0002858: segfault; content_get_bitmap returns an invalid pointer

MantisBT - NetSurf
View Issue Details

ID	Project	Category	View Status	Date Submitted	Last Update
0002858	NetSurf	GTK-specific	public	2023-08-13 02:17	2023-09-17 19:23

Reporter	phoebos
Assigned To
Priority	normal	Severity	crash	Reproducibility	always
Status	new	Resolution	open
Platform	x86_64	OS	Linux	OS Version	6.4.8
Product Version
Target Version		Fixed in Version
Fixed in CI build #
Reported in CI build #
URL of problem page

Summary	0002858: segfault; content_get_bitmap returns an invalid pointer
Description	Viewing the image https://stackoverflow.com/questions/45981545/why-does-noreturn-function-return causes a segfault. The segfault occurs in frontends/gtk/window.c line 1048. Inspection with a debugger reveals that icon_bitmap (which is the return value of content_get_bitmap) has an address of (for example) 0x468, which looks more like an int than a pointer.
Steps To Reproduce	Apply the patch from https://bugs.netsurf-browser.org/mantis/view.php?id=2854 to libcss. Build netsurf etc from latest git. run "netsurf-gtk3 https://stackoverflow.com/questions/45981545/why-does-noreturn-function-return"
Additional Information	Backtrace: #0 gui_window_set_icon (gw=0x7ffff4c459d0, icon=<optimized out>) at frontends/gtk/window.c:1048 #1 0x0000555555917c8f in browser_window_favicon_callback (c=0x7ffff46dd410, event=<optimized out>, pw=0x7ffff4f1da30) at desktop/browser_window.c:457 0000002 0x00005555559070a4 in hlcache_content_callback (c=<optimized out>, msg=<optimized out>, data=<optimized out>, pw=<optimized out>) at content/hlcache.c:205 #3 0x0000555555865763 in content_broadcast (c=0x7ffff463f650, msg=CONTENT_MSG_DONE, data=0x0) at content/content.c:762 #4 0x00005555558658cd in content_set_done (c=c@entry=0x7ffff463f650) at content/content.c:308 #5 0x00005555558ac4e3 in nsico_convert (c=0x7ffff463f650) at content/handlers/image/ico.c:169 #6 0x0000555555865aa5 in content_convert (c=0x7ffff463f650) at content/content.c:84 #7 content_llcache_callback (llcache=<optimized out>, event=<optimized out>, pw=0x7ffff463f650) at content/content.c:140 #8 0x000055555590aac7 in llcache_object_notify_users (object=object@entry=0x7ffff47af5a0) at content/llcache.c:3523 #9 0x000055555590ac50 in llcache_catch_up_all_users (ignored=<optimized out>) at content/llcache.c:3685 #10 0x000055555594a30d in schedule_run () at frontends/gtk/schedule.c:148 #11 0x000055555593f640 in nsgtk_main () at frontends/gtk/gui.c:1072 #12 0x00005555559402ad in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1231
Tags	No tags attached.
Relationships
Attached Files	log.txt (36,194) 2023-08-13 02:17 https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=732&type=bug log2.txt (20,295) 2023-08-13 02:21 https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=733&type=bug

Notes

Just running 'nsgtk3 https://cdn.sstatic.net/Sites/stackoverflow/Img/favicon.ico?v=ec617d715196' (which is an image referenced by the above page) causes a segfault, but in a different place:

#0 nsgtk_bitmap_get_width (vbitmap=0x10a8) at frontends/gtk/bitmap.c:183
#1 0x00005555558aca32 in image_bitmap_plot (bitmap=0x10a8, data=0x7fffffffbb70, clip=0x7fffffffbb40, ctx=0x7fffffffbb50)
    at content/handlers/image/image.c:122
0000002 0x0000555555865482 in content_scaled_redraw
    (h=h@entry=0x7ffff4ab6590, width=width@entry=1024, height=height@entry=883, ctx=ctx@entry=0x7fffffffbbf0) at content/content.c:642
#3 0x000055555593ab1a in bitmap_render (bitmap=<optimized out>, content=0x7ffff4ab6590) at frontends/gtk/bitmap.c:250
#4 0x0000555555916eda in browser_window_history_add (bw=bw@entry=0x7ffff4f1da30, content=0x7ffff4ab6590, frag_id=0x0)
    at desktop/browser_history.c:393
#5 0x000055555591e08a in browser_window_content_ready (bw=0x7ffff4f1da30) at desktop/browser_window.c:890
#6 browser_window_callback (c=<optimized out>, event=<optimized out>, pw=0x7ffff4f1da30) at desktop/browser_window.c:1500
#7 0x00005555559070a4 in hlcache_content_callback (c=<optimized out>, msg=<optimized out>, data=<optimized out>, pw=<optimized out>)
    at content/hlcache.c:205
#8 0x0000555555865763 in content_broadcast (c=0x7ffff48ab1b0, msg=CONTENT_MSG_READY, data=0x0) at content/content.c:762
#9 0x00005555558ac4db in nsico_convert (c=0x7ffff48ab1b0) at content/handlers/image/ico.c:168
#10 0x0000555555865aa5 in content_convert (c=0x7ffff48ab1b0) at content/content.c:84
#11 content_llcache_callback (llcache=<optimized out>, event=<optimized out>, pw=0x7ffff48ab1b0) at content/content.c:140
#12 0x000055555590aac7 in llcache_object_notify_users (object=object@entry=0x7ffff4b57a60) at content/llcache.c:3523
#13 0x000055555590ac50 in llcache_catch_up_all_users (ignored=<optimized out>) at content/llcache.c:3685
#14 0x000055555594a30d in schedule_run () at frontends/gtk/schedule.c:148
#15 0x000055555593f640 in nsgtk_main () at frontends/gtk/gui.c:1072
#16 0x00005555559402ad in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1231

Date Modified	Username	Field
Issue History

2023-08-13 02:17	phoebos	New Issue
2023-08-13 02:17	phoebos	File Added: log.txt
2023-08-13 02:21	phoebos	File Added: log2.txt
2023-08-13 02:21	phoebos	Note Added: 0002421
2023-09-17 19:23	Michael Drake	Note Added: 0002427