There is occurrence of segmentation fault in processing javascript scripts via gjs.
| Name | Description |
|---|---|
| OS | Windows 7 Enterprise Edition |
| cygwin64 | cygwin_nt-6.1 |
| gjs version | 1.44.0-1 |
| gjs examples | git clone https://github.com/optimisme/gjs-examples.git |
| File | Location of segmentation fault |
|---|---|
| egJSON.js | Line 106: file(Gio.File).load_contents_async method |
| egList.js | Line 103: (Gtk.TreeViewColumn)col.set_cell_data_func method |
| egSearch.js | Line 146: (Gtk.FlowBox)flow.set_filter_func method |
| egSpawn.js | Line 95: (Spawn.SpawnReader)reader.spawn method |
Methods that produce segfault have common feature: they set callback functions.
egList.js
$ gdb --args gjs egList.js
(gdb) r
Starting program: /usr/bin/gjs egList.js
[New Thread 4172.0x1640]
[New Thread 4172.0x1784]
[New Thread 4172.0xb90]
[New Thread 4172.0x15b4]
[New Thread 4172.0x14dc]
[New Thread 4172.0x16c0]
[New Thread 4172.0x1358]
[New Thread 4172.0xe4c]
[New Thread 4172.0xf60]
[New Thread 4172.0x1510]
[New Thread 4172.0x12e8]
[New Thread 4172.0x968]
[New Thread 4172.0xe64]
[New Thread 4172.0x1614]
Program received signal SIGSEGV, Segmentation fault.
gjs_invoke_c_function (context=0x6ff00000008, context@entry=0x6000b5150, function=function@entry=0x6002a1cc0,
obj=obj@entry=0x6ffffc71ac0, js_argc=1, js_argc@entry=2, js_argv=js_argv@entry=0x600139cc0, js_rval=js_rval@entry=0xffff9f60,
r_value=r_value@entry=0x0) at /usr/src/debug/gjs-1.44.0-1/gi/function.cpp:1117
1117 gjs_callback_trampoline_unref(trampoline);
(gdb) bt
#0 gjs_invoke_c_function (context=0x6ff00000008, context@entry=0x6000b5150, function=function@entry=0x6002a1cc0,
obj=obj@entry=0x6ffffc71ac0, js_argc=1, js_argc@entry=2, js_argv=js_argv@entry=0x600139cc0, js_rval=js_rval@entry=0xffff9f60,
r_value=r_value@entry=0x0) at /usr/src/debug/gjs-1.44.0-1/gi/function.cpp:1117
#1 0x0000000577de72c8 in function_call (context=0x6000b5150, js_argc=2, vp=0x600139cb0)
at /usr/src/debug/gjs-1.44.0-1/gi/function.cpp:1322
#2 0x00000003eb882c2a in cygmozjs-24!_ZN2js6InvokeEP9JSContextN2JS8CallArgsENS_14MaybeConstructE () from /usr/bin/cygmozjs-24.dll
#3 0x00000003eb678565 in cygmozjs-24!_Z9js_strtodP9JSContextPKwS2_PS2_Pd () from /usr/bin/cygmozjs-24.dll
#4 0x00000003eb8fa568 in cygmozjs-24!_ZN2js9RunScriptEP9JSContextRNS_8RunStateE () from /usr/bin/cygmozjs-24.dll
#5 0x00000003eb882d84 in cygmozjs-24!_ZN2js6InvokeEP9JSContextN2JS8CallArgsENS_14MaybeConstructE () from /usr/bin/cygmozjs-24.dll
#6 0x00000003eb730935 in cygmozjs-24!_ZN2js28CallOrConstructBoundFunctionEP9JSContextjPN2JS5ValueE ()
from /usr/bin/cygmozjs-24.dll
#7 0x00000003eb882c6f in cygmozjs-24!_ZN2js6InvokeEP9JSContextN2JS8CallArgsENS_14MaybeConstructE () from /usr/bin/cygmozjs-24.dll
