Bug 29450

Summary:

[Qt] QWebPluginFactory: When providing a widget for the PDF mime type it will cause a crash

Product:

WebKit

Reporter:

Tor Arne Vestbø <vestbo>

Component:

Plug-ins

Assignee:

QtWebKit Unassigned <webkit-qt-unassigned>

Status:

CLOSED FIXED

Severity:

Critical

CC:

benjamin, commit-queue, hausmann, jturcotte, kling, pinaraf, tonikitoo

Priority:

Keywords:

Version:

528+ (Nightly build)

Hardware:

Other

OS:

All

Bug Depends on:

Bug Blocks:

35784

Attachments:

Description	Flags
Test case from bug #29445	none
TestCase (use a QLabel instead of the real AcroRead activeX, same crash)	none
Stack trace	none
"Universal" test case, crash on any system with flash plugin enabled.	none
Proposed patch	none

Tor Arne Vestbø

Reported 2009-09-18 07:58:06 PDT

This bug report originated from issue QTBUG-4259 <http://bugreports.qt.nokia.com/browse/QTBUG-4259> --- Description --- QWebPluginFactory: When providing a widget for the PDF mime type it will cause a crash

Attachments
Test case from bug #29445 (2.44 KB, application/octet-stream) 2010-03-09 03:10 PST, Jocelyn Turcotte	no flags	Details
TestCase (use a QLabel instead of the real AcroRead activeX, same crash) (2.31 KB, application/octet-stream) 2010-03-09 03:11 PST, Jocelyn Turcotte	no flags	Details
Stack trace (11.98 KB, text/plain) 2010-03-09 03:12 PST, Jocelyn Turcotte	no flags	Details
"Universal" test case, crash on any system with flash plugin enabled. (994 bytes, application/octet-stream) 2010-03-26 14:12 PDT, Pierre	no flags	Details
Proposed patch (2.24 KB, patch) 2010-04-07 03:37 PDT, Andreas Kling	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Jocelyn Turcotte

Comment 1 2010-03-09 03:09:25 PST

*** Bug 29445 has been marked as a duplicate of this bug. ***

Jocelyn Turcotte

Comment 2 2010-03-09 03:10:24 PST

Created attachment 50284 [details] Test case from bug #29445

Jocelyn Turcotte

Comment 3 2010-03-09 03:11:33 PST

Created attachment 50285 [details] TestCase (use a QLabel instead of the real AcroRead activeX, same crash)

Jocelyn Turcotte

Comment 4 2010-03-09 03:12:23 PST

Created attachment 50286 [details] Stack trace Reproduced with trunk on Windows

Jocelyn Turcotte

Comment 5 2010-03-17 04:58:47 PDT

*** Bug 32704 has been marked as a duplicate of this bug. ***

Tor Arne Vestbø

Comment 6 2010-03-22 07:37:17 PDT

Could not reproduce on Mac OS 10.6. Changed the test-case to load data:text/html,<object data='http://www.quintcareers.com/employment_application.pdf' type=application/pdf> so that we actually trigger the pdf mimetype path, but no crash.

Andreas Kling

Comment 7 2010-03-26 09:58:42 PDT

Cannot reproduce on Linux.

Pierre

Comment 8 2010-03-26 14:11:17 PDT

This bug is reproductible on any platform. I will attach a new test case, that does crash on Linux and Windows at least. It requires the Flash plugin to be installed and "available" for WebKit.

Pierre

Comment 9 2010-03-26 14:12:20 PDT

Created attachment 51777 [details] "Universal" test case, crash on any system with flash plugin enabled. This will crash on any platform.

