epiphany-browser crashes when reloading web page (heap corruption?)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Raspbian |
New
|
Undecided
|
Unassigned |
Bug Description
The epiphany-browser binary (version 1:3.8.2.
I tried using gdb, and got this backtrace:
(epiphany-
[Thread 0x66501280 (LWP 12264) exited]
[Thread 0x6a047280 (LWP 12267) exited]
[Thread 0x68090280 (LWP 12266) exited]
[Thread 0x65d01280 (LWP 12263) exited]
[New Thread 0x65d01280 (LWP 12286)]
[New Thread 0x68090280 (LWP 12287)]
[New Thread 0x6a047280 (LWP 12290)]
[Thread 0x6a047280 (LWP 12290) exited]
[New Thread 0x6a047280 (LWP 12291)]
*** Error in `/usr/bin/
Program received signal SIGABRT, Aborted.
0x744c3f70 in __GI_raise (sig=sig@entry=6) at ../nptl/
56 ../nptl/
(gdb)
(gdb) bt
#0 0x744c3f70 in __GI_raise (sig=sig@entry=6) at ../nptl/
#1 0x744c5324 in __GI_abort () at abort.c:89
#2 0x744ff954 in __libc_message (do_abort=
#3 0x74505b80 in malloc_printerr (action=1, str=0x745b5860 "double free or corruption (out)", ptr=<optimized out>) at malloc.c:4996
#4 0x74506b24 in _int_free (av=<optimized out>, p=<optimized out>, have_lock=0) at malloc.c:3840
#5 0x74a18978 in ?? () from /usr/lib/
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) quit
Next I tried using valgrind, as this seem to be a memory related issue, but valgrind just crashed with an Illegal instruction error after reporting several misuses of the heap... :)
pi@raspberrypi:~ $ DISPLAY=:0 valgrind x-www-browser
==12856== Memcheck, a memory error detector
==12856== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==12856== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==12856== Command: x-www-browser
==12856==
==12856== Invalid read of size 1
==12856== at 0x4836CCC: strncmp (mc_replace_
==12856== by 0x9D3E103: ??? (in /usr/lib/
==12856== Address 0x7e884441 is not stack'd, malloc'd or (recently) free'd
==12856==
==12856== Invalid read of size 1
==12856== at 0x4836D20: strncmp (mc_replace_
==12856== by 0x9D3E103: ??? (in /usr/lib/
==12856== Address 0x7e884442 is not stack'd, malloc'd or (recently) free'd
==12856==
(process:12856): Gtk-WARNING **: Locale not supported by C library.
Using the fallback 'C' locale.
==12856== Invalid read of size 4
==12856== at 0x4844FA0: ??? (in /usr/lib/
==12856== Address 0xa19d38c is 12 bytes inside a block of size 14 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4844F8C: ??? (in /usr/lib/
==12856== Address 0xa19df14 is 4 bytes inside a block of size 11 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4845004: ??? (in /usr/lib/
==12856== Address 0xa19e1a4 is 12 bytes inside a block of size 18 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 4
==12856== at 0x4844D10: ??? (in /usr/lib/
==12856== Address 0xa19e8c4 is 12 bytes inside a block of size 14 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4844B00: ??? (in /usr/lib/
==12856== Address 0xa19f8fc is 12 bytes inside a block of size 18 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x48450A8: ??? (in /usr/lib/
==12856== Address 0xa19fba4 is 4 bytes inside a block of size 11 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 4
==12856== at 0x4844E68: ??? (in /usr/lib/
==12856== Address 0xa1a12e0 is 16 bytes inside a block of size 19 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 4
==12856== at 0x4845030: ??? (in /usr/lib/
==12856== Address 0xa1a279c is 12 bytes inside a block of size 14 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4845090: ??? (in /usr/lib/
==12856== Address 0xa1a342c is 12 bytes inside a block of size 19 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 4
==12856== at 0x48450BC: ??? (in /usr/lib/
==12856== Address 0xa1a515c is 20 bytes inside a block of size 23 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4844E3C: ??? (in /usr/lib/
==12856== Address 0xa1a64e4 is 12 bytes inside a block of size 19 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4844F74: ??? (in /usr/lib/
==12856== Address 0xa1a76f4 is 12 bytes inside a block of size 17 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4844C40: ??? (in /usr/lib/
==12856== Address 0xa1ba280 is 8 bytes inside a block of size 15 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 4
==12856== at 0x4844BB8: ??? (in /usr/lib/
==12856== Address 0xa1c3660 is 24 bytes inside a block of size 26 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
==12856== Invalid read of size 8
==12856== at 0x4844AE8: ??? (in /usr/lib/
==12856== Address 0xa1c3fd0 is 8 bytes inside a block of size 15 alloc'd
==12856== at 0x4833970: malloc (vg_replace_
==12856== by 0x705224F: g_malloc (in /lib/arm-
==12856==
disInstr(arm): unhandled instruction: 0xF1010200
==12856== valgrind: Unrecognised instruction at address 0x48426f4.
==12856== at 0x48426F4: ??? (in /usr/lib/
==12856== Your program just tried to execute an instruction that Valgrind
==12856== did not recognise. There are two possible reasons for this.
==12856== 1. Your program has a bug and erroneously jumped to a non-code
==12856== location. If you are running Memcheck and you just saw a
==12856== warning about a bad jump, it's probably your program's fault.
==12856== 2. The instruction is legitimate but Valgrind doesn't handle it,
==12856== i.e. it's Valgrind's fault. If you think this is the case or
==12856== you are not sure, please let us know and we'll try to fix it.
==12856== Either way, Valgrind will now raise a SIGILL signal which will
==12856== probably kill your program.
==12856==
==12856== Process terminating with default action of signal 4 (SIGILL)
==12856== Illegal opcode at address 0x48426F4
==12856== at 0x48426F4: ??? (in /usr/lib/
==12856==
==12856== HEAP SUMMARY:
==12856== in use at exit: 113,580 bytes in 1,943 blocks
==12856== total heap usage: 3,059 allocs, 1,116 frees, 216,994 bytes allocated
==12856==
==12856== LEAK SUMMARY:
==12856== definitely lost: 0 bytes in 0 blocks
==12856== indirectly lost: 0 bytes in 0 blocks
==12856== possibly lost: 7,492 bytes in 245 blocks
==12856== still reachable: 93,208 bytes in 1,544 blocks
==12856== suppressed: 0 bytes in 0 blocks
==12856== Rerun with --leak-check=full to see details of leaked memory
==12856==
==12856== For counts of detected and suppressed errors, rerun with: -v
==12856== ERROR SUMMARY: 43 errors from 17 contexts (suppressed: 0 from 0)
Illegal instruction