| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
|---|---|---|---|---|---|---|---|---|---|
| 0002367 | NetSurf | Javascript | public | 2015-10-20 10:05 | 2016-02-16 15:10 | ||||
| Reporter | Harriet Bazley | ||||||||
| Assigned To | |||||||||
| Severity | crash | Reproducibility | always | ||||||
| Status | closed | Resolution | fixed | ||||||
| Platform | ARM | OS | RISC OS | OS Version | 5.19 | ||||
| Product Version | 3.4 | ||||||||
| Target Version | Fixed in Version | 3.4 | |||||||
| Summary | 0002367: JavaScript crash | ||||||||
| Description | NetSurf crashes when visiting quiz page - I don't expect the quiz to work, but the entire browser falls over! | ||||||||
| Steps To Reproduce | Visit http://www.wizards.com/default.asp?x=dnd%2Fdnd%2F20001222b | ||||||||
| Additional Information | RISC OS 5.20, Iyonix Aria | ||||||||
| Tags | No tags attached. | ||||||||
| Fixed in CI build # | 3005 | ||||||||
| Reported in CI build # | 3000 | ||||||||
| URL of problem page | http://www.wizards.com/default.asp?x=dnd%2Fdnd%2F20001222b | ||||||||
| Attached Files |
| ||||||||
 Relationships |
|
 Relationships |
| Notes |
|
Dave Higton (developer) 2015-10-20 20:19 Last edited: 2015-10-20 20:26 |
Andrew Pinder also reported a crash when visiting http://www.lonelyplanet.com/jordan/shopping/souvenir-gifts with JS enabled but was unable to report the bug. I have reproduced his crash and attached the resulting log as APinder.zip A null node is pushed. The next bit of code attempts to reference this node, which is presumably the point at which the crash occurs. It seems to me that two things can be done: 1) Working forwards: Don't push null nodes; this should be enough to prevent the crash. 2) Working backwards: find out why there was an attempt to push a null node. This is not so easy! |
Vincent Sanders (administrator) 2015-10-20 22:42 |
(5.445954) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function (5.445961) build-Linux-gtk/duktape/event_target.c:45 dukky_event_target___init: Initialise 0x1f8e450 (priv=0x1e46f50) (5.445967) build-Linux-gtk/duktape/node.c:46 dukky_node___init: Initialise 0x1f8e450 (priv=0x1e46f50) (5.445972) build-Linux-gtk/duktape/element.c:47 dukky_element___init: Initialise 0x1f8e450 (priv=0x1e46f50) (5.445978) build-Linux-gtk/duktape/html_element.c:46 dukky_html_element___init: Initialise 0x1f8e450 (priv=0x1e46f50) (5.445983) build-Linux-gtk/duktape/html_div_element.c:46 dukky_html_div_element___init: Initialise 0x1f8e450 (priv=0x1e46f50) (5.445995) javascript/duktape/dukky.c:77 dukky_create_object: name=NETSURF_DUKTAPE_PROTOTYPE_NODELIST nargs=1 (5.446003) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function (5.446015) build-Linux-gtk/duktape/node_list.c:45 dukky_node_list___init: Initialise 0x1f8cec0 (priv=0x1c15420) (5.446021) javascript/duktape/dukky.c:90 dukky_create_object: created (5.446028) NodeList.bnd:22 dukky_node_list___fini: Finalise 0x1f8cec0 (5.446043) javascript/duktape/dukky.c:219 dukky_push_node: Pushing node 0x1f938a0 (5.446054) javascript/duktape/dukky.c:69 dukky_populate_object: Call the init function (5.446061) build-Linux-gtk/duktape/event_target.c:45 dukky_event_target___init: Initialise 0x1f93970 (priv=0x1c15420) (5.446066) build-Linux-gtk/duktape/node.c:46 dukky_node___init: Initialise 0x1f93970 (priv=0x1c15420) (5.446072) build-Linux-gtk/duktape/element.c:47 dukky_element___init: Initialise 0x1f93970 (priv=0x1c15420) (5.446077) build-Linux-gtk/duktape/html_element.c:46 dukky_html_element___init: Initialise 0x1f93970 (priv=0x1c15420) (5.446082) build-Linux-gtk/duktape/html_div_element.c:46 dukky_html_div_element___init: Initialise 0x1f93970 (priv=0x1c15420) (5.446091) javascript/duktape/dukky.c:219 dukky_push_node: Pushing node (nil) |