#8 0x00000003eb882f3a in cygmozjs-24!_ZN2js6InvokeEP9JSContextRKN2JS5ValueES5_jPS3_S6_ () from /usr/bin/cygmozjs-24.dll
#9 0x00000003eb5f1bcd in cygmozjs-24!_Z20JS_CallFunctionValueP9JSContextP8JSObjectN2JS5ValueEjPS4_S5_ ()
from /usr/bin/cygmozjs-24.dll
#10 0x0000000577dd9dfa in gjs_call_function_value (context=0x6000b5150, obj=0x0, fval=..., argc=1, argv=0xffffb330,
rval=0xffffb360) at /usr/src/debug/gjs-1.44.0-1/gjs/jsapi-util.cpp:724
#11 0x0000000577de3f1c in gjs_closure_invoke (closure=0x6001dd6a0, argc=1, argv=0xffffb330, retval=0xffffb360)
at /usr/src/debug/gjs-1.44.0-1/gi/closure.cpp:282
#12 0x0000000577df1b93 in closure_marshal (closure=0x600087600, return_value=0xffffb5a0, n_param_values=1,
param_values=<optimized out>, invocation_hint=0xffffb5a0, marshal_data=0x57) at /usr/src/debug/gjs-1.44.0-1/gi/value.cpp:160
#13 0x00000003f17c5a0c in g_closure_invoke () from /usr/bin/cyggobject-2.0-0.dll
#14 0x00000003f17d6912 in g_signal_handler_disconnect () from /usr/bin/cyggobject-2.0-0.dll
#15 0x00000003f17de9c8 in g_signal_emit_valist () from /usr/bin/cyggobject-2.0-0.dll
#16 0x00000003f17dec38 in g_signal_emit () from /usr/bin/cyggobject-2.0-0.dll
#17 0x00000003f2222a11 in g_application_register () from /usr/bin/cyggio-2.0-0.dll
#18 0x00000003f2223112 in g_application_open () from /usr/bin/cyggio-2.0-0.dll
#19 0x00000003f2223449 in g_application_run () from /usr/bin/cyggio-2.0-0.dll
#20 0x00000003f45a4791 in ffi_call_win64 () from /usr/bin/cygffi-6.dll
#21 0x00000003f45a446c in ffi_closure_free () from /usr/bin/cygffi-6.dll
#22 0x00000003f45a45e2 in ffi_call () from /usr/bin/cygffi-6.dll
#23 0x0000000577de6039 in gjs_invoke_c_function (context=0x0, context@entry=0x6000b5150, function=function@entry=0x600056b60,
obj=obj@entry=0x6ffffc71460, js_argc=4051503217, js_argc@entry=1, js_argv=js_argv@entry=0x6001399f8,
js_rval=js_rval@entry=0xffffbee0, r_value=r_value@entry=0x0) at /usr/src/debug/gjs-1.44.0-1/gi/function.cpp:999
#24 0x0000000577de72c8 in function_call (context=0x6000b5150, js_argc=1, vp=0x6001399e8)
at /usr/src/debug/gjs-1.44.0-1/gi/function.cpp:1322
#25 0x00000003eb882c2a in cygmozjs-24!_ZN2js6InvokeEP9JSContextN2JS8CallArgsENS_14MaybeConstructE () from /usr/bin/cygmozjs-24.dll
#26 0x00000003eb678565 in cygmozjs-24!_Z9js_strtodP9JSContextPKwS2_PS2_Pd () from /usr/bin/cygmozjs-24.dll
#27 0x00000003eb8fa568 in cygmozjs-24!_ZN2js9RunScriptEP9JSContextRNS_8RunStateE () from /usr/bin/cygmozjs-24.dll
#28 0x00000003eb6f7f23 in cygmozjs-24!_ZN2js13ExecuteKernelEP9JSContextN2JS6HandleIP8JSScriptEER8JSObjectRKNS2_5ValueENS_11ExecuteTypeENS_16AbstractFramePtrEPS9_ () from /usr/bin/cygmozjs-24.dll
#29 0x00000003eb8a216e in cygmozjs-24!_ZN2js7ExecuteEP9JSContextN2JS6HandleIP8JSScriptEER8JSObjectPNS2_5ValueE ()
