Fifth crashes when JS is turned on for any webpage

[searemind]

I'm sorry if i do something wrong as this is my first time reporting a bug on any software ever..

~/fifth-0.5/src $ gdb ./fifth GNU gdb (GDB) 10.1 Copyright (C) 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "arm-linux-androideabi". Type "show configuration" for configuration details. For bug reporting instructions, please see: https://www.gnu.org/software/gdb/bugs/. Find the GDB manual and other documentation resources online at: http://www.gnu.org/software/gdb/documentation/. For help, type "help". Type "apropos word" to search for commands related to "word"... Reading symbols from ./fifth... (gdb) run Starting program: /data/data/com.termux/files/home/fifth-0.5/src/fifth [New LWP 3579] [New LWP 3580] libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: known incorrect sRGB profile libpng warning: iCCP: profile 'Photoshop ICC profile': 'RGB ': RGB color space not permitted on grayscale PNG XOpenIM() failed Fontconfig warning: "/data/data/com.termux/files/usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", line 6: unknown element "reset-dirs" [New LWP 3581] [New LWP 3582] [LWP 3581 exited] [New LWP 3602] [New LWP 3603] [LWP 3603 exited] [New LWP 3608] [LWP 3608 exited] Thread 1 "fifth" received signal SIGSEGV, Segmentation fault.
0xad444434 in WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) () (gdb) bt #0 0xad444434 in WebCore::JSDOMWindowBase::finishCreation(JSC::VM&, WebCore::JSDOMWindowShell*) () #1 0xad8382f4 in WebCore::JSDOMWindow::create(JSC::VM&, JSC::Structure*, WTF::RefWebCore::DOMWindow&&, WebCore::JSDOMWindowShell*) () #2 0xad83816a in WebCore::JSDOMWindowShell::setWindow(WTF::PassRefPtrWebCore::DOMWindow) () #3 0xad8380ac in WebCore::JSDOMWindowShell::finishCreation(JSC::VM&, WTF::PassRefPtrWebCore::DOMWindow) () #4 0xad4c0724 in WebCore::JSDOMWindowShell::create(JSC::VM&, WTF::PassRefPtrWebCore::DOMWindow, JSC::Structure*, WebCore::DOMWrapperWorld&) () #5 0xad4c060a in WebCore::ScriptController::createWindowShell(WebCore::DOMWrapperWorld&) () #6 0xad4c0db6 in WebCore::ScriptController::initScript(WebCore::DOMWrapperWorld&) () #7 0xad44480c in WebCore::ScriptController::windowShell(WebCore::DOMWrapperWorld&) () #8 0xad4c08f6 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) () #9 0xad4c0ad2 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () #10 0xad67227a in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () #11 0xad671a9a in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) () #12 0xad9b8522 in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) () #13 0xad9b8498 in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtrWebCore::Element, WTF::TextPosition const&) () #14 0xad6053ba in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() () #15 0xad605434 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) () #16 0xad6051d2 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () --Type for more, q to quit, c to continue without paging-- #17 0xad6058de in WebCore::HTMLDocumentParser::append(WTF::PassRefPtrWTF::StringImpl) () #18 0xad60663a in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned int) () #19 0xacd08760 in WebCore::DocumentLoader::commitData(char const*, unsigned int) () #20 0xacd0923a in WebCore::DocumentLoader::commitLoad(char const*, int) () #21 0xad5e2b46 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) () #22 0xad5e2ab6 in WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) () #23 0xad5efa60 in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::PassRefPtrWebCore::SharedBuffer, long long, WebCore::DataPayloadType) ()
#24 0xad5ef998 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) () #25 0xad5e4138 in WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, unsigned int, int) () #26 0xaccf9726 in WebCore::writeCallback(void*, unsigned int, unsigned int, void*) () #27 0xadd8cd0e in Curl_client_write () #28 0xadd8849a in inflate_stream () #29 0xadd88bbe in Curl_httpchunk_read () #30 0xadd90ad2 in Curl_readwrite () #31 0xadd82ff0 in multi_runsingle () #32 0xadd8251e in curl_multi_perform () #33 0xaccf8058 in WebCore::ResourceHandleManager::downloadTimerCallback() () #34 0xaccede06 in WebCore::ThreadTimers::sharedTimerFiredInternal() () #35 0xacceee86 in WebCore::callback(void*) () #36 0xada83334 in Fl::wait(double) () #37 0xacc85f92 in main () (gdb) kill Kill the program being debugged? (y or n) y [Inferior 1 (process 3576) killed]

also, clicking on the "History" and "Advanced Config" menu options result in an instant crash.

For this build, I built webkitfltk-0.5.1 for android using "-DNDEBUG" and "-D__ANDROID_API__=21" (for android 5 compatibility)

[clbr]

For command outputs, please put them inside code blocks for readability (use three backticks before and after the text).

