0002783: Segmentation Fault

MantisBT - NetSurf

View Issue Details

Project

Tags

No tags attached.

Relationships

has duplicate

0002784

closed

Vincent Sanders

Crash on rendering page

Attached Files

nslog338.zip (34,503) 2020-07-10 22:25
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=679&type=bug

Notes

due to html content being in loading state when selection operation occurs.

Thread 1 "nsgtk3" received signal SIGSEGV, Segmentation fault.
0x00005555557023c2 in selection_label_subtree (box=0x0, idx=0) at content/handlers/html/textselection.c:447
447 struct box *child = box->children;
(gdb) bt
#0 0x00005555557023c2 in selection_label_subtree (box=0x0, idx=0) at content/handlers/html/textselection.c:447
#1 0x0000555555702588 in html_textselection_get_end (c=0x55555632bf40, end_idx=0x55555632c2a0) at content/handlers/html/textselection.c:528
0000002 0x00005555557b2016 in selection_reinit (s=0x55555632c290) at desktop/selection.c:288
#3 0x00005555557b20dd in selection_init (s=0x55555632c290) at desktop/selection.c:315
#4 0x00005555556e1cf7 in html_open (c=0x55555632bf40, bw=0x5555560144b0, page=0x555556387a70, params=0x55555683d050)
    at content/handlers/html/html.c:1309
#5 0x00005555556abc05 in content_open (h=0x55555670c800, bw=0x5555560144b0, page=0x555556387a70, params=0x55555683d050) at content/content.c:804
#6 0x00005555556f5999 in html_object_callback (object=0x55555670c800, event=0x7fffffffbb30, pw=0x55555683d300) at content/handlers/html/object.c:172
#7 0x000055555577de53 in hlcache_find_content (ctx=0x55555683d330, effective_type=0x555555cb8a10) at content/hlcache.c:307
#8 0x000055555577dffe in hlcache_migrate_ctx (ctx=0x55555683d330, effective_type=0x555555cb8a10) at content/hlcache.c:359
#9 0x000055555577e4dc in hlcache_llcache_callback (handle=0x55555683d380, event=0x7fffffffbca0, pw=0x55555683d330) at content/hlcache.c:483
#10 0x0000555555784100 in llcache_object_notify_users (object=0x55555683d3e0) at content/llcache.c:3396
#11 0x0000555555784cda in llcache_catch_up_all_users (ignored=0x0) at content/llcache.c:3864
#12 0x00005555557dce6a in schedule_run () at frontends/gtk/schedule.c:148
#13 0x00005555557cc088 in nsgtk_main () at frontends/gtk/gui.c:506
#14 0x00005555557cda19 in main (argc=2, argv=0x7fffffffdfd8) at frontends/gtk/gui.c:1312
(gdb) list
442 * \param idx current position within textual representation
443 * \return updated position
444 */
445 static unsigned selection_label_subtree(struct box *box, unsigned idx)
446 {
447 struct box *child = box->children;
448
449 box->byte_offset = idx;
450
451 if (box->text) {
gdb) p box
$1 = (struct box *) 0x0
(gdb) p idx
$2 = 0
(gdb)
(gdb) up
#1 0x0000555555702588 in html_textselection_get_end (c=0x55555632bf40, end_idx=0x55555632c2a0) at content/handlers/html/textselection.c:528
528 *end_idx = selection_label_subtree(html->layout, root_idx);
(gdb) list
523 html_content *html = (html_content *)c;
524 unsigned root_idx;
525
526 root_idx = 0;
527
528 *end_idx = selection_label_subtree(html->layout, root_idx);
529
530 return NSERROR_OK;
531 }
(gdb) p html
$3 = (html_content *) 0x55555632bf40
(gdb) p *html
$4 = {base = {llcache = 0x55555683d380, mime_type = 0x555555cb8a10, handler = 0x555555b06dc0 <html_content_handler>, status = CONTENT_STATUS_LOADING,
    width = 0, height = 0, available_width = 0, available_height = 0, quirks = false, fallback_charset = 0x55555632c270 "UTF-8", refresh = 0x0,
    links = 0x0, time = 4484862596, reformat_time = 0, size = 0, title = 0x0, active = 3, user_list = 0x55555632c250,
    status_message = "Fetching, Loading", '\000' <repeats 102 times>, sub_status = "Loading", '\000' <repeats 72 times>, locked = false, total_size = 0,
    http_code = 0, textsearch = {string = 0x0, context = 0x0}}, parser = 0x555556927e00, parse_completed = false, conversion_begun = false,
  document = 0x5555563ac880, quirks = DOM_DOCUMENT_QUIRKS_MODE_NONE, encoding = 0x55555632c2c0 "utf-8",
  encoding_source = DOM_HUBBUB_ENCODING_SOURCE_HEADER, base_url = 0x555556818b40, base_target = 0x0, len_ctx = {vw = 0, vh = 0, root_style = 0x0},
  aborted = false, refresh = false, reflowing = false, had_initial_layout = false, enable_scripting = true, title = 0x0, bctx = 0x0,
  box_conversion_context = 0x0, layout = 0x0, background_colour = 16777216, font_func = 0x555555b17ef0 <layout_table>, scripts_count = 0, scripts = 0x0,
  jsthread = 0x0, stylesheet_count = 4, stylesheets = 0x555556372960, select_ctx = 0x0, media = {type = CSS_MEDIA_SCREEN, width = 0, height = 0,
    aspect_ratio = 0, orientation = CSS_MEDIA_ORIENTATION_PORTRAIT, resolution = {value = 0, unit = CSS_UNIT_PX}, scan = CSS_MEDIA_SCAN_PROGRESSIVE,
    grid = 0, update = CSS_MEDIA_UPDATE_FREQUENCY_NORMAL, overflow_block = CSS_MEDIA_OVERFLOW_BLOCK_NONE,
    overflow_inline = CSS_MEDIA_OVERFLOW_INLINE_NONE, color = 0, color_index = 0, monochrome = 0, inverted_colors = 0, pointer = CSS_MEDIA_POINTER_NONE,
    any_pointer = CSS_MEDIA_POINTER_NONE, hover = CSS_MEDIA_HOVER_NONE, any_hover = CSS_MEDIA_HOVER_NONE, light_level = CSS_MEDIA_LIGHT_LEVEL_NORMAL,
    scripting = CSS_MEDIA_SCRIPTING_NONE, client_font_size = 0, client_line_height = 0}, universal = 0x5555563885b0, num_objects = 0, object_list = 0x0,
  forms = 0x0, imagemaps = 0x0, bw = 0x5555560144b0, frameset = 0x0, iframe = 0x0, page = 0x555556387a70, drag_type = HTML_DRAG_NONE, drag_owner = {
    no_owner = true, content = 0x1, scrollbar = 0x1, textarea = 0x1}, selection_type = HTML_SELECTION_NONE, selection_owner = {none = true,
    textarea = 0x1, content = 0x1}, focus_type = HTML_FOCUS_SELF, focus_owner = {self = true, textarea = 0x1, content = 0x1}, sel = 0x55555632c290,
  visible_select_menu = 0x0}
(gdb) p html->layout
$5 = (struct box *) 0x0
(gdb) up
0000002 0x00005555557b2016 in selection_reinit (s=0x55555632c290) at desktop/selection.c:288
288 s->c->handler->textselection_get_end(s->c, &s->max_idx);
(gdb) list
283 void selection_reinit(struct selection *s)
284 {
285 s->max_idx = 0;
286
287 if (s->c->handler->textselection_get_end != NULL) {
288 s->c->handler->textselection_get_end(s->c, &s->max_idx);
289 }
290
291 if (s->defined) {
292 if (s->end_idx > s->max_idx) {
(gdb) p s
$6 = (struct selection *) 0x55555632c290
(gdb) p *s
$7 = {c = 0x55555632bf40, root = 0x0, max_idx = 0, start_idx = 0, end_idx = 0, defined = false, drag_state = DRAG_NONE}
(gdb) up
#3 0x00005555557b20dd in selection_init (s=0x55555632c290) at desktop/selection.c:315
315 selection_reinit(s);
(gdb) list
310 s->defined = false;
311 s->start_idx = 0;
312 s->end_idx = 0;
313 s->drag_state = DRAG_NONE;
314
315 selection_reinit(s);
316 }
317
318
319 /* exported interface documented in desktop/selection.h */

