[WebKit-devel] [Bug 311537] akregator crash in kjs

Francesco Riosa francesco+kde at pnpitalia.it
Tue Dec 11 19:31:30 UTC 2012 

https://bugs.kde.org/show_bug.cgi?id=311537

--- Comment #1 from Francesco Riosa <francesco+kde at pnpitalia.it> ---
done an additional quick test which confused me more, feel free to ask some
more specific test which make sense for you:

removed *konqueror* in ~/.kde4/
this command work fine, kde.org is visible and navigation ok
$ konqueror  --part kwebkitpart 'www.kde.org'

this other one freeze menu are not activable but no crash, the same happen in
akregator sometimes, instead of a crash.
$ konqueror  --part khtml 'www.kde.org'


attaching a gdb session and asking for a backtrace give:

#0  add<KJS::UString::Rep*, unsigned long,
WTF::RefPtrHashMapRawKeyTranslator<KJS::UString::Rep*,
std::pair<WTF::RefPtr<KJS::UString::Rep>, unsigned long>,
WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<KJS::UString::Rep> >,
KJS::SymbolTableIndexHashTraits>, KJS::IdentifierRepHash> > (
    extra=<synthetic pointer>, key=<synthetic pointer>, this=0x13a5b70) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/HashTable.h:635
#1  inlineAdd (mapped=<synthetic pointer>, key=0x11e3fd0, this=0x13a5b70)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/RefPtrHashMap.h:216
#2  set (mapped=<synthetic pointer>, key=0x11e3fd0, this=0x13a5b70) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/RefPtrHashMap.h:235
#3  KJS::FunctionBodyNode::addSymbolOverwriteID (this=0x13a5b10, id=<optimized
out>, ident=..., flags=<optimized out>)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/nodes.cpp:898
#4  0x00007f07607da334 in KJS::FunctionImp::initialCompile (this=<optimized
out>, newExec=0x7fff566badc0)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/function.cpp:96
#5  0x00007f07607db09d in KJS::FunctionImp::callAsFunction
(this=0x7f075be71800, exec=0x7fff566bb440, thisObj=<optimized out>, args=...)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/function.cpp:151
#6  0x00007f07607f6904 in call (args=..., thisObj=0x7f075be80000,
exec=0x7fff566bb440, this=0x7f075be71800)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/object.h:614
#7  KJS::Machine::runBlock (exec=0x7fff566bb440, codeBlock=..., parentExec=0x0)
at codes.def:1223
#8  0x00007f07607b48f4 in KJS::FunctionBodyNode::execute (this=0x13a5d90,
exec=0x7fff566bb440)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/nodes.cpp:927
#9  0x00007f07607e2348 in KJS::Interpreter::evaluate (this=0x11b73d0,
sourceURL=..., startingLineNumber=0, code=<optimized out>, codeLength=72173, 
    thisV=0x7f075be80000) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/interpreter.cpp:566
#10 0x00007f07607e24d4 in KJS::Interpreter::evaluate (this=<optimized out>,
sourceURL=..., startingLineNumber=<optimized out>, code=..., 
    thisV=<optimized out>) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/interpreter.cpp:506
#11 0x00007f076136d62c in KJSProxy::evaluate (this=0xfecbd0, filename=...,
baseLine=0, str=..., n=..., completion=0x7fff566bb7c0)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/ecma/kjs_proxy.cpp:126
#12 0x00007f076110fb85 in KHTMLPart::executeScript (this=0xbb3210,
filename=..., baseLine=0, n=..., script=...)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/khtml_part.cpp:1288
#13 0x00007f07611d0ab3 in khtml::HTMLTokenizer::scriptExecution
(this=this at entry=0xfd6a90, str=..., scriptURL=..., baseLine=baseLine at entry=0)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/html/htmltokenizer.cpp:517
#14 0x00007f07611d9e2b in khtml::HTMLTokenizer::notifyFinished (this=0xfd6a90,
finishedObj=<optimized out>)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/html/htmltokenizer.cpp:2114
#15 0x00007f07611e2349 in DOM::HTMLLinkElementImpl::finished (this=0xfe7a50)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/html/html_headimpl.cpp:275
#16 0x00007f07611e24dc in DOM::HTMLLinkElementImpl::setStyleSheet
(this=this at entry=0xfe7a50, url=..., sheetStr=..., charset=..., mimetype=...)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/html/html_headimpl.cpp:266
#17 0x00007f07612f2712 in khtml::CachedCSSStyleSheet::checkNotify
(this=this at entry=0xfe8150)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/misc/loader.cpp:311
#18 0x00007f07612f2a5a in khtml::CachedCSSStyleSheet::data (this=0xfe8150,
