MantisBT - NetSurf
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002682NetSurfABENDpublic2019-07-25 09:292020-05-23 14:30
ReporterDave Higton 
Assigned To 
PrioritynormalSeveritycrashReproducibilityrandom
StatusacknowledgedResolutionopen 
PlatformBeagleBoard xMOSRISC OSOS Version5.27 (21 Jul 19)
Product Version 
Target VersionFixed in Version 
Fixed in CI build #
Reported in CI build #4720
URL of problem page
Summary0002682: Occasional crash
DescriptionFor some months now, NetSurf has occasionally crashed. I can't discern any pattern to it, and it's not specific to any web site or page.
Steps To ReproduceKeep using it. It will crash, somewhere, sooner or later.
TagsNo tags attached.
Relationships
has duplicate 0002716acknowledged  NetSurf fatal error on the down ROOL site 
has duplicate 0002717acknowledged  Segfault on GWR site 
Attached Files? CrashDump (78,585) 2019-07-25 09:29
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=601&type=bug
? CrashDump-2 (53,864) 2019-08-03 21:12
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=609&type=bug
? CrashDump-3 (87,480) 2019-08-20 18:46
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=615&type=bug
? CrashDump-4 (69,830) 2019-11-26 21:54
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=634&type=bug

Notes
(0002061)
Dave Higton   
2019-08-03 21:12   
Just had another one, apparently at the same location.
(0002083)
Dave Higton   
2019-08-20 18:46   
And another, this time with CI #4835.
(0002132)
Dave Higton   
2019-11-26 21:54   
And another, this time with CI #4900.

If I understand the logs correctly, they show that the segfault always occurs in function sh_delentry(), by attempting to store R6 at [R5,#36] when R5 is 0. Isn't this just a classic null pointer problem?
(0002145)
kinnison   
2019-11-30 20:55   
Certainly that sounds possible Dave. The new libcurl has changed shape slightly so we need to wait for something new to show up before I can look again. I think it's inside the CURL code associated with cleaning up socket filehandles from its hash table.
(0002146)
Dave Higton   
2019-11-30 22:46   
https://github.com/curl/curl/issues/3995

The lowest 14 levels of the call tree are identical. So other people are seeing the same problem in completely different contexts. But, from your comments, I see you're ahead of me!
(0002198)
Dave Higton   
2020-05-23 14:30   
I haven't seen this crash in a long time now. Can we assume that it's been fixed by some change in cURL?

Issue History
Date ModifiedUsernameFieldChange
2019-07-25 09:29Dave HigtonNew Issue
2019-07-25 09:29Dave HigtonFile Added: CrashDump
2019-08-01 09:22Vincent SandersStatusnew => acknowledged
2019-08-03 21:12Dave HigtonFile Added: CrashDump-2
2019-08-03 21:12Dave HigtonNote Added: 0002061
2019-08-20 18:46Dave HigtonFile Added: CrashDump-3
2019-08-20 18:46Dave HigtonNote Added: 0002083
2019-11-25 21:33Vincent SandersRelationship addedhas duplicate 0002716
2019-11-25 21:33Vincent SandersRelationship addedhas duplicate 0002717
2019-11-26 21:54Dave HigtonFile Added: CrashDump-4
2019-11-26 21:54Dave HigtonNote Added: 0002132
2019-11-26 21:54Dave HigtonNote Edited: 0002132bug_revision_view_page.php?bugnote_id=2132#r2156
2019-11-30 20:55kinnisonNote Added: 0002145
2019-11-30 22:46Dave HigtonNote Added: 0002146
2020-05-23 14:30Dave HigtonNote Added: 0002198