Browser plugin crashes when displaying a postscript file
@mcatanzaro
Submitted by Michael Catanzaro Link to original bug (#745170)
Description
With the evince browser plugin enabled, navigate to http://cse.unl.edu/~goddard/Courses/RealTimeSystems/Lectures/CyclicExecModel.ps in Epiphany. The web process will crash immediately.
Thread 6 (Thread 0x7fc5ddda4700 (LWP 13330)):
#0 0x00007fc5f37d6590 in pthread_cond_wait@@GLIBC_2.3.2 ()
at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1 0x00007fc5f6ab6e86 in WTF::TCMalloc_PageHeap::scavengerThread() (this=0x7fc5f6debac0 <WTF::pageheap_memory>)
at /usr/src/debug/webkitgtk-2.6.5/Source/WTF/wtf/FastMalloc.cpp:2963
#2 0x00007fc5f6ab6ea9 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) (context=<optimized out>)
at /usr/src/debug/webkitgtk-2.6.5/Source/WTF/wtf/FastMalloc.cpp:2122
#3 0x00007fc5f37d152a in start_thread (arg=0x7fc5ddda4700)
at pthread_create.c:310
__res = <optimized out>
pd = 0x7fc5ddda4700
now = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {140487807354624, 2281706308276209437, 140733968524544, 0, 140487807354624, 140487807355328, -2296408683609700579, -2296315507767752931}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#4 0x00007fc5f6f1179d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 5 (Thread 0x7fc58fbde700 (LWP 13334)):
#0 0x00007fc5f9d3b947 in _dl_map_object (loader=0x1045d00, name=name@entry=0x7fc58fbdcbf0 "/usr/lib64/ghostscript/9.14/X11.so", type=type@entry=2, trace_mode=trace_mode@entry=0, mode=mode@entry=-1879048190, nsid=nsid@entry=0)
at dl-load.c:1952
soname = 0x7fc5f124c916 "libsqlite3.so.0"
fd = <optimized out>
realname = 0x7fc584002d60 " \265"
l = 0x7fc5f9f27000
fb =
{len = 0, buf = '\000' <repeats 120 times>, " \000\000\204\305\177\000\000\064\000\000\000\000\000\000\000\060ɽ\217\305\177\000\000\036\000\000\000\000\000\000\000\026\000\000\000\000\000\000\000\025\000\000\000\000\000\000\000\316H\351\366\305\177\000\000\000\000\000\000\000\000\000\000\250ʽ\217\305\177\000\000Fɽ\217\305\177\000\000/,\324"...}
found_other_class = false
stack_end = 0x0
#1 0x00007fc5f9d476b4 in dl_open_worker (a=a@entry=0x7fc58fbdc9a8)
at dl-open.c:224
args = 0x7fc58fbdc9a8
file = 0x7fc58fbdcbf0 "/usr/lib64/ghostscript/9.14/X11.so"
mode = -2147483646
call_map = <optimized out>
dst = <optimized out>
new = <optimized out>
r = <optimized out>
reloc_mode = <optimized out>
nmaps = <optimized out>
l = <optimized out>
maps = <optimized out>
relocation_in_progress = <optimized out>
any_tls = <optimized out>
first_static_tls = <optimized out>
#2 0x00007fc5f9d42df4 in _dl_catch_error (objname=objname@entry=0x7fc58fbdc998, errstring=errstring@entry=0x7fc58fbdc9a0, mallocedp=mallocedp@entry=0x7fc58fbdc997, operate=operate@entry=0x7fc5f9d47590 <dl_open_worker>, args=args@entry=0x7fc58fbdc9a8) at dl-error.c:187
errcode = 21
c =
{objname = 0x7fc58fbdc998, errstring = 0x7fc58fbdc9a0, malloced = 0x7fc58fbdc997, errcode = 0x7fc58fbdc884, env = {{__jmpbuf = {140486496864936, -2296518360490162403, 2147483650, 140486496865264, 140486602139484, 140488278888448, -2296518360569854179, -2296329604151884003}, __mask_was_saved = -2078200680, __saved_mask = {__val = {140486302052032, 21, 140486496864800, 140486496864560, 140486299888992, 140486496864582, 22, 140488276734278, 8223700941521445219, 7308332182666502501, 8443968244907336736, 3762302743640765043, 7166199471215765295, 3543832832766929266, 140484088311604, 140486302052032}}}}}
catchp = 0x7fc58fbde6d8
old = <optimized out>
#3 0x00007fc5f9d46ee3 in _dl_open (file=0x7fc58fbdcbf0 "/usr/lib64/ghostscript/9.14/X11.so", mode=-2147483646, caller_dlopen=0x7fc59604275c <gp_init+140>, nsid=-2, argc=<optimized out>, argv=<optimized out>, env=0x7fff2e33a938)
at dl-open.c:650
args =
{file = 0x7fc58fbdcbf0 "/usr/lib64/ghostscript/9.14/X11.so", mode = -2147483646, caller_dlopen = 0x7fc59604275c <gp_init+140>, caller_dl_open = 0x7fc5f3df9039 <dlopen_doit+89>, map = 0x0, nsid = 0, argc = 3, argv = 0x7fff2e33a918, env = 0x7fff2e33a938}
objname = 0x7fc58fbdc946 "/usr/lib64/ghostscript/9.14/."
