.9 
Target Version3.9Fixed in Version 
Fixed in CI build #4662
Reported in CI build #
URL of problem pagehttps://ria.ru/
Summary0002666: visiting ria.ru website causes a segfault
Descriptionnavigate to https://ria.ru/ wait a few seconds and get a seg fault

turns out this is a GTK scheduler issue.
Additional InformationThread 1 "nsgtk" received signal SIGSEGV, Segmentation fault.
0x000055555565da32 in window_schedule_callback (p=0x555556283490)
    at build/Linux-gtk/duktape/window.c:139
139 RING_REMOVE(priv->owner->schedule_ring, priv);
(gdb) bt
#0 0x000055555565da32 in window_schedule_callback (p=0x555556283490)
    at build/Linux-gtk/duktape/window.c:139
#1 0x000055555572746a in schedule_run () at frontends/gtk/schedule.c:132
0000002 0x00005555557199d2 in nsgtk_main () at frontends/gtk/gui.c:429
#3 0x00005555555dd493 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
(gdb) list
134 NSLOG(dukky, DEEPDEBUG, "Rescheduling repeating callback %"PRIsizet, priv->handle);
135 guit->misc->schedule(priv->repeat_timeout, window_schedule_callback, priv);
136 } else {
137 NSLOG(dukky, DEEPDEBUG, "Removing completed callback %"PRIsizet, priv->handle);
138 /* Remove this from the ring */
139 RING_REMOVE(priv->owner->schedule_ring, priv);
140 window_remove_callback_bits(priv->ctx, priv->handle);
141 free(priv);
142 }
143 }
(gdb) p priv
$1 = (window_schedule_t *) 0x555556283490
(gdb) p *priv
$2 = {owner = 0x108004081, ctx = 0x555558be7cd0, r_next = 0x555557ccafb0, r_prev = 0x0,
  handle = 93825001981184, repeat_timeout = 0}
(gdb) p *priv->owner
Cannot access memory at address 0x108004081
(gdb)
TagsNo tags attached.
Attached Files

Notes
(0001941)
Vincent Sanders   
2019-06-07 13:33   
same for https://nypost.com/

Thread 1 "nsgtk" received signal SIGSEGV, Segmentation fault.
0x000055555565da2a in window_schedule_callback (p=0x5555578217a0)
    at build/Linux-gtk/duktape/window.c:139
139 RING_REMOVE(priv->owner->schedule_ring, priv);
(gdb) bt
#0 0x000055555565da2a in window_schedule_callback (p=0x5555578217a0)
    at build/Linux-gtk/duktape/window.c:139
#1 0x000055555572746a in schedule_run () at frontends/gtk/schedule.c:132
0000002 0x0000555555719970 in nsgtk_main () at frontends/gtk/gui.c:429
#3 0x00005555555dd493 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
(gdb) list
134 NSLOG(dukky, DEEPDEBUG, "Rescheduling repeating callback %"PRIsizet, priv->handle);
135 guit->misc->schedule(priv->repeat_timeout, window_schedule_callback, priv);
136 } else {
137 NSLOG(dukky, DEEPDEBUG, "Removing completed callback %"PRIsizet, priv->handle);
138 /* Remove this from the ring */
139 RING_REMOVE(priv->owner->schedule_ring, priv);
140 window_remove_callback_bits(priv->ctx, priv->handle);
141 free(priv);
142 }
143 }
(gdb) p print
$1 = 0
(gdb) p priv
$2 = (window_schedule_t *) 0x5555578217a0
(gdb) p *priv
$3 = {owner = 0x555557adf2d0, ctx = 0x55555781dba0, r_next = 0x0, r_prev = 0x0,
  handle = 93825001969472, repeat_timeout = 0}
(gdb) p *priv->owner
$4 = {parent = {bubbling_registered = 4, capture_registered = 4, is_node = 4},
  schedule_ring = 0x555556a55340, htmlc = 0x555557821970, win = 0x0}
(gdb) p *priv->owner->schedule_ring
$5 = {owner = 0x5550396c55467430, ctx = 0x41, r_next = 0x5555578218f0, r_prev = 0x5555568be0c0,
  handle = 140733193388033, repeat_timeout = 2}
(0001942)
Vincent Sanders   
2019-06-07 13:35   
given:


