Ergebnis für URL: http://bugs.debian.org/534835 Debian Bug report logs - [1]#534835
elinks with spidermonkey fails after 128 page loads
[2]version graph
Package: [3]elinks; Maintainer for [4]elinks is [5]aHhkm+d+ a+l+m+hkm+w+d+y+
(Ahmed El-Mahmoudy) ; Source for [6]elinks is
[7]src:elinks ([8]PTS, [9]buildd, [10]popcon).
Reported by: [11]Neil Stewart
Date: Sat, 27 Jun 2009 13:15:16 UTC
Severity: normal
Tags: fixed-upstream
Found in version elinks/0.11.4-3
Fixed in version elinks/0.12~pre5-1
Done: Y Giridhar Appaji Nag
Bug is archived. No further changes may be made.
[12]Toggle useless messages
View this report as an [13]mbox folder, [14]status mbox, [15]maintainer mbox
____________________________________________________________________________
Report forwarded to debian-bugs-dist@lists.debian.org,
neil.stewart@warwick.ac.uk, Y Giridhar Appaji Nag :
Bug#534835; Package elinks. (Sat, 27 Jun 2009 13:15:19 GMT) ([16]full text,
[17]mbox, [18]link).
____________________________________________________________________________
Acknowledgement sent to Neil Stewart :
New Bug report received and forwarded. Copy sent to neil.stewart@warwick.ac.uk, Y
Giridhar Appaji Nag . (Sat, 27 Jun 2009 13:15:19 GMT)
([19]full text, [20]mbox, [21]link).
____________________________________________________________________________
[22]Message #5 received at submit@bugs.debian.org ([23]full text, [24]mbox,
[25]reply):
From: Neil Stewart
To: Debian Bug Tracking System
Subject: elinks with spidermonkey fails after 128 page loads
Date: Sat, 27 Jun 2009 14:01:32 +0100
Package: elinks
Version: 0.11.4-3
Severity: normal
I have compiled elinks with spidermoney enabled for javascript support. I am
running a bash script which loads pages useing the -remote
"openURL(${URL})". After 128 pages, elinks crashes. Here is a backtrace,
which I have had to type rather than copy as elinks messes up the mouse.
Program recieved signal SIGSEGV: Segementation fault.
[Switching to thread 0x7f3bce82b6e0 (LWP 3187)]
0x... in JS_InitClass () from /usr/lib/libmozjs.so.1d
(gdb) backtrace
#0 0x... in JS_InitClass () /usr/lib/libmozjs.so.1d
#1 0x... in spidermonkey_InitClass ()
#2 0x... in spidermoneky_get_interpreter ()
#3 0x... in ecmascript_get_interpreter ()
#4 0x... in ecmascript_reset_state ()
#5 0x... in render_document()
....
-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to POSIX)
Shell: /bin/sh linked to /bin/bash
Versions of packages elinks depends on:
ii elinks-data 0.11.4-3 advanced text-mode WWW browser - d
ii libbz2-1.0 1.0.5-1 high-quality block-sorting file co
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libexpat1 2.0.1-4 XML parsing C library - runtime li
ii libfsplib0 0.9-1 FSP v2 protocol stack library - sh
ii libgnutls26 2.4.2-6+lenny1 the GNU TLS library - runtime libr
ii libgpm2 1.20.4-3.1 General Purpose Mouse - shared lib
ii libidn11 1.8+20080606-1 GNU libidn library, implementation
ii liblua50 5.0.3-3 Main interpreter library for the L
ii liblualib50 5.0.3-3 Extension library for the Lua 5.0
ii libmozjs1d 1.9.0.11-0lenny1 The Mozilla SpiderMonkey JavaScrip
ii libperl5.10 5.10.0-19 Shared Perl library
ii libruby1.8 1.8.7.72-3 Libraries necessary to run Ruby 1.
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
elinks recommends no packages.
Versions of packages elinks suggests:
pn elinks-doc (no description available)
-- no debconf information
____________________________________________________________________________
Information forwarded to debian-bugs-dist@lists.debian.org, Y Giridhar Appaji Nag
:
Bug#534835; Package elinks. (Sat, 27 Jun 2009 16:18:02 GMT) ([26]full text,
[27]mbox, [28]link).
