Bug 29420

Summary: [Qt] On Linux, the demo browser crashes on some system when Adobe Flash is enabled
Product: WebKit Reporter: Tor Arne Vestbø <vestbo>
Component: Plug-insAssignee: QtWebKit Unassigned <webkit-qt-unassigned>
Status: RESOLVED INVALID    
Severity: Critical CC: jturcotte, kenneth, kling
Priority: P2 Keywords: Qt
Version: 528+ (Nightly build)   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 35962    
Attachments:
Description Flags
Formated backtrace none

Tor Arne Vestbø
Reported 2009-09-18 07:38:12 PDT
This bug report originated from issue QTBUG-3973 <http://bugreports.qt.nokia.com/browse/QTBUG-3973> --- Description --- On some Linux system, the demo browser crashes when Adobe Flash is enabled. Here it the backtrace of the crash: address=0x7fd78c4b79f0) at tools/qmutexpool.cpp:141 mo_name=0x7fd78c0fc4f0 "QMotifStyle", func=0x7fd78c03b244 <QMotifStyle::staticMetaObject()>) at kernel/qmetaobject.cpp:1209 (__initialize_p=1, __priority=65535) at .moc/debug-shared-mt/moc_qmotifstyle.cpp:28 moc_qmotifstyle.cpp () at .moc/debug-shared-mt/moc_qmotifstyle.cpp:91 /usr/qt/3/lib/libqt-mt.so.3 /usr/lib64/gtk-2.0/2.10.0/engines/libqtengine.so argv=0x7fffb09a74f8, env=0xfbb190) at dl-init.c:70 argv=0x7fffb09a74f8, env=0xfbb190) at dl-init.c:134 dl-open.c:516 errstring=0x7fffb09a12e8, mallocedp=0x7fffb09a12ff, operate=0x7fd7a879e980 <dl_open_worker>, args=0x7fffb09a12a0) at dl-error.c:178 "/usr/lib64/gtk-2.0/2.10.0/engines/libqtengine.so", mode=-2147483647, caller_dlopen=0x7fd791e1aca3, nsid=-2, argc=1, argv=0x7fffb09a74f8, env=0xfbb190) at dl-open.c:596 dlopen.c:67 errstring=0xf77018, mallocedp=0xf77008, operate=0x7fd7a3313f50 <dlopen_doit>, args=0x7fffb09a14c0) at dl-error.c:178 <dlopen_doit>, args=0x7fffb09a14c0) at dlerror.c:164 mode=<value optimized out>) at dlopen.c:88 "/usr/lib64/gtk-2.0/2.10.0/engines/libqtengine.so", flags=G_MODULE_BIND_MASK) at gmodule-dl.c:99 gtkthemes.c:80 gtypemodule.c:257 "qtengine") at gtkthemes.c:181 scanner=0x1293f50) at gtkrc.c:3665 input_name=<value optimized out>, input_fd=<value optimized out>, input_string=<value optimized out>) at gtkrc.c:2908 (context=0x195a300, filename=0x1293e70 "/usr/share/themes/Qt/gtk-2.0/gtkrc", priority=<value optimized out>, reload=<value optimized out>) at gtkrc.c:1022 input_name=<value optimized out>, input_fd=<value optimized out>, input_string=<value optimized out>) at gtkrc.c:2876 (context=0x195a300, filename=0x1715550 "/home/user/.gtkrc-2.0-kde", priority=<value optimized out>, reload=<value optimized out>) at gtkrc.c:1022 (settings=<value optimized out>, force_load=1) at gtkrc.c:851 (screen=0x1cee0c0) at gtksettings.c:1006 optimized out>) at gtype.c:1674 n_construct_properties=2353756656, construct_params=0x100000080) at gobject.c:1334 n_parameters=<value optimized out>, parameters=<value optimized out>) at gobject.c:1211 first_property_name=0x0, var_args=0x7fffb09a1ea0) at gobject.c:1274 first_property_name=0x0) at gobject.c:1056 gtkwidget.c:6344 gtkwidget.c:2659 optimized out>) at gtype.c:1666 n_construct_properties=2353756656, construct_params=0x100000080) at gobject.c:1334 n_parameters=<value optimized out>, parameters=<value optimized out>) at gobject.c:1211 first_property_name=0x0, var_args=0x7fffb09a2390) at gobject.c:1274 first_property_name=0x0) at gobject.c:1056 (display=0x207c0d0, socket_id=62914679) at gtkplug.c:528 (this=0x1d53cf0, rect=@0x7fffb09a2560) at plugins/qt/PluginViewQt.cpp:188 plugins/qt/PluginViewQt.cpp:484 child=0x1d53cf0) at platform/ScrollView.cpp:65 (this=0x132e670, widget=0x1d53cf0) at rendering/RenderWidget.cpp:147 (this=0x132e670, widget=0x1d53cf0) at