2024-03-29 06:37 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002385NetSurfJavascriptpublic2016-02-16 14:27
ReporterPeter Young 
Assigned ToVincent Sanders 
SeveritycrashReproducibilityalways 
StatusclosedResolutionfixed 
PlatformARMX6OSRISC OSOS Version5.23
Product Version3.4 
Target Version3.4Fixed in Version3.4 
Summary0002385: Fatal crash on Google.
DescriptionBoth with #3050 and #3053 any attempt to load www.google.co.uk resuts in a crash. Logfile attached.
Steps To ReproduceDo the same again
TagsNo tags attached.
Fixed in CI build #
Reported in CI build #3050
URL of problem pagewww.google.co.uk
Attached Files

-Relationships
+Relationships

-Notes
Chris Young

~0001034

Chris Young (developer)

Stack trace from Amiga frontend:

Symbol info:
Instruction pointer 0x6EA1CAD0 belongs to module "NetSurf" (PowerPC)
Symbol: dom_string_data + 0x0 in section 1 offset 0x00249AAC

Stack trace:
    dom_string_data()+0x0 (section 1 @ 0x249AAC)
    [javascript/duktape/dukky.c:475] dukky_get_current_value_of_event_handler()+0xf0 (section 1 @ 0x13ED84)
    _dom_event_target_dispatch()+0xb0 (section 1 @ 0x26BA98)
    _dom_node_dispatch_event()+0x38c (section 1 @ 0x267690)
    [render/html.c:75] fire_dom_event()+0xb4 (section 1 @ 0x196104)
    [render/html_interaction.c:1008] html_mouse_action()+0x948 (section 1 @ 0x19B648)
    [content/content.c:474] content_mouse_action()+0x68 (section 1 @ 0xE2460)
    [desktop/browser.c:3118] browser_window_mouse_click()+0x2a8 (section 1 @ 0x115034)
    [amiga/gui.c:2046] ami_get_msg()+0x2008 (section 1 @ 0x1E0DC)
    [amiga/gui.c:5457] main()+0xa80 (section 1 @ 0x1FB68)
    native kernel module newlib.library.kmod+0x000020ac
    native kernel module newlib.library.kmod+0x00002d14
    native kernel module newlib.library.kmod+0x00002ef0
    _start()+0x170 (section 1 @ 0x16C)
    native kernel module dos.library.kmod+0x00024c18
    native kernel module kernel+0x0003b648
    native kernel module kernel+0x0003b6c8

PPC disassembly:
 6ea1cac8: 7c030378 mr r3,r0
 6ea1cacc: 4e800020 blr
*6ea1cad0: 80030018 lwz r0,24(r3)
 6ea1cad4: 2f800000 cmpwi cr7,r0,0
 6ea1cad8: 419e0010 beq- cr7,0x6EA1CAE8
Chris Young

~0001035

Chris Young (developer)

Here opening Google is fine, it is only when typing in the search box that it crashes. I assume it is the auto-complete functionality firing off on every keypress causing the crash.
Vincent Sanders

~0001043

Vincent Sanders (administrator)

Last edited: 2015-11-08 21:38

View 2 revisions

(gdb) bt
#0 0x00000000006563a4 in dom_string_length ()
#1 0x000000000059e3b1 in dukky_push_handler_code_ (et=0x1253530, name=0xcfc8e0, ctx=0x1247010)
    at javascript/duktape/dukky.c:475
0000002 dukky_get_current_value_of_event_handler (ctx=ctx@entry=0x1247010, name=0xcfc8e0, et=0x1253530)
    at javascript/duktape/dukky.c:496
#3 0x000000000059e66a in dukky_generic_event_handler (evt=0x1203950, pw=0x1247010)
    at javascript/duktape/dukky.c:571
#4 0x000000000067174c in _dom_event_target_dispatch ()
#5 0x000000000066e729 in _dom_node_dispatch_event ()
#6 0x00000000005df026 in dom_event_target_dispatch_event (success=0x7fffffffb5f7, evt=<optimized out>,
    et=0x1299dc0) at /home/vince/dev-netsurf/workspace/inst-x86_64-linux-gnu/include/dom/events/event_target.h:75
#7 fire_dom_event (type=0xcfc8e0, target=target@entry=0x1299dc0, bubbles=bubbles@entry=true,
    cancelable=cancelable@entry=true) at render/html.c:90
#8 0x00000000005e3fe3 in html_mouse_action (c=0x1209920, bw=0xe9b0a0, mouse=BROWSER_MOUSE_CLICK_1, x=571, y=1)
    at render/html_interaction.c:1011
#9 0x0000000000597c5d in nsgtk_window_button_release_event (widget=<optimized out>, event=0x113abd0,
    data=0xf25490) at gtk/window.c:415
#10 0x00007ffff656949f in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#11 0x00007ffff4e369a7 in ?? () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#12 0x00007ffff4e4f006 in g_signal_emit_valist () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#13 0x00007ffff4e4f852 in g_signal_emit () from /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0
#14 0x00007ffff669150e in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#15 0x00007ffff6567405 in ?? () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#16 0x00007ffff6569073 in gtk_main_do_event () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#17 0x00007ffff61b2082 in ?? () from /usr/lib/x86_64-linux-gnu/libgdk-3.so.0
#18 0x00007ffff4b77355 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#19 0x00007ffff4b77688 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#20 0x00007ffff4b77744 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#21 0x00007ffff6568475 in gtk_main_iteration () from /usr/lib/x86_64-linux-gnu/libgtk-3.so.0
#22 0x000000000057e2b2 in nsgtk_main () at gtk/gui.c:453
#23 0x000000000045c761 in main (argc=2, argv=0x7fffffffe1b8) at gtk/gui.c:1161


dukky.c:dukky_push_handler_code_()

does

exc = dom_element_get_attribute(ele, onname, &val);

to get the attribute, if its missing the dom call succeeds with val == NULL

I think the error trap below needs to cope with that

Vincent Sanders

~0001057

Vincent Sanders (administrator)

prevented null deref due to missing attribute on dom node
Vincent Sanders

~0001256

Vincent Sanders (administrator)

Confirmed fixed in 3.4 release
+Notes

-Issue History
Date Modified Username Field Change
2015-11-07 13:51 Peter Young New Issue
2015-11-07 13:51 Peter Young File Added: Logfile.zip
2015-11-07 13:56 Chris Young Note Added: 0001034
2015-11-07 14:00 Chris Young Note Added: 0001035
2015-11-07 14:00 Chris Young Category RISC OS-specific => Javascript
2015-11-07 14:00 Chris Young Product Version => 3.4
2015-11-07 14:00 Chris Young Target Version => 3.4
2015-11-08 20:25 Vincent Sanders Note Added: 0001043
2015-11-08 20:25 Vincent Sanders Status new => confirmed
2015-11-08 21:38 Vincent Sanders Note Edited: 0001043 View Revisions
2015-11-10 20:39 Vincent Sanders Note Added: 0001057
2015-11-10 20:39 Vincent Sanders Assigned To => Vincent Sanders
2015-11-10 20:39 Vincent Sanders Status confirmed => resolved
2015-11-10 20:39 Vincent Sanders Resolution open => fixed
2015-11-10 20:39 Vincent Sanders Fixed in Version => 3.4
2016-02-16 14:27 Vincent Sanders Note Added: 0001256
2016-02-16 14:27 Vincent Sanders Status resolved => closed
+Issue History