____________________________________________________________________________
Acknowledgement sent to Kalle Olavi Niemitalo :
Extra info received and forwarded to list. Copy sent to Y Giridhar Appaji Nag
. (Sat, 27 Jun 2009 16:18:02 GMT) ([29]full text, [30]mbox,
[31]link).
____________________________________________________________________________
[32]Message #10 received at 534835@bugs.debian.org ([33]full text, [34]mbox,
[35]reply):
From: Kalle Olavi Niemitalo
To: Neil Stewart
Cc: 534835@bugs.debian.org
Subject: Re: Bug#534835: elinks with spidermonkey fails after 128 page loads
Date: Sat, 27 Jun 2009 19:15:24 +0300
[[36]Message part 1 (text/plain, inline)]
Neil Stewart writes:
> I have compiled elinks with spidermoney enabled for javascript support. I am
> running a bash script which loads pages useing the -remote
> "openURL(${URL})". After 128 pages, elinks crashes.
I can reproduce similar crashes with upstream ELinks 0.11.4,
0.11.5, and 0.12pre4, using libmozjs1d 1.9.0.8-1. It often takes
more than 128 pages, however.
The problem seems to be that both JS_InitStandardClasses and
JS_InitClass called from spidermonkey_get_interpreter run out of
memory (tested with a breakpoint in JS_ReportOutOfMemory), and
JS_InitClass returns NULL, which spidermonkey_get_interpreter
happily saves as document_obj and gives back to JS_InitClass,
which eventually crashes in one of these calls.
The out-of-memory error may be caused by ELinks constructing a
large number of JSContexts as described in ELinks bug 981:
http4://bugzilla.elinks.cz/show_bug.cgi?id=981
Regardless of whether that one is fixed, I think we need to make
spidermonkey_get_interpreter check the return values.
[[37]Message part 2 (application/pgp-signature, inline)]
____________________________________________________________________________
Information forwarded to debian-bugs-dist@lists.debian.org, Y Giridhar Appaji Nag
:
Bug#534835; Package elinks. (Mon, 29 Jun 2009 21:18:07 GMT) ([38]full text,
[39]mbox, [40]link).
____________________________________________________________________________
Acknowledgement sent to Neil Stewart :
Extra info received and forwarded to list. Copy sent to Y Giridhar Appaji Nag
. (Mon, 29 Jun 2009 21:18:07 GMT) ([41]full text, [42]mbox,
[43]link).
____________________________________________________________________________
[44]Message #15 received at 534835@bugs.debian.org ([45]full text, [46]mbox,
[47]reply):
From: Neil Stewart
To: Kalle Olavi Niemitalo
Cc: 534835@bugs.debian.org
Subject: Terrible bodge fix
Date: Mon, 29 Jun 2009 22:04:00 +0100 (BST)
[[48]Message part 1 (text/plain, inline)]
Dear Kalle,
> Neil Stewart writes:
>
> > I have compiled elinks with spidermoney enabled for javascript support. I am
> > running a bash script which loads pages useing the -remote
> > "openURL(${URL})". After 128 pages, elinks crashes.
>
> I can reproduce similar crashes with upstream ELinks 0.11.4,
> 0.11.5, and 0.12pre4, using libmozjs1d 1.9.0.8-1. It often takes
> more than 128 pages, however.
>
> The problem seems to be that both JS_InitStandardClasses and
> JS_InitClass called from spidermonkey_get_interpreter run out of
> memory (tested with a breakpoint in JS_ReportOutOfMemory), and
> JS_InitClass returns NULL, which spidermonkey_get_interpreter
> happily saves as document_obj and gives back to JS_InitClass,
> which eventually crashes in one of these calls.
>
> The out-of-memory error may be caused by ELinks constructing a
> large number of JSContexts as described in ELinks bug 981:
> http4://bugzilla.elinks.cz/show_bug.cgi?id=981
>
> Regardless of whether that one is fixed, I think we need to make
> spidermonkey_get_interpreter check the return values.
