1216970 – elinks crash with javascript enabled on a specific major site

Bug 1216970 - elinks crash with javascript enabled on a specific major site

Summary: elinks crash with javascript enabled on a specific major site

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Network (show other bugs)
Version:	Current
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Antonio Teixeira
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-11-08 18:42 UTC by Ilgaz Öcal
Modified:	2023-12-20 15:06 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
tarball of site via 'wget --user-agent="ELinks/0.16.1.1 (textmode; Linux 6.5.9-1-default x86_64; 110x40-2)" -E -H -k -K -p http://news.bbc.co.uk' (4.04 MB, application/x-xz) 2023-11-08 18:49 UTC, Ilgaz Öcal	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ilgaz Öcal 2023-11-08 18:42:01 UTC

I tried to browse BBC News via

'elinks news.bbc.co.uk'
(redirects to www.bbc.co.uk/news for decades) 

command having javascript enabled. It showed many console errors in webpage and crashed. It crashed the next 3 times while working fine at browserspy.dk , a javascript heavy site or www.bbc.co.uk


here is the "output of bt inside gdb" as instructed by the program after installing debug packages:

#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
    at pthread_kill.c:44
#1  0x00007fae48891e73 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007fae4883f0c6 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007fae488268d7 in __GI_abort () at abort.c:79
#4  0x00005576363838fd in sig_segv (term=<optimized out>) at osdep/signals.c:155
#5  0x000055763637d1e7 in got_signal (sig=<optimized out>) at osdep/signals.c:267
#6  <signal handler called>
#7  xmlpp::Node::import_node (this=this@entry=0x30, node=0x557637512ca0, recursive=recursive@entry=true)
    at ../libxml++/nodes/node.cc:324
#8  0x000055763635d180 in mjs_element_appendChild (J=0x5576372dd1d0) at ecmascript/mujs/element.cpp:1156
#9  0x00005576363fa2ad in jsR_callcfunction (F=<optimized out>, min=<optimized out>, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1249
#10 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1299
#11 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x557637558c80)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#12 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x557637558c80, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#13 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#14 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576376ec580)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#15 0x00005576363f9f9d in jsR_calllwfunction (scope=<optimized out>, F=0x5576376ec580, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1159
#16 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1289
#17 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375dba50)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#18 0x00005576363f9f9d in jsR_calllwfunction (scope=<optimized out>, F=0x5576375dba50, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1159
#19 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1289
#20 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375db590)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#21 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x5576375db590, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#22 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#23 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375dbc70)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#24 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x5576375dbc70, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#25 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
--Type <RET> for more, q to quit, c to continue without paging--c
#26 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375dc8d0)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#27 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x5576375dc8d0, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#28 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#29 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576376ead70)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#30 0x00005576363f9f9d in jsR_calllwfunction (scope=<optimized out>, F=0x5576376ead70, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1159
#31 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1289
#32 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375df5a0)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#33 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x5576375df5a0, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#34 js_call (J=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#35 0x00005576363fa2ad in jsR_callcfunction (F=<optimized out>, min=<optimized out>, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1249
#36 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1299
#37 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x557637615530)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#38 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x557637615530, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#39 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#40 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x557637614210)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#41 0x00005576363f9f9d in jsR_calllwfunction (scope=<optimized out>, F=0x557637614210, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1159
#42 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1289
#43 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375dc8d0)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#44 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x5576375dc8d0, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#45 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#46 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576375dab10)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#47 0x00005576363fa31b in jsR_callfunction (scope=<optimized out>, F=0x5576375dab10, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1202
#48 js_call (J=J@entry=0x5576372dd1d0, n=<optimized out>) at /usr/src/debug/mujs-1.3.3/jsrun.c:1291
#49 0x00005576363f8ef7 in jsR_run (J=J@entry=0x5576372dd1d0, F=F@entry=0x5576376e9bc0)
    at /usr/src/debug/mujs-1.3.3/jsrun.c:1810
#50 0x00005576363f9f9d in jsR_calllwfunction (scope=<optimized out>, F=0x5576376e9bc0, n=<optimized out>, 
    J=0x5576372dd1d0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1159
#51 js_call (J=J@entry=0x5576372dd1d0, n=n@entry=0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1289
#52 0x00005576363fc6b3 in js_pcall (J=0x5576372dd1d0, n=0) at /usr/src/debug/mujs-1.3.3/jsrun.c:1395
#53 0x0000557636351fd6 in mujs_call_function (ret=0x0, fun=0x55763774eb14 "0x55763774e930", 
    interpreter=0x557636db29a0) at ecmascript/mujs.cpp:249
#54 ecmascript_call_function (ret=0x0, fun=0x55763774eb14 "0x55763774e930", interpreter=0x557636db29a0)
    at ecmascript/ecmascript.cpp:476
#55 ecmascript_timeout_handler2 (val=0x557637609f40) at ecmascript/ecmascript.cpp:713
#56 0x00005576363765c9 in check_timers (last_time=last_time@entry=0x7fff8d72f7b0) at main/timer.cpp:110
#57 0x00005576363766cf in select_loop (init=init@entry=0x557636377930 <init()>) at main/select.c:537
#58 0x00005576362dc9ab in main (argc=<optimized out>, argv=<optimized out>) at main/main.c:364
(gdb)

Comment 1 Ilgaz Öcal 2023-11-08 18:49:14 UTC

Created attachment 870684 [details]
tarball of site via  'wget --user-agent="ELinks/0.16.1.1 (textmode; Linux 6.5.9-1-default x86_64; 110x40-2)" -E -H -k -K -p http://news.bbc.co.uk'

Warning: browsing this folder/index.html with ELinks 0.16.1.1 will crash it.

This is a snapshot of news.bbc.co.uk which should redirect to www.bbc.co.uk/news

elinks with javascript enabled crashes as result.

Comment 2 Antonio Teixeira 2023-12-20 15:06:51 UTC

I can't reproduce this. I get some console errors but no crashes.

If you keep having crashes, please try creating an issue in the upstream project:
https://github.com/rkd77/elinks/issues