Description of problem: Browser crashes when visiting http://browserspy.dk/browser.php This page uses a bunch of JavaScript to extract information from the browser. Version-Release number of selected component (if applicable): webkitgtk-1.1.10-1.fc11.x86_64 midori-0.1.10-1.fc11.x86_64 How reproducible: Always Steps to Reproduce: 1. Visit referenced page in Midori (interestingly Epiphany seems to be fine), it go boom! (gdb) info program Using the running image of child Thread 0x7ffff7fb6800 (LWP 15300). Program stopped at 0x3d3b181622. It stopped with signal SIGSEGV, Segmentation fault. (gdb) info threads * 1 Thread 0x7ffff7fb6800 (LWP 15300) 0x0000003d3b181622 in JSC::RegExp::match (this=<value optimized out>) from /usr/lib64/libwebkit-1.0.so.2 (gdb) thread apply all bt full Thread 1 (Thread 0x7ffff7fb6800 (LWP 15300)): #0 0x0000003d3b181622 in JSC::RegExp::match (this=<value optimized out>) from /usr/lib64/libwebkit-1.0.so.2 offsetVectorSize = <value optimized out> offsetVector = 0x7fffe40fe400 nonReturnedOvector = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_ptr = 0x0} result = <value optimized out> #1 0x0000003d3b1816e9 in JSC::RegExpConstructor::performMatch (this=0x7fffe4033000, r=0x7fffdf3668b8, s=@0x7fffffffcf00, startOffset=85, position=@0x7fffe40fe400, length=@0xf, ovector=0x0) at JavaScriptCore/runtime/RegExpConstructor.cpp:125 tmpOvector = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_ptr = 0x7fffe40fe400} #2 0x0000003d3b1dcecd in JSC::RegExpObject::match (this=0x7fffdff60040, exec=0x7fffee412390, args=<value optimized out>) at JavaScriptCore/runtime/RegExpObject.cpp:147 position = <value optimized out> length = -12368 regExpConstructor = 0x7fffe4033000 input = {m_rep = {m_ptr = 0x7fffdf2d0040}, static nullUString = 0x7fffeef3e0f8} position = <value optimized out> length = <value optimized out> #3 0x0000003d3b1dd059 in JSC::RegExpObject::exec (this=0x7fffdf328e70, exec=0x56, args=@0x55) at JavaScriptCore/runtime/RegExpObject.cpp:117 No locals. #4 0x0000003d3b1dd12c in JSC::regExpProtoFuncExec(struct JSC::ExecState *, struct JSC::JSObject *, JSC::JSValue, const struct JSC::ArgList &) ( exec=0x7fffee412390, thisValue={m_ptr = 0x7fffdff60040}, args=@0x7fffe40fe400) at JavaScriptCore/runtime/RegExpPrototype.cpp:70 No locals. #5 0x00007fffeece22f4 in ?? () No symbol table info available. #6 0x00007fffee412348 in ?? () No symbol table info available. #7 0x0000000000000001 in ?? () No symbol table info available. #8 0x0000000000000000 in ?? () No symbol table info available. (gdb)
Hmm. Can you please try to reproduce this with 0.2.0 (in updates-testing)? `yum --enablerepo=updates-testing update midori` as root should do it. Thanks.
exact same backtrace with 0.2.0: Program received signal SIGSEGV, Segmentation fault. JSC::RegExp::match (this=<value optimized out>) at JavaScriptCore/runtime/RegExp.cpp:153 153 ovector->clear(); Current language: auto; currently c++ Missing separate debuginfos, use: debuginfo-install GConf2-2.26.2-1.fc11.x86_64 ORBit2-2.14.17-1.fc11.x86_64 PackageKit-gtk-module-0.4.9-1.fc11.x86_64 alsa-lib-1.0.21-3.fc11.x86_64 bug-buddy-2.26.0-2.fc11.x86_64 bzip2-libs-1.0.5-5.fc11.x86_64 dbus-glib-0.80-2.fc11.x86_64 dbus-libs-1.2.12-2.fc11.x86_64 e2fsprogs-libs-1.41.4-12.fc11.x86_64 elfutils-libelf-0.142-1.fc11.x86_64 enchant-1.4.2-5.fc11.x86_64 expat-2.0.1-6.x86_64 gamin-0.1.10-4.fc11.x86_64 geoclue-0.11.1.1-0.6.20090310git3a31d26.fc11.x86_64 gnome-keyring-2.26.3-1.fc11.x86_64 gnutls-2.6.6-3.fc11.x86_64 gstreamer-0.10.25-1.fc11.x86_64 gstreamer-plugins-base-0.10.25-1.fc11.x86_64 gtk-nodoka-engine-0.7.2-5.fc11.x86_64 gvfs-1.2.3-12.fc11.x86_64 hunspell-1.2.8-7.fc11.x86_64 kdenetwork-4.3.2-3.fc11.x86_64 libICE-1.0.4-7.fc11.x86_64 libSM-1.1.0-4.fc11.x86_64 libXau-1.0.4-5.fc11.x86_64 libXcomposite-0.4.0-7.fc11.x86_64 libXcursor-1.1.9-4.fc11.x86_64 libXdamage-1.1.1-6.fc11.x86_64 libXext-1.0.99.1-3.fc11.x86_64 libXfixes-4.0.3-5.fc11.x86_64 libXi-1.2.1-1.fc11.x86_64 libXinerama-1.0.3-4.fc11.x86_64 libXrandr-1.2.99.4-3.fc11.x86_64 libXrender-0.9.4-5.fc11.x86_64 libXt-1.0.5-2.fc11.x86_64 