Thank you for the report. Fifth has never supported Android, and is not expected to work. Something is badly wrong with both JS and FLTK - just popping up a window causing a crash is quite serious.

I won't close the bug directly, but you're completely on your own for running it on Android.

[searemind]

For command outputs, please put them inside code blocks for readability (use three backticks before and after the text).

Thank you for the report. Fifth has never supported Android, and is not expected to work. Something is badly wrong with both JS and FLTK - just popping up a window causing a crash is quite serious.

I won't close the bug directly, but you're completely on your own for running it on Android.

Hi! thanks for replying so fast.. I'm running fifth on an X11 environment on android.. so it's more or less a normal linux environment.. (i've also tried running it in a chroot jail and it still crashes there so there isn't any problem with paths).

I just wanted to know whether this crash is related to webkit directly (so i would know where exactly i need support)? (also i built webkit on my phone itself and it took me about 2.5 hours.. so if it is indeed a webkitfltk problem, then i'll leave it at that and just use fifth with js turned off)

Just a few minutes ago, i modified about.cpp and about:history and about:config work for my build.

also, thanks for this project.. this is the best browser i have been able to build for my android x11 environment.. and i've been able to make it very portable too :)

(sorry for the jumbled output.. i can't copy from the terminal with android's clipboard and retain the formatting for some reason, it ends up being two long lines)

[searemind]

also, i had to comment out the lockfile mechanism (because the required functions are not present in android's bionic libc). will that cause any problems?

otherwise, there were just a few minor changes i had to make here and there for the whole thing to work. I think those are trivial.

[clbr]

Even an X11 Android env differs quite a bit from desktop Linux, in Bionic libc, system paths, and a few other things. BTW are you using touch to operate it? I would have thought the buttons too small etc for using with a finger, everything was designed for a mouse. The JS crash is webkit-side, but you won't be able to get support from the webkit folks, as WebkitFLTK is not an officially supported port. Most probably it tried to use some Android-specific path instead of the Linux path that's been tested. You may want to use the git versions of both, since the 0.5.x releases are a bit old (well, the git versions are also old, but have a few changes more). Disabling the lockfile, then you won't have protection from accidentally launching twice, which will lead to corruption in the history/etc files.

[searemind]

i'm new to debugging things.. is there any way that gdb can specify the line number or the exact context in which the segfault got initiated.. i mean, it does show the function call but not the exact location, if that makes any sense..

I built TigerVNC's Xvnc server.. so it's just a vnc session with a mouse and all..
there is a weird bug/design decision because of which, when i try to decrease the size of the window, it stops at something like 700xsomething , and the window manager, jwm, shows that the size of the window is 0x1.. i have never seen this with anything before..

i'll have to take the risk with the lockfile because mkfifoat isn't available in android's api 21 :/

moreover, i'll try to investigate a bit further, but building webkit over and over is a pain (i built it on my phone because my pc isn't powerful enough..)

(also, are there any important upgrades in the git version.. because i'm trying to stray away from building everything again.. or if i could patch existing source files so that i wouldn't have to build everything again)

i finished making my changes and as of now fifth works really well except for the js part..

[clbr]

Gdb can show line numbers only if you built with -g. For webkit, that will take a few gbs more space. There's indeed a minimum window size set, and it's supposed to act like that. It's a standard X feature, but maybe not often used in apps. I don't remember what all changes are in git vs 0.5, you'll have to check the git histories.

[searemind]

i checked the changes made in the git version.. most of them were todo-s, some curl errors, fltk image preview in dialog boxes and most importantly openssl-1.1 compatibility i think..

i know openssl-1.0.2 is eol.. i'll try to build with 1.1 again.. the other changes are related to things which will work only if js works..

so yeah.. i think my main incentive would be openssl-1.1 compatibility (which i can probably just patch in and rebuild)

i also checked webkitfltk's git logs and i unknowingly made some of the patches too.. to mitigate build errors..

if you want, you can update the spoofed useragent to the latest firefox esr release.. i just did that :)

thanks a lot for the help btw

[gpfn]

Could you please share some more information on what your environment is? It'd be useful to recreate your crashes.

[searemind]

Could you please share some more information on what your environment is? It'd be useful to recreate your crashes.

You can use my app (http://chiselapp.com/user/searemind/repository/xhaskell/home) on an Android ARM device to exactly replicate the environment.. it is just a terminal emulator for android running on toybox's coreutils implementation (https://jackpal.github.io/Android-Terminal-Emulator/) which i modified to include an X server (tigervnnc's VNC server) and then i access that display through a vnc viewer..

you can also recreate the environment by building Fifth using packages from an app called Termux (i built fifth for the first time using this.. and had to build a lot of libraries manually).. it might take a while though.. either way.. both of them are terminal emulators for non-rooted android devices..

i am not very well versed in debugging practices and i only checked the backtraces and function calls before the segfault.. which did not prove to be very informative since WebKit is HUGE..