32704 2009-12-18 02:47:58 -0800 Crash with QWebPluginFactory plugins replacing NPAPI plugins 2010-03-17 04:58:47 -0700 1 1 1 Unclassified WebKit WebKit Qt 528+ (Nightly build) All All RESOLVED DUPLICATE 29450 Qt P2 Major --- 0 pinaraf webkit-unassigned jturcotte laszlo.gombos oldest_to_newest 173085 0 45133 pinaraf 2009-12-18 02:47:58 -0800 Created attachment 45133 Test case Hi I'm currently building a web browser that has to be protected from the user : the user should not be able to access the local file system for instance. In order to do this, plugins for instance must be disabled (except Flash). When I do that using a custom QWebPluginFactory that returns a widget in every case, I get a crash on windows with the acrobat reader plugin. You can check this behaviour with the attached source file. How to reproduce the problem : - launch the test case - search "PDF example" - click on the first link, a simple PDF file. Without the acrobat reader plugin, there is no crash because the PDF file is considered as unsupported content. Thanks Pierre 173091 1 45135 pinaraf 2009-12-18 03:01:22 -0800 Created attachment 45135 Test case - fixed compilation... Sorry, I messed a bit with my files... 173141 2 pinaraf 2009-12-18 06:33:22 -0800 Well, the problem is much more generic. When a NPAPI plugin registers itself for a mime type, this mime type will no longer be considered a unsupported content, so WebKit will always try to open it itself. It'll call the plugin to render this content. But when a QWebPluginFactory takes over, then trouble begins. It looks like QWebPluginFactory's plugins can't be used this way, they have to be embedded inside a web page, thus the crashes. You can get this problem on linux too using the flash plugin : just replace http://www.google.fr with the URL of a flash video directly in the source code of the test case, and it'll crash. Here is the backtrace : #0 0x00007ffff778fab0 in typeinfo name for WebCore::QtPluginWidget () from /usr/lib/libQtWebKit.so.4 #1 0x00007ffff729c89e in WebCore::FrameLoaderClientQt::committedLoad (this=0x6db2e0, loader=0x7fffeb8e5080, data=0x75d088 "FWS\005\271\n", length=1067) at ../WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:697 #2 0x00007ffff709f02d in WebCore::DocumentLoader::commitLoad (this=0x7fffeb8e5080, data=0x75d088 "FWS\005\271\n", length=1067) at loader/DocumentLoader.cpp:342 #3 0x00007ffff70dd3e9 in WebCore::ResourceLoader::didReceiveData (this=0x7fffeb90a680, data=0x75d088 "FWS\005\271\n", length=1067, lengthReceived=1067, allAtOnce=120) at loader/ResourceLoader.cpp:248 #4 0x00007ffff70ceacc in WebCore::MainResourceLoader::didReceiveData (this=0x7fffeb90a680, data=0x75d088 "FWS\005\271\n", length=1067, lengthReceived=1067, allAtOnce=<value optimized