libattr-2.4.43-3.fc11.x86_64 libcanberra-0.12-1.fc11.x86_64 libcanberra-gtk2-0.12-1.fc11.x86_64 libcap-2.16-4.fc11.1.x86_64 libcroco-0.6.2-2.fc11.x86_64 libgcc-4.4.1-2.fc11.x86_64 libgcrypt-1.4.4-6.fc11.x86_64 libgpg-error-1.6-3.x86_64 libgsf-1.14.11-3.fc11.x86_64 libicu-4.0.1-5.fc11.x86_64 libjpeg-6b-45.fc11.x86_64 libnotify-0.4.5-2.fc11.x86_64 libogg-1.1.3-11.fc11.x86_64 libpng-1.2.37-1.fc11.x86_64 libproxy-0.2.3-10.fc11.x86_64 librsvg2-2.26.0-1.fc11.x86_64 libselinux-2.0.80-1.fc11.x86_64 libstdc++-4.4.1-2.fc11.x86_64 libtasn1-1.8-2.fc11.x86_64 libtool-ltdl-2.2.6-11.fc11.1.x86_64 libvorbis-1.2.0-8.fc11.x86_64 libxcb-1.2-4.fc11.x86_64 libxslt-1.1.26-1.fc11.x86_64 nspr-4.8-1.fc11.x86_64 nss-3.12.4-3.fc11.x86_64 pixman-0.14.0-2.fc11.x86_64 qt-4.5.2-3.fc11.x86_64 qt-x11-4.5.2-3.fc11.x86_64 rhythmbox-0.12.3-1.fc11.x86_64 totem-mozplugin-2.26.3-5.fc11.x86_64 totem-pl-parser-2.26.2-2.fc11.x86_64 xulrunner-1.9.1.4-1.fc11.x86_64 zlib-1.2.3-22.fc11.x86_64 (gdb) thread apply all bt full Thread 1 (Thread 0x7ffff7fb6800 (LWP 21643)): #0 0x0000003d3b181622 in JSC::RegExp::match (this=<value optimized out>) from /usr/lib64/libwebkit-1.0.so.2 offsetVectorSize = <value optimized out> offsetVector = 0x7fffe44a08c0 nonReturnedOvector = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_ptr = 0x0} result = <value optimized out> #1 0x0000003d3b1816e9 in JSC::RegExpConstructor::performMatch (this=0x7fffe4484b40, r=0x7fffdeb59240, s=@0x7fffffffcb90, startOffset=85, position=@0x7fffe44a08c0, length=@0xf, ovector=0x0) at JavaScriptCore/runtime/RegExpConstructor.cpp:125 tmpOvector = {<WTFNoncopyable::Noncopyable> = {<No data fields>}, m_ptr = 0x7fffe44a08c0} #2 0x0000003d3b1dcecd in JSC::RegExpObject::match (this=0x7fffe423e7c0, exec=0x7fffed363390, args=<value optimized out>) at JavaScriptCore/runtime/RegExpObject.cpp:147 position = <value optimized out> length = -13248 regExpConstructor = 0x7fffe4484b40 input = {m_rep = {m_ptr = 0x7fffe46f3640}, static nullUString = 0x7ffff054f0f8} position = <value optimized out> length = <value optimized out> #3 0x0000003d3b1dd059 in JSC::RegExpObject::exec (this=0x7fffe45798f0, exec=0x56, args=@0x55) at JavaScriptCore/runtime/RegExpObject.cpp:117 No locals. #4 0x0000003d3b1dd12c in JSC::regExpProtoFuncExec(struct JSC::ExecState *, struct JSC::JSObject *, JSC::JSValue, const struct JSC::ArgList &) ( exec=0x7fffed363390, thisValue={m_ptr = 0x7fffe423e7c0}, args=@0x7fffe44a08c0) at JavaScriptCore/runtime/RegExpPrototype.cpp:70 No locals. #5 0x00007ffff20452f4 in ?? () No symbol table info available. #6 0x00007fffed363348 in ?? () No symbol table info available. #7 0x0000000000000001 in ?? () No symbol table info available. #8 0x0000000000000000 in ?? () No symbol table info available. (gdb)
Please take a look at https://bugs.webkit.org/show_bug.cgi?id=26368 since it seems to be the same bug. It's supposed to be already fixed in svn.
I am pursuing the bug listed in comment 3 with upstream in an attempt to identify a patch so that we can get this fixed. -AdamM
This message is a reminder that Fedora 11 is nearing its end of life. Approximately 30 (thirty) days from now Fedora will stop maintaining and issuing updates for Fedora 11. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '11'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 11's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 11 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora please change the 'version' of this bug to the applicable version. If you are unable to change the version, please add a comment here and someone will do it for you. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete. The process we are following is described here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
The cited URL http://browserspy.dk/browser.php can be visited without incident on a current F12 system including packages - midori-0.2.2-1.fc12.x86_64 - webkitgtk-1.1.15.4-1.fc12.x86_64
Fedora 11 changed to end-of-life (EOL) status on 2010-06-25. Fedora 11 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.