2019-03-26 21:16 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002367NetSurfJavascriptpublic2016-02-16 15:10
ReporterHarriet Bazley 
Assigned To 
SeveritycrashReproducibilityalways 
StatusclosedResolutionfixed 
PlatformARMOSRISC OSOS Version5.19
Product Version3.4 
Target VersionFixed in Version3.4 
Summary0002367: JavaScript crash
DescriptionNetSurf crashes when visiting quiz page - I don't expect the quiz to work, but the entire browser falls over!
Steps To ReproduceVisit http://www.wizards.com/default.asp?x=dnd%2Fdnd%2F20001222b
Additional InformationRISC OS 5.20, Iyonix Aria
TagsNo tags attached.
Fixed in CI build #3005
Reported in CI build #3000
URL of problem pagehttp://www.wizards.com/default.asp?x=dnd%2Fdnd%2F20001222b
Attached Files

-Relationships
+Relationships

-Notes
Dave Higton

~0000968

Dave Higton (developer)

Last edited: 2015-10-20 19:26

View 2 revisions

Andrew Pinder also reported a crash when visiting http://www.lonelyplanet.com/jordan/shopping/souvenir-gifts with JS enabled but was unable to report the bug. I have reproduced his crash and attached the resulting log as APinder.zip

A null node is pushed. The next bit of code attempts to reference this node, which is presumably the point at which the crash occurs.

It seems to me that two things can be done:

1) Working forwards: Don't push null nodes; this should be enough to prevent the crash.

2) Working backwards: find out why there was an attempt to push a null node. This is not so easy!

Vincent Sanders

~0000970

Vincent Sanders (administrator)

(5.445954) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function
(5.445961) build-Linux-gtk/duktape/event_target.c:45 dukky_event_target___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445967) build-Linux-gtk/duktape/node.c:46 dukky_node___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445972) build-Linux-gtk/duktape/element.c:47 dukky_element___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445978) build-Linux-gtk/duktape/html_element.c:46 dukky_html_element___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445983) build-Linux-gtk/duktape/html_div_element.c:46 dukky_html_div_element___init: Initialise 0x1f8e450 (priv=0x1e46f50)
(5.445995) javascript/duktape/dukky.c:77 dukky_create_object: name=NETSURF_DUKTAPE_PROTOTYPE_NODELIST nargs=1
(5.446003) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function
(5.446015) build-Linux-gtk/duktape/node_list.c:45 dukky_node_list___init: Initialise 0x1f8cec0 (priv=0x1c15420)
(5.446021) javascript/duktape/dukky.c:90 dukky_create_object: created
(5.446028) NodeList.bnd:22 dukky_node_list___fini: Finalise 0x1f8cec0
(5.446043) javascript/duktape/dukky.c:219 dukky_push_node: Pushing node 0x1f938a0
(5.446054) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function
(5.446061) build-Linux-gtk/duktape/event_target.c:45 dukky_event_target___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446066) build-Linux-gtk/duktape/node.c:46 dukky_node___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446072) build-Linux-gtk/duktape/element.c:47 dukky_element___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446077) build-Linux-gtk/duktape/html_element.c:46 dukky_html_element___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446082) build-Linux-gtk/duktape/html_div_element.c:46 dukky_html_div_element___init: Initialise 0x1f93970 (priv=0x1c15420)
(5.446091) javascript/duktape/dukky.c:219 dukky_push_node: Pushing node (nil)
Vincent Sanders

~0000971

Vincent Sanders (administrator)

#0 dukky_push_node (ctx=ctx@entry=0x128ceb0, node=0x0) at javascript/duktape/dukky.c:245
#1 0x00000000004f7ddd in dukky_node_lastChild_getter (ctx=0x128ceb0) at Node.bnd:149
0000002 0x0000000000593581 in duk_handle_call (thr=0x128ceb0, num_stack_args=1, call_flags=0) at duk_js_call.c:1364
#3 0x00000000005a48f4 in duk_hobject_getprop (thr=thr@entry=0x128ceb0, tv_obj=0x7fffffffb680,
    tv_key=0x7fffffffb690) at duk_hobject_props.c:2582
#4 0x000000000059130f in duk_js_execute_bytecode (exec_thr=exec_thr@entry=0x128ceb0) at duk_js_executor.c:2848
#5 0x0000000000593841 in duk_handle_call (thr=0x128ceb0, num_stack_args=0, call_flags=0) at duk_js_call.c:1471
#6 0x00000000005af269 in duk_eval_raw (ctx=ctx@entry=0x128ceb0, src_buffer=src_buffer@entry=0x0,
    src_length=src_length@entry=0, flags=flags@entry=1) at duk_api_compile.c:44
#7 0x000000000058a3bf in eval_top_string (ctx=0x128ceb0,
    ctx@entry=<error reading variable: Cannot access memory at address 0xa2>) at javascript/duktape/dukky.c:355
#8 0x0000000000597dc4 in duk_handle_safe_call (
    thr=<error reading variable: Cannot access memory at address 0xa2>,
    func=func@entry=0x58a3a0 <eval_top_string>, num_stack_args=num_stack_args@entry=1,
    num_stack_rets=num_stack_rets@entry=1) at duk_js_call.c:1876
#9 0x0000000000598064 in duk_safe_call (ctx=<optimized out>, func=func@entry=0x58a3a0 <eval_top_string>,
    nargs=nargs@entry=1, nrets=nrets@entry=1) at duk_api_call.c:221
#10 0x000000000058ad91 in js_exec (ctx=0xe31070,
    txt=0x7fffe42e4010 "/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license\r\n//@ sourceMappingURL=jquery.min.map\r\n*/\r\n(function (e, t) {\r\n\tvar n, r, i = typeof t, o = e.document, a = e.location"..., txtlen=<optimized out>) at javascript/duktape/dukky.c:366
Andrew Pinder

~0000972

Andrew Pinder (reporter)

I've been able to generate a crash just by trying to go straight to www.lonelyplanet.com
Vincent Sanders

~0000973

Vincent Sanders (administrator)

kinnison resolved our null node handling so the jquery no longer causes the segfault. lonely planet rendering is still utterly broken though.
Vincent Sanders

~0001288

Vincent Sanders (administrator)

Confirmed resolved in 3.4 release
+Notes

-Issue History
Date Modified Username Field Change
2015-10-20 09:05 Harriet Bazley New Issue
2015-10-20 09:06 Harriet Bazley File Added: Log.zip
2015-10-20 19:16 Dave Higton File Added: APinder.zip
2015-10-20 19:19 Dave Higton Note Added: 0000968
2015-10-20 19:26 Dave Higton Note Edited: 0000968 View Revisions
2015-10-20 20:38 Vincent Sanders Status new => confirmed
2015-10-20 20:38 Vincent Sanders Product Version => 3.4
2015-10-20 21:42 Vincent Sanders Note Added: 0000970
2015-10-20 21:48 Vincent Sanders Note Added: 0000971
2015-10-20 22:08 Andrew Pinder Note Added: 0000972
2015-10-21 19:56 Vincent Sanders Fixed in CI build # => 3005
2015-10-21 19:56 Vincent Sanders Note Added: 0000973
2015-10-21 19:56 Vincent Sanders Status confirmed => resolved
2015-10-21 19:56 Vincent Sanders Resolution open => fixed
2015-10-21 19:56 Vincent Sanders Fixed in Version => 3.4
2016-02-16 15:10 Vincent Sanders Note Added: 0001288
2016-02-16 15:10 Vincent Sanders Status resolved => closed
+Issue History