Benjamin Poulain

Comment 10 2010-04-06 05:14:41 PDT

Confirmed with trunk. Backtrace: #0 0x00007ffff7719010 in typeinfo name for WebCore::QtPluginWidget () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #1 0x00007ffff7390fbf in WebCore::FrameLoaderClientQt::committedLoad(WebCore::DocumentLoader*, char const*, int) () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #2 0x00007ffff716d269 in WebCore::DocumentLoader::commitLoad(char const*, int) () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #3 0x00007ffff71a9831 in WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #4 0x00007ffff719b93c in WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #5 0x00007ffff71a90f3 in WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #6 0x00007ffff7371d36 in WebCore::QNetworkReplyHandler::forwardData() () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #7 0x00007ffff7373594 in WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call, int, void**) () from /home/ikipou/build/webkit/oslo-staging-1_release_64/Release/lib/libQtWebKit.so.4 #8 0x00007ffff4633006 in QMetaObject::activate (sender=0x717250, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qobject.cpp:3295 #9 0x00007ffff56f82d0 in QNetworkReplyImplPrivate::appendDownstreamData (this=0x729d30, data=<value optimized out>) at /home/ikipou/dev/oslo-staging-1/src/network/access/qnetworkreplyimpl.cpp:538 #10 0x00007ffff56e55f7 in QNetworkAccessHttpBackend::readFromHttp (this=0x7164f0) at /home/ikipou/dev/oslo-staging-1/src/network/access/qnetworkaccesshttpbackend.cpp:734 #11 0x00007ffff575f628 in QNetworkAccessHttpBackend::qt_metacall (this=0x7164f0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffffffd4e0) at .moc/release-shared/moc_qnetworkaccesshttpbackend_p.cpp:85 #12 0x00007ffff4633006 in QMetaObject::activate (sender=0x7261b0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qobject.cpp:3295 #13 0x00007ffff56cff92 in QHttpNetworkConnectionChannel::_q_receiveReply (this=0x72a838) at /home/ikipou/dev/oslo-staging-1/src/network/access/qhttpnetworkconnectionchannel.cpp:412 #14 0x00007ffff56d08c0 in QHttpNetworkConnectionChannel::qt_metacall (this=0x72a838, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffffffd6b0) at .moc/release-shared/moc_qhttpnetworkconnectionchannel_p.cpp:92 #15 0x00007ffff4633006 in QMetaObject::activate (sender=0x72b0d0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x0) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qobject.cpp:3295 #16 0x00007ffff5735dff in QAbstractSocketPrivate::canReadNotification (this=0x72b0f0) at /home/ikipou/dev/oslo-staging-1/src/network/socket/qabstractsocket.cpp:639 #17 0x00007ffff57251d1 in QReadNotifier::event (this=<value optimized out>, e=0x7fffe6eb03e8) at /home/ikipou/dev/oslo-staging-1/src/network/socket/qnativesocketengine.cpp:1103 #18 0x00007ffff4b584ac in QApplicationPrivate::notify_helper (this=0x60b700, receiver=0x728450, e=0x7fffffffdc10) at /home/ikipou/dev/oslo-staging-1/src/gui/kernel/qapplication.cpp:4341 #19 0x00007ffff4b5fbad in QApplication::notify (this=0x7fffffffded0, receiver=0x728450, e=0x7fffffffdc10) at /home/ikipou/dev/oslo-staging-1/src/gui/kernel/qapplication.cpp:4224 #20 0x00007ffff461e85c in QCoreApplication::notifyInternal (this=0x7fffffffded0, receiver=0x728450, event=0x7fffffffdc10) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qcoreapplication.cpp:704 #21 0x00007ffff464a2ca in QCoreApplication::sendEvent (source=0x618df0) at ../../include/QtCore/../../../oslo-staging-1/src/corelib/kernel/qcoreapplication.h:215 #22 socketNotifierSourceDispatch (source=0x618df0) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qeventdispatcher_glib.cpp:110 #23 0x00007ffff1f92bce in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #24 0x00007ffff1f96598 in ?? () from /lib/libglib-2.0.so.0 #25 0x00007ffff1f966c0 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #26 0x00007ffff4649f13 in QEventDispatcherGlib::processEvents (this=0x615370, flags=<value optimized out>) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qeventdispatcher_glib.cpp:412 #27 0x00007ffff4c0841e in QGuiEventDispatcherGlib::processEvents (this=0x7fffe6efe2d8, flags=<value optimized out>) at /home/ikipou/dev/oslo-staging-1/src/gui/kernel/qguieventdispatcher_glib.cpp:204 #28 0x00007ffff461d592 in QEventLoop::processEvents (this=<value optimized out>, flags=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece. ) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qeventloop.cpp:149 #29 0x00007ffff461d96c in QEventLoop::exec (this=0x7fffffffde70, flags=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece. ) at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qeventloop.cpp:201 #30 0x00007ffff4622939 in QCoreApplication::exec () at /home/ikipou/dev/oslo-staging-1/src/corelib/kernel/qcoreapplication.cpp:981 #31 0x0000000000401dbc in main ()

Andreas Kling

Comment 11 2010-04-07 03:37:25 PDT

Created attachment 52724 [details] Proposed patch

Simon Hausmann

Comment 12 2010-04-07 03:40:27 PDT

Comment on attachment 52724 [details] Proposed patch LGTM

WebKit Commit Bot

Comment 13 2010-04-07 04:15:07 PDT

Comment on attachment 52724 [details] Proposed patch Clearing flags on attachment: 52724 Committed r57202: <http://trac.webkit.org/changeset/57202>

WebKit Commit Bot

Comment 14 2010-04-07 04:15:14 PDT

All reviewed patches have been landed. Closing bug.

Simon Hausmann

Comment 15 2010-04-08 00:54:44 PDT

Revision r57202 cherry-picked into qtwebkit-2.0 with commit 75a63ec54e29f49deafdd2dcac789f2ef66be6ef

Note You need to log in before you can comment on or make changes to this bug.