/** Remove the given element from the specified ring.
 * Will zero the element as needed
 */
#define RING_REMOVE(ring, element) \
    /*LOG("RING_REMOVE(%s, %p(%s)", #ring, element, element->host);*/ \
    if (element->r_next != element ) { \

well r_next is not the element (it is null)

so trying to dereference r_next goes kablooie


        /* Not the only thing in the ring */ \
        element->r_next->r_prev = element->r_prev; \
        element->r_prev->r_next = element->r_next; \
        if (ring == element) ring = element->r_next; \
    } else { \
        /* Only thing in the ring */ \
        ring = 0; \
    } \
    element->r_next = element->r_prev = 0
(0001943)
Vincent Sanders   
2019-06-07 17:15   
https://plesk.com/ seems the same

valgrind capture
==23358== Invalid read of size 4
==23358== at 0x211961: window_schedule_callback (window.c:132)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211965: window_schedule_callback (window.c:134)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 4
==23358== at 0x21198D: window_schedule_callback (window.c:135)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211832: window_schedule_callback (window.c:128)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211842: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3b8 is 8 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 4
==23358== at 0x211846: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211851: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358==
==23358== Process terminating with default action of signal 6 (SIGABRT)
==23358== at 0x9516FFF: raise (raise.c:51)
==23358== by 0x9518429: abort (abort.c:89)
==23358== by 0x18FAA5: duk_default_fatal_handler (duktape.c:11749)
==23358== by 0x263A0E: duk_fatal_raw (duktape.c:23878)
==23358== by 0x267DC6: duk__uncaught_error_aware (duktape.c:46270)
==23358== by 0x267DC6: duk_err_longjmp (duktape.c:46321)
==23358== by 0x18FC0F: duk_err_create_and_throw.constprop.304 (duktape.c:46645)
==23358== by 0x18FDDC: duk_err_handle_error_fmt.constprop.306 (duktape.c:11621)
==23358== by 0x27C578: duk_hobject_getprop (duktape.c:56523)
==23358== by 0x27CED2: duk_get_prop (duktape.c:16558)
==23358== by 0x2118C3: window_call_callback (window.c:95)
==23358== by 0x2118C3: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
(0001945)
Vincent Sanders   
2019-06-08 12:22   
when Window.bnd:window_remove_callback_by_handle() calls the frontend (gtk) schedule with -1 to remove the callback from the active list the gtk scheduler fails to remove it and calls it back anyhow!
(0001947)
Daniel Silverstone   
2019-06-09 10:11   
We were managing to attempt to either re-schedule, or cancel, a callback which was in the process of being handled in JS apready. I've pushed a fix to solve that.
(0002005)
Vincent Sanders   
2019-07-19 08:28   
we believe this issue has been resolved in NetSurf 3.9

Issue History
2019-06-07 13:17Vincent SandersNew Issue
2019-06-07 13:33Vincent SandersNote Added: 0001941
2019-06-07 13:35Vincent SandersNote Added: 0001942
2019-06-07 17:15Vincent SandersNote Added: 0001943
2019-06-08 12:22Vincent SandersStatusnew => confirmed
2019-06-08 12:22Vincent SandersCategoryABEND => GTK-specific
2019-06-08 12:22Vincent SandersDescription Updatedbug_revision_view_page.php?rev_id=2092#r2092
2019-06-08 12:22Vincent SandersNote Added: 0001945
2019-06-09 10:11Daniel SilverstoneAssigned To => Daniel Silverstone
2019-06-09 10:11Daniel SilverstoneStatusconfirmed => resolved
2019-06-09 10:11Daniel SilverstoneResolutionopen => fixed
2019-06-09 10:11Daniel SilverstoneFixed in CI build # => 4662
2019-06-09 10:11Daniel SilverstoneNote Added: 0001947
2019-07-19 08:28Vincent SandersStatusresolved => closed
2019-07-19 08:28Vincent SandersNote Added: 0002005