out>) at loader/MainResourceLoader.cpp:374 #5 0x00007ffff727ce9c in WebCore::QNetworkReplyHandler::forwardData (this=0x6d0c10) at platform/network/qt/QNetworkReplyHandler.cpp:360 #6 0x00007ffff727e598 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x6d0c10, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=<value optimized out>) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:84 #7 0x00007ffff59f3d38 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4 #8 0x00007ffff5ef508d in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #9 0x00007ffff5efb3bd in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #10 0x00007ffff59e3bdc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #11 0x00007ffff59e4abc in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4 #12 0x00007ffff5a0db23 in ?? () from /usr/lib/libQtCore.so.4 #13 0x00007ffff30a713a in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #14 0x00007ffff30aa998 in ?? () from /lib/libglib-2.0.so.0 #15 0x00007ffff30aab4c in g_main_context_iteration () from /lib/libglib-2.0.so.0 #16 0x00007ffff5a0d68c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #17 0x00007ffff5fa553f in ?? () from /usr/lib/libQtGui.so.4 #18 0x00007ffff59e24c2 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #19 0x00007ffff59e2894 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #20 0x00007ffff59e4d46 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4 #21 0x0000000000402444 in main (argc=1, argv=0x7fffffffe288) at main.cpp:54 173158 3 pinaraf 2009-12-18 08:06:00 -0800 Update the bug flags to reflect my last comment... 173931 4 pinaraf 2009-12-21 02:40:52 -0800 Improve the bug report title 198027 5 vestbo 2010-03-10 06:24:25 -0800 Please follow the QtWebKit bug reporting guidelines when reporting bugs. See http://trac.webkit.org/wiki/QtWebKitBugs Specifically: - The 'QtWebKit' component should only be used for bugs/features in the public QtWebKit API layer, not to signify that the bug is specific to the Qt port of WebKit http://trac.webkit.org/wiki/QtWebKitBugs#Component - Add the keyword 'Qt' to signal that it's a Qt-related bug http://trac.webkit.org/wiki/QtWebKitBugs#Keywords 200692 6 jturcotte 2010-03-17 04:58:47 -0700 I could reproduce the crash on Windows and the stack trace is the same as bug 29450 so I will resolve this one as duplicate. I was not able to reproduce the crash on linux using the flash video method with your test case on Qt4.6 + WebKit trunk. If you think that the flash crash is a different bug and you have more information about it, it would be interesting if you can add it to this bug report. thanks *** This bug has been marked as a duplicate of bug 29450 *** 45133 2009-12-18 02:47:58 -0800 2009-12-18 03:01:22 -0800 Test case main.cpp text/plain 2029 