Bug 115506
| Summary: | Crash when playing a facebook game and then closing it | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Stephen <sfcheng> |
| Component: | Plug-ins | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | Major | CC: | ap, kadam, sfcheng, zan, zarvai |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | Windows 7 | ||
| URL: | https://apps.facebook.com/farmville-two/?fb_source=bookmark_apps&ref=bookmarks&count=0&fb_bmpos=3_0 | ||
Stephen
I use the webkit included with QT 4.8.3.
Step to reproduce the crash:
1. Use this url to open the farmville2 game: https://apps.facebook.com/farmville-two/?fb_source=bookmark_apps&ref=bookmarks&count=0&fb_bmpos=3_0
2. Close the webview window (either when the game is loading or when it has fully loaded).
The application will crash when the webview is being destroyed. Here is the stack trace:
ntdll.dll!_ZwRaiseException@12() + 0x12 bytes
ntdll.dll!_ZwRaiseException@12() + 0x12 bytes
NPSWF32_11_7_700_169.dll!14c2c219()
[Frames below may be incorrect and/or missing, no symbols loaded for NPSWF32_11_7_700_169.dll]
NPSWF32_11_7_700_169.dll!14c2c219()
NPSWF32_11_7_700_169.dll!14c2bbb3()
NPSWF32_11_7_700_169.dll!14863d6c()
msvcr90d.dll!__CrtIsValidHeapPointer() + 0xf9 bytes
msvcr90d.dll!__unlock() + 0x16 bytes
03110000()
> QtWebKitd4.dll!WebCore::PluginStream::destroyStream() Line 291 + 0x33 bytes C++
QtWebKitd4.dll!WebCore::PluginStream::destroyStream(short reason=1) Line 234 C++
QtWebKitd4.dll!WebCore::PluginStream::didFail(WebCore::NetscapePlugInStreamLoader * loader=0x301307e8, const WebCore::ResourceError & __formal={...}) Line 444 C++
QtWebKitd4.dll!WebCore::NetscapePlugInStreamLoader::didCancel(const WebCore::ResourceError & error={...}) Line 130 C++
QtWebKitd4.dll!WebCore::ResourceLoader::cancel(const WebCore::ResourceError & error={...}) Line 381 + 0x30 bytes C++
QtWebKitd4.dll!WebCore::ResourceLoader::cancel() Line 371 + 0x29 bytes C++
QtWebKitd4.dll!WebCore::cancelAll(const WTF::HashSet<WTF::RefPtr<WebCore::ResourceLoader>,WTF::PtrHash<WTF::RefPtr<WebCore::ResourceLoader> >,WTF::HashTraits<WTF::RefPtr<WebCore::ResourceLoader> > > & loaders={...}) Line 69 + 0x1a bytes C++
QtWebKitd4.dll!WebCore::DocumentLoader::stopLoadingPlugIns() Line 734 + 0xc bytes C++
QtWebKitd4.dll!WebCore::DocumentLoader::stopLoading() Line 265 C++
QtWebKitd4.dll!WebCore::FrameLoader::stopAllLoaders(WebCore::ClearProvisionalItemPolicy clearProvisionalItemPolicy=ShouldClearProvisionalItem) Line 1811 C++
QtWebKitd4.dll!WebCore::FrameLoader::detachFromParent() Line 2706 C++
QtWebKitd4.dll!WebCore::FrameLoader::detachChildren() Line 2614 + 0x16 bytes C++
QtWebKitd4.dll!WebCore::FrameLoader::detachFromParent() Line 2704 C++
QtWebKitd4.dll!QWebPage::~QWebPage() Line 1989 C++
It doesn't crash every time though. Sometimes it crashes repeatedly. Sometimes, it refuses to crash. Seems like some kind of race condition?
The same operation also crashes when I build with qt 5.0.2. But in qt 5.0.2, it crashes at another location. Refer to this other bug: https://bugs.webkit.org/show_bug.cgi?id=99266
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Zan Dobersek
CC-ing a couple of Qt people who can triage this further.
Stephen
I'd like to make a small correction to the original bug report. In QT 5.0.2, it also crashes at the same location upon destroying the flash plugin when the page is closing or navigating away. https://bugs.webkit.org/show_bug.cgi?id=99266 is simple a separate bug when happens when the flash game page is loading. The bottomline is that with qt 5.0.2, we get two landmines instead of one when playing facebook games.
Alexey Proskuryakov
Mass closing plug-in bugs, as plug-in support has been removed from WebKit.
Please comment and/or reopen if this still affects WebKit in some way.