Thank you for your help with this. I've edited src/ecmascript/spidermonkey.c
(attached) in elinks-0.11.4 to prevent calls to JS_* functions with NULL
pointers.
For example,
JS_InitStandardClasses(ctx, window_obj);
becomes
if (window_obj != NULL ) {
JS_InitStandardClasses(ctx, window_obj);
}
Obviously this is a bodge, but it does allow the pages to display.
Presumably the JavaScript would fail to run properly.
Anyway, it does now mean crashes about once every 1,000 pages, which was
good enough for me to get the job done. Someone who knows what they are
doing (i.e., not me) might be able to use this information to fix this
properly. Alternatively, someone could implement my approach everywhere and
include warning comments in the code and release notes.
Thanks for your help.
Best,
Neil.
[[49]spidermonkey.c (text/plain, attachment)]
____________________________________________________________________________
Information forwarded to debian-bugs-dist@lists.debian.org, Y Giridhar Appaji Nag
:
Bug#534835; Package elinks. (Mon, 29 Jun 2009 22:57:02 GMT) ([50]full text,
[51]mbox, [52]link).
____________________________________________________________________________
Acknowledgement sent to Kalle Olavi Niemitalo :
Extra info received and forwarded to list. Copy sent to Y Giridhar Appaji Nag
. (Mon, 29 Jun 2009 22:57:03 GMT) ([53]full text, [54]mbox,
[55]link).
____________________________________________________________________________
[56]Message #20 received at 534835@bugs.debian.org ([57]full text, [58]mbox,
[59]reply):
From: Kalle Olavi Niemitalo
To: Neil Stewart
Cc: 534835@bugs.debian.org
Subject: Re: Terrible bodge fix
Date: Tue, 30 Jun 2009 01:52:00 +0300
[[60]Message part 1 (text/plain, inline)]
Neil Stewart writes:
> I've edited src/ecmascript/spidermonkey.c (attached) in
> elinks-0.11.4 to prevent calls to JS_* functions with NULL
> pointers.
I had already made related changes in the upstream elinks-0.12
branch. If spidermonkey_get_interpreter cannot fully initialize
the JSContext, it now returns an error. Some callers asserted
that such errors would not happen, so I had to fix them too.
10c07f9 Debian bug 534835: Check some SpiderMonkey return values
11c0cb8 Debian bug 534835: Check *_get_interpreter return values
e452420 Debian bug 534835: Don't assert ecmascript_reset_state succeeds
(These commits are at elinks.cz but not yet at repo.or.cz.)
The error handling is not perfect, in that ELinks may see another
SCRIPT element and retry ECMAScript initialization without
realizing that one script has been skipped, but at least it
doesn't crash now. I think I had elinks --remote openURL running
in a loop for some hours without ill effects.
These changes could be applied to the elinks-0.11 branch
(currently at 0.11.7.GIT) too if there is interest. Because that
branch already has fixes for several other crashes of 0.11.4,
and the double-free crash with looks much easier to
exploit than this null pointer dereference, I don't think there's
any point in patching 0.11.4 separately.
[[61]Message part 2 (application/pgp-signature, inline)]
____________________________________________________________________________
Tags added: fixed-upstream Request was from Kalle Olavi Niemitalo to
control@bugs.debian.org. (Wed, 08 Jul 2009 11:15:02 GMT) ([62]full text,
[63]mbox, [64]link).
____________________________________________________________________________
Tags added: pending Request was from Y Giridhar Appaji Nag to
control@bugs.debian.org. (Sat, 11 Jul 2009 08:48:04 GMT) ([65]full text,
[66]mbox, [67]link).
____________________________________________________________________________
Tags added: pending Request was from Y Giridhar Appaji Nag to
control@bugs.debian.org. (Sat, 11 Jul 2009 08:51:04 GMT) ([68]full text,
[69]mbox, [70]link).
____________________________________________________________________________
Reply sent to Y Giridhar Appaji Nag :
You have taken responsibility. (Sun, 12 Jul 2009 04:00:06 GMT) ([71]full text,
[72]mbox, [73]link).