buffer=..., eof=<optimized out>)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/misc/loader.cpp:301
#19 0x00007f07612f3e1e in khtml::Loader::slotFinished (this=0xbb62d0,
job=0xfe76d0)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/khtml/misc/loader.cpp:1262
#20 0x00007f0771c01224 in QMetaObject::activate (sender=0xfe76d0, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x7fff566bbef0)
    at kernel/qobject.cpp:3547
#21 0x00007f0772073d72 in KJob::result (this=this at entry=0xfe76d0,
_t1=_t1 at entry=0xfe76d0)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999_build/kdecore/kjob.moc:208
#22 0x00007f0772073db0 in KJob::emitResult (this=0xfe76d0) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kdecore/jobs/kjob.cpp:318
#23 0x00007f0773a56fa5 in KIO::SimpleJob::slotFinished
(this=this at entry=0xfe76d0)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/job.cpp:494
#24 0x00007f0773a5e494 in KIO::TransferJob::slotFinished (this=0xfe76d0) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/job.cpp:1081
#25 0x00007f0771c01224 in QMetaObject::activate (sender=0x10cf550, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x0)
    at kernel/qobject.cpp:3547
#26 0x00007f0773afb864 in KIO::SlaveInterface::dispatch (this=0x10cf550,
_cmd=104, rawdata=...)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/slaveinterface.cpp:172
#27 0x00007f0773af88d1 in KIO::SlaveInterface::dispatch (this=0x10cf550)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/slaveinterface.cpp:88
#28 0x00007f0773aeccce in KIO::Slave::gotInput (this=0x10cf550) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/slave.cpp:344
#29 0x00007f0771c01224 in QMetaObject::activate (sender=0x10c0df0, m=<optimized
out>, local_signal_index=<optimized out>, argv=0x0)
    at kernel/qobject.cpp:3547
#30 0x00007f0773a2b611 in dequeue (this=<optimized out>) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/connection.cpp:82
#31 KIO::ConnectionPrivate::dequeue (this=0x10a6e10) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kio/kio/connection.cpp:71
#32 0x00007f0771c00dae in QObject::event (this=0x10c0df0, e=<optimized out>) at
kernel/qobject.cpp:1195
#33 0x00007f07725df3dc in QApplicationPrivate::notify_helper
(this=this at entry=0x7d0ad0, receiver=0x10c0df0, e=e at entry=0x109a570)
    at kernel/qapplication.cpp:4557
#34 0x00007f07725e11ad in QApplication::notify (this=0x7fff566bd540,
receiver=0x10c0df0, e=0x109a570) at kernel/qapplication.cpp:3939
#35 0x00007f07732f6b86 in KApplication::notify (this=0x7fff566bd540,
receiver=0x10c0df0, event=0x109a570)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kdeui/kernel/kapplication.cpp:311
#36 0x00007f0771bebb5c in QCoreApplication::notifyInternal
(this=0x7fff566bd540, receiver=receiver at entry=0x10c0df0,
event=event at entry=0x109a570)
    at kernel/qcoreapplication.cpp:915
#37 0x00007f0771bef4b9 in sendEvent (event=0x109a570, receiver=0x10c0df0) at
kernel/qcoreapplication.h:231
#38 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0,
data=0x79a670) at kernel/qcoreapplication.cpp:1539
#39 0x00007f0771c19d33 in sendPostedEvents () at kernel/qcoreapplication.h:236
#40 postEventSourceDispatch (s=0x7cfea0) at
kernel/qeventdispatcher_glib.cpp:279
#41 0x00007f076dd35d05 in g_main_context_dispatch () from
/lib64/libglib-2.0.so.0
#42 0x00007f076dd36038 in g_main_context_iterate.isra.23 () from
/lib64/libglib-2.0.so.0
#43 0x00007f076dd360f4 in g_main_context_iteration () from
/lib64/libglib-2.0.so.0
#44 0x00007f0771c19ec6 in QEventDispatcherGlib::processEvents (this=0x79bb30,
flags=...) at kernel/qeventdispatcher_glib.cpp:424
#45 0x00007f077267d3fe in QGuiEventDispatcherGlib::processEvents
(this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#46 0x00007f0771bea89f in QEventLoop::processEvents
(this=this at entry=0x7fff566bd200, flags=...) at kernel/qeventloop.cpp:149
#47 0x00007f0771beab28 in QEventLoop::exec (this=0x7fff566bd200, flags=...) at
kernel/qeventloop.cpp:204
#48 0x00007f0771bef7b6 in QCoreApplication::exec () at
kernel/qcoreapplication.cpp:1187
#49 0x00007f0775353987 in kdemain (argc=<optimized out>, argv=<optimized out>)
    at
/usr/src/debug/kde-base/konqueror-9999/konqueror-9999/konqueror/src/konqmain.cpp:227
#50 0x00007f0774f1f495 in __libc_start_main () from /lib64/libc.so.6
#51 0x0000000000400761 in _start ()