pinaraf I2luY2x1ZGUgPFFXZWJQbHVnaW5GYWN0b3J5PgojaW5jbHVkZSA8UUxhYmVsPgojaW5jbHVkZSA8 UVdlYlZpZXc+CiNpbmNsdWRlIDxRV2ViU2V0dGluZ3M+CiNpbmNsdWRlIDxRQXBwbGljYXRpb24+ CiNpbmNsdWRlIDxRRGVidWc+CgpjbGFzcyBXZWJQbHVnaW5GYWN0b3J5IDogcHVibGljIFFXZWJQ bHVnaW5GYWN0b3J5CnsKICAgIHB1YmxpYzoKICAgICAgICBXZWJQbHVnaW5GYWN0b3J5KFFPYmpl Y3QgKnBhcmVudCA9IDApOwogICAgICAgIHZpcnR1YWwgUU9iamVjdCAqIGNyZWF0ZSAoY29uc3Qg UVN0cmluZyAmbWltZVR5cGUsIGNvbnN0IFFVcmwgJnVybCwgY29uc3QgUVN0cmluZ0xpc3QgJmFy Z3VtZW50TmFtZXMsIGNvbnN0IFFTdHJpbmdMaXN0ICZhcmd1bWVudFZhbHVlcykgY29uc3Q7CiAg ICAgICAgdmlydHVhbCBib29sIGV4dGVuc2lvbiAoRXh0ZW5zaW9uIGV4dGVuc2lvbiwgY29uc3Qg RXh0ZW5zaW9uT3B0aW9uICpvcHRpb24gPSAwLCBFeHRlbnNpb25SZXR1cm4gKm91dHB1dCA9IDAp OwogICAgICAgIHZpcnR1YWwgUUxpc3Q8UGx1Z2luPiBwbHVnaW5zICgpIGNvbnN0Owp9OwoKCldl YlBsdWdpbkZhY3Rvcnk6OldlYlBsdWdpbkZhY3RvcnkoUU9iamVjdCAqcGFyZW50KQogICAgICAg IDogUVdlYlBsdWdpbkZhY3RvcnkocGFyZW50KSAKeyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAKfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAKClFPYmplY3QgKldlYlBsdWdpbkZhY3Rvcnk6OmNyZWF0ZShjb25z dCBRU3RyaW5nICZtaW1lVHlwZSwgY29uc3QgUVVybCAmdXJsLCBjb25zdCBRU3RyaW5nTGlzdCAm YXJndW1lbnROYW1lcywgY29uc3QgUVN0cmluZ0xpc3QgJmFyZ3VtZW50VmFsdWVzKSBjb25zdCB7 CiAgICBxRGVidWcoKSA8PCAiQ2FsbGluZyBjcmVhdGUgOiIgPDwgbWltZVR5cGUgPDwgdXJsIDw8 IGFyZ3VtZW50TmFtZXMgPDwgYXJndW1lbnRWYWx1ZXM7CiAgICBRT2JqZWN0ICpyZXN1bHQgPSBu ZXcgUUxhYmVsKCJQcm9ibGVtcyBhcmUgY29taW5nID8iKTsKICAgIHJldHVybiByZXN1bHQ7Cn0K CmJvb2wgV2ViUGx1Z2luRmFjdG9yeTo6ZXh0ZW5zaW9uKEV4dGVuc2lvbiBleHRlbnNpb24sIGNv bnN0IEV4dGVuc2lvbk9wdGlvbiAqb3B0aW9uLCBFeHRlbnNpb25SZXR1cm4gKm91dHB1dCkgewog ICAgcURlYnVnKCkgPDwgIkNhbGxpbmcgZXh0ZW5zaW9uIjsKICAgIGJvb2wgcmVzdWx0ID0gZmFs c2U7CiAgICBxRGVidWcoKSA8PCAiUmVzdWx0IG9mIGV4dGVuc2lvblx0OiAiIDw8IHJlc3VsdDsK ICAgIHJldHVybiByZXN1bHQ7Cn0KClFMaXN0PFFXZWJQbHVnaW5GYWN0b3J5OjpQbHVnaW4+IFdl YlBsdWdpbkZhY3Rvcnk6OnBsdWdpbnMoKSBjb25zdCB7CiAgICBxRGVidWcoKSA8PCAiQ2FsbGlu ZyBwbHVnaW5zIjsKICAgIFFMaXN0PFFXZWJQbHVnaW5GYWN0b3J5OjpQbHVnaW4+IHJlc3VsdDsK ICAgIHFEZWJ1ZygpIDw8ICJSZXN1bHQgb2YgcGx1Z2luc1x0OiAiIDw8IHJlc3VsdC5jb3VudCgp OwogICAgcmV0dXJuIHJlc3VsdDsKfQoKCmludCBtYWluIChpbnQgYXJnYywgY2hhciAqKmFyZ3Yp IHsKICAgIHFEZWJ1ZygpIDw8IHFXZWJLaXRWZXJzaW9uKCk7CiAgICBRQXBwbGljYXRpb24gYXBw KGFyZ2MsIGFyZ3YpOwogICAgUVdlYlNldHRpbmdzOjpnbG9iYWxTZXR0aW5ncygpLT5zZXRBdHRy aWJ1dGUoUVdlYlNldHRpbmdzOjpQbHVnaW5zRW5hYmxlZCwgdHJ1ZSk7CiAgICBRV2ViVmlldyAq d2ViID0gbmV3IFFXZWJWaWV3OwogICAgUVdlYlBhZ2UgKnBhZ2UgPSBuZXcgUVdlYlBhZ2U7CiAg ICBXZWJQbHVnaW5GYWN0b3J5ICpwbHVncyA9IG5ldyBXZWJQbHVnaW5GYWN0b3J5KCZhcHApOwog ICAgcGFnZS0+c2V0UGx1Z2luRmFjdG9yeShwbHVncyk7CiAgICB3ZWItPnNldFBhZ2UocGFnZSk7 CiAgICB3ZWItPnNldFVybChRVXJsKCJodHRwOi8vd3d3Lmdvb2dsZS5mciIpKTsKICAgIHdlYi0+ c2hvdygpOwogICAgcmV0dXJuIGFwcC5leGVjKCk7Cn0KCg== 45135 2009-12-18 03:01:22 -0800 2009-12-18 