Ubuntu
w3m package

w3m crashed with SIGSEGV

Bug #131993 reported by fragro on 2007-08-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	w3m	Unknown	Unknown	sf #1972005
	w3m (Ubuntu)	Fix Released	Medium	Unassigned

Bug Description

Binary package hint: w3m

ProblemType: Crash
Architecture: i386
Date: Sun Aug 12 15:36:00 2007
DistroRelease: Ubuntu 7.10
ExecutablePath: /usr/bin/w3m
NonfreeKernelModules: fglrx
Package: w3m 0.5.1-5.1ubuntu1
PackageArchitecture: i386
ProcCmdline: w3m -o indent_incr=0 -o multicol=false -o no_cache=true -o use_cookie=false -o display_charset=utf8 -o system_charset=utf8 -o follow_locale=false -o use_language_tag=true -o ucs_conv=true -T text/html -dump /home/fragro/Projekte/Build/WebKit/LayoutTests/fast/table/large-rowspan-crash.html
ProcCwd: /home/fragro
ProcEnviron:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
LANG=de_DE.UTF-8
SHELL=/bin/bash
Signal: 11
SourcePackage: w3m
StacktraceTop:
?? ()
?? ()
?? ()
?? ()
?? ()
Title: w3m crashed with SIGSEGV
Uname: Linux fragro-laptop 2.6.22-9-generic #1 SMP Fri Aug 3 00:50:37 GMT 2007 i686 GNU/Linux
UserGroups: adm admin audio cdrom dialout dip floppy lpadmin netdev plugdev powerdev scanner video
SegvAnalysis:
Segfault happened at: 0x807ab09 <geteuid@plt+193389>: mov %eax,(%edx,%ebx,4)
PC (0x0807ab09) ok
source "%eax" ok
destination "(%edx,%ebx,4)" (0x00000000) not located in a known VMA region (needed writable region)!
SegvReason: writing NULL VMA

See original description

Tags:

Related branches

lp:debian/w3m

lp:ubuntu/natty/w3m

Revision history for this message

fragro (frank-grossmann) wrote on 2007-08-12:

Dependencies.txt Edit (415 bytes, text/plain; charset="utf-8")
Disassembly.txt Edit (932 bytes, text/plain; charset="utf-8")
ProcMaps.txt Edit (3.8 KiB, text/plain; charset="utf-8")
ProcStatus.txt Edit (660 bytes, text/plain; charset="utf-8")
Registers.txt Edit (480 bytes, text/plain; charset="utf-8")
Stacktrace.txt Edit (321 bytes, text/plain; charset="utf-8")
ThreadStacktrace.txt Edit (348 bytes, text/plain; charset="utf-8")

Revision history for this message

Apport retracing service (apport) wrote on 2007-08-13: Symbolic stack trace

Stacktrace.txt (retraced) Edit (5.9 KiB, text/plain)

StacktraceTop:check_row (t=0x8186800, row=674227123) at table.c:350
feed_table (tbl=0x8186800, line=0x81fdc58 "<td rowspan=674227123>", mode=0x8167940, width=79, internal=0) at table.c:2626
HTMLlineproc0 (line=0x818a32d "</td></table>\n", h_env=0xbf99d7f0, internal=0) at file.c:5997
loadHTMLstream (f=0xbf99d9b0, newBuf=0x8207ee0, src=0x0, internal=0) at file.c:6786
loadHTMLBuffer (f=0xbf99d9b0, newBuf=0x8207ee0) at file.c:6353

Revision history for this message

Apport retracing service (apport) wrote on 2007-08-13: Symbolic threaded stack trace

ThreadStacktrace.txt (retraced) Edit (5.9 KiB, text/plain)

Revision history for this message

Apport retracing service (apport) wrote on 2007-08-13: Stack trace with source code

StacktraceSource.txt Edit (3.7 KiB, text/plain)

Changed in w3m:
importance:	Undecided → Medium

Revision history for this message

Kow (kow) wrote on 2008-01-16:

Same here.

Revision history for this message

Nicolas Valcarcel (nvalcarcel) wrote on 2008-03-07:

Same here, and i'm not even running w3m, but apport shows it for some reason

Revision history for this message

knarf (launchpad-ubuntu-f) wrote on 2008-03-13:

w3m is launched by trackerd during indexing which makes these reports show up. I don't know yet what causes w3m to crash though...

