0002783: Segmentation Fault - MantisBT

2024-11-23 08:06 UTC

View Issue Details [ Jump to Notes ]

[ Issue History ] [ Print ]

ID

Project

Category

View Status

Date Submitted

Last Update

0002783

NetSurf

ABEND

public

2020-07-10 21:25

2024-02-25 21:43

Reporter

Richard Porter

Assigned To

Vincent Sanders

Severity

crash

Reproducibility

always

Status

closed

Resolution

fixed

Platform

ARMX6

OS

RISC OS

OS Version

5.27

Product Version

3.11

Target Version

3.11

Fixed in Version

3.11

Summary

0002783: Segmentation Fault

Description

NS invariably crashes on the problem page.

Steps To Reproduce

Go to problem page.

Tags

No tags attached.

Fixed in CI build #

5192

Reported in CI build #

5186

URL of problem page

http://www.trafficengland.com/motorway-service-areas

Attached Files

nslog338.zip (34,503 bytes) 2020-07-10 21:25

Relationships

has duplicate

closed

Vincent Sanders

Crash on rendering page

Relationships

Notes
~0002274 Vincent Sanders (administrator) 2020-07-12 17:02	due to html content being in loading state when selection operation occurs. Thread 1 "nsgtk3" received signal SIGSEGV, Segmentation fault. 0x00005555557023c2 in selection_label_subtree (box=0x0, idx=0) at content/handlers/html/textselection.c:447 447 struct box child = box->children; (gdb) bt #0 0x00005555557023c2 in selection_label_subtree (box=0x0, idx=0) at content/handlers/html/textselection.c:447 #1 0x0000555555702588 in html_textselection_get_end (c=0x55555632bf40, end_idx=0x55555632c2a0) at content/handlers/html/textselection.c:528 0000002 0x00005555557b2016 in selection_reinit (s=0x55555632c290) at desktop/selection.c:288 #3 0x00005555557b20dd in selection_init (s=0x55555632c290) at desktop/selection.c:315 #4 0x00005555556e1cf7 in html_open (c=0x55555632bf40, bw=0x5555560144b0, page=0x555556387a70, params=0x55555683d050) at content/handlers/html/html.c:1309 #5 0x00005555556abc05 in content_open (h=0x55555670c800, bw=0x5555560144b0, page=0x555556387a70, params=0x55555683d050) at content/content.c:804 #6 0x00005555556f5999 in html_object_callback (object=0x55555670c800, event=0x7fffffffbb30, pw=0x55555683d300) at content/handlers/html/object.c:172 #7 0x000055555577de53 in hlcache_find_content (ctx=0x55555683d330, effective_type=0x555555cb8a10) at content/hlcache.c:307 #8 0x000055555577dffe in hlcache_migrate_ctx (ctx=0x55555683d330, effective_type=0x555555cb8a10) at content/hlcache.c:359 #9 0x000055555577e4dc in hlcache_llcache_callback (handle=0x55555683d380, event=0x7fffffffbca0, pw=0x55555683d330) at content/hlcache.c:483 #10 0x0000555555784100 in llcache_object_notify_users (object=0x55555683d3e0) at content/llcache.c:3396 #11 0x0000555555784cda in llcache_catch_up_all_users (ignored=0x0) at content/llcache.c:3864 #12 0x00005555557dce6a in schedule_run () at frontends/gtk/schedule.c:148 #13 0x00005555557cc088 in nsgtk_main () at frontends/gtk/gui.c:506 #14 0x00005555557cda19 in main (argc=2, argv=0x7fffffffdfd8) at frontends/gtk/gui.c:1312 (gdb) list 442 \param idx current position within textual representation 443 * \return updated position 444 / 445 static unsigned selection_label_subtree(struct box box, unsigned idx) 446 { 447 struct box child = box->children; 448 449 box->byte_offset = idx; 450 451 if (box->text) { gdb) p box $1 = (struct box ) 0x0 (gdb) p idx $2 = 0 (gdb) (gdb) up #1 0x0000555555702588 in html_textselection_get_end (c=0x55555632bf40, end_idx=0x55555632c2a0) at content/handlers/html/textselection.c:528 528 end_idx = selection_label_subtree(html->layout, root_idx); (gdb) list 523 html_content html = (html_content )c; 524 unsigned root_idx; 525 526 root_idx = 0; 527 528 end_idx = selection_label_subtree(html->layout, root_idx); 529 530 return NSERROR_OK; 531 } (gdb) p html $3 = (html_content ) 0x55555632bf40 (gdb) p html $4 = {base = {llcache = 0x55555683d380, mime_type = 0x555555cb8a10, handler = 0x555555b06dc0 <html_content_handler>, status = CONTENT_STATUS_LOADING, width = 0, height = 0, available_width = 0, available_height = 0, quirks = false, fallback_charset = 0x55555632c270 "UTF-8", refresh = 0x0, links = 0x0, time = 4484862596, reformat_time = 0, size = 0, title = 0x0, active = 3, user_list = 0x55555632c250, status_message = "Fetching, Loading", '\000' <repeats 102 times>, sub_status = "Loading", '\000' <repeats 72 times>, locked = false, total_size = 0, http_code = 0, textsearch = {string = 0x0, context = 0x0}}, parser = 0x555556927e00, parse_completed = false, conversion_begun = false, document = 0x5555563ac880, quirks = DOM_DOCUMENT_QUIRKS_MODE_NONE, encoding = 0x55555632c2c0 "utf-8", encoding_source = DOM_HUBBUB_ENCODING_SOURCE_HEADER, base_url = 0x555556818b40, base_target = 0x0, len_ctx = {vw = 0, vh = 0, root_style = 0x0}, aborted = false, refresh = false, reflowing = false, had_initial_layout = false, enable_scripting = true, title = 0x0, bctx = 0x0, box_conversion_context = 0x0, layout = 0x0, background_colour = 16777216, font_func = 0x555555b17ef0 <layout_table>, scripts_count = 0, scripts = 0x0, jsthread = 0x0, stylesheet_count = 4, stylesheets = 0x555556372960, select_ctx = 0x0, media = {type = CSS_MEDIA_SCREEN, width = 0, height = 0, aspect_ratio = 0, orientation = CSS_MEDIA_ORIENTATION_PORTRAIT, resolution = {value = 0, unit = CSS_UNIT_PX}, scan = CSS_MEDIA_SCAN_PROGRESSIVE, grid = 0, update = CSS_MEDIA_UPDATE_FREQUENCY_NORMAL, overflow_block = CSS_MEDIA_OVERFLOW_BLOCK_NONE, overflow_inline = CSS_MEDIA_OVERFLOW_INLINE_NONE, color = 0, color_index = 0, monochrome = 0, inverted_colors = 0, pointer = CSS_MEDIA_POINTER_NONE, any_pointer = CSS_MEDIA_POINTER_NONE, hover = CSS_MEDIA_HOVER_NONE, any_hover = CSS_MEDIA_HOVER_NONE, light_level = CSS_MEDIA_LIGHT_LEVEL_NORMAL, scripting = CSS_MEDIA_SCRIPTING_NONE, client_font_size = 0, client_line_height = 0}, universal = 0x5555563885b0, num_objects = 0, object_list = 0x0, forms = 0x0, imagemaps = 0x0, bw = 0x5555560144b0, frameset = 0x0, iframe = 0x0, page = 0x555556387a70, drag_type = HTML_DRAG_NONE, drag_owner = { no_owner = true, content = 0x1, scrollbar = 0x1, textarea = 0x1}, selection_type = HTML_SELECTION_NONE, selection_owner = {none = true, textarea = 0x1, content = 0x1}, focus_type = HTML_FOCUS_SELF, focus_owner = {self = true, textarea = 0x1, content = 0x1}, sel = 0x55555632c290, visible_select_menu = 0x0} (gdb) p html->layout $5 = (struct box ) 0x0 (gdb) up 0000002 0x00005555557b2016 in selection_reinit (s=0x55555632c290) at desktop/selection.c:288 288 s->c->handler->textselection_get_end(s->c, &s->max_idx); (gdb) list 283 void selection_reinit(struct selection s) 284 { 285 s->max_idx = 0; 286 287 if (s->c->handler->textselection_get_end != NULL) { 288 s->c->handler->textselection_get_end(s->c, &s->max_idx); 289 } 290 291 if (s->defined) { 292 if (s->end_idx > s->max_idx) { (gdb) p s $6 = (struct selection ) 0x55555632c290 (gdb) p s $7 = {c = 0x55555632bf40, root = 0x0, max_idx = 0, start_idx = 0, end_idx = 0, defined = false, drag_state = DRAG_NONE} (gdb) up #3 0x00005555557b20dd in selection_init (s=0x55555632c290) at desktop/selection.c:315 315 selection_reinit(s); (gdb) list 310 s->defined = false; 311 s->start_idx = 0; 312 s->end_idx = 0; 313 s->drag_state = DRAG_NONE; 314 315 selection_reinit(s); 316 } 317 318 319 /* exported interface documented in desktop/selection.h / gdb) up #4 0x00005555556e1cf7 in html_open (c=0x55555632bf40, bw=0x5555560144b0, page=0x555556387a70, params=0x55555683d050) at content/handlers/html/html.c:1309 1309 selection_init(html->sel); (gdb) list 1304 1305 html->drag_type = HTML_DRAG_NONE; 1306 html->drag_owner.no_owner = true; 1307 1308 / text selection */ 1309 selection_init(html->sel); 1310 html->selection_type = HTML_SELECTION_NONE; 1311 html->selection_owner.none = true; 1312 1313 html_object_open_objects(html, bw);

~0002438 Vincent Sanders (administrator) 2024-02-25 21:43	Issue resolved in 3.11 release

Notes

Date Modified	Username	Field	Change
Issue History
2020-07-10 21:25	Richard Porter	New Issue
2020-07-10 21:25	Richard Porter	File Added: nslog338.zip
2020-07-12 17:02	Vincent Sanders	Assigned To	=> Vincent Sanders
2020-07-12 17:02	Vincent Sanders	Status	new => resolved
2020-07-12 17:02	Vincent Sanders	Product Version	=> 3.11
2020-07-12 17:02	Vincent Sanders	Fixed in Version	=> 3.11
2020-07-12 17:02	Vincent Sanders	Target Version	=> 3.11
2020-07-12 17:02	Vincent Sanders	Fixed in CI build #	=> 5192
2020-07-12 17:02	Vincent Sanders	Note Added: 0002274
2020-07-27 22:09	Vincent Sanders	Relationship added	has duplicate 0002784
2024-02-25 21:43	Vincent Sanders	Status	resolved => closed
2024-02-25 21:43	Vincent Sanders	Resolution	open => fixed
2024-02-25 21:43	Vincent Sanders	Note Added: 0002438

Issue History