View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
---|---|---|---|---|---|---|---|---|---|
0002626 | NetSurf | [All Projects] General | public | 2018-10-16 14:42 | 2019-07-19 08:30 | ||||
Reporter | Jim Nagel | ||||||||
Assigned To | Daniel Silverstone | ||||||||
Severity | crash | Reproducibility | always | ||||||
Status | closed | Resolution | fixed | ||||||
Platform | ArmX6 | OS | RiscOS | OS Version | 5.25 | ||||
Product Version | 3.8 | ||||||||
Target Version | 3.9 | Fixed in Version | 3.9 | ||||||
Summary | 0002626: site about Death and Dying kills Netsurf | ||||||||
Description | Netsurf #4451 | ||||||||
Steps To Reproduce | Type URL, with or without its "www.". Netsurf crashes. | ||||||||
Additional Information | On Android tablet, this site gives error about URL can't be resolved. But Netsurf outright crashes. Have informed owners of site. | ||||||||
Tags | No tags attached. | ||||||||
Fixed in CI build # | 4620 | ||||||||
Reported in CI build # | 4451 | ||||||||
URL of problem page | http://deathfestglastonbury2018.com, http://www.deathfestglastonbury2018.com | ||||||||
Attached Files |
|
![]() |
|
Vincent Sanders (administrator) 2018-10-23 19:39 |
javascript abort Starting program: /home/vince/dev-netsurf/workspace/netsurf/nsgtk http://www.deathfestglastonbury2018.com/ [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe6a3d700 (LWP 32088)] [New Thread 0x7fffe623c700 (LWP 32089)] [New Thread 0x7fffe59db700 (LWP 32090)] [New Thread 0x7fffe51da700 (LWP 32091)] [Thread 0x7fffe51da700 (LWP 32091) exited] [Thread 0x7fffe59db700 (LWP 32090) exited] [New Thread 0x7fffe51da700 (LWP 32092)] [Thread 0x7fffe51da700 (LWP 32092) exited] [New Thread 0x7fffe51da700 (LWP 32093)] [Thread 0x7fffe51da700 (LWP 32093) exited] Thread 1 "nsgtk" received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 51 ../sysdeps/unix/sysv/linux/raise.c: No such file or directory. (gdb) list 46 in ../sysdeps/unix/sysv/linux/raise.c (gdb) up #1 0x00007ffff362542a in __GI_abort () at abort.c:89 89 abort.c: No such file or directory. (gdb) up 0000002 0x00005555555d7c56 in duk_default_fatal_handler (udata=<optimized out>, msg=<optimized out>) at content/handlers/javascript/duktape/duktape.c:11749 11749 DUK_ABORT(); (gdb) list 11744 * - http://wiki.duktape.org/HowtoFatalErrors.html 11745 * - http://duktape.org/api.html#taglist-protected 11746 * ==================================================================== 11747 */ 11748 DUK_D(DUK_DPRINT("built-in default fatal error handler called: %s", msg)); 11749 DUK_ABORT(); 11750 #endif 11751 11752 DUK_D(DUK_DPRINT("fatal error handler returned, enter forever loop")); 11753 for (;;) { (gdb) up #3 0x000055555569ffdf in duk_fatal_raw (thr=thr@entry=0x555556185ec0, err_msg=err_msg@entry=0x7fffffffb530 "uncaught: 'C call stack depth limit'") at content/handlers/javascript/duktape/duktape.c:23878 23878 thr->heap->fatal_func(thr->heap->heap_udata, err_msg); (gdb) up #4 0x00005555556a4397 in duk__uncaught_error_aware (thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:46270 46270 (void) duk_fatal(thr, (const char *) buf); (gdb) up #5 duk_err_longjmp (thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:46321 46321 duk__uncaught_error_aware(thr); (gdb) up #6 0x00005555556a2269 in duk__handle_executor_error (entry_jmpbuf_ptr=0x0, entry_call_recursion_depth=2, entry_act=0x55555630b890, heap=0x555555e78590) at content/handlers/javascript/duktape/duktape.c:75893 75893 duk_err_longjmp(heap->curr_thread); (gdb) up #7 duk_js_execute_bytecode (exec_thr=exec_thr@entry=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:10427 10427 * Used for toPrecision(). (gdb) up #8 0x00005555556a2b84 in duk__handle_call_raw (thr=thr@entry=0x555556185ec0, idx_func=9, call_flags=call_flags@entry=0) at content/handlers/javascript/duktape/duktape.c:64240 64240 duk_js_execute_bytecode(thr); (gdb) up #9 0x00005555556a3cde in duk_handle_call_unprotected (call_flags=0, idx_func=<optimized out>, thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:64422 64422 return duk__handle_call_raw(thr, idx_func, call_flags); (gdb) up #10 duk_call_method (thr=thr@entry=0x555556185ec0, nargs=<optimized out>, nargs@entry=1) at content/handlers/javascript/duktape/duktape.c:14285 14285 duk_handle_call_unprotected(thr, idx_func, call_flags); (gdb) up #11 0x00005555556b8e06 in duk_hobject_getprop (thr=thr@entry=0x555556185ec0, tv_obj=0x7fffffffb850, tv_key=0x7fffffffb860) at content/handlers/javascript/duktape/duktape.c:56845 56845 duk_call_method(thr, 1); /* [key getter this key] -> [key retval] */ (gdb) up #12 0x00005555556b94a3 in duk_get_prop (thr=thr@entry=0x555556185ec0, obj_idx=obj_idx@entry=5) at content/handlers/javascript/duktape/duktape.c:16558 16558 rc = duk_hobject_getprop(thr, tv_obj, tv_key); (gdb) up #13 0x00005555556a8e3c in duk_get_prop_stridx (thr=thr@entry=0x555556185ec0, obj_idx=<optimized out>, obj_idx@entry=-2, stridx=stridx@entry=92) at content/handlers/javascript/duktape/duktape.c:16619 16619 return duk_get_prop(thr, obj_idx); (gdb) up #14 0x00005555556bd01b in duk_get_prop_stridx_short_raw (packed_args=4294836316, thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:16623 16623 return duk_get_prop_stridx(thr, (duk_idx_t) (duk_int16_t) (packed_args >> 16), (gdb) up #15 duk__error_getter_helper (thr=0x555556185ec0, output_type=0) at content/handlers/javascript/duktape/duktape.c:32725 32725 duk_get_prop_stridx_short(thr, -2, DUK_STRIDX_NAME); (gdb) up #16 0x00005555556a2913 in duk__handle_call_raw (thr=thr@entry=0x555556185ec0, idx_func=5, call_flags=call_flags@entry=0) at content/handlers/javascript/duktape/duktape.c:64268 64268 rc = ((duk_hnatfunc *) func)->func(thr); (gdb) up #17 0x00005555556a3cde in duk_handle_call_unprotected (call_flags=0, idx_func=<optimized out>, thr=0x555556185ec0) at content/handlers/javascript/duktape/duktape.c:64422 64422 return duk__handle_call_raw(thr, idx_func, call_flags); (gdb) up #18 duk_call_method (thr=thr@entry=0x555556185ec0, nargs=<optimized out>, nargs@entry=1) at content/handlers/javascript/duktape/duktape.c:14285 14285 duk_handle_call_unprotected(thr, idx_func, call_flags); (gdb) up #19 0x00005555556b8e06 in duk_hobject_getprop (thr=thr@entry=0x555556185ec0, tv_obj=0x7fffffffbac0, tv_key=0x7fffffffbad0) at content/handlers/javascript/duktape/duktape.c:56845 56845 duk_call_method(thr, 1); /* [key getter this key] -> [key retval] */ (gdb) up #20 0x00005555556b94a3 in duk_get_prop (thr=0x555556185ec0, obj_idx=<optimized out>) at content/handlers/javascript/duktape/duktape.c:16558 16558 rc = duk_hobject_getprop(thr, tv_obj, tv_key); (gdb) up #21 0x00005555556bc159 in duk_get_prop_string (thr=<optimized out>, obj_idx=<optimized out>, obj_idx@entry=0, key=key@entry=0x5555557cbb06 "fileName") at content/handlers/javascript/duktape/duktape.c:16573 16573 return duk_get_prop(thr, obj_idx); (gdb) up #22 0x000055555569a69a in js_exec (ctx=0x555555e777e0, txt=0x7fffe4339010 "/* Disable minification (remove `.min` from URL path) for more info */\n\n(function(undefined) {!function(e){var t=Object.prototype.hasOwnProperty(\"__defineGetter__\"),r=\"A property cannot both have acce"..., txtlen=149075) at content/handlers/javascript/duktape/dukky.c:663 663 duk_get_prop_string(CTX, 0, "fileName"); (gdb) up #23 0x000055555568738a in convert_script_sync_cb (script=<optimized out>, event=<optimized out>, pw=0x5555561855d0) at content/handlers/html/html_script.c:303 303 