flipkart.com crashes due to potentially bad serialized CSSRule #6259
Description
Summary
Ladybird currently crashes when trying to load the Flipkart home page (one of the biggest Indian e-commerce sites)
Operating system
Linux
Steps to reproduce
- Go to flipkart.com
Expected behavior
Something should load resembling the Flipkart home page.
Actual behavior
The browser crashes and doesn't paint anything at all.
URL for a reduced test case
HTML/SVG/etc. source for a reduced test case
N/ALog output and (if possible) backtrace
VERIFICATION FAILED: m_ptr at /app/AK/RefPtr.h:280
/app/Build/release/lib/liblagom-ak.so.0(dump_backtrace+0x46) [0x7fc8f7afc296]
/app/Build/release/lib/liblagom-ak.so.0(ak_trap+0x6) [0x7fc8f7afc506]
/app/Build/release/lib/liblagom-ak.so.0(+0x1659d) [0x7fc8f7afc59d]
/app/Build/release/lib/liblagom-web.so.0(+0x58d2f6) [0x7fc8f90092f6]
/app/Build/release/lib/liblagom-web.so.0 Web::CSS::CSSRule::css_text() const 0xd) [0x7fc8f901d84d]
/app/Build/release/lib/liblagom-web.so.0(+0xe43299) [0x7fc8f98bf299]
/app/Build/release/lib/liblagom-js.so.0 JS::NativeFunction::call() 0xa1) [0x7fc8f8873d41]
/app/Build/release/lib/liblagom-js.so.0 JS::NativeFunction::internal_call(JS::ExecutionContext&, JS::Value) 0xb1) [0x7fc8f8873b41]
/app/Build/release/lib/liblagom-js.so.0 JS::call_impl(JS::VM&, JS::FunctionObject&, JS::Value, AK::Span<JS::Value const>) 0x167) [0x7fc8f877a857]
/app/Build/release/lib/liblagom-js.so.0 JS::Object::internal_get(JS::PropertyKey const&, JS::Value, JS::CacheableGetPropertyMetadata*, JS::Object::PropertyLookupPhase) const 0x293) [0x7fc8f887cbe3]
/app/Build/release/lib/liblagom-js.so.0 JS::Object::internal_get(JS::PropertyKey const&, JS::Value, JS::CacheableGetPropertyMetadata*, JS::Object::PropertyLookupPhase) const 0x168) [0x7fc8f887cab8]
/app/Build/release/lib/liblagom-js.so.0 JS::Object::internal_get(JS::PropertyKey const&, JS::Value, JS::CacheableGetPropertyMetadata*, JS::Object::PropertyLookupPhase) const 0x168) [0x7fc8f887cab8]
/app/Build/release/lib/liblagom-js.so.0(+0x145656) [0x7fc8f86ee656]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x12ed) [0x7fc8f86cbdcd]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0 JS::call_impl(JS::VM&, JS::FunctionObject&, JS::Value, AK::Span<JS::Value const>) 0x167) [0x7fc8f877a857]
/app/Build/release/lib/liblagom-js.so.0(+0x252321) [0x7fc8f87fb321]
/app/Build/release/lib/liblagom-js.so.0 JS::NativeFunction::call() 0xa1) [0x7fc8f8873d41]
/app/Build/release/lib/liblagom-js.so.0 JS::NativeFunction::internal_call(JS::ExecutionContext&, JS::Value) 0xb1) [0x7fc8f8873b41]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0 JS::call_impl(JS::VM&, JS::FunctionObject&, JS::Value, AK::Span<JS::Value const>) 0x167) [0x7fc8f877a857]
/app/Build/release/lib/liblagom-js.so.0(+0x252321) [0x7fc8f87fb321]
/app/Build/release/lib/liblagom-js.so.0 JS::NativeFunction::call() 0xa1) [0x7fc8f8873d41]
/app/Build/release/lib/liblagom-js.so.0 JS::NativeFunction::internal_call(JS::ExecutionContext&, JS::Value) 0xb1) [0x7fc8f8873b41]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::ECMAScriptFunctionObject::internal_call(JS::ExecutionContext&, JS::Value) 0x24c) [0x7fc8f87e7b2c]
/app/Build/release/lib/liblagom-js.so.0(+0x141f73) [0x7fc8f86eaf73]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_bytecode(unsigned long) 0x107c) [0x7fc8f86cbb5c]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run_executable(JS::Bytecode::Executable&, AK::Optional<unsigned long>, JS::Value) 0x156) [0x7fc8f86ca8a6]
/app/Build/release/lib/liblagom-js.so.0 JS::Bytecode::Interpreter::run(JS::Script&, GC::Ptr<JS::Environment>) 0x2ad) [0x7fc8f86ca51d]
/app/Build/release/lib/liblagom-web.so.0 Web::HTML::ClassicScript::run(Web::HTML::ClassicScript::RethrowErrors, GC::Ptr<JS::Environment>) 0xa8) [0x7fc8f948efc8]
/app/Build/release/lib/liblagom-web.so.0(+0x981900) [0x7fc8f93fd900]
/app/Build/release/lib/liblagom-web.so.0 Web::HTML::HTMLParser::the_end(GC::Ref<Web::DOM::Document>, GC::Ptr<Web::HTML::HTMLParser>) 0x194) [0x7fc8f9462cd4]
/app/Build/release/lib/liblagom-web.so.0(+0x783143) [0x7fc8f91ff143]
/app/Build/release/lib/liblagom-web.so.0(+0xbc79cf) [0x7fc8f96439cf]
/app/Build/release/lib/liblagom-core.so.0 Core::ThreadEventQueue::process() 0x202) [0x7fc8f83a8332]
/app/Build/release/lib/liblagom-core.so.0 Core::EventLoopImplementationUnix::exec() 0x2c) [0x7fc8f83ad92c]
/app/Build/release/lib/liblagom-core.so.0 Core::EventLoop::exec() 0x37) [0x7fc8f839ffd7]
/app/Build/release/libexec/WebContent(+0x35d77) [0x5624e5577d77]
/app/Build/release/libexec/WebContent(main+0xe0) [0x5624e564c140]
/lib/x86_64-linux-gnu/libc.so.6(+0x2a1ca) [0x7fc8f723d1ca]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x8b) [0x7fc8f723d28b]
/app/Build/release/libexec/WebContent(+0x349f5) [0x5624e55769f5]Screenshots or screen recordings
No response
Build flags or config settings
No response
Contribute a patch?
- I’ll contribute a patch for this myself.