Bug 32922

Summary: [Qt] fast/text/find-hidden-text.html
Product: WebKit Reporter: Robert Hogan <robert>
Component: PlatformAssignee: Benjamin Poulain <benjamin>
Status: CLOSED FIXED    
Severity: Major CC: benjamin, commit-queue, hausmann, jwieczorek, kent.hansen
Priority: P1 Keywords: Qt, QtTriaged
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 35784    
Attachments:
Description Flags
A reduction
none
Patch
none
Patch with test none

Robert Hogan
Reported 2009-12-24 12:05:40 PST
In Qt this is failing at: testNonHiddenTextStyle("position: absolute", "height:0; overflow:scroll"); testNonHiddenTextStyle("position: fixed", "height:0; overflow:scroll"); at if (scrollbar->maximum != scrollbar->minimum) { uint range = scrollbar->maximum - scrollbar->minimum; sliderlen = (qint64(scrollbar->pageStep) * maxlen) / (range + scrollbar->pageStep); in qcommonstyle.cpp (Qt rather than WebKit). The bt for testNonHiddenTextStyle("position: absolute", "height:0; overflow:scroll"); is: (gdb) quit gdb --interpreter=mi2 -quiet (gdb) p maxlen p maxlen $1 = -48 ^done(gdb) p scrollbar->pageStep p scrollbar->pageStep $2 = -16 ^done(gdb) p range p range $3 = <value optimized out> ^done(gdb) p scrollbar->maximum p scrollbar->maximum $4 = 16 ^done(gdb) p scrollbar->minimum p scrollbar->minimum $5 = 0 ^done*** Program received signal SIGFPE (Arithmetic exception) ***(gdb) bt bt #0 0x0078b59b in __divdi3 (warning: (Internal error: pc 0x78b59b in read in psymtab, but not in symtab.) ) from /lib/libgcc_s.so.1 #1 0x02df64d2 in QCommonStyle::subControlRect (this=0x810caf0, cc=QStyle::CC_ScrollBar, opt=0x2947ee0, sc=QStyle::SC_ScrollBarGroove, widget=0x0) at /var/tmp/qt-x11-src-4.6.0/src/gui/styles/qcommonstyle.cpp:3991 #2 0x01ff3198 in WebCore::ScrollbarThemeQt::trackLength (this=0x2947f48, scrollbar=0x8216750) at ../../../../WebCore/platform/qt/ScrollbarThemeQt.cpp:226 #3 0x01ff2f5b in WebCore::ScrollbarThemeQt::thumbPosition (this=0x2947f48, scrollbar=0x8216750) at ../../../../WebCore/platform/qt/ScrollbarThemeQt.cpp:205 #4 0x01e44509 in WebCore::Scrollbar::setCurrentPos (this=0x8216750, pos=16) at ../../../../WebCore/platform/Scrollbar.cpp:269 #5 0x01e43c28 in WebCore::Scrollbar::setValue (this=0x8216750, v=16) at ../../../../WebCore/platform/Scrollbar.cpp:96 #6 0x01f156af in WebCore::RenderLayer::scrollToOffset (this=0x81e353c, x=0, y=16, updateScrollbars=true, repaint=true) at ../../../../WebCore/rendering/RenderLayer.cpp:1211 #7 0x01f15d39 in WebCore::RenderLayer::scrollRectToVisible (this=0x81e353c, rect=..., scrollToAnchor=false, alignX=..., alignY=...) at ../../../../WebCore/rendering/RenderLayer.cpp:1260 #8 0x01f160d9 in WebCore::RenderLayer::scrollRectToVisible (this=0x8214d2c, rect=..., scrollToAnchor=false, alignX=..., alignY=...) at ../../../../WebCore/rendering/RenderLayer.cpp:1294 #9 0x01d9c09a in WebCore::Frame::revealSelection (this=0x818bef8, alignment=..., revealExtent=false) at ../../../../WebCore/page/Frame.cpp:1363 #10 0x01d9d66a in WebCore::Frame::findString (this=0x818bef8, target=..., forward=true, caseFlag=false, wrapFlag=true, startInSelection=false) at ../../../../WebCore/page/Frame.cpp:1540 #11 0x01ba1984 in executeFindString (frame=0x818bef8, value=...) at ../../../../WebCore/editing/EditorCommand.cpp:399 #12 0x01ba5869 in WebCore::Editor::Command::execute (this=0xbfffe434, parameter=..., triggeringEvent=0x0) at ../../../../WebCore/editing/EditorCommand.cpp:1525 #13 0x01ac40d2 in WebCore::Document::execCommand (this=0x81aa148, commandName=..., userInterface=false, value=...) at ../../../../WebCore/dom/Document.cpp:3365 #14 0x0209468c in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0xb7aa7248, thisValue=..., args=...) at generated/debug/JSDocument.cpp:1876 #15 0x03c4c16e in ?? () #16 0x017dd6b7 in JSC::JITCode::execute (this=0x81e95e0, registerFile=0x81afdfc, callFrame=0xb7aa7050, globalData=0x81ae100, exception=0x81aebbc) at ../../../../JavaScriptCore/jit/JITCode.h:79 #17 0x017e56ac in JSC::Interpreter::execute (this=0x81afdf0, functionExecutable=0x81e95d0, callFrame=0x819edf4, function=0xb7a42e00, thisObj=0xb7a40000, args=..., scopeChain=0x81e9260, exception=0x81aebbc) at ../../../../JavaScriptCore/interpreter/Interpreter.cpp:685 #18 0x0187c219 in JSC::JSFunction::call (this=0xb7a42e00, exec=0x819edf4, thisValue=..., args=...) at ../../../../JavaScriptCore/runtime/JSFunction.cpp:120 #19 0x0184ec05 in JSC::call (exec=0x819edf4, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../../JavaScriptCore/runtime/CallData.cpp:39 #20 0x01981a5a in WebCore::JSEventListener::handleEvent (this=0x81d99d8, scriptExecutionContext=0x81aa178, event=0x81c6f70) at ../../../../WebCore/bindings/js/JSEventListener.cpp:113 #21 0x01aff363 in WebCore::EventTarget::fireEventListeners (this=0x81a3648, event=0x81c6f70) at ../../../../WebCore/dom/EventTarget.cpp:297 #22 0x01d7c36d in WebCore::DOMWindow::dispatchEvent (this=0x81a3648, prpEvent=..., prpTarget=...) at ../../../../WebCore/page/DOMWindow.cpp:1337 #23 0x01d7bf30 in WebCore::DOMWindow::dispatchLoadEvent (this=0x81a3648) at ../../../../WebCore/page/DOMWindow.cpp:1291 #24 0x01ac1e9a in WebCore::Document::dispatchWindowLoadEvent (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:2904 #25 0x01abd49f in WebCore::Document::implicitClose (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:1730 #26 0x01d0eabe in WebCore::FrameLoader::checkCallImplicitClose (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:1169 #27 0x01d0e887 in WebCore::FrameLoader::checkCompleted (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:1117 #28 0x01d0e614 in WebCore::FrameLoader::finishedParsing (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:1056 #29 0x01ac74d7 in WebCore::Document::finishedParsing (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:4061 #30 0x01c6ee3d in WebCore::HTMLParser::finished (this=0x81b2708) at ../../../../WebCore/html/HTMLParser.cpp:1652 #31 0x01c8dc30 in WebCore::HTMLTokenizer::end (this=0x819d228) at ../../../../WebCore/html/HTMLTokenizer.cpp:1868 #32 0x01c8e0a1 in WebCore::HTMLTokenizer::finish (this=0x819d228) at ../../../../WebCore/html/HTMLTokenizer.cpp:1908 #33 0x01abdbc4 in WebCore::Document::finishParsing (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:1878 #34 0x01d0dd58 in WebCore::FrameLoader::endIfNotLoadingMainResource (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:959 #35 0x01d0dcb1 in WebCore::FrameLoader::end (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:944 #36 0x01cfb7aa in WebCore::DocumentLoader::finishedLoading (this=0x81a5758) at ../../../../WebCore/loader/DocumentLoader.cpp:330 #37 0x01d172eb in WebCore::FrameLoader::finishedLoading (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:2733 #38 0x01d3ceba in WebCore::MainResourceLoader::didFinishLoading (this=0x81a6338) at ../../../../WebCore/loader/MainResourceLoader.cpp:424 #39 0x01d48cfa in WebCore::ResourceLoader::didFinishLoading (this=0x81a6338) at ../../../../WebCore/loader/ResourceLoader.cpp:403 #40 0x01fda6ed in WebCore::QNetworkReplyHandler::finish (this=0x81a7440) at ../../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:245 #41 0x01fdc7c1 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x81a7440, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x81a6248) at ./moc_QNetworkReplyHandler.cpp:82 #42 0x00591fbb in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #43 0x0059c296 in QMetaCallEvent::placeMetaCall(QObject*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #44 0x0059e028 in QObject::event(QEvent*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #45 0x02aa354f in QApplicationPrivate::notify_helper (this=0x81307b0, receiver=0x81a7440, e=0x81a4188) at /var/tmp/qt-x11-src-4.6.0/src/gui/kernel/qapplication.cpp:4242 #46 0x02aa7711 in QApplication::notify (this=0xbffff6d4, receiver=0x81a7440, e=0x81a4188) at /var/tmp/qt-x11-src-4.6.0/src/gui/kernel/qapplication.cpp:3661 #47 0x0058b9db in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #48 0x0058c8fe in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #49 0x0058cbad in QCoreApplication::sendPostedEvents(QObject*, int) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #50 0x005b924f in postEventSourceDispatch(_GSource*, int (*)(void*), void*) (warning: (Internal error: pc 0x5b924e in read in psymtab, but not in symtab.) ) from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4 #51 0x00b9ee88 in g_main_context_dispatch (warning: (Internal error: pc 0xb9ee87 in read in psymtab, but not in symtab.) ) from /lib/libglib-2.0.so.0
Attachments
A reduction (154 bytes, text/html)
2010-01-09 08:41 PST, Jakub Wieczorek 		no flags
Details
Patch (1.31 KB, patch)
2010-05-10 10:38 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
Patch with test (2.33 KB, patch)
2010-05-10 10:53 PDT, Benjamin Poulain 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Jakub Wieczorek
Comment 1 2010-01-09 08:41:43 PST
Created attachment 46207 [details] A reduction Reproducable when selecting the text in the following example.
Tor Arne Vestbø
Comment 2 2010-03-10 06:28:08 PST
Please follow the QtWebKit bug reporting guidelines when reporting bugs. See http://trac.webkit.org/wiki/QtWebKitBugs Specifically: - The 'QtWebKit' component should only be used for bugs/features in the public QtWebKit API layer, not to signify that the bug is specific to the Qt port of WebKit http://trac.webkit.org/wiki/QtWebKitBugs#Component - Add the keyword 'Qt' to signal that it's a Qt-related bug http://trac.webkit.org/wiki/QtWebKitBugs#Keywords
Kent Hansen
Comment 3 2010-03-16 04:00:12 PDT
I'm not able to reproduce this on Mac with r55986, Qt 4.7.
Benjamin Poulain
Comment 4 2010-05-10 02:17:29 PDT
I don't have the problem with the reduction on 4.7. Is there anything special to do in order to reproduce the crash? Do you select all the text or a specific sub-string?
Jakub Wieczorek
Comment 5 2010-05-10 08:21:50 PDT
(In reply to comment #4) > I don't have the problem with the reduction on 4.7. I can still reproduce this with Qt 4.7 and WebKit trunk. My suspicion is that Kent and you are using a style that does not call the standard QCommonStyle's ::subControlRect() implementation in this case and at the same time does not trigger this crash. > Is there anything special to do in order to reproduce the crash? Do you select all the text or a specific sub-string? It's crashing right after I start the selection.
Benjamin Poulain
Comment 6 2010-05-10 08:28:36 PDT
(In reply to comment #5) > My suspicion is that Kent and you are using a style that does not call > the standard QCommonStyle's ::subControlRect() implementation in this case and at the same time does not trigger this crash. Which style are you using?