errstring = 0x7fc584002d60 " \265"
malloced = true
errcode = <optimized out>
#4 0x00007fc5f3df9039 in dlopen_doit (a=a@entry=0x7fc58fbdcbc0) at dlopen.c:66
args = 0x7fc58fbdcbc0
#5 0x00007fc5f9d42df4 in _dl_catch_error (objname=0x7fc584002d00, errstring=0x7fc584002d08, mallocedp=0x7fc584002cf8, operate=0x7fc5f3df8fe0 <dlopen_doit>, args=0x7fc58fbdcbc0) at dl-error.c:187
errcode = 21
c =
{objname = 0x7fc584002d00, errstring = 0x7fc584002d08, malloced = 0x7fc584002cf8, errcode = 0x7fc58fbdcaa4, env = {{__jmpbuf = {0, -2296316344446859491, 140486496865216, 140486496865292, 140486299886464, 0, -2296518360498551011, -2296329604151884003}, __mask_was_saved = 2052, __saved_mask = {__val = {64, 8, 506806141083, 1, 0, 532575944824, 140486300214992, 0, 140486496866768, 140486496866768, 2, 140486299888880, 140488176799712, 140486496865216, 140486496865292, 140486299886464}}}}}
catchp = 0x7fc58fbde6d8
old = <optimized out>
#6 0x00007fc5f3df969d in _dlerror_run (operate=operate@entry=0x7fc5f3df8fe0 <dlopen_doit>, args=args@entry=0x7fc58fbdcbc0) at dlerror.c:163
result = 0x7fc584002cf0
#7 0x00007fc5f3df90d1 in __dlopen (file=file@entry=0x7fc58fbdcbf0 "/usr/lib64/ghostscript/9.14/X11.so", mode=mode@entry=2) at dlopen.c:87
args =
{file = 0x7fc58fbdcbf0 "/usr/lib64/ghostscript/9.14/X11.so", mode = 2, new = 0x7fc5841ea290, caller = 0x7fc59604275c <gp_init+140>}
#8 0x00007fc59604275c in gp_init () at base/gp_unix.c:78
dir = 0x7fc5841ea290
dirent = <optimized out>
buff = "/usr/lib64/ghostscript/9.14/X11.so", '\000' <repeats 989 times>
pbuff = 0x7fc58fbdcc0c "X11.so"
handle = <optimized out>
gs_shared_init = <optimized out>
#9 0x00007fc5960adc41 in gs_main_init0 (minst=minst@entry=0x7fc584002c30, in=in@entry=0x0, out=out@entry=0x0, err=err@entry=0x0, max_lib_paths=max_lib_paths@entry=25) at psi/imain.c:146
paths = <optimized out>
array = <optimized out>
#10 0x00007fc5960b1819 in gs_main_init_with_args (minst=0x7fc584002c30, argc=13, argv=argv@entry=0x7fc584002380) at psi/imainarg.c:145
arg = <optimized out>
args =
{expand_ats = 1, arg_fopen = 0x7fc5960af4a0 <gs_main_arg_fopen>, fopen_data = 0x7fc584002c30, get_codepoint = 0x7fc5960b1c80 <get_codepoint_utf8>, memory = 0x7fc5840020f0, argp = 0x7fc584002388, argn = 12, depth = 0, cstr = '\000' <repeats 56 times>, "\a", '\000' <repeats 66 times>, "'l\202{\262\002", '\000' <repeats 47 times>, "R\365\345\366\305\177\000\000\200ؽ\217\305\177\000\000\000\000\000\000\000\000\000\000\002"..., sources = {{is_file = -2080362972, u = {s = {parsed = -2080363072, decoded = 32709, chars = 0x7fc584002e24 "", memory = 0x0, str = 0x0}, file = 0x7fc584002dc0}}, {is_file = 0, u = {s = {parsed = 0, decoded = 0, chars = 0x0, memory = 0x400000202, str = 0x7fc597dc8870 ""}, file = 0x0}}, {is_file = 0, u = {s = {parsed = 0, decoded = 0, chars = 0x108 <error: Cannot access memory at address 0x108>, memory = 0x7fc58fbdd994, str = 0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>}, file = 0x0}}, {is_file = 0, u = {s = {parsed = 1883383425, decoded = -32710, chars = 0x7fc58fbdd97f "", memory = 0xffffffff, str = 0x3400000011 <error: Cannot access memory at address 0x3400000011>}, file = 0xffff803a70422681}}, {is_file = 0, u = {s = {parsed = -149129024, decoded = 32709, chars = 0x7fc5f6e94860 <__GI___libc_malloc> "USH\203\354\bH\213\005K63", memory = 0x7fc5f6e94bb0 <__GI___libc_free>, str = 0x0}, file = 0x7fc5f71c78c0 <_IO_str_jumps>}}, {is_file = -2080366992, u = {s = {parsed = -2080367136, decoded = 32709, chars = 0x7fc584002380 "x\302\004\227\305\177", memory = 0x1, str = 0x7fc584001e30 "\300\v\004\001"}, file = 0x7fc584001de0}}, {is_file = 0, u = {s = {parsed = -1761320235, decoded = 32709, chars = 0x7fc584001e30 "\300\v\004\001", memory = 0x7fc584002ed0, str = 0x3000000010 <error: Cannot access memory at address 0x3000000010>}, file = 0x7fc5970462d5 <_spectre_strdup_printf+181>}}, {is_file = -1883383136, u = {s = {parsed = -1883383328, decoded = 32709, chars = 0xc751de3a385b6300 <error: Cannot access memory at address 0xc751de3a385b6300>, memory = 0x0, str = 0x7fc584001e30 "\300\v\004\001"}, file = 0x7fc58fbdd9e0}}, {is_file = -2080362832, u = {s = {parsed = -2080374704, decoded = 32709, chars = 0x7fc584002dc0 <incomplete sequence \330>, memory = 0x4, str = 0x4058053e08bcb93b <error: Cannot access memory at address 0x4058053e08bcb93b>}, file = 0x7fc584000050}}, {is_file = 0, u = {s = {parsed = -1427922634, decoded = 1079509504, chars = 0x0, memory = 0x4087f80000000000, str = 0x0}, file = 0x40580200aae3a136}}}}
code = 57
#11 0x00007fc5960b2d8b in gsapi_init_with_args (lib=<optimized out>, argc=<optimized out>, argv=argv@entry=0x7fc584002380) at psi/iapi.c:334
ctx = <optimized out>
#12 0x00007fc59704461c in spectre_gs_run (gs=gs@entry=0x7fc584001e70, n_args=<optimized out>, args=args@entry=0x7fc584002380) at spectre-gs.c:190
error = <optimized out>
#13 0x00007fc59704524c in spectre_device_render (device=device@entry=0x7fc584001e30, page=1, rc=rc@entry=0x7fc584001de0, x=x@entry=0, y=y@entry=0, width=<optimized out>, height=<optimized out>, page_data=0x7fc58fbddbb0, row_length=0x7fc58fbddbac) at spectre-device.c:264
gs = 0x7fc584001e70
args = 0x7fc584002380
n_args = <optimized out>
arg = <optimized out>
success = <optimized out>
fmt = <optimized out>
text_alpha = 0x7fc584001f00 "-dTextAlphaBits=4"
graph_alpha = 0x7fc584002e30 "-dGraphicsAlphaBits=2"
size = 0x7fc584002e50 "-g782x1023"
resolution = 0x7fc584002e70 "-r96.081911x96.031291"
set = <optimized out>
dsp_format = 0x7fc584002e90 "-dDisplayFormat=6359172"
dsp_handle = 0x7fc584002ed0 "-sDisplayHandle=16#7fc584001e30"
width_points = 0x0
height_points = 0x0
#14 0x00007fc597045743 in spectre_page_render (page=page@entry=0x7fc5840010c0, rc=rc@entry=0x7fc584001de0, page_data=page_data@entry=0x7fc58fbddbb0, row_length=row_length@entry=0x7fc58fbddbac) at spectre-page.c:164
device = 0x7fc584001e30
width = 586
height = 767
__func__ = "spectre_page_render"
#15 0x00007fc597259bf5 in ps_document_render (document=<optimized out>, rc=<optimized out>) at ev-spectre.c:312
ps_page = 0x7fc5840010c0
src = 0x7fc584001de0
width_points = 586
height_points = 767
width = 782
height = 1023
swidth = <optimized out>
sheight = <optimized out>
data = 0x0
stride = 32709
rotation = 0
surface = <optimized out>
key = {unused = 0}
#16 0x00007fc5dc158362 in ev_job_render_run (job=0x10239b0 [EvJobRender])
at ev-jobs.c:638
job_render = 0x10239b0 [EvJobRender]
