Segmentation Fault in 2.1.1

[mrog]

1. Which version of PhantomJS are you using? Tip: run phantomjs --version.
   2.1.1

2. What steps will reproduce the problem?
   We have a script that basically fetches some HTML from the Internet, adds some additional detail to the document tree, and writes it to the console. (I wish I could share the script, but it belongs to my employer.) The segmentation fault is intermittent and only seems to happen when a proxy server is used. The proxy details are provided to PhantomJS using the --proxy and --proxy-auth command line arguments.

3. Which operating system are you using?
   Ubuntu 16.04

4. Did you use binary PhantomJS or did you compile it from source?
   I get the segmentation fault with both the downloaded binary and one that I compiled from source.

5. Please provide any additional information below.
   There aren't any symbol files available for download for 2.1.1, but here's what I get when I run the compiled-from-source version in gdb:

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffb29fe700 (LWP 4508)]
[New Thread 0x7fffb21fd700 (LWP 4509)]
[New Thread 0x7fffb19fc700 (LWP 4510)]
[New Thread 0x7fffb11fb700 (LWP 4511)]
[New Thread 0x7fffb09fa700 (LWP 4512)]
[New Thread 0x7fffa3fff700 (LWP 4513)]
[New Thread 0x7fffa37fe700 (LWP 4514)]
[New Thread 0x7fffa2ffd700 (LWP 4515)]
[New Thread 0x7fffa2133700 (LWP 4516)]
[New Thread 0x7fffa1932700 (LWP 4517)]

Thread 1 "phantomjs" received signal SIGSEGV, Segmentation fault.
0x0000000000a82de8 in WTF::Vector<WebCore::FormDataElement, 0ul, WTF::CrashOnOverflow>::size (this=0x8) at ../WTF/wtf/Vector.h:554
554	        size_t size() const { return m_size; }
(gdb) bt
#0  0x0000000000a82de8 in WTF::Vector<WebCore::FormDataElement, 0ul, WTF::CrashOnOverflow>::size (this=0x8) at ../WTF/wtf/Vector.h:554
#1  0x0000000000e3f599 in WTF::Vector<WebCore::FormDataElement, 0ul, WTF::CrashOnOverflow>::operator= (this=0x6d64970, other=...)
    at ../WTF/wtf/Vector.h:712
#2  0x0000000000e3a9b6 in WebCore::FormDataIODevice::reset (this=0x6d64960) at platform/network/qt/QNetworkReplyHandler.cpp:73
#3  0x00000000027dc96f in QNonContiguousByteDeviceIoDeviceImpl::reset (this=0x5ceb730) at io/qnoncontiguousbytedevice.cpp:368
#4  0x00000000025d4f79 in QNetworkReplyHttpImplPrivate::resetUploadDataSlot (this=0x6d68070, r=0x7fffa2132587)
    at access/qnetworkreplyhttpimpl.cpp:1281
#5  0x0000000002649bfd in QNetworkReplyHttpImpl::qt_static_metacall (_o=0x6d68050, _c=QMetaObject::InvokeMetaMethod, _id=27, _a=0x7fffa2132540)
    at .moc/moc_qnetworkreplyhttpimpl_p.cpp:254
#6  0x00000000028a8943 in QMetaCallEvent::placeMetaCall (this=0x7fff8c1ab250, object=0x6d68050) at kernel/qobject.cpp:486
#7  0x00000000028a9ab9 in QObject::event (this=0x6d68050, e=0x7fff8c1ab250) at kernel/qobject.cpp:1239
#8  0x00000000004e123c in QApplicationPrivate::notify_helper (this=0x56df6e0, receiver=0x6d68050, e=0x7fff8c1ab250)
    at kernel/qapplication.cpp:3716
#9  0x00000000004de9a1 in QApplication::notify (this=0x7fffffffdb20, receiver=0x6d68050, e=0x7fff8c1ab250) at kernel/qapplication.cpp:3160
#10 0x000000000287981b in QCoreApplication::notifyInternal (this=0x7fffffffdb20, receiver=0x6d68050, event=0x7fff8c1ab250)
    at kernel/qcoreapplication.cpp:965
#11 0x00000000004a13df in QCoreApplication::sendEvent (receiver=0x6d68050, event=0x7fff8c1ab250)
    at /home/mrogers/code/phantomjs/src/qt/qtbase/include/QtCore/../../src/corelib/kernel/qcoreapplication.h:224
#12 0x000000000287ac19 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x56df830)
    at kernel/qcoreapplication.cpp:1593
#13 0x00000000028dceb2 in QEventDispatcherUNIX::processEvents (this=0x56e1700, flags=...) at kernel/qeventdispatcher_unix.cpp:579
#14 0x00000000021becbe in QUnixEventDispatcherQPA::processEvents (this=0x56e1700, flags=...) at eventdispatchers/qunixeventdispatcher.cpp:62
#15 0x000000000287623c in QEventLoop::processEvents (this=0x7fffffffda20, flags=...) at kernel/qeventloop.cpp:128
#16 0x000000000287656b in QEventLoop::exec (this=0x7fffffffda20, flags=...) at kernel/qeventloop.cpp:204
#17 0x0000000002879f8e in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1229
#18 0x00000000021dd6b2 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1527
#19 0x00000000004de347 in QApplication::exec () at kernel/qapplication.cpp:2976
#20 0x0000000000450c55 in inner_main (argc=5, argv=0x7fffffffdc88) at main.cpp:67
#21 0x0000000000450d8c in main (argc=5, argv=0x7fffffffdc88) at main.cpp:81

[mrog]

Looks like it doesn't take much of a script to reproduce the issue. This works:

var page = require('webpage').create();
page.open('http://allegro.pl');

I invoke the script using:

phantomjs --proxy=xxx.xxx.xxx.xxx:60000 --proxy-auth=xxxxxxxx:xxxxxxx test.js

If I don't use a proxy, it doesn't crash. If I change the URL in the script to http://google.com, it doesn't crash.

[stale]

Due to our very limited maintenance capacity, we need to prioritize our development focus on other tasks. Therefore, this issue will be automatically closed (see #15395 for more details). In the future, if we see the need to attend to this issue again, then it will be reopened. Thank you for your contribution!