____________________________________________________________________________
Notification sent to Neil Stewart :
Bug acknowledged by developer. (Sun, 12 Jul 2009 04:00:06 GMT) ([74]full text,
[75]mbox, [76]link).
____________________________________________________________________________
[77]Message #31 received at 534835-close@bugs.debian.org ([78]full text,
[79]mbox, [80]reply):
From: Y Giridhar Appaji Nag
To: 534835-close@bugs.debian.org
Subject: Bug#534835: fixed in elinks 0.12~pre5-1
Date: Sun, 12 Jul 2009 03:47:36 +0000
Source: elinks
Source-Version: 0.12~pre5-1
We believe that the bug you reported is fixed in the latest version of
elinks, which is due to be installed in the Debian FTP archive:
elinks-data_0.12~pre5-1_all.deb
to pool/main/e/elinks/elinks-data_0.12~pre5-1_all.deb
elinks-doc_0.12~pre5-1_all.deb
to pool/main/e/elinks/elinks-doc_0.12~pre5-1_all.deb
elinks-lite_0.12~pre5-1_i386.deb
to pool/main/e/elinks/elinks-lite_0.12~pre5-1_i386.deb
elinks_0.12~pre5-1.diff.gz
to pool/main/e/elinks/elinks_0.12~pre5-1.diff.gz
elinks_0.12~pre5-1.dsc
to pool/main/e/elinks/elinks_0.12~pre5-1.dsc
elinks_0.12~pre5-1_i386.deb
to pool/main/e/elinks/elinks_0.12~pre5-1_i386.deb
elinks_0.12~pre5.orig.tar.gz
to pool/main/e/elinks/elinks_0.12~pre5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 534835@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Y Giridhar Appaji Nag (supplier of updated elinks package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 11 Jul 2009 20:49:34 +0530
Source: elinks
Binary: elinks elinks-data elinks-doc elinks-lite
Architecture: source i386 all
Version: 0.12~pre5-1
Distribution: unstable
Urgency: low
Maintainer: Y Giridhar Appaji Nag
Changed-By: Y Giridhar Appaji Nag
Description:
elinks - advanced text-mode WWW browser
elinks-data - advanced text-mode WWW browser - data files
elinks-doc - advanced text-mode WWW browser - documentation
elinks-lite - advanced text-mode WWW browser - lightweight version
Closes: [81]532502 [82]534835 [83]535750
Changes:
elinks (0.12~pre5-1) unstable; urgency=low
.
* New upstream release 0.12pre5
+ Fixes crash in case of OOM w/ SpiderMonkey enabled (Closes: #[84]534835)
+ Fixes crash - get regfree from libtre instead of libc (Closes: #[85]532502)
* Update Standards-Version to 3.8.2 (no changes required)
* Enable finger support in elinks and elinks-lite (Closes: #[86]535750)
* Remove dh_desktop, now deprecated and is a no-op.
Checksums-Sha1:
a2e70cbf77b9cb5733680a29a6b9e1c687c2f51f 1814 elinks_0.12~pre5-1.dsc
683d74613552c1d6a9e61971e9683c914214f018 4211466 elinks_0.12~pre5.orig.tar.gz
4b1598e4e51e22fd377b3527a597177772ee0e1f 21226 elinks_0.12~pre5-1.diff.gz
8cecbef934c4fe802144190f32f3e7677cffaa24 528344 elinks_0.12~pre5-1_i386.deb
a918fe95def99a2a2d612e2b8792e8331478204c 354584 elinks-lite_0.12~pre5-1_i386.deb
f54b51205724aa18a1d93d808d97bb7e3775c341 612192 elinks-data_0.12~pre5-1_all.deb
cd4f8054a32206e6544e8297aa5816271db5e0ea 623118 elinks-doc_0.12~pre5-1_all.deb
Checksums-Sha256:
051cbcefb1c91b59d475706fb33145aee178822f1c85a8a7cc81a551ad09b453 1814 elinks_0.12~pre5-1.
