2024-03-19 05:14 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002626NetSurf[All Projects] Generalpublic2019-07-19 08:30
ReporterJim Nagel 
Assigned ToDaniel Silverstone 
SeveritycrashReproducibilityalways 
StatusclosedResolutionfixed 
PlatformArmX6OSRiscOSOS Version5.25
Product Version3.8 
Target Version3.9Fixed in Version3.9 
Summary0002626: site about Death and Dying kills Netsurf
DescriptionNetsurf #4451
Steps To ReproduceType URL, with or without its "www.". Netsurf crashes.
Additional InformationOn Android tablet, this site gives error about URL can't be resolved. But Netsurf outright crashes. Have informed owners of site.
TagsNo tags attached.
Fixed in CI build #4620
Reported in CI build #4451
URL of problem page http://deathfestglastonbury2018.com, http://www.deathfestglastonbury2018.com
Attached Files

-Relationships
+Relationships

-Notes
Vincent Sanders

~0001854

Vincent Sanders (administrator)

javascript abort

Starting program: /home/vince/dev-netsurf/workspace/netsurf/nsgtk http://www.deathfestglastonbury2018.com/
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe6a3d700 (LWP 32088)]
[New Thread 0x7fffe623c700 (LWP 32089)]
[New Thread 0x7fffe59db700 (LWP 32090)]
[New Thread 0x7fffe51da700 (LWP 32091)]
[Thread 0x7fffe51da700 (LWP 32091) exited]
[Thread 0x7fffe59db700 (LWP 32090) exited]
[New Thread 0x7fffe51da700 (LWP 32092)]
[Thread 0x7fffe51da700 (LWP 32092) exited]
[New Thread 0x7fffe51da700 (LWP 32093)]
[Thread 0x7fffe51da700 (LWP 32093) exited]