script_handler(parent->jscontext, data, size); (gdb) up #24 0x00005555556d58b9 in hlcache_content_callback (c=<optimized out>, msg=<optimized out>, data=<optimized out>, pw=<optimized out>) at content/hlcache.c:195 195 error = handle->cb(handle, &event, handle->pw); (gdb) up #25 0x0000555555658914 in content_broadcast (c=0x555556196020, msg=CONTENT_MSG_DONE, data=0x0) at content/content.c:777 777 user->callback(c, msg, data, user->pw); (gdb) up #26 0x00005555556589dd in content_set_done (c=c@entry=0x555556196020) at content/content.c:320 320 content_broadcast(c, CONTENT_MSG_DONE, NULL); (gdb) up #27 0x0000555555699681 in javascript_convert (c=0x555556196020) at content/handlers/javascript/content.c:67 67 content_set_done(c); (gdb) up #28 0x0000555555658ac2 in content_convert (c=0x555556196020) at content/content.c:281 281 if (c->handler->data_complete(c) == false) { (gdb) up #29 content_llcache_callback (llcache=<optimized out>, event=<optimized out>, pw=0x555556196020) at content/content.c:169 169 content_convert(c); (gdb) up #30 0x00005555556d797e in llcache_object_notify_users (object=object@entry=0x5555561a73f0) at content/llcache.c:3191 3191 error = handle->cb(handle, &event, handle->pw); (gdb) up #31 0x00005555556d7a30 in llcache_catch_up_all_users (ignored=<optimized out>) at content/llcache.c:3617 3617 llcache_object_notify_users(object); (gdb) up #32 0x00005555557170a2 in schedule_run () at frontends/gtk/schedule.c:132 132 cb->callback(cb->context); (gdb) up #33 0x00005555557096c2 in nsgtk_main () at frontends/gtk/gui.c:429 429 schedule_run(); (gdb) up #34 0x00005555555d96b3 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206 1206 |
Daniel Silverstone (administrator) 2018-11-04 09:44 |
I can confirm this is smashing the stack due to attempting to report an error in JavaScript which results in a deep recursion within the JavaScript interpreter. I will attach a minimum test case. If I set my stack size to 10MiB, I am able to continue, I suggest we need to adjust duk_config.h to have a smaller DUK_USE_NATIVE_CALL_RECLIMIT |
Daniel Silverstone (administrator) 2018-11-04 09:53 |
I've forwarded this to the duktape author too: https://github.com/svaarala/duktape/issues/1994 |
Daniel Silverstone (administrator) 2019-05-06 14:35 |
A variety of JS improvements have gone in, this now no longer triggers a crash. |
Vincent Sanders (administrator) 2019-07-19 08:30 |
we believe this issue has been resolved in NetSurf 3.9 |
![]() |
|||
Date Modified | Username | Field | Change |
---|---|---|---|
2018-10-16 14:42 | Jim Nagel | New Issue | |
2018-10-16 14:42 | Jim Nagel | File Added: Log-after-Deathfest | |
2018-10-23 19:39 | Vincent Sanders | Note Added: 0001854 | |
2018-10-23 19:40 | Vincent Sanders | Status | new => confirmed |
2018-11-04 09:44 | Daniel Silverstone | Assigned To | => Daniel Silverstone |
2018-11-04 09:44 | Daniel Silverstone | Status | confirmed => assigned |
2018-11-04 09:44 | Daniel Silverstone | Note Added: 0001862 | |
2018-11-04 09:45 | Daniel Silverstone | File Added: test.html | |
2018-11-04 09:45 | Daniel Silverstone | File Added: poo.js | |
2018-11-04 09:53 | Daniel Silverstone | Note Added: 0001863 | |
2019-05-06 14:35 | Daniel Silverstone | Status | assigned => resolved |
2019-05-06 14:35 | Daniel Silverstone | Resolution | open => fixed |
2019-05-06 14:35 | Daniel Silverstone | Fixed in Version | => 3.9 |
2019-05-06 14:35 | Daniel Silverstone | Target Version | => 3.9 |
2019-05-06 14:35 | Daniel Silverstone | Fixed in CI build # | => 4620 |
2019-05-06 14:35 | Daniel Silverstone | Note Added: 0001905 | |
2019-07-19 08:30 | Vincent Sanders | Status | resolved => closed |
2019-07-19 08:30 | Vincent Sanders | Note Added: 0002013 |