gdb) up
#4 0x00005555556e1cf7 in html_open (c=0x55555632bf40, bw=0x5555560144b0, page=0x555556387a70, params=0x55555683d050)
    at content/handlers/html/html.c:1309
1309 selection_init(html->sel);
(gdb) list
1304
1305 html->drag_type = HTML_DRAG_NONE;
1306 html->drag_owner.no_owner = true;
1307
1308 /* text selection */
1309 selection_init(html->sel);
1310 html->selection_type = HTML_SELECTION_NONE;
1311 html->selection_owner.none = true;
1312
1313 html_object_open_objects(html, bw);

Date Modified	Username	Field	Change
Issue History

2020-07-10 22:25	Richard Porter	New Issue
2020-07-10 22:25	Richard Porter	File Added: nslog338.zip
2020-07-12 18:02	Vincent Sanders	Assigned To	=> Vincent Sanders
2020-07-12 18:02	Vincent Sanders	Status	new => resolved
2020-07-12 18:02	Vincent Sanders	Product Version	=> 3.11
2020-07-12 18:02	Vincent Sanders	Fixed in Version	=> 3.11
2020-07-12 18:02	Vincent Sanders	Target Version	=> 3.11
2020-07-12 18:02	Vincent Sanders	Fixed in CI build #	=> 5192
2020-07-12 18:02	Vincent Sanders	Note Added: 0002274
2020-07-27 23:09	Vincent Sanders	Relationship added	has duplicate 0002784
2024-02-25 21:43	Vincent Sanders	Status	resolved => closed
2024-02-25 21:43	Vincent Sanders	Resolution	open => fixed
2024-02-25 21:43	Vincent Sanders	Note Added: 0002438