Jakub Wieczorek
Comment 7 2010-05-10 08:36:03 PDT
(In reply to comment #6) > (In reply to comment #5) > > My suspicion is that Kent and you are using a style that does not call > > the standard QCommonStyle's ::subControlRect() implementation in this case and at the same time does not trigger this crash. > > Which style are you using? I can reproduce this with QGtkStyle as well as pretty much any standard style included in Qt. I recall reproducing it with Oxygen in the past but I can't say for sure.
Jakub Wieczorek
Comment 8 2010-05-10 08:39:25 PDT
(In reply to comment #7) > I can reproduce this with QGtkStyle as well as pretty much any standard style included in Qt. I recall reproducing it with Oxygen in the past but I can't say for sure. OK, I checked Oxygen and it's not crashing.
Benjamin Poulain
Comment 9 2010-05-10 09:02:00 PDT
I am using Oxygen. Confirmed with plastique style: 0x00007ffff37e7461 in QCommonStyle::subControlRect (this=0x76ee60, cc=QStyle::CC_ScrollBar, opt=0x7ffff7dddae0, sc=QStyle::SC_ScrollBarGroove, widget=0x0) at /home/ikipou/dev/oslo-staging-1/src/gui/styles/qcommonstyle.cpp:3989 3989 sliderlen = (qint64(scrollbar->pageStep) * maxlen) / (range + scrollbar->pageStep); (gdb) print range $1 = 16 (gdb) print scrollbar->pageStep $2 = -16
Robert Hogan
Comment 10 2010-05-10 10:22:43 PDT
Forgot to mention the merge request here: http://qt.gitorious.org/qt/qt/merge_requests/2387 and also see Benjamin's comment there: "“Revise and resubmit” because this misses an autotest. I also don’t agree with the fix. since (scrollbar->maximum != scrollbar->minimum), range is Superior to 0. The way to have 0 for the denominator is to have scrollbar->pageStep equals -range. For me it looks like a wrong value to have QStyleOptionSlider with a negative page step."
Benjamin Poulain
Comment 11 2010-05-10 10:38:40 PDT
Created attachment 55567 [details] Patch Robert, If I understand correctly, there is already a test to reproduce the crash?
Robert Hogan
Comment 12 2010-05-10 10:44:08 PDT
(In reply to comment #11) > Created an attachment (id=55567) [details] > Patch > > Robert, If I understand correctly, there is already a test to reproduce the crash? Yup: fast/text/find-hidden-text.html ;-) That patch looks like a good spot!
Benjamin Poulain
Comment 13 2010-05-10 10:53:26 PDT
Created attachment 55570 [details] Patch with test > Yup: fast/text/find-hidden-text.html ;-) Arg, of course, it was carefully hidden in plain sight in the title :) Same patch, but remove the test from the skipped list.
Robert Hogan
Comment 14 2010-05-10 11:17:33 PDT
(In reply to comment #13) > Created an attachment (id=55570) [details] > Patch with test > > > Yup: fast/text/find-hidden-text.html ;-) > > Arg, of course, it was carefully hidden in plain sight in the title :) > Just like the fix. Shortly before your patch I looked up pageStep in WebCore and didn't blink when I saw opt.pageStep = scrollbar->visibleSize. Odd that so much of the scrollbars tests passed with that in there.
WebKit Commit Bot
Comment 15 2010-05-11 08:16:04 PDT
Comment on attachment 55570 [details] Patch with test Clearing flags on attachment: 55570 Committed r59151: <http://trac.webkit.org/changeset/59151>
WebKit Commit Bot
Comment 16 2010-05-11 08:16:10 PDT
All reviewed patches have been landed. Closing bug.
Simon Hausmann
Comment 17 2010-05-12 00:49:08 PDT
Revision r59151 cherry-picked into qtwebkit-2.0 with commit 4aa4ea037fc467194c16a4959caca96a8da4f412
Note You need to log in before you can comment on or make changes to this bug.