Thread 1 "nsgtk" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
(gdb) list
46 in ../sysdeps/unix/sysv/linux/raise.c
(gdb) up
#1 0x00007ffff362542a in __GI_abort () at abort.c:89
89 abort.c: No such file or directory.
(gdb) up
0000002 0x00005555555d7c56 in duk_default_fatal_handler (udata=<optimized out>, msg=<optimized out>)
    at content/handlers/javascript/duktape/duktape.c:11749
11749 DUK_ABORT();
(gdb) list
11744 * - http://wiki.duktape.org/HowtoFatalErrors.html
11745 * - http://duktape.org/api.html#taglist-protected
11746 * ====================================================================
11747 */
11748 DUK_D(DUK_DPRINT("built-in default fatal error handler called: %s", msg));
11749 DUK_ABORT();
11750 #endif
11751
11752 DUK_D(DUK_DPRINT("fatal error handler returned, enter forever loop"));
11753 for (;;) {
(gdb) up
#3 0x000055555569ffdf in duk_fatal_raw (thr=thr@entry=0x555556185ec0,
    err_msg=err_msg@entry=0x7fffffffb530 "uncaught: 'C call stack depth limit'")
    at content/handlers/javascript/duktape/duktape.c:23878
23878 thr->heap->fatal_func(thr->heap->heap_udata, err_msg);
(gdb) up
#4 0x00005555556a4397 in duk__uncaught_error_aware (thr=0x555556185ec0)
    at content/handlers/javascript/duktape/duktape.c:46270
46270 (void) duk_fatal(thr, (const char *) buf);
(gdb) up
#5 duk_err_longjmp (thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:46321
46321 duk__uncaught_error_aware(thr);
(gdb) up
#6 0x00005555556a2269 in duk__handle_executor_error (entry_jmpbuf_ptr=0x0,
    entry_call_recursion_depth=2, entry_act=0x55555630b890, heap=0x555555e78590)
    at content/handlers/javascript/duktape/duktape.c:75893
75893 duk_err_longjmp(heap->curr_thread);
(gdb) up
#7 duk_js_execute_bytecode (exec_thr=exec_thr@entry=0x555556185ec0)
    at content/handlers/javascript/duktape/duktape.c:10427
10427 * Used for toPrecision().
(gdb) up
#8 0x00005555556a2b84 in duk__handle_call_raw (thr=thr@entry=0x555556185ec0, idx_func=9,
    call_flags=call_flags@entry=0) at content/handlers/javascript/duktape/duktape.c:64240
64240 duk_js_execute_bytecode(thr);
(gdb) up
#9 0x00005555556a3cde in duk_handle_call_unprotected (call_flags=0, idx_func=<optimized out>,
    thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:64422
64422 return duk__handle_call_raw(thr, idx_func, call_flags);
(gdb) up
#10 duk_call_method (thr=thr@entry=0x555556185ec0, nargs=<optimized out>, nargs@entry=1)
    at content/handlers/javascript/duktape/duktape.c:14285
14285 duk_handle_call_unprotected(thr, idx_func, call_flags);
(gdb) up
#11 0x00005555556b8e06 in duk_hobject_getprop (thr=thr@entry=0x555556185ec0, tv_obj=0x7fffffffb850,
    tv_key=0x7fffffffb860) at content/handlers/javascript/duktape/duktape.c:56845
56845 duk_call_method(thr, 1); /* [key getter this key] -> [key retval] */
(gdb) up
#12 0x00005555556b94a3 in duk_get_prop (thr=thr@entry=0x555556185ec0, obj_idx=obj_idx@entry=5)
    at content/handlers/javascript/duktape/duktape.c:16558
16558 rc = duk_hobject_getprop(thr, tv_obj, tv_key);
(gdb) up
#13 0x00005555556a8e3c in duk_get_prop_stridx (thr=thr@entry=0x555556185ec0, obj_idx=<optimized out>,
    obj_idx@entry=-2, stridx=stridx@entry=92) at content/handlers/javascript/duktape/duktape.c:16619
16619 return duk_get_prop(thr, obj_idx);
(gdb) up
#14 0x00005555556bd01b in duk_get_prop_stridx_short_raw (packed_args=4294836316, thr=0x555556185ec0)
    at content/handlers/javascript/duktape/duktape.c:16623
16623 return duk_get_prop_stridx(thr, (duk_idx_t) (duk_int16_t) (packed_args >> 16),
(gdb) up
#15 duk__error_getter_helper (thr=0x555556185ec0, output_type=0)
    at content/handlers/javascript/duktape/duktape.c:32725
32725 duk_get_prop_stridx_short(thr, -2, DUK_STRIDX_NAME);
(gdb) up
#16 0x00005555556a2913 in duk__handle_call_raw (thr=thr@entry=0x555556185ec0, idx_func=5,
    call_flags=call_flags@entry=0) at content/handlers/javascript/duktape/duktape.c:64268
64268 rc = ((duk_hnatfunc *) func)->func(thr);
(gdb) up
#17 0x00005555556a3cde in duk_handle_call_unprotected (call_flags=0, idx_func=<optimized out>,
    thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:64422
64422 return duk__handle_call_raw(thr, idx_func, call_flags);
(gdb) up
#18 duk_call_method (thr=thr@entry=0x555556185ec0, nargs=<optimized out>, nargs@entry=1)
    at content/handlers/javascript/duktape/duktape.c:14285
14285 duk_handle_call_unprotected(thr, idx_func, call_flags);
(gdb) up
#19 0x00005555556b8e06 in duk_hobject_getprop (thr=thr@entry=0x555556185ec0, tv_obj=0x7fffffffbac0,
    tv_key=0x7fffffffbad0) at content/handlers/javascript/duktape/duktape.c:56845
56845 duk_call_method(thr, 1); /* [key getter this key] -> [key retval] */
(gdb) up
#20 0x00005555556b94a3 in duk_get_prop (thr=0x555556185ec0, obj_idx=<optimized out>)
    at content/handlers/javascript/duktape/duktape.c:16558
16558 rc = duk_hobject_getprop(thr, tv_obj, tv_key);
(gdb) up
#21 0x00005555556bc159 in duk_get_prop_string (thr=<optimized out>, obj_idx=<optimized out>,
    obj_idx@entry=0, key=key@entry=0x5555557cbb06 "fileName")
    at content/handlers/javascript/duktape/duktape.c:16573
16573 return duk_get_prop(thr, obj_idx);
(gdb) up
#22 0x000055555569a69a in js_exec (ctx=0x555555e777e0,
    txt=0x7fffe4339010 "/* Disable minification (remove `.min` from URL path) for more info */\n\n(function(undefined) {!function(e){var t=Object.prototype.hasOwnProperty(\"__defineGetter__\"),r=\"A property cannot both have acce"..., txtlen=149075) at content/handlers/javascript/duktape/dukky.c:663
663 duk_get_prop_string(CTX, 0, "fileName");
(gdb) up
#23 0x000055555568738a in convert_script_sync_cb (script=<optimized out>, event=<optimized out>,
    pw=0x5555561855d0) at content/handlers/html/html_script.c:303
303 script_handler(parent->jscontext, data, size);
(gdb) up
#24 0x00005555556d58b9 in hlcache_content_callback (c=<optimized out>, msg=<optimized out>,
    data=<optimized out>, pw=<optimized out>) at content/hlcache.c:195
195 error = handle->cb(handle, &event, handle->pw);
(gdb) up
#25 0x0000555555658914 in content_broadcast (c=0x555556196020, msg=CONTENT_MSG_DONE, data=0x0)
    at content/content.c:777
777 user->callback(c, msg, data, user->pw);
(gdb) up
#26 0x00005555556589dd in content_set_done (c=c@entry=0x555556196020) at content/content.c:320
320 content_broadcast(c, CONTENT_MSG_DONE, NULL);
(gdb) up
#27 0x0000555555699681 in javascript_convert (c=0x555556196020)
    at content/handlers/javascript/content.c:67
67 content_set_done(c);
(gdb) up
#28 0x0000555555658ac2 in content_convert (c=0x555556196020) at content/content.c:281
281 if (c->handler->data_complete(c) == false) {
(gdb) up
#29 content_llcache_callback (llcache=<optimized out>, event=<optimized out>, pw=0x555556196020)
    at content/content.c:169
169 content_convert(c);
(gdb) up
#30 0x00005555556d797e in llcache_object_notify_users (object=object@entry=0x5555561a73f0)
    at content/llcache.c:3191
3191 error = handle->cb(handle, &event, handle->pw);
(gdb) up
#31 0x00005555556d7a30 in llcache_catch_up_all_users (ignored=<optimized out>) at content/llcache.c:3617
3617 llcache_object_notify_users(object);
(gdb) up
#32 0x00005555557170a2 in schedule_run () at frontends/gtk/schedule.c:132
132 cb->callback(cb->context);
(gdb) up
#33 0x00005555557096c2 in nsgtk_main () at frontends/gtk/gui.c:429
429 schedule_run();
(gdb) up
#34 0x00005555555d96b3 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
1206
Daniel Silverstone

