Bug 45363

Summary: [Qt] Crash when showing Flash content at staples.com...
Product: WebKit Reporter: Dawit A. <adawit>
Component: WebKit QtAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: ademar, girish, kling
Priority: P1 Keywords: Qt
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
Re-enable quirk on 64-bit (r=torarne) none

Dawit A.
Reported 2010-09-07 19:57:05 PDT
If you visit staples.com and find the link that says "Weekly Ads" and click on it sends you to a page that is mostly flash content. If this does not already crash your QtWebKit based browser, simply reloading the page should. Below is the back trace from QtTestBrowser (QtWebkit 2.1, webkit 533.3): #0 0xb3c52f37 in g_slice_alloc () from /usr/lib/libglib-2.0.so.0 #1 0xb3c535a5 in g_slice_alloc0 () from /usr/lib/libglib-2.0.so.0 #2 0xb3babac7 in g_type_create_instance () from /usr/lib/libgobject-2.0.so.0 #3 0xb3b8b3d5 in g_object_constructor () from /usr/lib/libgobject-2.0.so.0 #4 0xb3b8cbbc in g_object_newv () from /usr/lib/libgobject-2.0.so.0 #5 0xb3b8d9c0 in g_object_new () from /usr/lib/libgobject-2.0.so.0 #6 0xaddba46c in gtk_plug_new_for_display () from /usr/lib/libgtk-x11-2.0.so.0 #7 0xaddba4b6 in gtk_plug_new () from /usr/lib/libgtk-x11-2.0.so.0 #8 0xae0df1c7 in ?? () from /usr/lib/mozilla/plugins/libflashplayer.so #9 0xae0d6fe8 in ?? () from /usr/lib/mozilla/plugins/libflashplayer.so #10 0xae0da664 in ?? () from /usr/lib/mozilla/plugins/libflashplayer.so #11 0xb6e3170e in WebCore::PluginView::setNPWindowIfNeeded (this=0x8b1f7a8) at /usr/local/src/Misc/webkit/WebCore/plugins/qt/PluginViewQt.cpp:619 #12 0xb6e30055 in WebCore::PluginView::paint (this=0x8b1f7a8, context=0xbfffe068, rect=...) at /usr/local/src/Misc/webkit/WebCore/plugins/qt/PluginViewQt.cpp:249 #13 0xb6d61158 in WebCore::RenderWidget::paint (this=0x93d5c4c, paintInfo=..., tx=9, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderWidget.cpp:295 #14 0xb6cd390b in WebCore::RenderEmbeddedObject::paint (this=0x93d5c4c, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderEmbeddedObject.cpp:384 #15 0xb6c62788 in WebCore::InlineBox::paint (this=0x93d625c, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/InlineBox.cpp:180 #16 0xb6c67419 in WebCore::InlineFlowBox::paint (this=0x8d135ec, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/InlineFlowBox.cpp:696 #17 0xb6d673ba in WebCore::RootInlineBox::paint (this=0x8d135ec, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RootInlineBox.cpp:166 #18 0xb6d0407f in WebCore::RenderLineBoxList::paint (this=0x9183508, renderer=0x918349c, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderLineBoxList.cpp:220 #19 0xb6c7e57d in WebCore::RenderBlock::paintContents (this=0x918349c, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2094 #20 0xb6c7ed0b in WebCore::RenderBlock::paintObject (this=0x918349c, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2189 #21 0xb6c7de27 in WebCore::RenderBlock::paint (this=0x918349c, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:1985 #22 0xb6c7e857 in WebCore::RenderBlock::paintChildren (this=0x857e904, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2122 #23 0xb6c7e59f in WebCore::RenderBlock::paintContents (this=0x857e904, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2096 #24 0xb6c7ed0b in WebCore::RenderBlock::paintObject (this=0x857e904, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2189 #25 0xb6c7de27 in WebCore::RenderBlock::paint (this=0x857e904, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:1985 #26 0xb6c7e857 in WebCore::RenderBlock::paintChildren (this=0x878e0fc, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2122 #27 0xb6c7e59f in WebCore::RenderBlock::paintContents (this=0x878e0fc, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2096 #28 0xb6c7ed0b in WebCore::RenderBlock::paintObject (this=0x878e0fc, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2189 #29 0xb6c7de27 in WebCore::RenderBlock::paint (this=0x878e0fc, paintInfo=..., tx=0, ty=171) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:1985 #30 0xb6c7e857 in WebCore::RenderBlock::paintChildren (this=0x8aea7d4, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2122 #31 0xb6c7e59f in WebCore::RenderBlock::paintContents (this=0x8aea7d4, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2096 #32 0xb6c7ed0b in WebCore::RenderBlock::paintObject (this=0x8aea7d4, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2189 #33 0xb6c7de27 in WebCore::RenderBlock::paint (this=0x8aea7d4, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:1985 #34 0xb6c7e857 in WebCore::RenderBlock::paintChildren (this=0x8beb1fc, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2122 #35 0xb6c7e59f in WebCore::RenderBlock::paintContents (this=0x8beb1fc, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2096 #36 0xb6c7ed0b in WebCore::RenderBlock::paintObject (this=0x8beb1fc, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2189 #37 0xb6c7de27 in WebCore::RenderBlock::paint (this=0x8beb1fc, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:1985 #38 0xb6c7e857 in WebCore::RenderBlock::paintChildren (this=0x8c25d44, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2122 #39 0xb6c7e59f in WebCore::RenderBlock::paintContents (this=0x8c25d44, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2096 #40 0xb6c7ed0b in WebCore::RenderBlock::paintObject (this=0x8c25d44, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:2189 #41 0xb6c7de27 in WebCore::RenderBlock::paint (this=0x8c25d44, paintInfo=..., tx=0, ty=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderBlock.cpp:1985 #42 0xb6cf77c1 in WebCore::RenderLayer::paintLayer (this=0x8cec14c, rootLayer=0x940e5d4, p=0xbfffe068, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffdec4, paintFlags=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderLayer.cpp:2446 #43 0xb6cf7b8f in WebCore::RenderLayer::paintList (this=0x940e5d4, list=0x8dce9e0, rootLayer=0x940e5d4, p=0xbfffe068, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffdec4, paintFlags=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderLayer.cpp:2499 #44 0xb6cf7990 in WebCore::RenderLayer::paintLayer (this=0x940e5d4, rootLayer=0x940e5d4, p=0xbfffe068, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffdec4, paintFlags=0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderLayer.cpp:2467 #45 0xb6cf6b1d in WebCore::RenderLayer::paint (this=0x940e5d4, p=0xbfffe068, damageRect=..., paintBehavior=0, paintingRoot=0x0) at /usr/local/src/Misc/webkit/WebCore/rendering/RenderLayer.cpp:2252 #46 0xb6b87de7 in WebCore::FrameView::paintContents (this=0x9064f70, p=0xbfffe068, rect=...) at /usr/local/src/Misc/webkit/WebCore/page/FrameView.cpp:1936 #47 0xb6e02580 in QWebFramePrivate::renderRelativeCoords(WebCore::GraphicsContext*, QWebFrame::RenderLayer, QRegion const&) () from /usr/local/build/Misc/webkit/Debug/bin/../lib/libQtWebKit.so.4 #48 0xb6e04be2 in QWebFrame::render(QPainter*, QRegion const&) () from /usr/local/build/Misc/webkit/Debug/bin/../lib/libQtWebKit.so.4 #49 0xb6e1a9ac in QWebView::paintEvent (this=0x82924a8, ev=0xbfffe5f4) at /usr/local/src/Misc/webkit/WebKit/qt/Api/qwebview.cpp:940 #50 0xb479618e in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4 #51 0xb6e1a759 in QWebView::event (this=0x82924a8, e=0xbfffe5f4) at /usr/local/src/Misc/webkit/WebKit/qt/Api/qwebview.cpp:844 #52 0xb473ef14 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #53 0xb47431ab in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 ---Type <return> to continue, or q <return> to quit--- #54 0xb43e5f1b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #55 0xb4790de4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/libQtGui.so.4 #56 0xb495c8a5 in ?? () from /usr/lib/libQtGui.so.4 #57 0xb4787023 in QWidgetPrivate::syncBackingStore() () from /usr/lib/libQtGui.so.4 #58 0xb47967ed in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4 #59 0xb4b95887 in QMainWindow::event(QEvent*) () from /usr/lib/libQtGui.so.4 #60 0xb473ef14 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #61 0xb47431ab in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #62 0xb43e5f1b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #63 0xb43e9a11 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4 #64 0xb43e9bfd in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4 #65 0xb4410a2f in ?? () from /usr/lib/libQtCore.so.4 #66 0xb3c34f72 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #67 0xb3c35750 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #68 0xb3c35a04 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #69 0xadd816b4 in gtk_main_iteration () from /usr/lib/libgtk-x11-2.0.so.0 #70 0xae0e05dc in ?? () from /usr/lib/mozilla/plugins/libflashplayer.so #71 0xb3c366ac in g_timeout_dispatch () from /usr/lib/libglib-2.0.so.0 #72 0xb3c34f72 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #73 0xb3c35750 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #74 0xb3c35a04 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #75 0xb4410f57 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #76 0xb47eb135 in ?? () from /usr/lib/libQtGui.so.4 #77 0xb43e5169 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #78 0xb43e53da in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #79 0xb43e9cbf in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4 #80 0xb473c637 in QApplication::exec() () from /usr/lib/libQtGui.so.4 #81 0x0806a60b in launcherMain (app=...) at /usr/local/src/Misc/webkit/WebKitTools/QtTestBrowser/main.cpp:41 #82 0x0806be1a in main (argc=1, argv=0xbffff614) at /usr/local/src/Misc/webkit/WebKitTools/QtTestBrowser/main.cpp:226 A repeat of the the following message also preceeds the crash... (<unknown>:7561): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `(null)' (<unknown>:7561): GLib-GObject-CRITICAL **: g_signal_handlers_destroy: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed (<unknown>:7561): GLib-GObject-WARNING **: instance of invalid non-instantiatable type `(null)' (<unknown>:7561): GLib-GObject-CRITICAL **: g_signal_handlers_destroy: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed (<unknown>:7561): Gdk-CRITICAL **: gdk_window_get_origin: assertion `GDK_IS_WINDOW (window)' failed (<unknown>:7561): Gdk-WARNING **: gdkdrawable-x11.c:952 drawable is not a pixmap or window
Attachments
Re-enable quirk on 64-bit (r=torarne) (1.19 KB, patch)
2010-10-05 14:33 PDT, Andreas Kling 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dawit A.
Comment 1 2010-09-10 10:13:34 PDT
Changed the Importance to P2 and "Critical" since all the flash related crashes, which are the only kind I experienced in QtWebKit 2.1 so far, produce the same exact backtrace...
Girish Ramakrishnan
Comment 2 2010-09-23 10:33:50 PDT
See also https://bugs.webkit.org/show_bug.cgi?id=24002. We disabled resizing of windowed plugins for Flash <= 9. The crash here is for Flash 10. Maybe we should disable it here too? andreas kling mentioned that disabling it makes youtube not work. Makes me wonder how come youtube works with Flash 9 then. This crash is in 32-bit only.
Dawit A.
Comment 3 2010-09-27 06:02:51 PDT
(In reply to comment #2) > See also https://bugs.webkit.org/show_bug.cgi?id=24002. > > We disabled resizing of windowed plugins for Flash <= 9. The crash here is for Flash > 10. Maybe we should disable it here too? Yes, until a permanent fix is found we need this workaround in flash 10 as well. In addition to the crash, fullscreen mode is also completely screwed up for me without this workaround. > andreas kling mentioned that disabling it makes youtube not work. Makes me > wonder how come youtube works with Flash 9 then. Perhaps andreas meant that resizing youtube videos using the built-in controls inside the flash videos does not work properly ?? Otherwise, youtube definitely works for me with the workaround. The workaround also cause partial misrendering of the flash content in site I mentioned above, but that is far more preferable than a random crash as far as I am concerned... > This crash is in 32-bit only. That is a very curious... If the crash is related to what Kenneth mentioned in bug 24002, then I fail to see why it should limited to 32-bit only systems.
Dawit A.
Comment 4 2010-10-01 11:40:15 PDT
Fixed with the same workaround as Flash 9 or older. See http://trac.webkit.org/changeset/68381
Dawit A.
Comment 5 2010-10-05 08:55:59 PDT
Reopening because it still crashes on my x86-64 box with the prerelease 64-bit flashplayer plugin from Adobe. The workaround applied for 32-bit systems with the 68381 changeset, http://trac.webkit.org/changeset/68381, fixes the problem.
Andreas Kling
Comment 6 2010-10-05 14:08:27 PDT
(In reply to comment #3) > Perhaps andreas meant that resizing youtube videos using the built-in controls inside the flash videos does not work properly ?? Yup, that is exactly what I was talking about. Apart from that it works and plays videos just fine.
Andreas Kling
Comment 7 2010-10-05 14:33:22 PDT
Created attachment 69848 [details] Re-enable quirk on 64-bit (r=torarne)
Andreas Kling
Comment 8 2010-10-05 14:42:00 PDT
Committed r69149: <http://trac.webkit.org/changeset/69149>
Ademar Reis
Comment 9 2010-10-21 14:16:08 PDT
I was about to cherry-pick the fix for bug 47545 and notice this one should be cherry-picked as well. It's a low risk change and will add consistency to our behavior regarding the flash plugin.
Ademar Reis
Comment 10 2010-10-22 05:39:56 PDT
Revision r69149 cherry-picked into qtwebkit-2.1 with commit 5afae7a <http://gitorious.org/webkit/qtwebkit/commit/5afae7a>
Note You need to log in before you can comment on or make changes to this bug.