Revision history for this message

Steven Harms (sharms) wrote on 2008-05-25:

This can be confirmed using the attached crash.html file

Changed in w3m:
status:	New → Confirmed

Revision history for this message

Steven Harms (sharms) wrote on 2008-05-25:

crash.html Edit (97 bytes, text/html)

This file will generate this stack trace

Revision history for this message

Steven Harms (sharms) wrote on 2008-05-25:

#10

When running the program with crash file, libgc cannot allocate more memory:

Increasing heap size by 65536 after 0 allocated bytes
Initiating full world-stop collection 1 after 0 allocd bytes
--> Marking for collection 1 after 0 allocd bytes + 0 wasted bytes
Collection 0 finished ---> heapsize = 65536 bytes
World-stopped marking took 0 msecs
Complete collection took 0 msecs
Increasing heap size by 65536 after 18848 allocated bytes
Increasing heap size by 65536 after 68688 allocated bytes
Increasing heap size by 69632 after 162984 allocated bytes
Increasing heap size by 90112 after 388412 allocated bytes
Increasing heap size by 122880 after 586592 allocated bytes
Failed to expand heap by -1597927424 bytes
Failed to expand heap by -1598058496 bytes
GC Warning: Out of Memory! Returning NIL!

Revision history for this message

Steven Harms (sharms) wrote on 2008-05-25:

#11

w3m_0.5.1-5.1ubuntu2.debdiff Edit (1.4 KiB, text/plain)

This will stop w3m from crashing. Reporting bug upstream.

Revision history for this message

Steven Harms (sharms) wrote on 2008-05-25:

#12

w3m_0.5.1-5.1ubuntu2.debdiff Edit (1.4 KiB, text/plain)

Attaching as a patch

Changed in w3m:
assignee:	nobody → ubuntu-main-sponsors

Revision history for this message

Steven Harms (sharms) wrote on 2008-05-25:

#13

If anyone wants to test, I have published this in my ppa: http://ppa.launchpad.net/sharms/ubuntu

Revision history for this message

Jeffrey Baker (jwbaker) wrote on 2008-09-20:

#14

Is the upstream getting any traction on this? w3m crashes quite frequently as a subprocess of trackerd, even in the latest Intrepid.

Revision history for this message

Joel Goguen (jgoguen) wrote on 2008-12-10:

#15

bug141818.html Edit (311 bytes, text/html)

Upstream doesn't seem to have done anything with this bug. I've got another file that causes this, but no idea how to attach it to the upstream report.

Kees Cook (kees) on 2009-09-16

description:

updated

Revision history for this message

Colin Watson (cjwatson) wrote on 2010-03-23:

#16

Subscribed ubuntu-sponsors, unassigned ubuntu-main-sponsors (best not to use assignment for this).

Changed in w3m (Ubuntu):
assignee:	Ubuntu Sponsors for main (ubuntu-main-sponsors) → nobody

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-10-17:

#17

This bug was fixed in the package w3m - 0.5.2-10

---------------
w3m (0.5.2-10) unstable; urgency=low

  * debian/patches/010_upstream.patch: Sync with the upstream development
    snapshot on 2010-10-11.
    - Better non-ascii handling. (closes: #138891, #313365)
    - Introduce mailto_options. (closes: #473780)
    - All elements have the id attribute. (closes: #573789)
    - Define ATTR_ROWSPAN_MAX to check rowspan. (LP: #131993, LP: #619500)
    - Update the man page. (closes: #595534)
    - Add a FILES section to the man page. (closes: #403634)
    - Mention the -I option in the man page. (closes: #398260, #530515)
  * debian/patches/020_button.patch: Patch from upstream to support the
    button element. It is discussed upstream and incomplete, but enough to
    login Launchpad. (LP: #628755, closes: #136810)
  * debian/patches/040_maximum-cols.patch: Removed. (merged upstream)
  * debian/control, debian/rules: Use autotools-dev (>= 20100122) to update
    config.guess and config.sub.
  * debian/patches/020_config-guess.patch: Removed.
-- Ubuntu Archive Auto-Sync <email address hidden> Sun, 17 Oct 2010 01:21:14 +0000