Bug#602955: libwebkit-1.0-2: segfault in JSC::JSCell::put JavaScriptCore/runtime/JSCell.cpp:143

Frederik Himpe fhimpe at telenet.be
Tue Nov 9 18:17:22 UTC 2010 

Package: libwebkit-1.0-2
Version: 1.2.5-2
Severity: normal

- go to http://identi.ca
- click on register
- click on login

Epiphany fills in my saved username in the login form, but before the password
is filled in, it crashes.

The crash only happens when I have loaded the register page before opening the
login page.

Program terminated with signal 11, Segmentation fault.
#0  0x00007f4fa5869117 in JSC::JSCell::put (this=<value optimized out>,
exec=0x7f4f83cb5748, identifier=..., value=...,
    slot=<value optimized out>) at ../JavaScriptCore/runtime/JSCell.cpp:143
143    ../JavaScriptCore/runtime/JSCell.cpp: No such file or directory.
    in ../JavaScriptCore/runtime/JSCell.cpp
Current language:  auto
The current source language is "auto; currently c++".
(gdb) thread apply all bt

Thread 6 (Thread 19546):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at
.../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4f8afc5d4e in queue_processor(void*) () from
/usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#3  0x00007f4fa1eb902d in clone () at
.../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()

Thread 5 (Thread 19547):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at
.../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4f8afc5d4e in queue_processor(void*) () from
/usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#3  0x00007f4fa1eb902d in clone () at
.../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()
Current language:  auto
The current source language is "auto; currently asm".

Thread 4 (Thread 19548):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at
.../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4f8afc5d4e in queue_processor(void*) () from
/usr/lib/jvm/java-6-openjdk/jre/lib/amd64/IcedTeaPlugin.so
#2  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#3  0x00007f4fa1eb902d in clone () at
.../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()

Thread 3 (Thread 19522):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at
.../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007f4fa5598278 in WebCore::IconDatabase::syncThreadMainLoop
(this=0x7f4f92646a00) at ../WebCore/loader/icon/IconDatabase.cpp:1412
#2  0x00007f4fa5598341 in WebCore::IconDatabase::iconDatabaseSyncThread
(this=0x7f4f92646a00) at ../WebCore/loader/icon/IconDatabase.cpp:1030
#3  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#4  0x00007f4fa1eb902d in clone () at
.../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 2 (Thread 19521):
#0  0x00007f4fa1e8a78d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007f4fa1e8a600 in __sleep (seconds=<value optimized out>) at
.../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007f4fa58a91b6 in WTF::TCMalloc_PageHeap::scavengerThread
(this=0x7f4fa610b160) at ../JavaScriptCore/wtf/FastMalloc.cpp:2382
#3  0x00007f4fa58a9249 in WTF::TCMalloc_PageHeap::runScavengerThread
(context=0x7f4f92f36d60) at ../JavaScriptCore/wtf/FastMalloc.cpp:1501
#4  0x00007f4fa21518ba in start_thread (arg=<value optimized out>) at
pthread_create.c:300
#5  0x00007f4fa1eb902d in clone () at
.../sysdeps/unix/sysv/linux/x86_64/clone.S:112
---Type <return> to continue, or q <return> to quit---
#6  0x0000000000000000 in ??
Thread 1 (Thread 19520):
#0  0x00007f4fa5869117 in JSC::JSCell::put (this=<value optimized out>,
exec=0x7f4f83cb5748, identifier=..., value=...,
    slot=<value optimized out>) at ../JavaScriptCore/runtime/JSCell.cpp:143
#1  0x00007f4fa5762399 in JSObjectSetProperty (ctx=0x7f4f83cb5748,
object=0x7f4f88ecf080, propertyName=<value optimized out>,
    value=<value optimized out>, attributes=0, exception=0x0) at
.../JavaScriptCore/API/JSObjectRef.cpp:280
#2  0x0000000000481a0d in fill_form_cb (retval=<value optimized out>,
results=<value optimized out>, user_data=<value optimized out>)
    at ephy-web-view.c:776
#3  0x00007f4fa67c3d81 in ?? () from /usr/lib/libgnome-keyring.so.0
#4  0x00007f4fa67c743e in ?? () from /usr/lib/libgnome-keyring.so.0
#5  0x00007f4fa67be96c in ?? () from /usr/lib/libgnome-keyring.so.0
#6  0x00007f4fa635fdca in complete_pending_call_and_unlock
(connection=0x1376250, pending=0x3afa1a0, message=<value optimized out>)
    at dbus-connection.c:2234
#7  0x00007f4fa636202f in dbus_connection_dispatch (connection=0x1376250) at
dbus-connection.c:4397
#8  0x00007f4fa67c8d75 in ?? () from /usr/lib/libgnome-keyring.so.0
#9  0x00007f4fa28ac6f2 in g_main_dispatch (context=0xfca4e0) at /scratch/build-
area/glib2.0-2.24.2/glib/gmain.c:1960
#10 IA__g_main_context_dispatch (context=0xfca4e0) at /scratch/build-
area/glib2.0-2.24.2/glib/gmain.c:2513
#11 0x00007f4fa28b0568 in g_main_context_iterate (context=0xfca4e0,
block=<value optimized out>, dispatch=<value optimized out>,
    self=<value optimized out>) at /scratch/build-
area/glib2.0-2.24.2/glib/gmain.c:2591
#12 0x00007f4fa28b0a75 in IA__g_main_loop_run (loop=0x106db10) at /scratch
/build-area/glib2.0-2.24.2/glib/gmain.c:2799
#13 0x00007f4fa463c6b7 in IA__gtk_main () at /scratch/build-
area/gtk+2.0-2.20.1/gtk/gtkmain.c:1219
#14 0x00000000004359a3 in main (argc=1, argv=0x7fff208f3518) at ephy-main.c:741
Current language:  auto
The current source language is "auto; currently c++".

