Hi, On Tue, Oct 08, 2024 at 10:55:37PM +0200, a1ex@dismail.de wrote:
Hi,
Rodrigo Arias <rodarima@gmail.com> wrote:
$ fltk-config --version 1.3.3
I suspect the glich may be related to this old FLTK version. Can you reproduce the bug with the last FLTK 1.3.9 release? You may need to install it from source.
Just tried, but getting some linker errors building Dillo with it. Would probably need some patches to make that version work on OpenBSD, maybe thats why they are still stuck on an older version of FLTK.
ld: error: undefined symbol: Fl_Display_Device::display_device()
referenced by fltkviewbase.cc libDw_fltk_a-fltkviewbase.o:(dw::fltk::FltkViewBase::draw(dw::core::Rectangle const*, dw::fltk::FltkViewBase::DrawType)) in archive ../dw/libDw-fltk.a
...
Is it possible you have two FLTK versions and it is picking one for the headers and the other at link time? If so, the easiest way is to remove the old version temporarily. I ran into similar problems when I was testing FLTK 1.4: https://github.com/dillo-browser/dillo/issues/258
I now noticed that this page also makes Dillo segfault when I reload it several times:
I think this is a different bug. Still, I cannot reproduce either.
You can try setting VERBOSE to 1 in src/chain.c and rebuilding Dillo. That will give you some details of the CCC operations. It seems it is trying to abort the client 1 when it was already gone.
Here is the output of a crash with that set:
Nav_open_url: new url='file:/tmp/dillo-doublefree.html' a_Capi_ccc : OpStart [2B] Info=0xebee90cbd00 Flags=0 a_Dpi_ccc : OpStart [2B] Info=0xebed4db4980 Flags=0 a_IO_ccc : OpStart [2B] Info=0xebeef295240 Flags=0 a_Capi_ccc : OpStart [1B] Info=0xebee90ac240 Flags=0 a_Dpi_ccc : OpStart [1B] Info=0xebee90d20c0 Flags=0 a_IO_ccc : OpStart [1B] Info=0xebe57007340 Flags=0 a_IO_ccc : OpSend [1B] Info=0xebe57007340 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xebee90ac240 Flags=0 a_Capi_ccc : OpSend [2B] Info=0xebee90cbd00 Flags=0 a_Dpi_ccc : OpSend [2B] Info=0xebed4db4980 Flags=0 a_IO_ccc : OpSend [2B] Info=0xebeef295240 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xebee90ac240 Flags=0 a_Capi_ccc : OpSend [1B] Info=0xebee90ac240 Flags=0 a_Dpi_ccc : OpSend [1B] Info=0xebee90d20c0 Flags=0 a_IO_ccc : OpSend [1B] Info=0xebe57007340 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_Nav_expect_done: reload! a_Capi_ccc : OpStart [2B] Info=0xebe57007d40 Flags=0 a_Dpi_ccc : OpStart [2B] Info=0xebe57007b00 Flags=0 a_IO_ccc : OpStart [2B] Info=0xebeef2be980 Flags=0 a_Capi_ccc : OpStart [1B] Info=0xebee90ac440 Flags=0 a_Dpi_ccc : OpStart [1B] Info=0xebee90ac1c0 Flags=0 a_IO_ccc : OpStart [1B] Info=0xebee90ace40 Flags=0 a_IO_ccc : OpSend [1B] Info=0xebee90ace40 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xebee90ac440 Flags=0 a_Capi_ccc : OpSend [2B] Info=0xebe57007d40 Flags=0 a_Dpi_ccc : OpSend [2B] Info=0xebe57007b00 Flags=0 a_IO_ccc : OpSend [2B] Info=0xebeef2be980 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xebee90ac440 Flags=0 a_Capi_ccc : OpSend [1B] Info=0xebee90ac440 Flags=0 a_Dpi_ccc : OpSend [1B] Info=0xebee90ac1c0 Flags=0 a_IO_ccc : OpSend [1B] Info=0xebee90ace40 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_Capi_ccc : OpStart [2B] Info=0xebeef295c00 Flags=0 a_Dpi_ccc : OpStart [2B] Info=0xebe57007380 Flags=0 a_IO_ccc : OpStart [2B] Info=0xebe57007e40 Flags=0 a_Capi_ccc : OpStart [1B] Info=0xebe570072c0 Flags=0 a_Dpi_ccc : OpStart [1B] Info=0xebeef295080 Flags=0 a_IO_ccc : OpStart [1B] Info=0xebe57007100 Flags=0 a_IO_ccc : OpSend [1B] Info=0xebe57007100 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xebe570072c0 Flags=0 a_Capi_ccc : OpSend [2B] Info=0xebeef295c00 Flags=0 a_Dpi_ccc : OpSend [2B] Info=0xebe57007380 Flags=0 a_IO_ccc : OpSend [2B] Info=0xebe57007e40 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xebe570072c0 Flags=0 a_Capi_ccc : OpSend [1B] Info=0xebe570072c0 Flags=0 a_Dpi_ccc : OpSend [1B] Info=0xebeef295080 Flags=0 a_IO_ccc : OpSend [1B] Info=0xebe57007100 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 READ Failed with -1: Connection reset by peer
Can you place a breakpoint in GDB here and print the backtrace (bt)? It may be interesting to see how we arrive at this reset error.
