2019-08-25 19:47 BST

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0002666NetSurfGTK-specificpublic2019-07-19 09:28
ReporterVincent Sanders 
Assigned ToDaniel Silverstone 
SeveritycrashReproducibilityalways 
StatusclosedResolutionfixed 
PlatformDebianOSLinuxOS Version8
Product Version3.9 
Target Version3.9Fixed in Version 
Summary0002666: visiting ria.ru website causes a segfault
Descriptionnavigate to https://ria.ru/ wait a few seconds and get a seg fault

turns out this is a GTK scheduler issue.
Additional InformationThread 1 "nsgtk" received signal SIGSEGV, Segmentation fault.
0x000055555565da32 in window_schedule_callback (p=0x555556283490)
    at build/Linux-gtk/duktape/window.c:139
139 RING_REMOVE(priv->owner->schedule_ring, priv);
(gdb) bt
#0 0x000055555565da32 in window_schedule_callback (p=0x555556283490)
    at build/Linux-gtk/duktape/window.c:139
#1 0x000055555572746a in schedule_run () at frontends/gtk/schedule.c:132
0000002 0x00005555557199d2 in nsgtk_main () at frontends/gtk/gui.c:429
#3 0x00005555555dd493 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
(gdb) list
134 NSLOG(dukky, DEEPDEBUG, "Rescheduling repeating callback %"PRIsizet, priv->handle);
135 guit->misc->schedule(priv->repeat_timeout, window_schedule_callback, priv);
136 } else {
137 NSLOG(dukky, DEEPDEBUG, "Removing completed callback %"PRIsizet, priv->handle);
138 /* Remove this from the ring */
139 RING_REMOVE(priv->owner->schedule_ring, priv);
140 window_remove_callback_bits(priv->ctx, priv->handle);
141 free(priv);
142 }
143 }
(gdb) p priv
$1 = (window_schedule_t *) 0x555556283490
(gdb) p *priv
$2 = {owner = 0x108004081, ctx = 0x555558be7cd0, r_next = 0x555557ccafb0, r_prev = 0x0,
  handle = 93825001981184, repeat_timeout = 0}
(gdb) p *priv->owner
Cannot access memory at address 0x108004081
(gdb)
TagsNo tags attached.
Fixed in CI build #4662
Reported in CI build #
URL of problem pagehttps://ria.ru/
Attached Files

-Relationships
+Relationships

-Notes
Vincent Sanders

~0001941

Vincent Sanders (administrator)

same for https://nypost.com/

Thread 1 "nsgtk" received signal SIGSEGV, Segmentation fault.
0x000055555565da2a in window_schedule_callback (p=0x5555578217a0)
    at build/Linux-gtk/duktape/window.c:139
139 RING_REMOVE(priv->owner->schedule_ring, priv);
(gdb) bt
#0 0x000055555565da2a in window_schedule_callback (p=0x5555578217a0)
    at build/Linux-gtk/duktape/window.c:139
#1 0x000055555572746a in schedule_run () at frontends/gtk/schedule.c:132
0000002 0x0000555555719970 in nsgtk_main () at frontends/gtk/gui.c:429
#3 0x00005555555dd493 in main (argc=<optimized out>, argv=<optimized out>) at frontends/gtk/gui.c:1206
(gdb) list
134 NSLOG(dukky, DEEPDEBUG, "Rescheduling repeating callback %"PRIsizet, priv->handle);
135 guit->misc->schedule(priv->repeat_timeout, window_schedule_callback, priv);
136 } else {
137 NSLOG(dukky, DEEPDEBUG, "Removing completed callback %"PRIsizet, priv->handle);
138 /* Remove this from the ring */
139 RING_REMOVE(priv->owner->schedule_ring, priv);
140 window_remove_callback_bits(priv->ctx, priv->handle);
141 free(priv);
142 }
143 }
(gdb) p print
$1 = 0
(gdb) p priv
$2 = (window_schedule_t *) 0x5555578217a0
(gdb) p *priv
$3 = {owner = 0x555557adf2d0, ctx = 0x55555781dba0, r_next = 0x0, r_prev = 0x0,
  handle = 93825001969472, repeat_timeout = 0}
(gdb) p *priv->owner
$4 = {parent = {bubbling_registered = 4, capture_registered = 4, is_node = 4},
  schedule_ring = 0x555556a55340, htmlc = 0x555557821970, win = 0x0}
(gdb) p *priv->owner->schedule_ring
$5 = {owner = 0x5550396c55467430, ctx = 0x41, r_next = 0x5555578218f0, r_prev = 0x5555568be0c0,
  handle = 140733193388033, repeat_timeout = 2}
Vincent Sanders

~0001942

Vincent Sanders (administrator)

given:


/** Remove the given element from the specified ring.
 * Will zero the element as needed
 */
#define RING_REMOVE(ring, element) \
    /*LOG("RING_REMOVE(%s, %p(%s)", #ring, element, element->host);*/ \
    if (element->r_next != element ) { \

well r_next is not the element (it is null)

so trying to dereference r_next goes kablooie


        /* Not the only thing in the ring */ \
        element->r_next->r_prev = element->r_prev; \
        element->r_prev->r_next = element->r_next; \
        if (ring == element) ring = element->r_next; \
    } else { \
        /* Only thing in the ring */ \
        ring = 0; \
    } \
    element->r_next = element->r_prev = 0
Vincent Sanders