Upstream says it's fixed upstream:
https://bugs.webkit.org/show_bug.cgi?id=49144



-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (300, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libwebkit-1.0-2 depends on:
ii  libatk1.0-0                 1.30.0-1     The ATK accessibility toolkit
ii  libc6                       2.11.2-7     Embedded GNU C Library: Shared lib
ii  libcairo2                   1.10.0-1     The Cairo 2D vector graphics libra
ii  libenchant1c2a              1.6.0-1      a wrapper library for various spel
ii  libfontconfig1              2.8.0-2.1    generic font configuration library
ii  libfreetype6                2.4.2-1      FreeType 2 font engine, shared lib
ii  libgail18                   2.20.1-2     GNOME Accessibility Implementation
ii  libglib2.0-0                2.24.2-1     The GLib library of C routines
ii  libgstreamer-plugins-base0. 0.10.30-1    GStreamer libraries from the "base
ii  libgstreamer0.10-0          0.10.30-1    Core GStreamer libraries and eleme
ii  libgtk2.0-0                 2.20.1-2     The GTK+ graphical user interface 
ii  libicu44                    4.4.1-6      International Components for Unico
ii  libjpeg62                   6b1-1        The Independent JPEG Group's JPEG 
ii  libpango1.0-0               1.28.3-1     Layout and rendering of internatio
ii  libpng12-0                  1.2.44-1     PNG library - runtime
ii  libsoup2.4-1                2.30.2-1     an HTTP library implementation in 
ii  libsqlite3-0                3.7.3-1      SQLite 3 shared library
ii  libstdc++6                  4.5.1-8      The GNU Standard C++ Library v3
ii  libwebkit-1.0-common        1.2.5-2      Web content engine library for Gtk
ii  libxml2                     2.7.7.dfsg-4 GNOME XML library
ii  libxslt1.1                  1.1.26-6     XSLT 1.0 processing library - runt
ii  libxt6                      1:1.0.7-1    X11 toolkit intrinsics library

libwebkit-1.0-2 recommends no packages.

libwebkit-1.0-2 suggests no packages.

-- no debconf information

More information about the Pkg-webkit-maintainers mailing list