Bug 72285

Summary: [Qt] Crash when visiting certain websites.
Product: WebKit Reporter: Dawit A. <adawit>
Component: WebKit QtAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: aaronek, robert, sriram.neelakandan, whatwhatwho
Priority: P1 Keywords: Qt
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 68616    
Attachments:
Description Flags
Crash log none

Dawit A.
Reported 2011-11-14 10:19:26 PST
Visiting http://www.daniweb.com/software-development/assembly/threads/306415 or http://www.daniweb.com/software-development/shell-scripting/threads/2805 causes QtTestBrowser from 2.2 git branch to SEGFAULT. I do not have a debug build of QtWebKit so the backtrace I post here would be useless since it would not show any line numbers, but you should be able to reproduce the crash. This crash was first reported downstream. See https://bugs.kde.org/show_bug.cgi?id=285050.
Attachments
Crash log (81.95 KB, text/plain)
2011-11-14 10:24 PST, Dawit A. 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Dawit A.
Comment 1 2011-11-14 10:24:59 PST
Created attachment 114976 [details] Crash log Not that useful backtrace, but a backtrace nonetheless, from QtTestBrowser run through gdb.
Dawit A.
Comment 2 2011-12-10 08:59:19 PST
Here is the backtrace from QtTestBrowser in qtwebkit-2.2-devel branch: #0 0x00007ffff608fa4d in WebCore::requiresLineBox (it=..., lineInfo=...) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1485 #1 0x00007ffff608fe23 in WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace (this=0x7fffffffb6a0, resolver=..., lineInfo=..., lastFloatFromPreviousLine=0x0, width=...) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1528 #2 0x00007ffff60911bc in WebCore::RenderBlock::LineBreaker::nextLineBreak (this=0x7fffffffb6a0, resolver=..., lineInfo=..., lineBreakIteratorInfo=..., lastFloatFromPreviousLine=0x0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1826 #3 0x00007ffff608c405 in WebCore::RenderBlock::layoutRunsAndFloats (this=0x10e0458, fullLayout=false, hasInlineChild=true, floats=..., repaintLogicalTop=@0x7fffffffbbfc, repaintLogicalBottom=@0x7fffffffbbf8) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:915 #4 0x00007ffff608deac in WebCore::RenderBlock::layoutInlineChildren (this=0x10e0458, relayoutChildren=false, repaintLogicalTop=@0x7fffffffbbfc, repaintLogicalBottom=@0x7fffffffbbf8) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1164 #5 0x00007ffff60548cd in WebCore::RenderBlock::layoutBlock (this=0x10e0458, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1251 #6 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0x10e0458) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #7 0x00007ffff6057d84 in WebCore::RenderBlock::layoutBlockChild (this=0xd26f28, child=0x10e0458, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffbecc, maxFloatLogicalBottom=@0x7fffffffc024) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1991 #8 0x00007ffff605796b in WebCore::RenderBlock::layoutBlockChildren (this=0xd26f28, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffc024) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1929 #9 0x00007ffff60548ee in WebCore::RenderBlock::layoutBlock (this=0xd26f28, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1253 #10 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0xd26f28) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #11 0x00007ffff6057d84 in WebCore::RenderBlock::layoutBlockChild (this=0x8c22f8, child=0xd26f28, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffc2fc, maxFloatLogicalBottom=@0x7fffffffc454) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1991 #12 0x00007ffff605796b in WebCore::RenderBlock::layoutBlockChildren (this=0x8c22f8, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffc454) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1929 #13 0x00007ffff60548ee in WebCore::RenderBlock::layoutBlock (this=0x8c22f8, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1253 #14 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0x8c22f8) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #15 0x00007ffff6057d84 in WebCore::RenderBlock::layoutBlockChild (this=0x940008, child=0x8c22f8, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffc72c, maxFloatLogicalBottom=@0x7fffffffc884) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1991 #16 0x00007ffff605796b in WebCore::RenderBlock::layoutBlockChildren (this=0x940008, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffc884) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1929 #17 0x00007ffff60548ee in WebCore::RenderBlock::layoutBlock (this=0x940008, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1253 #18 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0x940008) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #19 0x00007ffff616f04b in WebCore::RenderView::layout (this=0x940008) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderView.cpp:130 #20 0x00007ffff5f47bc6 in WebCore::FrameView::layout (this=0x8e7f50, allowSubtree=true) at /usr/local/src/Misc/webkit/Source/WebCore/page/FrameView.cpp:964 #21 0x00007ffff5f4daaf in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x8e7f50) at /usr/local/src/Misc/webkit/Source/WebCore/page/FrameView.cpp:2491 #22 0x00007ffff59d60c6 in QWebFramePrivate::renderRelativeCoords (this=0x9cab20, context=0x7fffffffcdb0, layers=..., clip=...) at /usr/local/src/Misc/webkit/Source/WebKit/qt/Api/qwebframe.cpp:357 #23 0x00007ffff59d9635 in QWebFrame::render (this=0x9cb160, painter=0x7fffffffce80, clip=...) at /usr/local/src/Misc/webkit/Source/WebKit/qt/Api/qwebframe.cpp:1233 #24 0x00007ffff59fe170 in QWebView::paintEvent (this=0x8a1960, ev=0x7fffffffd490) at /usr/local/src/Misc/webkit/Source/WebKit/qt/Api/qwebview.cpp:961 #25 0x00007ffff2de30ac in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4 #26 0x00007ffff59fdee4 in QWebView::event (this=0x8a1960, e=0x7fffffffd490) at /usr/local/src/Misc/webkit/Source/WebKit/qt/Api/qwebview.cpp:865 #27 0x00007ffff2d92ae4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #28 0x00007ffff2d97951 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #29 0x00007ffff257189c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #30 0x00007ffff2ddffe4 in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) () from /usr/lib/libQtGui.so.4 #31 0x00007ffff2f9f1d6 in ?? () from /usr/lib/libQtGui.so.4 #32 0x00007ffff2dd6840 in QWidgetPrivate::syncBackingStore() () from /usr/lib/libQtGui.so.4 #33 0x00007ffff2de35bc in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4 #34 0x00007ffff31a0d7b in QMainWindow::event(QEvent*) () from /usr/lib/libQtGui.so.4 #35 0x00007ffff2d92ae4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #36 0x00007ffff2d97951 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #37 0x00007ffff257189c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #38 0x00007ffff2574c2f in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4 #39 0x00007ffff259c1a3 in ?? () from /usr/lib/libQtCore.so.4 #40 0x00007ffff044484d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #41 0x00007ffff0445048 in ?? () from /usr/lib/libglib-2.0.so.0 #42 0x00007ffff0445219 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #43 0x00007ffff259c606 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #44 0x00007ffff2e35eee in ?? () from /usr/lib/libQtGui.so.4 #45 0x00007ffff2570a92 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #46 0x00007ffff2570c97 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #47 0x00007ffff2574eab in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4 #48 0x000000000043007c in launcherMain (app=...) at /usr/local/src/Misc/webkit/Tools/QtTestBrowser/main.cpp:101 #49 0x00000000004322b6 in main (argc=1, argv=0x7fffffffe628) at /usr/local/src/Misc/webkit/Tools/QtTestBrowser/main.cpp:359
Dawit A.