and a bt full like this:
#0  add<KJS::UString::Rep*, unsigned long,
WTF::RefPtrHashMapRawKeyTranslator<KJS::UString::Rep*,
std::pair<WTF::RefPtr<KJS::UString::Rep>, unsigned long>,
WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<KJS::UString::Rep> >,
KJS::SymbolTableIndexHashTraits>, KJS::IdentifierRepHash> > (
    extra=<synthetic pointer>, key=<synthetic pointer>, this=0x13a5b70) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/HashTable.h:635
        k = -1005583107
        i = 42
        table = 0x13449c0
        sizeMask = 63
        deletedEntry = 0x0
        entry = 0x1344c60
#1  inlineAdd (mapped=<synthetic pointer>, key=0x11e3fd0, this=0x13a5b70)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/RefPtrHashMap.h:216
No locals.
#2  set (mapped=<synthetic pointer>, key=0x11e3fd0, this=0x13a5b70) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/RefPtrHashMap.h:235
No locals.
#3  KJS::FunctionBodyNode::addSymbolOverwriteID (this=0x13a5b10, id=<optimized
out>, ident=..., flags=<optimized out>)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/nodes.cpp:898
        oldId = 19029584
#4  0x00007f07607da334 in KJS::FunctionImp::initialCompile (this=<optimized
out>, newExec=0x7fff566badc0)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/function.cpp:96
        i = <optimized out>
        body = 0x13a5b10
#5  0x00007f07607db09d in KJS::FunctionImp::callAsFunction
(this=0x7f075be71800, exec=0x7fff566bb440, thisObj=<optimized out>, args=...)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/function.cpp:151
        dbg = 0x0
        newExec = {<KJS::ExecState> = {<WTFNoncopyable::Noncopyable> = {<No
data fields>}, m_interpreter = 0x11b73d0, m_completion = {
              comp = KJS::Normal, val = 0x0, tar = 0}, m_propertyNames =
0x11b77d0, m_callingExec = 0x7fff566bb440, m_savedExec = 0x7fff566bb440, 
            m_currentBody = 0x13a5b10, m_function = 0x7f075be71800, scope =
{m_top = {ptr = 18759761}}, m_variable = 0x7f075be71880, 
            m_thisVal = 0x7f075be80000, m_localStore = 0x0, m_localStoreSize =
139669659970088, m_pcBase = 0x0, m_pc = 0x0, m_machineLocalStore = 0x0, 
            m_exceptionHandlers = {m_size = 0, 
              m_buffer =
{<WTF::VectorBufferBase<KJS::ExecState::ExceptionHandler>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, 
                  m_buffer = 0x7fff566bae60, m_capacity = 4}, 
                m_inlineBuffer =
"\000\000\000\000\000\000\000\000\260\\:\001\000\000\000\000\300?\177a\a\177\000\000\031
\277q\a\177\000"}}, 
            m_deferredCompletions = {m_size = 0, 
              m_buffer = {<WTF::VectorBufferBase<KJS::Completion>> =
{<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_buffer = 0x7fff566bae98, 
                  m_capacity = 4}, 
                m_inlineBuffer =
"\362\371\065a\a\177\000\000\000\262kV\377\177\000\000\240\352w`\a\177\000\000\a\000\000\000\000\000\000\000\020\062\273\000\000\000\000\000\003\000\000\000\000\000\000\000\265\221Yu\a\177\000\000\320s\033\001\000\000\000\000@\030\347[\a\177",
'\000' <repeats 11 times>, "\001\347[\a\177\000\000@\264kV\377\177\000"}},
m_codeType = KJS::FunctionCode}, <No data fields>}
        body = 0x13a5b10
        currentState = (KJS::Debug | unknown: 40)
        stackSize = <optimized out>
        stackSpace = <optimized out>
        activation = 0x0
        result = <optimized out>
#6  0x00007f07607f6904 in call (args=..., thisObj=0x7f075be80000,
exec=0x7fff566bb440, this=0x7f075be71800)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/object.h:614
No locals.
#7  KJS::Machine::runBlock (exec=0x7fff566bb440, codeBlock=..., parentExec=0x0)
at codes.def:1223
        thisVal = 0x7f075be80000
        func = 0x7f075be71800
        val = 0x2a
        localPC = <optimized out>
        fbDestReg = 5
        v = 0x7f075be71800
        op = <optimized out>
        kjsVMOpHandlers = {0x7f07607f687d
<KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul>
const&, KJS::ExecState*)+26045>, 
          0x7f07607f694d <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+26253>, 
          0x7f07607f6919 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+26201>, 
          0x7f07607f5a05 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+22341>, 
          0x7f07607f59cd <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+22285>, 
          0x7f07607f6054 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+23956>, 
          0x7f07607f038c <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+204>, 
          0x7f07607f0390 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+208>, 
          0x7f07607f51e4 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+20260>, 
          0x7f07607f1a63 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+6051>, 
          0x7f07607f1a67 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+6055>, 
          0x7f07607f5180 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+20160>, 
          0x7f07607f19e4 <KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*)+5924>, 
[...]

