Segmentation Fault - Upon page.open

[georgenewson]

When running this script with version 1.9.0 of PhantomJS, I get a segmentation fault:

var system = require ("system");
var fs = require ("fs");
var page = require ("webpage").create ();

if (system.args.length < 2) {
    console.log ("Page not specified.");
    phantom.exit (1);
}
var url = system.args[1];

page.viewportSize = { width: 800, height: 800 };

page.open (url, function (status) {
    // The page is now loaded, maybe.
    if (status !== "success") {
    // The page failed to load!
    console.log ("Failed to load page: " + url);
    phantom.exit (1);
    } else {
    page.render ("4ch_test.png");
    console.log ("Starting...");
    // The page did load after all.
    page.evaluate (function () {
        // Strip out the image URLS.
        console.log ("Images on this page are:");
        var image_links_list = document.querySelectorAll ("a.fileThumb");
        for (i = 0; i < image_links_list.length; i ++) {
        console.log ("https:" + image_links_list[i].href);
        }
    });

    // Exit successfully.
    phantom.exit (0);
    }
});

The script is used to aggregate a list of all images in a thread on the 4chan imageboard. It is called with the thread URL an its first command line argument. The thread must be active, i.e. not 404 in order to reproduce the segmentation fault.

The segmentation fault occurs shortly after spawning a new thread. The new thread's entry function has been given a void* pointer to NULL. I put a breakpoint on pthead_create to observe the stack just before the new thread is entered. Although not shown below, this seems to be during the domain name resolution stage for www.google-analytics.com. Some GDB output:

(gdb) b pthread_create
Breakpoint 1 at 0x40ee80
(gdb) r get_imgs.js http://boards.4chan.org/wg/res/5600995
Starting program: /usr/bin/phantomjs get_imgs.js http://boards.4chan.org/wg/res/5600995

... Then later (the number of breakpoints encountered appears random) ...