dsc
e42eab6642f69f266580f8c5318ee4086fd198f6142a99b76b053e75dcd1d9b9 4211466 elinks_0.12~pre5
.orig.tar.gz
ae3666f2056d23651e4cfa9b67997e04edde70071a4ddc7f63a615bd9eb2ddb6 21226 elinks_0.12~pre5-1
.diff.gz
4376c5a12c8304fe70fc58ec734212c9fcc6c9d1df1d199b04208af21f18a148 528344 elinks_0.12~pre5-
1_i386.deb
ee01f63f795ccb64cc700e52d8c0a92623f84d25abb8dcc3ac7aa0e86904c2b6 354584 elinks-lite_0.12~
pre5-1_i386.deb
0ee2e0457810b2b72a6da94db5db72e91ce8cf044620ea7ef4c899d428337770 612192 elinks-data_0.12~
pre5-1_all.deb
a1d520678150b8893ce9f8a60e5cbac377708e22f192ec1cc97c98848bc1a178 623118 elinks-doc_0.12~p
re5-1_all.deb
Files:
5df480ac66fc5fb3083774720cff6543 1814 web optional elinks_0.12~pre5-1.dsc
93b48cc31fb2eabbf8b1b96c262db397 4211466 web optional elinks_0.12~pre5.orig.tar.gz
049cfc9f5390b8f7ac68e4fa10c6b565 21226 web optional elinks_0.12~pre5-1.diff.gz
e85a1d3476e86b1842a78d8eda05ac22 528344 web optional elinks_0.12~pre5-1_i386.deb
91abce9412d387eafdb088eeeab82e22 354584 web extra elinks-lite_0.12~pre5-1_i386.deb
dab5ae67785650ffda9fe95148a478db 612192 web optional elinks-data_0.12~pre5-1_all.deb
b05b61bbf14c80bc1638ecd01f653077 623118 doc optional elinks-doc_0.12~pre5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBCAAGBQJKWVqkAAoJENbfLHnbvsrcArUIAI9q8EeQ8+hP0luQBBM1sZd4
WEJirjiVua5U+C6yi7QdylS33wEUDo80sdeYPvG9Q51cpT+5kf9AWf2d5aP5oJT9
x8ythXndN3Vfe9w+yV9kBFZWLAkL6BH7EsA9Wpnq6fNshZI58PnBYiuAal14G1wn
PJRHc8OTrcI3XRNB/XeM2r0jJ3OOcmJz/3yJIEkeGz78pYuTmeG7JxH4mycxMfGk
T2u9CFrhugPVyZYwsBPbQUPSQTjDv2DJXZ2ouOQsusN5k4sguSatTCgPJ8fx0q8d
AXXkSFdlbQiuFHOQlPRQEwHAlfrnwHA+cUTFpKUZFprisBUorxFrOEFZ/YqjARY=
=dqPE
-----END PGP SIGNATURE-----
____________________________________________________________________________
Bug archived. Request was from Debbugs Internal Request
to internal_control@bugs.debian.org. (Fri, 11 Sep 2009 07:53:26 GMT) ([87]full
text, [88]mbox, [89]link).
____________________________________________________________________________
Send a report that [90]this bug log contains spam.
____________________________________________________________________________
Debian bug tracking system administrator . Last
modified: Wed May 8 14:42:12 2024; Machine Name: buxtehude
[92]Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU Public License
version 2. The current version can be obtained from
[93]https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97
Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
References
1. mailto:534835@bugs.debian.org
2. https://bugs.debian.org/cgi-bin/version.cgi?collapse=1;info=1;absolute=0;fixed=elinks%2F0.12~pre5-1;found=elinks%2F0.11.4-3;package=elinks
3. https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=elinks
4. https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=elinks
5. https://bugs.debian.org/cgi-bin/pkgreport.cgi?maint=aelmahmoudy%40users.sourceforge.net
6. https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=elinks
7. https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=elinks
8. https://tracker.debian.org/pkg/elinks
9. https://buildd.debian.org/elinks
10. https://qa.debian.org/popcon.php?package=elinks
11. https://bugs.debian.org/cgi-bin/pkgreport.cgi?submitter=neil.stewart%40warwick.ac.uk
12. javascript:toggle_infmessages();
13. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes
14. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;mboxstatus=yes
15. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;mboxmaint=yes
16. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=2
17. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=2
18. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#1
19. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=4
20. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=4
21. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#3
22. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#5
23. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=5
24. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=5
25.
26. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=7
27. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=7
28. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#6
29. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=9
30. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=9
31. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#8
32. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#10
33. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=10
34. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=10
35. mailto:534835@bugs.debian.org?body=On%20Sat%2C%2027%20Jun%202009%2019%3A15%3A24%20%2B0300%20Kalle%20Olavi%20Niemitalo%20%3Ckon%40iki.fi%3E%20wrote%3A%0A%3E%20Neil%20Stewart%20%3Cneil.stewart%40warwick.ac.uk%3E%20writes%3A%0A%3E%20%0A%3E%20%3E%20I%20have%20compiled%20elinks%20with%20spidermoney%20enabled%20for%20javascript%20support.%20I%20am%0A%3E%20%3E%20running%20a%20bash%20script%20which%20loads%20pages%20useing%20the%20-remote%0A%3E%20%3E%20%22openURL%28%24%7BURL%7D%29%22.%20After%20128%20pages%2C%20elinks%20crashes.%0A%3E%20%0A%3E%20I%20can%20reproduce%20similar%20crashes%20with%20upstream%20ELinks%200.11.4%2C%0A%3E%200.11.5%2C%20and%200.12pre4%2C%20using%20libmozjs1d%201.9.0.8-1.%20%20It%20often%20takes%0A%3E%20more%20than%20128%20pages%2C%20however.%0A%3E%20%0A%3E%20The%20problem%20seems%20to%20be%20that%20both%20JS_InitStandardClasses%20and%0A%3E%20JS_InitClass%20called%20from%20spidermonkey_get_interpreter%20run%20out%20of%0A%3E%20memory%20%28tested%20with%20a%20breakpoint%20in%20JS_ReportOutOfMemory%29%2C%20and%0A%3E%20JS_InitClass%20returns%20NULL%2C%20which%20spidermonkey_get_interpreter%0A%3E%20happily%20saves%20as%20document_obj%20and%20gives%20back%20to%20JS_InitClass%2C%0A%3E%20which%20eventually%20crashes%20in%20one%20of%20these%20calls.%0A%3E%20%0A%3E%20The%20out-of-memory%20error%20may%20be%20caused%20by%20ELinks%20constructing%20a%0A%3E%20large%20number%20of%20JSContexts%20as%20described%20in%20ELinks%20bug%20981%3A%0A%3E%20http4%3A%2F%2Fbugzilla.elinks.cz%2Fshow_bug.cgi%3Fid%3D981%0A%3E%20%0A%3E%20Regardless%20of%20whether%20that%20one%20is%20fixed%2C%20I%20think%20we%20need%20to%20make%0A%3E%20spidermonkey_get_interpreter%20check%20the%20return%20values.%0A&subject=Re%3A%20Bug%23534835%3A%20elinks%20with%20spidermonkey%20fails%20after%20128%20page%20loads&In-Reply-To=%3C87ab3ttzz7.fsf%40Astalo.kon.iki.fi%3E&References=%3C20090627130132.23563.52542.reportbug%40stewart.psych.warwick.ac.uk%3E%0A%20%3C87ab3ttzz7.fsf%40Astalo.kon.iki.fi%3E
36. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=0;bug=534835;msg=10
37. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=534835;msg=10
38. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=12
39. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=12
40. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#11
41. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=14
42. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=14
43. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#13
44. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#15
45. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=15
46. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=15
47.
48. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=0;bug=534835;msg=15
49. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=534835;filename=spidermonkey.c;msg=15
50. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=17
51. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=17
52. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#16
53. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=19
54. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=19
55. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#18
56. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#20
57. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=20
58. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=20
59. mailto:534835@bugs.debian.org?In-Reply-To=%3C874otylkkv.fsf%40Astalo.kon.iki.fi%3E&References=%3CPine.SOL.4.44.0906292138230.16222-200000%40mimosa.csv.warwick.ac.uk%3E%0A%20%3C874otylkkv.fsf%40Astalo.kon.iki.fi%3E&body=On%20Tue%2C%2030%20Jun%202009%2001%3A52%3A00%20%2B0300%20Kalle%20Olavi%20Niemitalo%20%3Ckon%40iki.fi%3E%20wrote%3A%0A%3E%20Neil%20Stewart%20%3Cneil.stewart%40warwick.ac.uk%3E%20writes%3A%0A%3E%20%0A%3E%20%3E%20I%27ve%20edited%20src%2Fecmascript%2Fspidermonkey.c%20%28attached%29%20in%0A%3E%20%3E%20elinks-0.11.4%20to%20prevent%20calls%20to%20JS_%2A%20functions%20with%20NULL%0A%3E%20%3E%20pointers.%0A%3E%20%0A%3E%20I%20had%20already%20made%20related%20changes%20in%20the%20upstream%20elinks-0.12%0A%3E%20branch.%20%20If%20spidermonkey_get_interpreter%20cannot%20fully%20initialize%0A%3E%20the%20JSContext%2C%20it%20now%20returns%20an%20error.%20%20Some%20callers%20asserted%0A%3E%20that%20such%20errors%20would%20not%20happen%2C%20so%20I%20had%20to%20fix%20them%20too.%0A%3E%20%0A%3E%2010c07f9%20Debian%20bug%20534835%3A%20Check%20some%20SpiderMonkey%20return%20values%0A%3E%2011c0cb8%20Debian%20bug%20534835%3A%20Check%20%2A_get_interpreter%20return%20values%0A%3E%20e452420%20Debian%20bug%20534835%3A%20Don%27t%20assert%20ecmascript_reset_state%20succeeds%0A%3E%20%0A%3E%20%28These%20commits%20are%20at%20elinks.cz%20but%20not%20yet%20at%20repo.or.cz.%29%0A%3E%20%0A%3E%20The%20error%20handling%20is%20not%20perfect%2C%20in%20that%20ELinks%20may%20see%20another%0A%3E%20SCRIPT%20element%20and%20retry%20ECMAScript%20initialization%20without%0A%3E%20realizing%20that%20one%20script%20has%20been%20skipped%2C%20but%20at%20least%20it%0A%3E%20doesn%27t%20crash%20now.%20%20I%20think%20I%20had%20elinks%20--remote%20openURL%20running%0A%3E%20in%20a%20loop%20for%20some%20hours%20without%20ill%20effects.%0A%3E%20%0A%3E%20These%20changes%20could%20be%20applied%20to%20the%20elinks-0.11%20branch%0A%3E%20%28currently%20at%200.11.7.GIT%29%20too%20if%20there%20is%20interest.%20%20Because%20that%0A%3E%20branch%20already%20has%20fixes%20for%20several%20other%20crashes%20of%200.11.4%2C%0A%3E%20and%20the%20double-free%20crash%20with%20%3C%2FMAP%3E%20looks%20much%20easier%20to%0A%3E%20exploit%20than%20this%20null%20pointer%20dereference%2C%20I%20don%27t%20think%20there%27s%0A%3E%20any%20point%20in%20patching%200.11.4%20separately.%0A&subject=Re%3A%20Terrible%20bodge%20fix
60. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=0;bug=534835;msg=20
61. https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=534835;msg=20
62. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=22
63. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=22
64. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#21
65. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=24
66. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=24
67. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#23
68. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=26
69. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=26
70. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#25
71. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=28
72. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=28
73. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#27
74. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=30
75. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=30
76. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#29
77. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#31
78. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=31
79. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=31
80.
81. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532502
82. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835
83. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535750
84. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835
85. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532502
86. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535750
87. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;msg=33
88. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835;mbox=yes;msg=33
89. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534835#32
90. https://bugs.debian.org/cgi-bin/bugspam.cgi?bug=534835
91. mailto:owner@bugs.debian.org
92. https://www.debian.org/Bugs/
93. https://bugs.debian.org/debbugs-source/
Usage: http://www.kk-software.de/kklynxview/get/URL
e.g. http://www.kk-software.de/kklynxview/get/http://www.kk-software.de
Errormessages are in German, sorry ;-)