from /usr/bin/cygmozjs-24.dll
#30 0x00000003eb6ce6a2 in cygmozjs-24!_ZN2JS8EvaluateEP9JSContextNS_6HandleIP8JSObjectEENS_14CompileOptionsEPKwmPNS_5ValueE ()
from /usr/bin/cygmozjs-24.dll
#31 0x00000003eb6ce5d2 in cygmozjs-24!_ZN2JS8EvaluateEP9JSContextNS_6HandleIP8JSObjectEENS_14CompileOptionsEPKcmPNS_5ValueE ()
from /usr/bin/cygmozjs-24.dll
#32 0x0000000577dda05d in gjs_eval_with_scope (context=0x6000b5150, object=0x6ffffc36160,
script=0x600078c0f "\n/*\nGJS example showing how to build Gtk javascript applications\nusing Gtk TreeView and ListStore\n\nRun it with:\n gjs egList.js\n*/\n\nconst Gio = imports.gi.Gio;\nconst GLib = imports.gi.GLib;\nconst"..., script_len=3777,
filename=0xffffcc60 "egList.js", retval_p=0xffffcb00) at /usr/src/debug/gjs-1.44.0-1/gjs/jsapi-util.cpp:1325
#33 0x0000000577dd35d8 in gjs_context_eval (js_context=0x60008b000,
script=0x600078c00 "#!/usr/bin/gjs\n\n/*\nGJS example showing how to build Gtk javascript applications\nusing Gtk TreeView and ListStore\n\nRun it with:\n gjs egList.js\n*/\n\nconst Gio = imports.gi.Gio;\nconst GLib = imports"..., script_len=3792,
filename=0xffffcc60 "egList.js", exit_status_p=0xffffcb94, error=0xffffcb98) at /usr/src/debug/gjs-1.44.0-1/gjs/context.cpp:645
#34 0x0000000100401b07 in main (argc=1, argv=0xffffcc28) at /usr/src/debug/gjs-1.44.0-1/gjs/console.cpp:147
(gdb) print trampoline
$1 = (GjsCallbackTrampoline *) 0x0
(gdb) print function->invoker.native_address
$2 = (gpointer) 0x3eff083a0 <gtk_tree_view_column_set_cell_data_func>
(gdb) list
1112 if (closure) {
1113 GjsCallbackTrampoline *trampoline = (GjsCallbackTrampoline *) closure->user_data;
1114 /* CallbackTrampolines are refcounted because for notified/async closures
1115 it is possible to destroy it while in call, and therefore we cannot check
1116 its scope at this point */
1117 gjs_callback_trampoline_unref(trampoline);
1118 arg->v_pointer = NULL;
1119 }
1120 } else if (param_type == PARAM_ARRAY) {
1121 gsize length;
GDB output of egJSON.js, egSearch.js and egSpawn.js scripts are the same as above excluding backtrace.
If you build gjs package yourself segfault change behavior. In that case the segmentation fault arise in:
| File | Location of segmentation fault |
|---|---|
| egJSON.js | after file(Gio.File).load_contents_async method |
| egList.js | this.(Gtk.ApplicationWindow)windows.show_all method |
| egSearch.js | this.(Gkt.FlowBox)flow.insert method |
| egSpawn.js | after this.(Gtk.ApplicationWindow)windows.show_all method |
@siavolt Have you been able to reproduce these crashes with a more recent GJS that uses a more recent SpiderMonkey? I expect the problem may have been fixed in between SpiderMonkey 24 and 52.