03:01:22 -0800 Test case - fixed compilation... main.cpp application/octet-stream 1995 pinaraf I2luY2x1ZGUgPFFXZWJQbHVnaW5GYWN0b3J5PgojaW5jbHVkZSA8UUxhYmVsPgojaW5jbHVkZSA8 UVdlYlZpZXc+CiNpbmNsdWRlIDxRV2ViU2V0dGluZ3M+CiNpbmNsdWRlIDxRQXBwbGljYXRpb24+ CiNpbmNsdWRlIDxRRGVidWc+CgpjbGFzcyBXZWJQbHVnaW5GYWN0b3J5IDogcHVibGljIFFXZWJQ bHVnaW5GYWN0b3J5CnsKICAgIHB1YmxpYzoKICAgICAgICBXZWJQbHVnaW5GYWN0b3J5KFFPYmpl Y3QgKnBhcmVudCA9IDApOwogICAgICAgIHZpcnR1YWwgUU9iamVjdCAqIGNyZWF0ZSAoY29uc3Qg UVN0cmluZyAmbWltZVR5cGUsIGNvbnN0IFFVcmwgJnVybCwgY29uc3QgUVN0cmluZ0xpc3QgJmFy Z3VtZW50TmFtZXMsIGNvbnN0IFFTdHJpbmdMaXN0ICZhcmd1bWVudFZhbHVlcykgY29uc3Q7CiAg ICAgICAgdmlydHVhbCBib29sIGV4dGVuc2lvbiAoRXh0ZW5zaW9uIGV4dGVuc2lvbiwgY29uc3Qg RXh0ZW5zaW9uT3B0aW9uICpvcHRpb24gPSAwLCBFeHRlbnNpb25SZXR1cm4gKm91dHB1dCA9IDAp OwogICAgICAgIHZpcnR1YWwgUUxpc3Q8UGx1Z2luPiBwbHVnaW5zICgpIGNvbnN0Owp9OwoKCldl YlBsdWdpbkZhY3Rvcnk6OldlYlBsdWdpbkZhY3RvcnkoUU9iamVjdCAqcGFyZW50KQogICAgICAg IDogUVdlYlBsdWdpbkZhY3RvcnkocGFyZW50KSAKeyAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAKfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAKClFPYmplY3QgKldlYlBsdWdpbkZhY3Rvcnk6OmNyZWF0ZShjb25z dCBRU3RyaW5nICZtaW1lVHlwZSwgY29uc3QgUVVybCAmdXJsLCBjb25zdCBRU3RyaW5nTGlzdCAm YXJndW1lbnROYW1lcywgY29uc3QgUVN0cmluZ0xpc3QgJmFyZ3VtZW50VmFsdWVzKSBjb25zdCB7 CiAgICBxRGVidWcoKSA8PCAiQ2FsbGluZyBjcmVhdGUgOiIgPDwgbWltZVR5cGUgPDwgdXJsIDw8 IGFyZ3VtZW50TmFtZXMgPDwgYXJndW1lbnRWYWx1ZXM7CiAgICBRT2JqZWN0ICpyZXN1bHQgPSBu ZXcgUUxhYmVsKCJQcm9ibGVtcyBhcmUgY29taW5nID8iKTsKICAgIHJldHVybiByZXN1bHQ7Cn0K CmJvb2wgV2ViUGx1Z2luRmFjdG9yeTo6ZXh0ZW5zaW9uKEV4dGVuc2lvbiBleHRlbnNpb24sIGNv bnN0IEV4dGVuc2lvbk9wdGlvbiAqb3B0aW9uLCBFeHRlbnNpb25SZXR1cm4gKm91dHB1dCkgewog ICAgcURlYnVnKCkgPDwgIkNhbGxpbmcgZXh0ZW5zaW9uIjsKICAgIGJvb2wgcmVzdWx0ID0gZmFs c2U7CiAgICBxRGVidWcoKSA8PCAiUmVzdWx0IG9mIGV4dGVuc2lvblx0OiAiIDw8IHJlc3VsdDsK ICAgIHJldHVybiByZXN1bHQ7Cn0KClFMaXN0PFFXZWJQbHVnaW5GYWN0b3J5OjpQbHVnaW4+IFdl YlBsdWdpbkZhY3Rvcnk6OnBsdWdpbnMoKSBjb25zdCB7CiAgICBxRGVidWcoKSA8PCAiQ2FsbGlu ZyBwbHVnaW5zIjsKICAgIFFMaXN0PFFXZWJQbHVnaW5GYWN0b3J5OjpQbHVnaW4+IHJlc3VsdDsK ICAgIHFEZWJ1ZygpIDw8ICJSZXN1bHQgb2YgcGx1Z2luc1x0OiAiIDw8IHJlc3VsdC5jb3VudCgp OwogICAgcmV0dXJuIHJlc3VsdDsKfQoKCmludCBtYWluIChpbnQgYXJnYywgY2hhciAqKmFyZ3Yp IHsKICAgIFFBcHBsaWNhdGlvbiBhcHAoYXJnYywgYXJndik7CiAgICBRV2ViU2V0dGluZ3M6Omds b2JhbFNldHRpbmdzKCktPnNldEF0dHJpYnV0ZShRV2ViU2V0dGluZ3M6OlBsdWdpbnNFbmFibGVk LCB0cnVlKTsKICAgIFFXZWJWaWV3ICp3ZWIgPSBuZXcgUVdlYlZpZXc7CiAgICBRV2ViUGFnZSAq cGFnZSA9IG5ldyBRV2ViUGFnZTsKICAgIFdlYlBsdWdpbkZhY3RvcnkgKnBsdWdzID0gbmV3IFdl YlBsdWdpbkZhY3RvcnkoJmFwcCk7CiAgICBwYWdlLT5zZXRQbHVnaW5GYWN0b3J5KHBsdWdzKTsK ICAgIHdlYi0+c2V0UGFnZShwYWdlKTsKICAgIHdlYi0+c2V0VXJsKFFVcmwoImh0dHA6Ly93d3cu Z29vZ2xlLmZyIikpOwogICAgd2ViLT5zaG93KCk7CiAgICByZXR1cm4gYXBwLmV4ZWMoKTsKfQoK