Crash on dropbox.com

[mgoral]

Hi,
Luakit crashes when trying to 'follow' (pressing 'f') on dropbox.com. This happens on fresh install (no
$HOME/.config/luakit/ or $HOME/.local/share/luakit) and to me it is reproducible every time.

I created a crash log from luakit --verbose dropbox.com > luakit_log 2>&1 and also run luakit with gdb. Outputs of both (log and backtrace) are in the following gist:

https://gist.github.com/3989340

Luakit version: tried several ones: 2012.09.13-r1 and develop branch, with the same result
libwebkitgtk: 1.8.1-2
libgtk: 3.4.2-2 and 2.24.10-2, not sure which one uses Luakit (gtk2?)

Have a great day, guys,
Michael

[Plaque-fcc]

Now connected, gonna reproduce it.

[Plaque-fcc]

Well, on the latest luakit develop git with webkitgtk 1.4.3 I ran into «f[ollow]» followed by «Stack overflow in bind call». Yet no idea; maybe, there is lousy lib subject to update, what do you think?

[Plaque-fcc]

Can't reproduce. You follow on a logged in page or not logged in? Btw, the first command is «f[ollow]» and it crashes down?

[ymln]

Can reproduce with luakit 2012.09.13-r1-12-g7ab2b24 and libwebkitgtk 1.10.1.
Strangely, it only crashes when using lua as interpreter, with luajit it doesn't crash, but follow mode still works wrong.

[ymln]

Looks like Prototype JS is causing the crash. Try creating a file with content:

<html>
    <head>
        <script src="http://ajax.googleapis.com/ajax/libs/prototype/1.7.1.0/prototype.js"></script>
    </head>
    <body>
    </body>
</html>

and opening it in luakit.

[ymln]

I reduced test case to this piece of code:

<html>
    <head>
        <script type="text/javascript">
            function foo() {}
            Function.prototype.bar = foo;
        </script>
    </head>
    <body>
    </body>
</html>

I still have no idea why luakit crashes though.

[ymln]

My guess is that after executing the script above every function now will have a property bar, which is a function, which has property bar, which is a function, which has property bar,... So, we have self reference here. Now, in lib/follow.lua there is

local _, err = view:eval_js(follow_js, d)

As follow_js returns an object which consists of functions, luakit fails to convert this object to Lua representation and crashes with stack overflow.
The best way to fix this would be to modify luakit code so that it supports converting self-referencing Javascript objects to Lua representation, but as it seems like a lot of work, I'll leave that to Mason :)

[ymln]

The temporary workaround in #152 should fix this issue.
P.S. Sorry for flooding

[mgoral]

Hi,
First of all, I didn't expect that kind of response. Thanks, guys!

I merged ymln's fix into a local fork, compiled it and it worked like a charm (and by the way I discovered that on dropbox.com luakit eats almost 90% of CPU. Pretty insane, but it's not caused by the fix; I checked luakit 2012.03 and the CPU usage was same high). One thing I am worried about is that it is, as ymln already said, a temporary workaround. From my experience it turns out that this kind "temporary fix's" much too often become permanent ones but it's probably a topic for another discussion.

Back to the topic, ymln analysis about stack overflow seems to be correct. One thing I didn't tell you (sorry for that) is that my backtrace had 500+ frames (I stopped scrolling at that point), all of them looked like frames 6-14.

I'll also answer some previous questions as they might become useful for the others to reproduce the crash. When I opened dropbox.com I wasn't logged in. It was their main page with a big 'play button' in the middle. Follow action was the only thing I did, nothing else. There is no crash on dropbox.com on the latest stable luakit (2012.03).

[Plaque-fcc]

Cool. Expecting @mason-larobina to merge that.