Comment 3 2011-12-10 09:08:42 PST
A crash on a second site, http://einestages.spiegel.de/static/topicalbumbackground/24067/teure_putzaktion.html, that produces the same backtrace was reported downstream. See https://bugs.kde.org/show_bug.cgi?id=288631 and the backtrace using QtTestBrowser from qtwebkit-2.2-devel git branch: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff608fa4d in WebCore::requiresLineBox (it=..., lineInfo=...) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1485 1485 if (it.m_obj->isRenderInline() && !inlineFlowRequiresLineBox(toRenderInline(it.m_obj))) (gdb) bt #0 0x00007ffff608fa4d in WebCore::requiresLineBox (it=..., lineInfo=...) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1485 #1 0x00007ffff608fe23 in WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace (this=0x7fffffff9830, resolver=..., lineInfo=..., lastFloatFromPreviousLine=0x11d0ee0, width=...) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1528 #2 0x00007ffff60911bc in WebCore::RenderBlock::LineBreaker::nextLineBreak (this=0x7fffffff9830, resolver=..., lineInfo=..., lineBreakIteratorInfo=..., lastFloatFromPreviousLine=0x11d0ee0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1826 #3 0x00007ffff608c405 in WebCore::RenderBlock::layoutRunsAndFloats (this=0x10f2908, fullLayout=false, hasInlineChild=true, floats=..., repaintLogicalTop=@0x7fffffff9d8c, repaintLogicalBottom=@0x7fffffff9d88) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:915 #4 0x00007ffff608deac in WebCore::RenderBlock::layoutInlineChildren (this=0x10f2908, relayoutChildren=false, repaintLogicalTop=@0x7fffffff9d8c, repaintLogicalBottom=@0x7fffffff9d88) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlockLineLayout.cpp:1164 #5 0x00007ffff60548cd in WebCore::RenderBlock::layoutBlock (this=0x10f2908, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1251 #6 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0x10f2908) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #7 0x00007ffff6057d84 in WebCore::RenderBlock::layoutBlockChild (this=0xc52168, child=0x10f2908, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffa05c, maxFloatLogicalBottom=@0x7fffffffa1b4) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1991 #8 0x00007ffff605796b in WebCore::RenderBlock::layoutBlockChildren (this=0xc52168, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffa1b4) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1929 #9 0x00007ffff60548ee in WebCore::RenderBlock::layoutBlock (this=0xc52168, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1253 #10 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0xc52168) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #11 0x00007ffff6057d84 in WebCore::RenderBlock::layoutBlockChild (this=0x9c1508, child=0xc52168, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffa48c, maxFloatLogicalBottom=@0x7fffffffa5e4) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1991 #12 0x00007ffff605796b in WebCore::RenderBlock::layoutBlockChildren (this=0x9c1508, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffa5e4) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1929 #13 0x00007ffff60548ee in WebCore::RenderBlock::layoutBlock (this=0x9c1508, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1253 #14 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0x9c1508) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #15 0x00007ffff6057d84 in WebCore::RenderBlock::layoutBlockChild (this=0x9afaf8, child=0x9c1508, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffa8bc, maxFloatLogicalBottom=@0x7fffffffaa14) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1991 #16 0x00007ffff605796b in WebCore::RenderBlock::layoutBlockChildren (this=0x9afaf8, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffaa14) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1929 #17 0x00007ffff60548ee in WebCore::RenderBlock::layoutBlock (this=0x9afaf8, relayoutChildren=false, pageLogicalHeight=0) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1253 #18 0x00007ffff6054200 in WebCore::RenderBlock::layout (this=0x9afaf8) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderBlock.cpp:1149 #19 0x00007ffff616f04b in WebCore::RenderView::layout (this=0x9afaf8) at /usr/local/src/Misc/webkit/Source/WebCore/rendering/RenderView.cpp:130 #20 0x00007ffff5f47bc6 in WebCore::FrameView::layout (this=0x94b1f0, allowSubtree=true) at /usr/local/src/Misc/webkit/Source/WebCore/page/FrameView.cpp:964 #21 0x00007ffff5bd58f9 in WebCore::Document::updateLayout (this=0xaa09d0) at /usr/local/src/Misc/webkit/Source/WebCore/dom/Document.cpp:1580 #22 0x00007ffff5bd59da in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0xaa09d0) at /usr/local/src/Misc/webkit/Source/WebCore/dom/Document.cpp:1611 #23 0x00007ffff5afc253 in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue (this=0x1243dd0, propertyID=1001, updateLayout=WebCore::UpdateLayout) at /usr/local/src/Misc/webkit/Source/WebCore/css/CSSComputedStyleDeclaration.cpp:803 #24 0x00007ffff5afaab9 in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue (this=0x1243dd0, propertyID=1001) at /usr/local/src/Misc/webkit/Source/WebCore/css/CSSComputedStyleDeclaration.cpp:675 #25 0x00007ffff5b07582 in WebCore::CSSComputedStyleDeclaration::getPropertyValue (this=0x1243dd0, propertyID=1001) at /usr/local/src/Misc/webkit/Source/WebCore/css/CSSComputedStyleDeclaration.cpp:1819 #26 0x00007ffff5b5e88b in WebCore::CSSStyleDeclaration::getPropertyValue (this=0x1243dd0, propertyName=...) at /usr/local/src/Misc/webkit/Source/WebCore/css/CSSStyleDeclaration.cpp:77 #27 0x00007ffff56c9ab8 in WebCore::jsCSSStyleDeclarationPrototypeFunctionGetPropertyValue (exec=0x7fff9f666d68) at ../../WebCore/generated/JSCSSStyleDeclaration.cpp:295 #28 0x00007fff9fa661e8 in ?? () #29 0x00007fffffffcc20 in ?? () #30 0x00007fff9facb180 in ?? () #31 0x00007fffffffcbb0 in ?? () #32 0x00007fff981b53b0 in ?? () #33 0x0000000001181458 in ?? () #34 0x0000000001181410 in ?? () #35 0x00007fff9fb24317 in ?? () #36 0x00007fff00000010 in ?? () #37 0x00007fffffffcbe0 in ?? () #38 0x00007ffff5696ef5 in JSC::JSValue::decode (ptr=0x7fffffffd3b0) at /usr/local/src/Misc/webkit/Source/JavaScriptCore/runtime/JSValueInlineMethods.h:369 #39 0x00007ffff661b0de in JSC::JITCode::execute (this=0x7fff9dee7768, registerFile=0x903c28, callFrame=0x7fff9f666048, globalData=0xa5a390) at /usr/local/src/Misc/webkit/Source/JavaScriptCore/jit/JITCode.h:77 #40 0x00007ffff6617dae in JSC::Interpreter::executeCall (this=0x903c10, callFrame=0x7ffff7e141d8, function=0x7fff98277490, callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at /usr/local/src/Misc/webkit/Source/JavaScriptCore/interpreter/Interpreter.cpp:838 #41 0x00007ffff66461b3 in JSC::call (exec=0x7ffff7e141d8, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at /usr/local/src/Misc/webkit/Source/JavaScriptCore/runtime/CallData.cpp:38 #42 0x00007ffff5a5de5c in WebCore::JSMainThreadExecState::call (exec=0x7ffff7e141d8, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) ---Type <return> to continue, or q <return> to quit--- at /usr/local/src/Misc/webkit/Source/WebCore/bindings/js/JSMainThreadExecState.h:48 #43 0x00007ffff5a840a5 in WebCore::JSEventListener::handleEvent (this=0xe5fe10, scriptExecutionContext=0xaa0ae8, event=0x11e55f0) at /usr/local/src/Misc/webkit/Source/WebCore/bindings/js/JSEventListener.cpp:128 #44 0x00007ffff5c24236 in WebCore::EventTarget::fireEventListeners (this=0xaa09d0, event=0x11e55f0, d=0xc96570, entry=...) at /usr/local/src/Misc/webkit/Source/WebCore/dom/EventTarget.cpp:360 #45 0x00007ffff5c2409d in WebCore::EventTarget::fireEventListeners (this=0xaa09d0, event=0x11e55f0) at /usr/local/src/Misc/webkit/Source/WebCore/dom/EventTarget.cpp:329 #46 0x00007ffff5c43515 in WebCore::Node::handleLocalEvents (this=0xaa09d0, event=0x11e55f0) at /usr/local/src/Misc/webkit/Source/WebCore/dom/Node.cpp:2808 #47 0x00007ffff5c1f912 in WebCore::EventDispatcher::dispatchEvent (this=0x7fffffffd3b0, event=...) at /usr/local/src/Misc/webkit/Source/WebCore/dom/EventDispatcher.cpp:306 #48 0x00007ffff5c1ddc6 in WebCore::EventDispatchMediator::dispatchEvent (this=0x7fffffffd420, dispatcher=0x7fffffffd3b0) at /usr/local/src/Misc/webkit/Source/WebCore/dom/Event.cpp:313 #49 0x00007ffff5c1e277 in WebCore::EventDispatcher::dispatchEvent (node=0xaa09d0, mediator=...) at /usr/local/src/Misc/webkit/Source/WebCore/dom/EventDispatcher.cpp:53 #50 0x00007ffff5c435cc in WebCore::Node::dispatchEvent (this=0xaa09d0, event=...) at /usr/local/src/Misc/webkit/Source/WebCore/dom/Node.cpp:2818 #51 0x00007ffff5be0a67 in WebCore::Document::finishedParsing (this=0xaa09d0) at /usr/local/src/Misc/webkit/Source/WebCore/dom/Document.cpp:4222 #52 0x00007ffff5ddecac in WebCore::HTMLTreeBuilder::finished (this=0x9c0f30) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2820 #53 0x00007ffff5db7656 in WebCore::HTMLDocumentParser::end (this=0xab84f0) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:378 #54 0x00007ffff5db7753 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0xab84f0) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:387 #55 0x00007ffff5db66d8 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0xab84f0) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:151 #56 0x00007ffff5db780a in WebCore::HTMLDocumentParser::endIfDelayed (this=0xab84f0) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:412 #57 0x00007ffff5db7ae3 in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0xab84f0) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:480 #58 0x00007ffff5db7df5 in WebCore::HTMLDocumentParser::notifyFinished (this=0xab84f0, cachedResource=0xd8c6e0) at /usr/local/src/Misc/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:524 #59 0x00007ffff5e795ed in WebCore::CachedResource::checkNotify (this=0xd8c6e0) at /usr/local/src/Misc/webkit/Source/WebCore/loader/cache/CachedResource.cpp:144 #60 0x00007ffff5e80253 in WebCore::CachedScript::data (this=0xd8c6e0, data=..., allDataReceived=true) at /usr/local/src/Misc/webkit/Source/WebCore/loader/cache/CachedScript.cpp:104 #61 0x00007ffff64cdd5d in WebCore::CachedResourceRequest::didFinishLoading (this=0xd8caf0, loader=0xd915c0) at /usr/local/src/Misc/webkit/Source/WebCore/loader/cache/CachedResourceRequest.cpp:166 #62 0x00007ffff5eda9e4 in WebCore::SubresourceLoader::didFinishLoading (this=0xd915c0, finishTime=0) at /usr/local/src/Misc/webkit/Source/WebCore/loader/SubresourceLoader.cpp:196 #63 0x00007ffff5ed11db in WebCore::ResourceLoader::didFinishLoading (this=0xd915c0, finishTime=0) at /usr/local/src/Misc/webkit/Source/WebCore/loader/ResourceLoader.cpp:436 #64 0x00007ffff61c407f in WebCore::QNetworkReplyHandler::finish (this=0xd92480) at /usr/local/src/Misc/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:459 #65 0x00007ffff61c267d in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0xd924b8) at /usr/local/src/Misc/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:196 #66 0x00007ffff61c2563 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0xd924b8, method= (void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7ffff61c3d8e <WebCore::QNetworkReplyHandler::finish()>) at /usr/local/src/Misc/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:165 #67 0x00007ffff61c375a in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0xd8f780) at /usr/local/src/Misc/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:353 #68 0x00007ffff61c6938 in WebCore::QNetworkReplyWrapper::qt_metacall (this=0xd8f780, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffda90) at ./moc_QNetworkReplyHandler.cpp:80 #69 0x00007ffff25845ea in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4 #70 0x00007ffff2924b14 in ?? () from /usr/lib/libQtNetwork.so.4 #71 0x00007ffff290d161 in ?? () from /usr/lib/libQtNetwork.so.4 #72 0x00007ffff292314d in ?? () from /usr/lib/libQtNetwork.so.4 #73 0x00007ffff29231a1 in ?? () from /usr/lib/libQtNetwork.so.4 #74 0x00007ffff2d92ae4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #75 0x00007ffff2d97951 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #76 0x00007ffff257189c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #77 0x00007ffff2574c2f in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4 #78 0x00007ffff259c1a3 in ?? () from /usr/lib/libQtCore.so.4 #79 0x00007ffff044484d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #80 0x00007ffff0445048 in ?? () from /usr/lib/libglib-2.0.so.0 #81 0x00007ffff0445219 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #82 0x00007ffff259c606 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #83 0x00007ffff2e35eee in ?? () from /usr/lib/libQtGui.so.4 #84 0x00007ffff2570a92 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #85 0x00007ffff2570c97 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #86 0x00007ffff2574eab in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4 #87 0x000000000043007c in launcherMain (app=...) at /usr/local/src/Misc/webkit/Tools/QtTestBrowser/main.cpp:101 #88 0x00000000004322b6 in main (argc=1, argv=0x7fffffffe628) at /usr/local/src/Misc/webkit/Tools/QtTestBrowser/main.cpp:359
Sriram Neelakandan
Comment 4 2012-01-12 04:36:20 PST
The Crash is consistent even in Qt-4.8-RELEASE Crash is present in 4.8.0-release-Webkit (internally packaged) The Previous 2-3 urls mentioned as well Another URL: http://www.brainyquote.com/quotes/authors/a/atal_bihari_vajpayee.html #0 0x00007ffff6b39c6a in WebCore::requiresLineBox (it=..., lineInfo=...) at rendering/RenderBlockLineLayout.cpp:1485 #1 0x00007ffff6b39fe9 in WebCore::RenderBlock::LineBreaker::skipLeadingWhitespace (this=0x7fffffff88e0, resolver=..., lineInfo=..., lastFloatFromPreviousLine=0x0, width=...) at rendering/RenderBlockLineLayout.cpp:1529 #2 0x00007ffff6b3afe2 in WebCore::RenderBlock::LineBreaker::nextLineBreak (this=0x7fffffff88e0, resolver=..., lineInfo=..., lineBreakIteratorInfo=..., lastFloatFromPreviousLine=0x0) at rendering/RenderBlockLineLayout.cpp:1827 #3 0x00007ffff6b369c5 in WebCore::RenderBlock::layoutRunsAndFloats (this=0x7fffea510120, fullLayout=false, hasInlineChild=true, floats=..., repaintLogicalTop=@0x7fffffff8e3c, repaintLogicalBottom=@0x7fffffff8e38) at rendering/RenderBlockLineLayout.cpp:915 #4 0x00007ffff6b382a2 in WebCore::RenderBlock::layoutInlineChildren (this=0x7fffea510120, relayoutChildren=false, repaintLogicalTop=@0x7fffffff8e3c, repaintLogicalBottom= @0x7fffffff8e38) at rendering/RenderBlockLineLayout.cpp:1164 #5 0x00007ffff6b08601 in WebCore::RenderBlock::layoutBlock (this=0x7fffea510120, relayoutChildren=false, pageLogicalHeight=0) at rendering/RenderBlock.cpp:1260 #6 0x00007ffff6b07f76 in WebCore::RenderBlock::layout (this=0x7fffea510120) at rendering/RenderBlock.cpp:1158 #7 0x00007ffff6b0baa3 in WebCore::RenderBlock::layoutBlockChild (this=0x7fffe01e6d18, child=0x7fffea510120, marginInfo=..., previousFloatLogicalBottom=@0x7fffffff90cc, maxFloatLogicalBottom=@0x7fffffff9224) at rendering/RenderBlock.cpp:2000 #8 0x00007ffff6b0b6d9 in WebCore::RenderBlock::layoutBlockChildren (this=0x7fffe01e6d18, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffff9224) at rendering/RenderBlock.cpp:1938 #9 0x00007ffff6b08622 in WebCore::RenderBlock::layoutBlock (this=0x7fffe01e6d18, relayoutChildren=false, pageLogicalHeight=0) at rendering/RenderBlock.cpp:1262 #10 0x00007ffff6b07f76 in WebCore::RenderBlock::layout (this=0x7fffe01e6d18) at rendering/RenderBlock.cpp:1158 #11 0x00007ffff6b012f7 in WebCore::RenderObject::layoutIfNeeded (this=0x7fffe01e6d18) at rendering/RenderObject.h:539 #12 0x00007ffff6b12020 in WebCore::RenderBlock::insertFloatingObject (this=0x7fffe01e6218, o=0x7fffe01e6d18) at rendering/RenderBlock.cpp:3169 #13 0x00007ffff6b09c3f in WebCore::RenderBlock::handleFloatingChild (this=0x7fffe01e6218, child=0x7fffe01e6d18, marginInfo=...) at rendering/RenderBlock.cpp:1530 #14 0x00007ffff6b09b7a in WebCore::RenderBlock::handleSpecialChild (this=0x7fffe01e6218, child=0x7fffe01e6d18, marginInfo=...) at rendering/RenderBlock.cpp:1512 #15 0x00007ffff6b0b6a7 in WebCore::RenderBlock::layoutBlockChildren (this=0x7fffe01e6218, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffff9684) at rendering/RenderBlock.cpp:1934 #16 0x00007ffff6b08622 in WebCore::RenderBlock::layoutBlock (this=0x7fffe01e6218, relayoutChildren=false, pageLogicalHeight=0) at rendering/RenderBlock.cpp:1262 #17 0x00007ffff6b07f76 in WebCore::RenderBlock::layout (this=0x7fffe01e6218) at rendering/RenderBlock.cpp:1158 #18 0x00007ffff6b0baa3 in WebCore::RenderBlock::layoutBlockChild (this=0x7fffe053f6c8, child=0x7fffe01e6218, marginInfo=..., previousFloatLogicalBottom=@0x7fffffff991c, maxFloatLogicalBottom=@0x7fffffff9a74) at rendering/RenderBlock.cpp:2000 #19 0x00007ffff6b0b6d9 in WebCore::RenderBlock::layoutBlockChildren (this=0x7fffe053f6c8, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffff9a74) at rendering/RenderBlock.cpp:1938 #20 0x00007ffff6b08622 in WebCore::RenderBlock::layoutBlock (this=0x7fffe053f6c8, relayoutChildren=false, pageLogicalHeight=0) at rendering/RenderBlock.cpp:1262 #21 0x00007ffff6b07f76 in WebCore::RenderBlock::layout (this=0x7fffe053f6c8) at rendering/RenderBlock.cpp:1158 #22 0x00007ffff6b0baa3 in WebCore::RenderBlock::layoutBlockChild (this=0x7fffe053f498, child=0x7fffe053f6c8, marginInfo=..., previousFloatLogicalBottom=@0x7fffffff9d0c, maxFloatLogicalBottom=@0x7fffffff9e64) at rendering/RenderBlock.cpp:2000 #23 0x00007ffff6b0b6d9 in WebCore::RenderBlock::layoutBlockChildren (this=0x7fffe053f498, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffff9e64) at rendering/RenderBlock.cpp:1938 #24 0x00007ffff6b08622 in WebCore::RenderBlock::layoutBlock (this=0x7fffe053f498, relayoutChildren=false, pageLogicalHeight=0) at rendering/RenderBlock.cpp:1262 #25 0x00007ffff6b07f76 in WebCore::RenderBlock::layout (this=0x7fffe053f498) at rendering/RenderBlock.cpp:1158 #26 0x00007ffff6b0baa3 in WebCore::RenderBlock::layoutBlockChild (this=0x7fffe053f220, child=0x7fffe053f498, marginInfo=..., previousFloatLogicalBottom=@0x7fffffffa0fc, maxFloatLogicalBottom=@0x7fffffffa254) at rendering/RenderBlock.cpp:2000 #27 0x00007ffff6b0b6d9 in WebCore::RenderBlock::layoutBlockChildren (this=0x7fffe053f220, relayoutChildren=false, maxFloatLogicalBottom=@0x7fffffffa254) at rendering/RenderBlock.cpp:1938 #28 0x00007ffff6b08622 in WebCore::RenderBlock::layoutBlock (this=0x7fffe053f220, relayoutChildren=false, pageLogicalHeight=0) at rendering/RenderBlock.cpp:1262 #29 0x00007ffff6b07f76 in WebCore::RenderBlock::layout (this=0x7fffe053f220) at rendering/RenderBlock.cpp:1158 #30 0x00007ffff6c0345a in WebCore::RenderView::layout (this=0x7fffe053f220) at rendering/RenderView.cpp:130 #31 0x00007ffff6a41c57 in WebCore::FrameView::layout (this=0x7fffea50ab80, allowSubtree=true) at page/FrameView.cpp:964 #32 0x00007ffff6a47334 in WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x7fffea50ab80) at page/FrameView.cpp:2491 #33 