0002626: site about Death and Dying kills Netsurf - MantisBT

2023-03-23 02:20 UTC

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0002626

NetSurf

[All Projects] General

public

2018-10-16 14:42

2019-07-19 08:30

Reporter

Jim Nagel

Assigned To

Daniel Silverstone

Severity

crash

Reproducibility

always

Status

closed

Resolution

fixed

Platform

ArmX6

OS

RiscOS

OS Version

5.25

Product Version

3.8

Target Version

3.9

Fixed in Version

3.9

Summary

0002626: site about Death and Dying kills Netsurf

Description

Netsurf #4451

Steps To Reproduce

Type URL, with or without its "www.". Netsurf crashes.

Additional Information

On Android tablet, this site gives error about URL can't be resolved. But Netsurf outright crashes. Have informed owners of site.

Tags

No tags attached.

Fixed in CI build #

4620

Reported in CI build #

4451

URL of problem page

http://deathfestglastonbury2018.com, http://www.deathfestglastonbury2018.com

Attached Files

Log-after-Deathfest (1,281,023 bytes) 2018-10-16 14:42
test.html (73 bytes) 2018-11-04 09:45
poo.js (149,075 bytes) 2018-11-04 09:45

Relationships

Relationships

Notes
~0001854 Vincent Sanders (administrator) 2018-10-23 19:39	javascript abort Starting program: /home/vince/dev-netsurf/workspace/netsurf/nsgtk http://www.deathfestglastonbury2018.com/ [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe6a3d700 (LWP 32088)] [New Thread 0x7fffe623c700 (LWP 32089)] [New Thread 0x7fffe59db700 (LWP 32090)] [New Thread 0x7fffe51da700 (LWP 32091)] [Thread 0x7fffe51da700 (LWP 32091) exited] [Thread 0x7fffe59db700 (LWP 32090) exited] [New Thread 0x7fffe51da700 (LWP 32092)] [Thread 0x7fffe51da700 (LWP 32092) exited] [New Thread 0x7fffe51da700 (LWP 32093)] [Thread 0x7fffe51da700 (LWP 32093) exited] Thread 1 "nsgtk" received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) list 46 in ../sysdeps/unix/sysv/linux/raise.c (gdb) up #1 0x00007ffff362542a in __GI_abort () at abort.c:89 89 abort.c: No such file or directory. (gdb) up 0000002 0x00005555555d7c56 in duk_default_fatal_handler (udata=<optimized out>, msg=<optimized out>) at content/handlers/javascript/duktape/duktape.c:11749 11749 DUK_ABORT(); (gdb) list 11744 * - http://wiki.duktape.org/HowtoFatalErrors.html 11745 * - http://duktape.org/api.html#taglist-protected 11746 * ==================================================================== 11747 / 11748 DUK_D(DUK_DPRINT("built-in default fatal error handler called: %s", msg)); 11749 DUK_ABORT(); 11750 #endif 11751 11752 DUK_D(DUK_DPRINT("fatal error handler returned, enter forever loop")); 11753 for (;;) { (gdb) up #3 0x000055555569ffdf in duk_fatal_raw (thr=thr@entry=0x555556185ec0, err_msg=err_msg@entry=0x7fffffffb530 "uncaught: 'C call stack depth limit'") at content/handlers/javascript/duktape/duktape.c:23878 23878 thr->heap->fatal_func(thr->heap->heap_udata, err_msg); (gdb) up #4 0x00005555556a4397 in duk__uncaught_error_aware (thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:46270 46270 (void) duk_fatal(thr, (const char ) buf); (gdb) up #5 duk_err_longjmp (thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:46321 46321 duk__uncaught_error_aware(thr); (gdb) up #6 0x00005555556a2269 in duk__handle_executor_error (entry_jmpbuf_ptr=0x0, entry_call_recursion_depth=2, entry_act=0x55555630b890, heap=0x555555e78590) at content/handlers/javascript/duktape/duktape.c:75893 75893 duk_err_longjmp(heap->curr_thread); (gdb) up #7 duk_js_execute_bytecode (exec_thr=exec_thr@entry=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:10427 10427 * Used for toPrecision(). (gdb) up #8 0x00005555556a2b84 in duk__handle_call_raw (thr=thr@entry=0x555556185ec0, idx_func=9, call_flags=call_flags@entry=0) at content/handlers/javascript/duktape/duktape.c:64240 64240 duk_js_execute_bytecode(thr); (gdb) up #9 0x00005555556a3cde in duk_handle_call_unprotected (call_flags=0, idx_func=<optimized out>, thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:64422 64422 return duk__handle_call_raw(thr, idx_func, call_flags); (gdb) up #10 duk_call_method (thr=thr@entry=0x555556185ec0, nargs=<optimized out>, nargs@entry=1) at content/handlers/javascript/duktape/duktape.c:14285 14285 duk_handle_call_unprotected(thr, idx_func, call_flags); (gdb) up #11 0x00005555556b8e06 in duk_hobject_getprop (thr=thr@entry=0x555556185ec0, tv_obj=0x7fffffffb850, tv_key=0x7fffffffb860) at content/handlers/javascript/duktape/duktape.c:56845 56845 duk_call_method(thr, 1); /* [key getter this key] -> [key retval] / (gdb) up #12 0x00005555556b94a3 in duk_get_prop (thr=thr@entry=0x555556185ec0, obj_idx=obj_idx@entry=5) at content/handlers/javascript/duktape/duktape.c:16558 16558 rc = duk_hobject_getprop(thr, tv_obj, tv_key); (gdb) up #13 0x00005555556a8e3c in duk_get_prop_stridx (thr=thr@entry=0x555556185ec0, obj_idx=<optimized out>, obj_idx@entry=-2, stridx=stridx@entry=92) at content/handlers/javascript/duktape/duktape.c:16619 16619 return duk_get_prop(thr, obj_idx); (gdb) up #14 0x00005555556bd01b in duk_get_prop_stridx_short_raw (packed_args=4294836316, thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:16623 16623 return duk_get_prop_stridx(thr, (duk_idx_t) (duk_int16_t) (packed_args >> 16), (gdb) up #15 duk__error_getter_helper (thr=0x555556185ec0, output_type=0) at content/handlers/javascript/duktape/duktape.c:32725 32725 duk_get_prop_stridx_short(thr, -2, DUK_STRIDX_NAME); (gdb) up #16 0x00005555556a2913 in duk__handle_call_raw (thr=thr@entry=0x555556185ec0, idx_func=5, call_flags=call_flags@entry=0) at content/handlers/javascript/duktape/duktape.c:64268 64268 rc = ((duk_hnatfunc ) func)->func(thr); (gdb) up #17 0x00005555556a3cde in duk_handle_call_unprotected (call_flags=0, idx_func=<optimized out>, thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:64422 64422 return duk__handle_call_raw(thr, idx_func, call_flags); (gdb) up #18 duk_call_method (thr=thr@entry=0x555556185ec0, nargs=<optimized out>, nargs@entry=1) at content/handlers/javascript/duktape/duktape.c:14285 14285 duk_handle_call_unprotected(thr, idx_func, call_flags); (gdb) up #19 0x00005555556b8e06 in duk_hobject_getprop (thr=thr@entry=0x555556185ec0, tv_obj=0x7fffffffbac0, tv_key=0x7fffffffbad0) at content/handlers/javascript/duktape/duktape.c:56845 56845 duk_call_method(thr, 1); /* [key getter this key] -> [key retval] / (gdb) up #20 0x00005555556b94a3 in duk_get_prop (thr=0x555556185ec0, obj_idx=<optimized out>) at content/handlers/javascript/duktape/duktape.c:16558 16558 rc = duk_hobject_getprop(thr, tv_obj, tv_key); (gdb) up #21 0x00005555556bc159 in duk_get_prop_string (thr=<optimized out>, obj_idx=<optimized out>, obj_idx@entry=0, key=key@entry=0x5555557cbb06 "fileName") at content/handlers/javascript/duktape/duktape.c:16573 16573 return duk_get_prop(thr, obj_idx); (gdb) up #22 0x000055555569a69a in js_exec (ctx=0x555555e777e0, txt=0x7fffe4339010 "/ Disable minification (remove `.min` from URL path) for more info */\n\n(function(undefined) {!function(e){var t=Object.prototype.hasOwnProperty(\"__defineGetter__\"),r=\"A property cannot both have acce"..., txtlen=149075) at content/handlers/javascript/duktape/dukky.c:663 663 duk_get_prop_string(CTX, 0, "fileName"); (gdb) up #23 0x000055555568738a in convert_script_sync_cb (script=<optimized out>, event=<optimized out>, pw=0x5555561855d0) at content/handlers/html/html_script.c:303 303 script_handler(parent->jscontext, data, size); (gdb) up #24 0x00005555556d58b9 in hlcache_content_callback (c=<optimized out>, msg=<optimized out>, data=<optimized out>, pw=<optimized out>) at content/hlcache.c:195 195 error = handle->cb(handle, &event, handle->pw); (gdb) up #25 0x0000555555658914 in content_broadcast (c=0x555556196020, msg=CONTENT_MSG_DONE, data=0x0) at content/content.c:777 777 user->callback(c, msg, data, user->pw); (gdb) up #26 0x00005555556589dd in content_set_done (c=c@entry=0x555556196020) at content/content.c:320 320 content_broadcast(c, CONTENT_MSG_DONE, NULL); (gdb) up #27 0x0000555555699681 in javascript_convert (c=0x555556196020) at content/handlers/javascript/content.c:67 67 content_set_done(c); (gdb) up #28 0x0000555555658ac2 in content_convert (c=0x555556196020) at content/content.c:281 281 if (c->handler->data_complete(c) == false) { (gdb) up #29 content_llcache_callback (llcache=<optimized out>, event=<optimized out>, pw=0x555556196020) at content/content.c:169 169 content_convert(c); (gdb) up #30 0x00005555556d797e in llcache_object_notify_users (object=object@entry=0x5555561a73f0) at content/llcache.c:3191 3191 error = handle->cb(handle, &event, handle->pw); (gdb) up #31 0x00005555556d7a30 in llcache_catch_up_all_users (ignored=<optimized out>) at content/llcache.c:3617 3617 llcache_object_notify_users(object); (gdb) up #32 0x00005555557170a2 in schedule_run () at frontends/gtk/schedule.c:132 132 cb->callback(cb->context); (gdb) up #33 0x00005555557096c2 in nsgtk_main () at frontends/gtk/gui.c:429 429 schedule_run(); (gdb) up #34 0x00005555555d96b3 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206 1206

