MantisBT - NetSurf |
View Issue Details |
|
ID | Project | Category | View Status | Date Submitted | Last Update |
0002666 | NetSurf | GTK-specific | public | 2019-06-07 13:17 | 2019-07-19 08:28 |
|
Reporter | Vincent Sanders | |
---|
Assigned To | Daniel Silverstone | |
---|
Priority | normal | Severity | crash | Reproducibility | always |
---|
Status | closed | Resolution | fixed | |
---|
Platform | Debian | OS | Linux | OS Version | 8 |
---|
Product Version | 3.9 | |
---|
Target Version | 3.9 | Fixed in Version | | |
---|
Fixed in CI build # | 4662 |
---|
Reported in CI build # | |
---|
URL of problem page | https://ria.ru/ |
---|
|
Summary | 0002666: visiting ria.ru website causes a segfault |
---|
Description | navigate to https://ria.ru/ wait a few seconds and get a seg fault
turns out this is a GTK scheduler issue. |
---|
Additional Information | Thread 1 "nsgtk" received signal SIGSEGV, Segmentation fault.
0x000055555565da32 in window_schedule_callback (p=0x555556283490)
at build/Linux-gtk/duktape/window.c:139
139 RING_REMOVE(priv->owner->schedule_ring, priv);
(gdb) bt
#0 0x000055555565da32 in window_schedule_callback (p=0x555556283490)
at build/Linux-gtk/duktape/window.c:139
#1 0x000055555572746a in schedule_run () at frontends/gtk/schedule.c:132
0000002 0x00005555557199d2 in nsgtk_main () at frontends/gtk/gui.c:429
#3 0x00005555555dd493 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
(gdb) list
134 NSLOG(dukky, DEEPDEBUG, "Rescheduling repeating callback %"PRIsizet, priv->handle);
135 guit->misc->schedule(priv->repeat_timeout, window_schedule_callback, priv);
136 } else {
137 NSLOG(dukky, DEEPDEBUG, "Removing completed callback %"PRIsizet, priv->handle);
138 /* Remove this from the ring */
139 RING_REMOVE(priv->owner->schedule_ring, priv);
140 window_remove_callback_bits(priv->ctx, priv->handle);
141 free(priv);
142 }
143 }
(gdb) p priv
$1 = (window_schedule_t *) 0x555556283490
(gdb) p *priv
$2 = {owner = 0x108004081, ctx = 0x555558be7cd0, r_next = 0x555557ccafb0, r_prev = 0x0,
handle = 93825001981184, repeat_timeout = 0}
(gdb) p *priv->owner
Cannot access memory at address 0x108004081
(gdb) |
---|
Tags | No tags attached. |
---|
Relationships | |
Attached Files | |
---|
Notes |
|
|
same for https://nypost.com/
Thread 1 "nsgtk" received signal SIGSEGV, Segmentation fault.
0x000055555565da2a in window_schedule_callback (p=0x5555578217a0)
at build/Linux-gtk/duktape/window.c:139
139 RING_REMOVE(priv->owner->schedule_ring, priv);
(gdb) bt
#0 0x000055555565da2a in window_schedule_callback (p=0x5555578217a0)
at build/Linux-gtk/duktape/window.c:139
#1 0x000055555572746a in schedule_run () at frontends/gtk/schedule.c:132
0000002 0x0000555555719970 in nsgtk_main () at frontends/gtk/gui.c:429
#3 0x00005555555dd493 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
(gdb) list
134 NSLOG(dukky, DEEPDEBUG, "Rescheduling repeating callback %"PRIsizet, priv->handle);
135 guit->misc->schedule(priv->repeat_timeout, window_schedule_callback, priv);
136 } else {
137 NSLOG(dukky, DEEPDEBUG, "Removing completed callback %"PRIsizet, priv->handle);
138 /* Remove this from the ring */
139 RING_REMOVE(priv->owner->schedule_ring, priv);
140 window_remove_callback_bits(priv->ctx, priv->handle);
141 free(priv);
142 }
143 }
(gdb) p print
$1 = 0
(gdb) p priv
$2 = (window_schedule_t *) 0x5555578217a0
(gdb) p *priv
$3 = {owner = 0x555557adf2d0, ctx = 0x55555781dba0, r_next = 0x0, r_prev = 0x0,
handle = 93825001969472, repeat_timeout = 0}
(gdb) p *priv->owner
$4 = {parent = {bubbling_registered = 4, capture_registered = 4, is_node = 4},
schedule_ring = 0x555556a55340, htmlc = 0x555557821970, win = 0x0}
(gdb) p *priv->owner->schedule_ring
$5 = {owner = 0x5550396c55467430, ctx = 0x41, r_next = 0x5555578218f0, r_prev = 0x5555568be0c0,
handle = 140733193388033, repeat_timeout = 2} |
|
|
|
given:
/** Remove the given element from the specified ring.
* Will zero the element as needed
*/
#define RING_REMOVE(ring, element) \
/*LOG("RING_REMOVE(%s, %p(%s)", #ring, element, element->host);*/ \
if (element->r_next != element ) { \
well r_next is not the element (it is null)
so trying to dereference r_next goes kablooie
/* Not the only thing in the ring */ \
element->r_next->r_prev = element->r_prev; \
element->r_prev->r_next = element->r_next; \
if (ring == element) ring = element->r_next; \
} else { \
/* Only thing in the ring */ \
ring = 0; \
} \
element->r_next = element->r_prev = 0 |
|
|
|
https://plesk.com/ seems the same
valgrind capture
==23358== Invalid read of size 4
==23358== at 0x211961: window_schedule_callback (window.c:132)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211965: window_schedule_callback (window.c:134)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 4
==23358== at 0x21198D: window_schedule_callback (window.c:135)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211832: window_schedule_callback (window.c:128)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211842: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3b8 is 8 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 4
==23358== at 0x211846: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211851: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358==
==23358== Process terminating with default action of signal 6 (SIGABRT)
==23358== at 0x9516FFF: raise (raise.c:51)
==23358== by 0x9518429: abort (abort.c:89)
==23358== by 0x18FAA5: duk_default_fatal_handler (duktape.c:11749)
==23358== by 0x263A0E: duk_fatal_raw (duktape.c:23878)
==23358== by 0x267DC6: duk__uncaught_error_aware (duktape.c:46270)
==23358== by 0x267DC6: duk_err_longjmp (duktape.c:46321)
==23358== by 0x18FC0F: duk_err_create_and_throw.constprop.304 (duktape.c:46645)
==23358== by 0x18FDDC: duk_err_handle_error_fmt.constprop.306 (duktape.c:11621)
==23358== by 0x27C578: duk_hobject_getprop (duktape.c:56523)
==23358== by 0x27CED2: duk_get_prop (duktape.c:16558)
==23358== by 0x2118C3: window_call_callback (window.c:95)
==23358== by 0x2118C3: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429) |
|
|
|
when Window.bnd:window_remove_callback_by_handle() calls the frontend (gtk) schedule with -1 to remove the callback from the active list the gtk scheduler fails to remove it and calls it back anyhow! |
|
|
|
We were managing to attempt to either re-schedule, or cancel, a callback which was in the process of being handled in JS apready. I've pushed a fix to solve that. |
|
|
|
we believe this issue has been resolved in NetSurf 3.9 |
|