(gdb) list 
630             while (1) {
631                 entry = table + i;
632                 
633                 // we count on the compiler to optimize out this branch
634                 if (HashFunctions::safeToCompareToEmptyOrDeleted) {
635                     if (isEmptyBucket(*entry))
636                         break;
637                     
638                     if (HashTranslator::equal(Extractor::extract(*entry),
key))
639                         return std::make_pair(makeKnownGoodIterator(entry),
false);
(gdb) up
#1  inlineAdd (mapped=<synthetic pointer>, key=0x11e3fd0, this=0x13a5b70)
    at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/RefPtrHashMap.h:216
216             return m_impl.template add<RawKeyType, MappedType,
RawKeyTranslator>(key, mapped);
(gdb) 
#2  set (mapped=<synthetic pointer>, key=0x11e3fd0, this=0x13a5b70) at
/usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/wtf/RefPtrHashMap.h:235
235             pair<iterator, bool> result = inlineAdd(key, mapped);
(gdb) 
#3  KJS::FunctionBodyNode::addSymbolOverwriteID (this=0x13a5b10, id=<optimized
out>, ident=..., flags=<optimized out>)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/nodes.cpp:898
898       m_symbolTable.set(ident.ustring().rep(), id);
(gdb) list 
893       size_t oldId = m_symbolTable.get(ident.ustring().rep());
894       if (oldId != missingSymbolMarker())
895           m_symbolList[oldId].attr = DontMark;
896
897       // Add a new one
898       m_symbolTable.set(ident.ustring().rep(), id);
899       m_symbolList.append(SymbolInfo(flags, 0));
900     }
901
902     void FunctionBodyNode::addParam(const Identifier& ident)
(gdb) 
903     {
904       m_paramList.append(ident);
905     }
906
907     Completion FunctionBodyNode::execute(ExecState *exec)
908     {
909       CodeType    ctype   = exec->codeType();
910       CompileType cmpType = exec->dynamicInterpreter()->debugger() ? Debug
: Release;
911       compileIfNeeded(ctype, cmpType);
912       ASSERT(ctype != FunctionCode);
(gdb) up
#4  0x00007f07607da334 in KJS::FunctionImp::initialCompile (this=<optimized
out>, newExec=0x7fff566badc0)
    at /usr/src/debug/kde-base/kdelibs-9999/kdelibs-9999/kjs/function.cpp:96
96            body->addSymbolOverwriteID(i + ActivationImp::NumReservedSlots,
body->paramName(i), DontDelete);
(gdb) list 
91
92          // Create declarations for parameters, and allocate the symbols.
93          // We always just give them sequential positions, to make
passInParameters
94          // simple (though perhaps wasting memory in the trivial case)
95          for (size_t i = 0; i < body->numParams(); ++i)
96            body->addSymbolOverwriteID(i + ActivationImp::NumReservedSlots,
body->paramName(i), DontDelete);
97
98          body->processDecls(newExec);
99          body->compile(FunctionCode,
newExec->dynamicInterpreter()->debugger() ? Debug : Release);
100     }
(gdb) 
101
102
103     #ifdef KJS_VERBOSE
104     static int           callDepth;
105     static std::string   callIndent;
106
107     static const char* ind()
108     {
109         callIndent = "";
110         for (int i = 0; i < callDepth; ++i)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the WebKit-devel mailing list