rendering/RenderPart.cpp:64 (this=0x1117908, renderer=0x132e670, url=@0x7fffb09a2770, mimeType=@0x7fffb09a2ab0, paramNames=@0x7fffb09a2a10, paramValues=@0x7fffb09a29f0, useFallback=false) at loader/FrameLoader.cpp:1753 (this=0x1117908, renderer=0x132e670, url=@0x7fffb09a2ac0, frameName=@0x7fffb09a2a40, mimeType=@0x7fffb09a2ab0, paramNames=@0x7fffb09a2a10, paramValues=@0x7fffb09a29f0) at loader/FrameLoader.cpp:1701 (this=0x132e670, onlyCreateNonNetscapePlugins=false) at rendering/RenderPartObject.cpp:245 (this=0x14d74b0) at page/FrameView.cpp:999 optimized out>, allowSubtree=208) at page/FrameView.cpp:617 WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x12d5300) at dom/Document.cpp:1250 WebCore::HTMLObjectElement::renderWidgetForJSBindings (this=0x1bc4ae0) at html/HTMLObjectElement.cpp:64 (this=0x7fd78c4b79f0) at html/HTMLPlugInElement.cpp:85 bindings/js/JSPluginElementFunctions.cpp:50 node=0x7fd78c4b79f0) at bindings/js/JSPluginElementFunctions.cpp:58 (exec=0xf5a190, propertyName=@0x1202a50, slot=@0x100000080, element=0xfbb190) at bindings/js/JSPluginElementFunctions.cpp:84 WebCore::JSHTMLObjectElement::getOwnPropertySlot (this=0x7fd7a87de980, exec=0x7fd79c50abb8, propertyName=@0x1202a50, slot=@0x7fffb09a3160) at generated/JSHTMLObjectElement.cpp:165 (this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, callFrame=0x7fd79c50abb8, exception=0x11f5f90) at ../JavaScriptCore/runtime/JSObject.h:331 functionBodyNode=<value optimized out>, callFrame=0x7fd79c50a351, function=0x7fd7a87d7100, thisObj=<value optimized out>, args=<value optimized out>, scopeChain=0x1d2b080, exception=0x11f5f90) at ../JavaScriptCore/interpreter/Interpreter.cpp:975 exec=0x7fd79c50a350, thisValue=<value optimized out>, args=@0x7fffb09a3a00) at ../JavaScriptCore/runtime/JSFunction.cpp:82 functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at ../JavaScriptCore/runtime/CallData.cpp:39 thisValue={m_ptr = 0x7fd7a87d7100}, args=@0x7fffb09a3de0) at ../JavaScriptCore/runtime/FunctionPrototype.cpp:133 (this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, callFrame=0x7fd79c50a2d8, exception=0x11f5f90) at ../JavaScriptCore/interpreter/Interpreter.cpp:3371 functionBodyNode=<value optimized out>, callFrame=0x7fd79c50a291, function=0x7fd7a87d7000, thisObj=<value optimized out>, args=<value optimized out>, scopeChain=0x17b9530, exception=0x11f5f90) ---Type <return> to continue, or q <return> to quit--- at ../JavaScriptCore/interpreter/Interpreter.cpp:975 exec=0x7fd79c50a290, thisValue=<value optimized out>, args=@0x7fffb09a4780) at ../JavaScriptCore/runtime/JSFunction.cpp:82 functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at ../JavaScriptCore/runtime/CallData.cpp:39 thisValue={m_ptr = 0x7fd7a87d7000}, args=@0x7fffb09a4b60) at ../JavaScriptCore/runtime/FunctionPrototype.cpp:133 (this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, callFrame=0x7fd79c50a228, exception=0x11f5f90) at ../JavaScriptCore/interpreter/Interpreter.cpp:3371 functionBodyNode=<value optimized out>, callFrame=0x7fd79c50a1c9, function=0x7fd79c3edb80, thisObj=<value optimized out>, args=<value optimized out>, scopeChain=0x13fd000, exception=0x11f5f90) at ../JavaScriptCore/interpreter/Interpreter.cpp:975 exec=0x7fd79c50a1c8, thisValue=<value optimized out>, args=@0x7fffb09a5500) at ../JavaScriptCore/runtime/JSFunction.cpp:82 functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at ../JavaScriptCore/runtime/CallData.cpp:39 thisValue={m_ptr = 0x7fd79c3edb80}, args=@0x7fffb09a58e0) at ../JavaScriptCore/runtime/FunctionPrototype.cpp:133 (this=0x11f6960, flag=<value optimized out>, registerFile=0x11f6980, callFrame=0x7fd79c50a0f8, exception=0x11f5f90) at ../JavaScriptCore/interpreter/Interpreter.cpp:3371 functionBodyNode=<value optimized out>, callFrame=0x1927489, function=0x7fd78e6c4980, thisObj=<value optimized out>, args=<value optimized out>, scopeChain=0x146f180, exception=0x11f5f90) at ../JavaScriptCore/interpreter/Interpreter.cpp:975 exec=0x1927488, thisValue=<value optimized out>, args=@0x7fffb09a62c0) at ../JavaScriptCore/runtime/JSFunction.cpp:82 functionObject={m_ptr = 0x7fffb09a0d40}, callType=<value optimized out>, callData=@0x7fd78bf64000, thisValue={m_ptr = 0x0}, args=@0xfbb190) at ../JavaScriptCore/runtime/CallData.cpp:39 (this=0x13bc8f0, event=0x16f7000, isWindowEvent=false) at bindings/js/JSEventListener.cpp:115 (this=<value optimized out>, event=0x16f7000, useCapture=false) at dom/EventTargetNode.cpp:219 (this=0x12d5300, prpEvent=<value optimized out>, ec=<value optimized out>) at dom/EventTargetNode.cpp:340 (this=0x12d5300, e=<value optimized out>, ec=@0x7fffb09a650c) at dom/EventTargetNode.cpp:273 (this=0x12d5300) at dom/Document.cpp:3899 optimized out>, str=<value optimized out>, appendData=<value optimized out>) at html/HTMLTokenizer.cpp:1768 (this=0x194d310) at html/HTMLTokenizer.cpp:2012 (this=0x12d5300) at dom/Document.cpp:2168 (this=0x1599b60) at html/HTMLStyleElement.cpp:101 (this=0x13ceb80) at css/CSSStyleSheet.cpp:185 (this=0x12abde0, url=<value optimized out>, charset=<value optimized out>, sheet=0x120d7a0) at css/CSSImportRule.cpp:67 (this=0x120d7a0) at loader/CachedCSSStyleSheet.cpp:116 (this=0x120d7a0, data=<value optimized out>, allDataReceived=<value optimized out>) at loader/CachedCSSStyleSheet.cpp:104 (this=0x1d00390, loader=0x18b85d0) at loader/loader.cpp:301 (this=0x18b85d0) at loader/SubresourceLoader.cpp:183 (this=0x109ab00) at platform/network/qt/QNetworkReplyHandler.cpp:224 (this=0x109ab00, _c=QMetaObject::InvokeMetaMethod, _id=944, _a=<value optimized out>) at .moc/debug-shared/moc_QNetworkReplyHandler.cpp:69 at kernel/qobject.cpp:1106 (this=0xf59cd0, receiver=0x109ab00, e=0x1768dd0) at kernel/qapplication.cpp:4084 receiver=0x109ab00, e=0x1768dd0) at kernel/qapplication.cpp:4049 (this=0x7fffb09a73e0, receiver=0x109ab00, event=0x1768dd0) at kernel/qcoreapplication.cpp:598 (receiver=0x0, event_type=0, data=0xf59700) at kernel/qcoreapplication.h:213 out>) at kernel/qcoreapplication.h:218 (context=0xf5d040) at gmain.c:2144 block=1, dispatch=1, self=<value optimized out>) at gmain.c:2778 (context=0xf5d040, may_block=1) at gmain.c:2841 (this=0xf5a640, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:323 (this=0xf5a190, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202 optimized out>, flags={i = -1332055232}) at kernel/qeventloop.cpp:149 flags={i = -1332055152}) at kernel/qeventloop.cpp:196 kernel/qcoreapplication.cpp:880 main.cpp:51
Attachments
Formated backtrace (16.42 KB, text/plain)
2009-10-08 09:31 PDT, Jocelyn Turcotte 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Jocelyn Turcotte
Comment 1 2009-10-08 09:31:35 PDT
Created attachment 40879 [details] Formated backtrace By looking at the backtrace, dynamic library libqtengine.so seems to crash while loaded from GTK inside libflashplayer.so.
Kenneth Rohde Christiansen
Comment 2 2009-10-18 09:31:59 PDT
If you set your Qt theme to Gtk, and the Gtk theme to Qt, it will end up in an infinite loop. Maybe that is what is going on here, or something similar? Jocelyn, try talking to Jens Bache, as he might have some ideas.
Andreas Kling
Comment 3 2010-04-07 06:27:37 PDT
Cannot reproduce, needs testcase.
Note You need to log in before you can comment on or make changes to this bug.