~0001862 Daniel Silverstone (administrator) 2018-11-04 09:44	I can confirm this is smashing the stack due to attempting to report an error in JavaScript which results in a deep recursion within the JavaScript interpreter. I will attach a minimum test case. If I set my stack size to 10MiB, I am able to continue, I suggest we need to adjust duk_config.h to have a smaller DUK_USE_NATIVE_CALL_RECLIMIT

~0001863 Daniel Silverstone (administrator) 2018-11-04 09:53	I've forwarded this to the duktape author too: https://github.com/svaarala/duktape/issues/1994

~0001905 Daniel Silverstone (administrator) 2019-05-06 14:35	A variety of JS improvements have gone in, this now no longer triggers a crash.

~0002013 Vincent Sanders (administrator) 2019-07-19 08:30	we believe this issue has been resolved in NetSurf 3.9

Notes

Date Modified	Username	Field	Change
Issue History
2018-10-16 14:42	Jim Nagel	New Issue
2018-10-16 14:42	Jim Nagel	File Added: Log-after-Deathfest
2018-10-23 19:39	Vincent Sanders	Note Added: 0001854
2018-10-23 19:40	Vincent Sanders	Status	new => confirmed
2018-11-04 09:44	Daniel Silverstone	Assigned To	=> Daniel Silverstone
2018-11-04 09:44	Daniel Silverstone	Status	confirmed => assigned
2018-11-04 09:44	Daniel Silverstone	Note Added: 0001862
2018-11-04 09:45	Daniel Silverstone	File Added: test.html
2018-11-04 09:45	Daniel Silverstone	File Added: poo.js
2018-11-04 09:53	Daniel Silverstone	Note Added: 0001863
2019-05-06 14:35	Daniel Silverstone	Status	assigned => resolved
2019-05-06 14:35	Daniel Silverstone	Resolution	open => fixed
2019-05-06 14:35	Daniel Silverstone	Fixed in Version	=> 3.9
2019-05-06 14:35	Daniel Silverstone	Target Version	=> 3.9
2019-05-06 14:35	Daniel Silverstone	Fixed in CI build #	=> 4620
2019-05-06 14:35	Daniel Silverstone	Note Added: 0001905
2019-07-19 08:30	Vincent Sanders	Status	resolved => closed
2019-07-19 08:30	Vincent Sanders	Note Added: 0002013

Issue History