~0001862

Daniel Silverstone (administrator)

I can confirm this is smashing the stack due to attempting to report an error in JavaScript which results in a deep recursion within the JavaScript interpreter.

I will attach a minimum test case.

If I set my stack size to 10MiB, I am able to continue, I suggest we need to adjust duk_config.h to have a smaller DUK_USE_NATIVE_CALL_RECLIMIT

Daniel Silverstone

~0001863

Daniel Silverstone (administrator)

I've forwarded this to the duktape author too: https://github.com/svaarala/duktape/issues/1994
Daniel Silverstone

~0001905

Daniel Silverstone (administrator)

A variety of JS improvements have gone in, this now no longer triggers a crash.
Vincent Sanders

~0002013

Vincent Sanders (administrator)

we believe this issue has been resolved in NetSurf 3.9
+Notes

-Issue History
Date Modified Username Field Change
2018-10-16 14:42 Jim Nagel New Issue
2018-10-16 14:42 Jim Nagel File Added: Log-after-Deathfest
2018-10-23 19:39 Vincent Sanders Note Added: 0001854
2018-10-23 19:40 Vincent Sanders Status new => confirmed
2018-11-04 09:44 Daniel Silverstone Assigned To => Daniel Silverstone
2018-11-04 09:44 Daniel Silverstone Status confirmed => assigned
2018-11-04 09:44 Daniel Silverstone Note Added: 0001862
2018-11-04 09:45 Daniel Silverstone File Added: test.html
2018-11-04 09:45 Daniel Silverstone File Added: poo.js
2018-11-04 09:53 Daniel Silverstone Note Added: 0001863
2019-05-06 14:35 Daniel Silverstone Status assigned => resolved
2019-05-06 14:35 Daniel Silverstone Resolution open => fixed
2019-05-06 14:35 Daniel Silverstone Fixed in Version => 3.9
2019-05-06 14:35 Daniel Silverstone Target Version => 3.9
2019-05-06 14:35 Daniel Silverstone Fixed in CI build # => 4620
2019-05-06 14:35 Daniel Silverstone Note Added: 0001905
2019-07-19 08:30 Vincent Sanders Status resolved => closed
2019-07-19 08:30 Vincent Sanders Note Added: 0002013
+Issue History