~0001943

Vincent Sanders (administrator)

https://plesk.com/ seems the same

valgrind capture
==23358== Invalid read of size 4
==23358== at 0x211961: window_schedule_callback (window.c:132)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211965: window_schedule_callback (window.c:134)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 4
==23358== at 0x21198D: window_schedule_callback (window.c:135)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211832: window_schedule_callback (window.c:128)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211842: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3b8 is 8 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 4
==23358== at 0x211846: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d8 is 40 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358== Invalid read of size 8
==23358== at 0x211851: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
==23358== by 0x191492: main (gui.c:1206)
==23358== Address 0x186ac3d0 is 32 bytes inside a block of size 48 free'd
==23358== at 0x4C2CDDB: free (vg_replace_malloc.c:530)
==23358== by 0x2116D7: dukky_window_clearInterval (Window.bnd:415)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x28B380: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x28B380: duk__pcall_raw (duktape.c:14323)
==23358== by 0x26DAEF: duk__handle_safe_call_inner (duktape.c:64475)
==23358== by 0x26DAEF: duk_handle_safe_call (duktape.c:64720)
==23358== by 0x27CF6D: duk_pcall (duktape.c:14342)
==23358== by 0x25DB09: dukky_pcall (dukky.c:750)
==23358== by 0x21193C: window_call_callback (window.c:107)
==23358== by 0x21193C: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== Block was alloc'd at
==23358== at 0x4C2DBC5: calloc (vg_replace_malloc.c:711)
==23358== by 0x2109DE: window_alloc_new_callback (window.c:148)
==23358== by 0x210BD3: dukky_window_setInterval (Window.bnd:398)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358== by 0x280EC4: duk_bi_array_prototype_iter_shared (duktape.c:26351)
==23358== by 0x266342: duk__handle_call_raw (duktape.c:64268)
==23358== by 0x191E57: duk_handle_call_unprotected (duktape.c:64422)
==23358== by 0x191E57: duk__executor_handle_call (duktape.c:75684)
==23358== by 0x191E57: duk__js_execute_bytecode_inner.isra.133 (duktape.c:77758)
==23358== by 0x265795: duk_js_execute_bytecode (duktape.c:75946)
==23358== by 0x2665B3: duk__handle_call_raw (duktape.c:64240)
==23358==
==23358==
==23358== Process terminating with default action of signal 6 (SIGABRT)
==23358== at 0x9516FFF: raise (raise.c:51)
==23358== by 0x9518429: abort (abort.c:89)
==23358== by 0x18FAA5: duk_default_fatal_handler (duktape.c:11749)
==23358== by 0x263A0E: duk_fatal_raw (duktape.c:23878)
==23358== by 0x267DC6: duk__uncaught_error_aware (duktape.c:46270)
==23358== by 0x267DC6: duk_err_longjmp (duktape.c:46321)
==23358== by 0x18FC0F: duk_err_create_and_throw.constprop.304 (duktape.c:46645)
==23358== by 0x18FDDC: duk_err_handle_error_fmt.constprop.306 (duktape.c:11621)
==23358== by 0x27C578: duk_hobject_getprop (duktape.c:56523)
==23358== by 0x27CED2: duk_get_prop (duktape.c:16558)
==23358== by 0x2118C3: window_call_callback (window.c:95)
==23358== by 0x2118C3: window_schedule_callback (window.c:130)
==23358== by 0x2DB469: schedule_run (schedule.c:132)
==23358== by 0x2CD96F: nsgtk_main (gui.c:429)
Vincent Sanders

~0001945

Vincent Sanders (administrator)

when Window.bnd:window_remove_callback_by_handle() calls the frontend (gtk) schedule with -1 to remove the callback from the active list the gtk scheduler fails to remove it and calls it back anyhow!
Daniel Silverstone

~0001947

Daniel Silverstone (administrator)

We were managing to attempt to either re-schedule, or cancel, a callback which was in the process of being handled in JS apready. I've pushed a fix to solve that.
Vincent Sanders

~0002005

Vincent Sanders (administrator)

we believe this issue has been resolved in NetSurf 3.9
+Notes

-Issue History
Date Modified Username Field Change
2019-06-07 14:17 Vincent Sanders New Issue
2019-06-07 14:33 Vincent Sanders Note Added: 0001941
2019-06-07 14:35 Vincent Sanders Note Added: 0001942
2019-06-07 18:15 Vincent Sanders Note Added: 0001943
2019-06-08 13:22 Vincent Sanders Status new => confirmed
2019-06-08 13:22 Vincent Sanders Category ABEND => GTK-specific
2019-06-08 13:22 Vincent Sanders Description Updated View Revisions
2019-06-08 13:22 Vincent Sanders Note Added: 0001945
2019-06-09 11:11 Daniel Silverstone Assigned To => Daniel Silverstone
2019-06-09 11:11 Daniel Silverstone Status confirmed => resolved
2019-06-09 11:11 Daniel Silverstone Resolution open => fixed
2019-06-09 11:11 Daniel Silverstone Fixed in CI build # => 4662
2019-06-09 11:11 Daniel Silverstone Note Added: 0001947
2019-07-19 09:28 Vincent Sanders Status resolved => closed
2019-07-19 09:28 Vincent Sanders Note Added: 0002005
+Issue History