Bug 106665

Summary: [Qt] Crash when loading http://www.datejs.com/
Product: WebKit Reporter: Arnaud LB <arnaud.lb>
Component: WebKit QtAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Blocker CC: allan.jensen, arnaud.lb, svillar
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
URL: http://www.datejs.com/
Bug Depends on: 108991    
Bug Blocks:    

Arnaud LB
Reported 2013-01-11 07:29:45 PST
Opening http://www.datejs.com/ in a QWebView causes the process to crash. This also seems to happen on any site using the datejs library. The exact WebKit version is the one released with Qt 5.0.0.
Attachments
Add attachment proposed patch, testcase, etc.
Sergio Villar Senin
Comment 1 2013-01-18 07:46:26 PST
I cannot reproduce it with current trunk. Could you provide more information, a backtrace?
Arnaud LB
Comment 2 2013-01-18 08:07:17 PST
I reproduced this with "fancybrowser" from examples/webkitwidgets/fancybrowser: $ gdb ./fancybrowser GNU gdb (GDB) 7.4.1-debian Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/fancybrowser...(no debugging symbols found)...done. (gdb) r http://www.datejs.com/ Starting program: /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/fancybrowser http://www.datejs.com/ [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1". [New Thread 0xf2271b70 (LWP 18195)] Qt at-spi: error getting the accessibility dbus address: "The name org.a11y.Bus was not provided by any .service files" Accessibility DBus not found. Falling back to session bus. [New Thread 0xf18b3b70 (LWP 18196)] [New Thread 0xf0d2fb70 (LWP 18197)] [New Thread 0xf0274b70 (LWP 18200)] [New Thread 0xefa73b70 (LWP 18201)] [New Thread 0xee9fbb70 (LWP 18208)] Program received signal SIGSEGV, Segmentation fault. 0xeda4908b in ?? () (gdb) bt #0 0xeda4908b in ?? () #1 0xf62c8fa7 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #2 0xf62c7ef8 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #3 0xf63c76ac in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #4 0xf528626f in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #5 0xf528686d in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #6 0xf60aa630 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #7 0xf545ad70 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #8 0xf545b30b in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #9 0xf545b845 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #10 0xf54483b8 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #11 0xf549e50c in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #12 0xf54a330a in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #13 0xf54fdf54 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #14 0xf54f328b in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #15 0xf56d5217 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #16 0xf56d3a3f in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #17 0xf56d5591 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #18 0xf56d5c39 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5WebKit.so.5 #19 0xf721c1bd in QMetaObject::activate(QObject*, int, int, void**) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #20 0xf721cbdb in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #21 0xf792fca5 in QNetworkReply::finished() () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Network.so.5 #22 0xf789ed60 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Network.so.5 #23 0xf79306f8 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Network.so.5 #24 0xf721a413 in QMetaCallEvent::placeMetaCall(QObject*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #25 0xf721d872 in QObject::event(QEvent*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #26 0xf7a51ec4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Widgets.so.5 #27 0xf7a55738 in QApplication::notify(QObject*, QEvent*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Widgets.so.5 #28 0xf71f37ae in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #29 0xf71f5974 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #30 0xf71f5ecc in QCoreApplication::sendPostedEvents(QObject*, int) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #31 0xf7240aa4 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #32 0xf4d426d3 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 #33 0xf4d42a70 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #34 0xf4d42b51 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0 #35 0xf7240eb8 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #36 0xf2451ab6 in ?? () from /home/arnaud/Qt5.0.0/5.0.0/gcc/plugins/platforms/libqxcb.so #37 0xf71f1fe6 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #38 0xf71f2424 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #39 0xf71f5f72 in QCoreApplication::exec() () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Core.so.5 #40 0xf74a8214 in QGuiApplication::exec() () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Gui.so.5 #41 0xf7a4d074 in QApplication::exec() () from /home/arnaud/Qt5.0.0/5.0.0/gcc/examples/webkitwidgets/fancybrowser/../../../lib/libQt5Widgets.so.5 #42 0x0804b388 in ?? () #43 0xf6d61e46 in __libc_start_main (main=0x804b2b0, argc=2, ubp_av=0xffffd094, init=0x804d370, fini=0x804d3e0, rtld_fini=0xf7fee590, stack_end=0xffffd08c) at libc-start.c:228 #44 0x0804b44d in ?? () (With the Qt5.0.0 32bits binaries available for download at https://qt-project.org/downloads )
Arnaud LB
Comment 3 2013-02-16 06:34:46 PST
Tried on Windows, MacOS. I can reproduce this only on Linux, so may be Linux specific.
Arnaud LB
Comment 4 2013-02-16 06:54:01 PST
Reproduced on a Debian box (64bit kernel, 32bit userland) and an Ubuntu VM (32bit). Both "fancybrowser" and "browser" demos crash when loading http://datejs.com/
Allan Sandfeld Jensen
Comment 5 2013-03-25 04:38:02 PDT
I can not reproduce this on 64bit linux. Could it be 32bit userland specific?
Arnaud LB
Comment 6 2013-03-25 07:07:00 PDT
Yes, it seems. I've tried on a 64 bits ubuntu, and it doesn't crash there. Tried again on multile 32 bit systems, and it crashes on both. So it seems to be specific to linux with 32 bits userland.
Allan Sandfeld Jensen
Comment 7 2013-03-26 10:05:43 PDT
Confirmed on 32bit linux. #0 0xb051708b in ?? () #1 0xb75f6934 in JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #2 0xb75f57b4 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #3 0xb77045e0 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #4 0xb62d67ad in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #5 0xb62d6f0b in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #6 0xb64ff392 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #7 0xb66d0ef0 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript&) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #8 0xb66d1588 in WebCore::HTMLScriptRunner::executeParsingBlockingScript() () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #9 0xb66d19a8 in WebCore::HTMLScriptRunner::executeParsingBlockingScripts() () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #10 0xb66bb0e8 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #11 0xb67fbb8b in WebCore::CachedResource::checkNotify() () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #12 0xb6800b8a in WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::ResourceBuffer>, bool) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #13 0xb686cae5 in WebCore::SubresourceLoader::didFinishLoading(double) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #14 0xb685f23b in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #15 0xb6bfcb68 in WebCore::QNetworkReplyHandler::finish() () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #16 0xb6bfc88b in WebCore::QNetworkReplyHandlerCallQueue::flush() () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #17 0xb6bfca93 in WebCore::QNetworkReplyHandlerCallQueue::push(void (WebCore::QNetworkReplyHandler::*)()) () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #18 0xb6bfcfbf in WebCore::QNetworkReplyWrapper::didReceiveFinished() () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #19 0xb6bfd71d in WebCore::QNetworkReplyWrapper::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) [clone .part.69] () from /src/qtwebkit-23/WebKitBuild/Release/lib/libQtWebKit.so.4 #20 0xb51df6b1 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () ---Type <return> to continue, or q <return> to quit--- from /usr/lib/i386-linux-gnu/libQtCore.so.4 #21 0xb5424db5 in QNetworkReply::finished() () from /usr/lib/i386-linux-gnu/libQtNetwork.so.4
Allan Sandfeld Jensen
Comment 8 2013-03-26 11:21:08 PDT
Seems to be fixed by the patch for bug 108991
Allan Sandfeld Jensen
Comment 9 2013-03-27 02:27:46 PDT
*** This bug has been marked as a duplicate of bug 108991 ***
Note You need to log in before you can comment on or make changes to this bug.