a_IO_ccc : OpAbort [2F] Info=0xebeef2be980 Flags=0 a_Dpi_ccc : OpAbort [2F] Info=0xebe57007b00 Flags=0 ** WARNING **: Unused CCC READ Failed with -1: Connection reset by peer a_IO_ccc : OpAbort [2F] Info=0xebe57007e40 Flags=0 a_Dpi_ccc : OpAbort [2F] Info=0xebe57007380 Flags=0 ** WARNING **: Unused CCC a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_IO_ccc : OpSend [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xebee90cbd00 Flags=0 a_IO_ccc : OpEnd [2F] Info=0xebeef295240 Flags=0 a_Dpi_ccc : OpEnd [2F] Info=0xebed4db4980 Flags=0 a_Capi_ccc : OpEnd [2F] Info=0xebee90cbd00 Flags=0 HTTP warning: Content-Length (937694) does NOT match message body (921310) for file:/tmp/dillo-doublefree.html a_Capi_ccc : OpEnd [1B] Info=0xebee90ac240 Flags=0 a_Dpi_ccc : OpEnd [1B] Info=0xebee90d20c0 Flags=0 a_IO_ccc : OpEnd [1B] Info=0xebe57007340 Flags=0 Nav_open_url: new url='file:/tmp/dillo-doublefree.html' a_Capi_ccc : OpAbort [1B] Info=0xebee90ac440 Flags=0 a_Dpi_ccc : OpAbort [1B] Info=0xebee90ac1c0 Flags=0 a_IO_ccc : OpAbort [1B] Info=0xebee90ace40 Flags=0 IO_write, closing with pending data not sent: "vUdPWpfEOj6lBo+kSy2FykcFntmZoyBGTK+AfTqPzrmKKAOrtNB1Z/B92i6bds8t1BJGoibLLsk5HqOR+dMhtdQv/ ... a_Capi_ccc : OpAbort [2B] Info=0xebe57007d40 Flags=0 a_Dpi_ccc : OpAbort [2B] Info=0xebe57007b00 Flags=0 a_IO_ccc : OpAbort [2B] Info=0xebeef2be980 Flags=-282335104 dillo(19444) in free(): bogus pointer (double free?) 0xffffffff00000003 Abort trap (core dumped)
This is too late, here the heap is already fucked (see the flags). Try running with Valgrind's Memcheck tool and see where the first memory error happens: https://valgrind.org/docs/manual/quick-start.html You may need to rebuild Dillo with ../configure CFLAGS='-Og -g' CXXFLAGS='-Og -g' to see the backtrace properly.
---
Also, when trying to view the source of the test page, I get this crash:
Nav_open_url: new url='dpi:/vsource/:file:/tmp/dillo-doublefree.html' a_Capi_ccc : OpStart [2B] Info=0xfabc093a700 Flags=0 a_Dpi_ccc : OpStart [2B] Info=0xfac19738080 Flags=0 a_IO_ccc : OpStart [2B] Info=0xfabc093a740 Flags=0 a_Capi_ccc : OpStart [1B] Info=0xfac1973f380 Flags=0 a_Dpi_ccc : OpStart [1B] Info=0xfac1973ff40 Flags=0 a_IO_ccc : OpStart [1B] Info=0xfabc093a780 Flags=0 a_IO_ccc : OpSend [1B] Info=0xfabc093a780 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xfac1973f380 Flags=0 a_Capi_ccc : OpSend [2B] Info=0xfabc093a700 Flags=0 a_Dpi_ccc : OpSend [2B] Info=0xfac19738080 Flags=0 a_IO_ccc : OpSend [2B] Info=0xfabc093a740 Flags=0 a_Capi_ccc : OpSend [1F] Info=0xfac1973f380 Flags=0 a_Capi_ccc : OpSend [1B] Info=0xfac1973f380 Flags=0 a_Dpi_ccc : OpSend [1B] Info=0xfac1973ff40 Flags=0 a_IO_ccc : OpSend [1B] Info=0xfabc093a780 Flags=0 a_Capi_ccc : OpSend [1B] Info=0xfac1973f380 Flags=0 a_Dpi_ccc : OpSend [1B] Info=0xfac1973ff40 Flags=0 a_IO_ccc : OpSend [1B] Info=0xfabc093a780 Flags=0 a_Capi_ccc : OpSend [1B] Info=0xfac1973f380 Flags=0 a_Dpi_ccc : OpSend [1B] Info=0xfac1973ff40 Flags=0 a_IO_ccc : OpSend [1B] Info=0xfabc093a780 Flags=0 a_IO_ccc : OpSend [2F] Info=0xfabc093a740 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xfac19738080 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xfabc093a700 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xfabc093a700 Flags=0 a_IO_ccc : OpSend [2F] Info=0xfabc093a740 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xfac19738080 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xfabc093a700 Flags=0 a_IO_ccc : OpSend [2F] Info=0xfabc093a740 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xfac19738080 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xfabc093a700 Flags=0 a_IO_ccc : OpSend [2F] Info=0xfabc093a740 Flags=0 a_Dpi_ccc : OpSend [2F] Info=0xfac19738080 Flags=0 a_Capi_ccc : OpSend [2F] Info=0xfabc093a700 Flags=0 XRequest.139: BadLength (poly request too large or internal Xlib length error) 0x2800006 [xcb] Unknown sequence number while processing queue [xcb] You called XInitThreads, this is not your fault [xcb] Aborting, sorry about that. assertion "!xcb_xlib_threads_sequence_lost" failed: file "/usr/xenocara/lib/libX11/src/xcb_io.c", line 281, function "poll_for_event" [dpip]: [Dpip_dsh_write] Broken pipe [dpip]: [Dpip_dsh_write] Broken pipe [dpip]: [Dpip_dsh_write] Broken pipe Abort trap (core dumped)
With a corrupted heap you will see all kind of weird errors. Use Valgrind to get an idea of where things start to go wrong. Best, Rodrigo.