ev_page = 0x7fc5840012a0 [EvPage]
rc = 0x7fc584002440 [EvRenderContext]
#17 0x00007fc5dc15a1ba in ev_job_thread_proxy (job=0x10239b0 [EvJobRender])
at ev-job-scheduler.c:184
result = <optimized out>
job = 0x1041750
#18 0x00007fc5dc15a1ba in ev_job_thread_proxy (data=<optimized out>)
at ev-job-scheduler.c:217
job = 0x1041750
#19 0x00007fc5f406c7b5 in g_thread_proxy (data=0x10131e0) at gthread.c:764
thread = 0x10131e0
#20 0x00007fc5f37d152a in start_thread (arg=0x7fc58fbde700)
at pthread_create.c:310
__res = <optimized out>
pd = 0x7fc58fbde700
now = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {140486496872192, 2281706308276209437, 140733968522240, 0, 140486496872192, 140486496872896, -2296518360968313059, -2296315507767752931}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#21 0x00007fc5f6f1179d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 4 (Thread 0x7fc5dcda2700 (LWP 13332)):
#0 0x00007fc5f6f061fd in poll () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007fc5f4045e24 in g_main_context_iterate (priority=2147483647, n_fds=2, fds=0x7fc5880010e0, timeout=-1, context=0xe18200) at gmain.c:4076
poll_func = 0x7fc5f4055240 <g_poll>
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fc5880010e0
#2 0x00007fc5f4045e24 in g_main_context_iterate (context=0xe18200, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3776
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fc5880010e0
#3 0x00007fc5f40461b2 in g_main_loop_run (loop=0xe3f000) at gmain.c:3975
__FUNCTION__ = "g_main_loop_run"
#4 0x00007fc5f6aeac62 in WTF::wtfThreadEntryPoint(void*) (param=0x7fc5f9e931c0) at /usr/src/debug/webkitgtk-2.6.5/Source/WTF/wtf/ThreadingPthreads.cpp:170
invocation = std::unique_ptr<WTF::ThreadFunctionInvocation> containing 0x7fc5f9e931c0
#5 0x00007fc5f37d152a in start_thread (arg=0x7fc5dcda2700)
at pthread_create.c:310
__res = <optimized out>
pd = 0x7fc5dcda2700
now = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {140487790569216, 2281706308276209437, 140733968523520, 0, 140487790569216, 140487790569920, -2296406483512703203, -2296315507767752931}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#6 0x00007fc5f6f1179d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 3 (Thread 0x7fc5dfcd7700 (LWP 13329)):
#0 0x00007fc5f6f061fd in poll () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007fc5f4045e24 in g_main_context_iterate (priority=2147483647, n_fds=2, fds=0x7fc5d80010e0, timeout=-1, context=0xd9fa60) at gmain.c:4076
poll_func = 0x7fc5f4055240 <g_poll>
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fc5d80010e0
#2 0x00007fc5f4045e24 in g_main_context_iterate (context=0xd9fa60, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3776
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fc5d80010e0
#3 0x00007fc5f40461b2 in g_main_loop_run (loop=0xd9fba0) at gmain.c:3975
__FUNCTION__ = "g_main_loop_run"
#4 0x00007fc5f4660d96 in gdbus_shared_thread_func (user_data=0xd9fa30)
at gdbusprivate.c:273
data = 0xd9fa30
#5 0x00007fc5f406c7b5 in g_thread_proxy (data=0xd500a0) at gthread.c:764
thread = 0xd500a0
#6 0x00007fc5f37d152a in start_thread (arg=0x7fc5dfcd7700)
at pthread_create.c:310
__res = <optimized out>
pd = 0x7fc5dfcd7700
now = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {140487840069376, 2281706308276209437, 140733968521216, 0, 140487840069376, 140487840070080, -2296413225000745187, -2296315507767752931}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#7 0x00007fc5f6f1179d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 2 (Thread 0x7fc5dd5a3700 (LWP 13331)):
#0 0x00007fc5f6f061fd in poll () at ../sysdeps/unix/syscall-template.S:81
#1 0x00007fc5f4045e24 in g_main_context_iterate (priority=2147483647, n_fds=2, fds=0x7fc5900010e0, timeout=-1, context=0xdd3ed0) at gmain.c:4076
poll_func = 0x7fc5f4055240 <g_poll>
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fc5900010e0
#2 0x00007fc5f4045e24 in g_main_context_iterate (context=0xdd3ed0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3776
max_priority = 2147483647
timeout = -1
some_ready = <optimized out>
nfds = 2
allocated_nfds = 2
fds = 0x7fc5900010e0
#3 0x00007fc5f40461b2 in g_main_loop_run (loop=0xdd3eb0) at gmain.c:3975
__FUNCTION__ = "g_main_loop_run"
#4 0x00007fc5f6aeac62 in WTF::wtfThreadEntryPoint(void*) (param=0x7fc5f9e931e0) at /usr/src/debug/webkitgtk-2.6.5/Source/WTF/wtf/ThreadingPthreads.cpp:170
invocation = std::unique_ptr<WTF::ThreadFunctionInvocation> containing 0x7fc5f9e931e0
#5 0x00007fc5f37d152a in start_thread (arg=0x7fc5dd5a3700)
at pthread_create.c:310
__res = <optimized out>
pd = 0x7fc5dd5a3700
now = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {140487798961920, 2281706308276209437, 140733968524544, 0, 140487798961920, 140487798962624, -2296407583561201891, -2296315507767752931}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
pagesize_m1 = <optimized out>
sp = <optimized out>
freesize = <optimized out>
#6 0x00007fc5f6f1179d in clone ()
at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109
Thread 1 (Thread 0x7fc5f9f06a00 (LWP 13327)):
#0 0x00007fc5f4b73560 in cairo_surface_set_device_scale ()
at /lib64/libcairo.so.2
#1 0x00007fc5dc15f25d in copy_job_to_job_info (device_scale=<optimized out>, surface=<optimized out>) at ev-pixbuf-cache.c:273
__FUNCTION__ = "copy_job_to_job_info"
#2 0x00007fc5dc15f25d in copy_job_to_job_info (job_render=job_render@entry=0x10238f0 [EvJobRender], job_info=job_info@entry=0xfe6980, pixbuf_cache=pixbuf_cache@entry=0xfe5eb0 [EvPixbufCache]) at ev-pixbuf-cache.c:288
__FUNCTION__ = "copy_job_to_job_info"
#3 0x00007fc5dc15f439 in job_finished_cb (job=<optimized out>, pixbuf_cache=0xfe5eb0 [EvPixbufCache]) at ev-pixbuf-cache.c:340
job_info = 0xfe6980
job_render = 0x10238f0 [EvJobRender]
#4 0x00007fc5f4344f64 in _g_closure_invoke_va (closure=closure@entry=0xfc4580, return_value=return_value@entry=0x0, instance=instance@entry=0x10238f0, args=args@entry=0x7fff2e33a580, n_params=<optimized out>, param_types=0x0)
at gclosure.c:831
marshal = <optimized out>
marshal_data = <optimized out>
in_marshal = 0
real_closure = 0xfc4560
__FUNCTION__ = "_g_closure_invoke_va"
#5 0x00007fc5f435eb60 in g_signal_emit_valist (instance=0x10238f0, signal_id=<optimized out>, detail=0, var_args=var_args@entry=0x7fff2e33a580)
at gsignal.c:3218
return_accu = 0x0
accu =
{g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
accumulator = 0x0
emission =