Breakpoint 1, 0x000000000040ee80 in pthread_create@plt ()
(gdb) bt
#0  0x000000000040ee80 in pthread_create@plt ()
#1  0x0000000001a0bf77 in QThread::start (this=this@entry=0x7fffa4006720, priority=priority@entry=QThread::InheritPriority) at thread/qthread_unix.cpp:640
#2  0x0000000001a0255d in QThreadPoolPrivate::startThread (this=this@entry=0x7fffa4005400, runnable=runnable@entry=0x7fffa4004c00) at concurrent/qthreadpool.cpp:260
#3  0x0000000001a02c83 in QThreadPoolPrivate::tryStart (this=0x7fffa4005400, task=0x7fffa4004c00) at concurrent/qthreadpool.cpp:178
#4  0x0000000001a031e3 in QThreadPool::start (this=this@entry=0x7fffa4005340, runnable=0x7fffa4004c00, priority=priority@entry=0) at concurrent/qthreadpool.cpp:474
#5  0x000000000198ffd6 in QHostInfoLookupManager::work (this=this@entry=0x7fffa40052d0) at kernel/qhostinfo.cpp:633
#6  0x00000000019900d3 in QHostInfoLookupManager::scheduleLookup (this=this@entry=0x7fffa40052d0, r=r@entry=0x7fffa4004c00) at kernel/qhostinfo.cpp:652
#7  0x000000000199103d in QHostInfo::lookupHost (name=..., receiver=receiver@entry=0x7fffa4006a60, member=member@entry=0x1fb5b90 "1_q_startConnecting(QHostInfo)") at kernel/qhostinfo.cpp:202
#8  0x0000000001991b7e in qt_qhostinfo_lookup (name=..., receiver=receiver@entry=0x7fffa4006a60, member=member@entry=0x1fb5b90 "1_q_startConnecting(QHostInfo)", 
    valid=valid@entry=0x7fffab6f9f50, id=id@entry=0x7fffa40171cc) at kernel/qhostinfo.cpp:722
#9  0x00000000019b06ba in QAbstractSocket::connectToHostImplementation (this=0x7fffa4006a60, hostName=..., port=<optimized out>, openMode=...) at socket/qabstractsocket.cpp:1417
#10 0x00000000019b25c9 in QAbstractSocket::qt_static_metacall (_o=<optimized out>, _id=<optimized out>, _a=<optimized out>, _c=<optimized out>)
    at .moc/release-static/moc_qabstractsocket.cpp:154
#11 0x0000000001b01215 in QMetaMethod::invoke (this=this@entry=0x7fffab6fa310, object=object@entry=0x7fffa4006a60, connectionType=connectionType@entry=Qt::DirectConnection, returnValue=..., 
    val0=..., val1=..., val2=..., val3=..., val4=..., val5=..., val6=..., val7=..., val8=..., val9=...) at kernel/qmetaobject.cpp:1664
#12 0x0000000001b03330 in QMetaObject::invokeMethod (obj=0x7fffa4006a60, member=member@entry=0x1fb5c5b "connectToHostImplementation", type=type@entry=Qt::DirectConnection, ret=..., val0=..., 
    val1=..., val2=..., val3=..., val4=..., val5=..., val6=..., val7=..., val8=..., val9=...) at kernel/qmetaobject.cpp:1179
#13 0x00000000019a87f9 in invokeMethod (val9=..., val8=..., val7=..., val6=..., val5=..., val4=..., val3=..., val2=..., val1=..., val0=..., type=Qt::DirectConnection, 
    member=0x1fb5c5b "connectToHostImplementation", obj=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs.h:418
#14 QAbstractSocket::connectToHost (this=<optimized out>, hostName=..., port=port@entry=80, openMode=...) at socket/qabstractsocket.cpp:1332
#15 0x00000000019f2e1f in QHttpNetworkConnectionChannel::ensureConnection (this=0x7fffa4068538) at access/qhttpnetworkconnectionchannel.cpp:626
#16 0x00000000019ef690 in QHttpNetworkConnectionPrivate::_q_startNextRequest (this=this@entry=0x7fffa4005610) at access/qhttpnetworkconnection.cpp:862
#17 0x00000000019ef8f1 in QHttpNetworkConnectionPrivate::queueRequest (this=0x7fffa4005610, request=...) at access/qhttpnetworkconnection.cpp:501
#18 0x00000000019efb89 in QHttpNetworkConnection::sendRequest (this=<optimized out>, request=...) at access/qhttpnetworkconnection.cpp:931
#19 0x000000000197b4a3 in QHttpThreadDelegate::startRequest (this=0x2d81150) at access/qhttpthreaddelegate.cpp:293
#20 0x00000000019d87cd in QHttpThreadDelegate::qt_static_metacall (_o=0x2d81150, _c=2876218464, _id=27314080, _a=0x7fffa4006720) at .moc/release-static/moc_qhttpthreaddelegate_p.cpp:116
#21 0x0000000001b0ad6e in QObject::event (this=0x2d81150, e=<optimized out>) at kernel/qobject.cpp:1191
#22 0x0000000001484f6c in QApplicationPrivate::notify_helper (this=this@entry=0x2a3c880, receiver=receiver@entry=0x2d81150, e=e@entry=0x2d81830) at kernel/qapplication.cpp:4562
#23 0x000000000148a9d7 in QApplication::notify (this=0x7fffffffdb90, receiver=0x2d81150, e=0x2d81830) at kernel/qapplication.cpp:4423
#24 0x0000000001af956d in QCoreApplication::notifyInternal (this=0x7fffffffdb90, receiver=receiver@entry=0x2d81150, event=event@entry=0x2d81830) at kernel/qcoreapplication.cpp:946
#25 0x0000000001afc4cd in sendEvent (event=0x2d81830, receiver=0x2d81150) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#26 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x2d1cb30) at kernel/qcoreapplication.cpp:1567
#27 0x0000000001b202df in QEventDispatcherUNIX::processEvents (this=0x7fffa40008c0, flags=...) at kernel/qeventdispatcher_unix.cpp:909
#28 0x0000000001af851f in QEventLoop::processEvents (this=this@entry=0x7fffab6faea0, flags=...) at kernel/qeventloop.cpp:149
#29 0x0000000001af8846 in QEventLoop::exec (this=this@entry=0x7fffab6faea0, flags=...) at kernel/qeventloop.cpp:200
#30 0x0000000001a0a4df in QThread::exec (this=<optimized out>) at thread/qthread.cpp:542
#31 0x0000000001a0c8bf in QThreadPrivate::start (arg=0x2d1ca40) at thread/qthread_unix.cpp:338
#32 0x00007ffff5180f3a in ?? ()
#33 0x0000000000000000 in ?? ()
(gdb) up 7
#7  0x000000000199103d in QHostInfo::lookupHost (name=..., receiver=receiver@entry=0x7fffa4006a60, member=member@entry=0x1fb5b90 "1_q_startConnecting(QHostInfo)") at kernel/qhostinfo.cpp:202
202 in kernel/qhostinfo.cpp
(gdb) print name
$16 = (const QString &) @0x7fffab6fa6b0: {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 2913}, alloc = 0, size = 0, data = 0x29f929a <QString::shared_null+26>, 
    clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 5}, alloc = 0, size = 0, 
    data = 0x29f927a <QString::shared_empty+26>, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x2d7da00, 
  static codecForCStrings = 0x0}
(gdb) print *(name.d)
$17 = {ref = {_q_value = 8}, alloc = 12, size = 12, data = 0x2d7da1a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 1, reserved = 890, array = {49}}
(gdb) print * (const char[24] *) ((name.d)->data)
$18 = "1\000.\000t\000.\000\064\000c\000d\000n\000.\000o\000r\000g"
(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 22762]
JSC::cti_op_jtrue (args=0x7fffffffd220) at ../../JavaScriptCore/jit/JITStubs.cpp:2846
2846    ../../JavaScriptCore/jit/JITStubs.cpp: No such file or directory.
(gdb) bt
#0  JSC::cti_op_jtrue (args=0x7fffffffd220) at ../../JavaScriptCore/jit/JITStubs.cpp:2846
#1  0x00007fffac0d92bf in ?? ()
#2  0x0000000000000000 in ?? ()
(gdb) print args
$19 = (void **) 0x7fffffffd220
(gdb) print *args
$20 = (void *) 0x0

[vitallium]

Please upgrade to PhantomJS 2. 1.9.x is no longer supported, and known to have many crasher bugs that are fixed in 2 version.