|
Vincent Sanders (administrator) 2015-10-20 22:48 |
#0 dukky_push_node (ctx=ctx@entry=0x128ceb0, node=0x0) at javascript/duktape/dukky.c:245 #1 0x00000000004f7ddd in dukky_node_lastChild_getter (ctx=0x128ceb0) at Node.bnd:149 0000002 0x0000000000593581 in duk_handle_call (thr=0x128ceb0, num_stack_args=1, call_flags=0) at duk_js_call.c:1364 #3 0x00000000005a48f4 in duk_hobject_getprop (thr=thr@entry=0x128ceb0, tv_obj=0x7fffffffb680, tv_key=0x7fffffffb690) at duk_hobject_props.c:2582 #4 0x000000000059130f in duk_js_execute_bytecode (exec_thr=exec_thr@entry=0x128ceb0) at duk_js_executor.c:2848 #5 0x0000000000593841 in duk_handle_call (thr=0x128ceb0, num_stack_args=0, call_flags=0) at duk_js_call.c:1471 #6 0x00000000005af269 in duk_eval_raw (ctx=ctx@entry=0x128ceb0, src_buffer=src_buffer@entry=0x0, src_length=src_length@entry=0, flags=flags@entry=1) at duk_api_compile.c:44 #7 0x000000000058a3bf in eval_top_string (ctx=0x128ceb0, ctx@entry=<error reading variable: Cannot access memory at address 0xa2>) at javascript/duktape/dukky.c:355 #8 0x0000000000597dc4 in duk_handle_safe_call ( thr=<error reading variable: Cannot access memory at address 0xa2>, func=func@entry=0x58a3a0 <eval_top_string>, num_stack_args=num_stack_args@entry=1, num_stack_rets=num_stack_rets@entry=1) at duk_js_call.c:1876 #9 0x0000000000598064 in duk_safe_call (ctx=<optimized out>, func=func@entry=0x58a3a0 <eval_top_string>, nargs=nargs@entry=1, nrets=nrets@entry=1) at duk_api_call.c:221 #10 0x000000000058ad91 in js_exec (ctx=0xe31070, txt=0x7fffe42e4010 "/*! jQuery v1.9.1 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license\r\n//@ sourceMappingURL=jquery.min.map\r\n*/\r\n(function (e, t) {\r\n\tvar n, r, i = typeof t, o = e.document, a = e.location"..., txtlen=<optimized out>) at javascript/duktape/dukky.c:366 |
Andrew Pinder (reporter) 2015-10-20 23:08 |
I've been able to generate a crash just by trying to go straight to www.lonelyplanet.com |
|
Vincent Sanders (administrator) 2015-10-21 20:56 |
kinnison resolved our null node handling so the jquery no longer causes the segfault. lonely planet rendering is still utterly broken though. |
|
Vincent Sanders (administrator) 2016-02-16 15:10 |
Confirmed resolved in 3.4 release |
| Notes |
| Issue History |
|||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2015-10-20 10:05 | Harriet Bazley | New Issue | |
| 2015-10-20 10:06 | Harriet Bazley | File Added: Log.zip | |
| 2015-10-20 20:16 | Dave Higton | File Added: APinder.zip | |
| 2015-10-20 20:19 | Dave Higton | Note Added: 0000968 | |
| 2015-10-20 20:26 | Dave Higton | Note Edited: 0000968 | View Revisions |
| 2015-10-20 21:38 | Vincent Sanders | Status | new => confirmed |
| 2015-10-20 21:38 | Vincent Sanders | Product Version | => 3.4 |
| 2015-10-20 22:42 | Vincent Sanders | Note Added: 0000970 | |
| 2015-10-20 22:48 | Vincent Sanders | Note Added: 0000971 | |
| 2015-10-20 23:08 | Andrew Pinder | Note Added: 0000972 | |
| 2015-10-21 20:56 | Vincent Sanders | Fixed in CI build # | => 3005 |
| 2015-10-21 20:56 | Vincent Sanders | Note Added: 0000973 | |
| 2015-10-21 20:56 | Vincent Sanders | Status | confirmed => resolved |
| 2015-10-21 20:56 | Vincent Sanders | Resolution | open => fixed |
| 2015-10-21 20:56 | Vincent Sanders | Fixed in Version | => 3.4 |
| 2016-02-16 15:10 | Vincent Sanders | Note Added: 0001288 | |
| 2016-02-16 15:10 | Vincent Sanders | Status | resolved => closed |
| Issue History |