{next = 0x0, instance = 0x10238f0, ihint = {signal_id = 311, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 16729728}
signal_id = 311
instance_type = 16729728
emission_return =
{g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}}
rtype = 4
static_scope = 0
fastpath_handler = <optimized out>
closure = 0xfc4580
run_type = <optimized out>
l = <optimized out>
fastpath = <optimized out>
instance_and_params = <optimized out>
signal_return_type = <optimized out>
param_values = <optimized out>
node = <optimized out>
i = <optimized out>
n_params = <optimized out>
__FUNCTION__ = "g_signal_emit_valist"
#6 0x00007fc5f435f3af in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=detail@entry=0) at gsignal.c:3365
var_args =
{{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff2e33a660, reg_save_area = 0x7fff2e33a5a0}}
#7 0x00007fc5dc156673 in emit_finished (job=<optimized out>) at ev-jobs.c:180
job = <optimized out>
#8 0x00007fc5f4045aeb in g_main_context_dispatch (context=0xd5c260)
at gmain.c:3111
dispatch = 0x7fc5f4042630 <g_idle_dispatch>
prev_source = 0x0
was_in_call = 0
user_data = 0x10238f0
callback = 0x7fc5dc156650 <emit_finished>
cb_funcs = 0x7fc5f43338c0 <g_source_callback_funcs>
cb_data = 0x7fc584001f90
need_destroy = <optimized out>
source = 0x7fc584001e90
current = 0xd455b0
i = 0
#9 0x00007fc5f4045aeb in g_main_context_dispatch (context=context@entry=0xd5c260) at gmain.c:3710
#10 0x00007fc5f4045e88 in g_main_context_iterate (context=0xd5c260, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3781
max_priority = 2147483647
timeout = 15
some_ready = 1
nfds = <optimized out>
allocated_nfds = 5
fds = 0x1014660
#11 0x00007fc5f40461b2 in g_main_loop_run (loop=0xde9b00) at gmain.c:3975
__FUNCTION__ = "g_main_loop_run"
#12 0x00007fc5f8016841 in WebKit::ChildProcessMain<WebKit::PluginProcess, WebKit::PluginProcessMain>(int, char**) (argc=<optimized out>, argv=<optimized out>)
at /usr/src/debug/webkitgtk-2.6.5/Source/WebKit2/Shared/unix/ChildProcessMain.h:61
childMain =
{<WebKit::ChildProcessMainBase> = {_vptr.ChildProcessMainBase = 0x7fc5f9b92910 <vtable for WebKit::PluginProcessMain+16>, m_parameters = {uiProcessName = {m_impl = {m_ptr = 0x0}}, clientIdentifier = {m_impl = {m_ptr = 0x0}}, connectionIdentifier = 54, extraInitializationData = {m_impl = {static m_maxLoad = <optimized out>, static m_minLoad = <optimized out>, m_table = 0x7fc5f9e92d80, m_tableSize = 8, m_tableSizeMask = 7, m_keyCount = 1, m_deletedCount = 0}}}}, <No data fields>}
#13 0x00007fc5f6e30fe0 in __libc_start_main (main=
0x400740 <main(int, char**)>, argc=3, argv=0x7fff2e33a918, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff2e33a908)
at libc-start.c:289
result = <optimized out>
unwind_buf =
{cancel_jmp_buf = {{jmp_buf = {0, 2281705758782539549, 4196170, 140733968525584, 0, 0, -2282089524239382755, -2296323392482949347}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x400850 <__libc_csu_init>, 0x7fff2e33a918}, data = {prev = 0x0, cleanup = 0x0, canceltype = 4196432}}}
not_first_call = <optimized out>
#14 0x0000000000400773 in _start ()
The backtrace in the crashing thread looks really similar to bug 745168:
Version: 3.13.x
Edited by Germán Poo-Caamaño