0x00007ffff65ffb32 in QWebFramePrivate::renderRelativeCoords (this=0x7fffe4002d10, context=0x7fffffffa750, layers=..., clip=...) at Api/qwebframe.cpp:357 ---Type <return> to continue, or q <return> to quit--- #34 0x00007ffff6602920 in QWebFrame::render (this=0x7fffe4002c30, painter=0x7fffffffa820, clip=...) at Api/qwebframe.cpp:1233 #35 0x00007ffff66223ab in QWebView::paintEvent (this=0x7e92b0, ev=0x7fffffffb270) at Api/qwebview.cpp:961 #36 0x00007ffff5144b4f in QWidget::event (this=0x7e92b0, event=0x7fffffffb270) at kernel/qwidget.cpp:8507 #37 0x00007ffff662213a in QWebView::event (this=0x7e92b0, e=0x7fffffffb270) at Api/qwebview.cpp:865 #38 0x00007ffff50ec526 in QApplicationPrivate::notify_helper (this=0x6a33b0, receiver=0x7e92b0, e=0x7fffffffb270) at kernel/qapplication.cpp:4550 #39 0x00007ffff50ec387 in QApplication::notify (this=0x7fffffffd700, receiver=0x7e92b0, e=0x7fffffffb270) at kernel/qapplication.cpp:4515 #40 0x00007ffff46deb55 in QCoreApplication::notifyInternal (this=0x7fffffffd700, receiver=0x7e92b0, event=0x7fffffffb270) at kernel/qcoreapplication.cpp:876 #41 0x00007ffff50ee5cb in QCoreApplication::sendSpontaneousEvent (receiver=0x7e92b0, event=0x7fffffffb270) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234 #42 0x00007ffff513cf4a in QWidgetPrivate::drawWidget (this=0x7e9310, pdev=0x7f5298, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5584 #43 0x00007ffff513de16 in QWidgetPrivate::paintSiblingsRecursive (this=0x737870, pdev=0x7f5298, siblings=..., index=0, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5793 #44 0x00007ffff513d36e in QWidgetPrivate::drawWidget (this=0x737870, pdev=0x7f5298, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5637 #45 0x00007ffff513de16 in QWidgetPrivate::paintSiblingsRecursive (this=0x71b120, pdev=0x7f5298, siblings=..., index=0, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5793 #46 0x00007ffff513dc9a in QWidgetPrivate::paintSiblingsRecursive (this=0x71b120, pdev=0x7f5298, siblings=..., index=0, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5780 #47 0x00007ffff513d36e in QWidgetPrivate::drawWidget (this=0x71b120, pdev=0x7f5298, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5637 #48 0x00007ffff513de16 in QWidgetPrivate::paintSiblingsRecursive (this=0x7934f0, pdev=0x7f5298, siblings=..., index=0, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5793 #49 0x00007ffff513d36e in QWidgetPrivate::drawWidget (this=0x7934f0, pdev=0x7f5298, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5637 #50 0x00007ffff513de16 in QWidgetPrivate::paintSiblingsRecursive (this=0x736a00, pdev=0x7f5298, siblings=..., index=21, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5793 #51 0x00007ffff513dc9a in QWidgetPrivate::paintSiblingsRecursive (this=0x736a00, pdev=0x7f5298, siblings=..., index=22, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5780 #52 0x00007ffff513d36e in QWidgetPrivate::drawWidget (this=0x736a00, pdev=0x7f5298, rgn=..., offset=..., flags=5, sharedPainter=0x0, backingStore=0x7f5220) at kernel/qwidget.cpp:5637 #53 0x00007ffff5348888 in QWidgetBackingStore::sync (this=0x7f5220) at painting/qbackingstore.cpp:1373 #54 0x00007ffff5134657 in QWidgetPrivate::syncBackingStore (this=0x736a00) at kernel/qwidget.cpp:1890 #55 0x00007ffff5145126 in QWidget::event (this=0x735fd0, event=0x9aa7b0) at kernel/qwidget.cpp:8654 #56 0x00007ffff559acd0 in QMainWindow::event (this=0x735fd0, event=0x9aa7b0) at widgets/qmainwindow.cpp:1478 #57 0x00007ffff50ec526 in QApplicationPrivate::notify_helper (this=0x6a33b0, receiver=0x735fd0, e=0x9aa7b0) at kernel/qapplication.cpp:4550 #58 0x00007ffff50ec387 in QApplication::notify (this=0x7fffffffd700, receiver=0x735fd0, e=0x9aa7b0) at kernel/qapplication.cpp:4515 #59 0x00007ffff46deb55 in QCoreApplication::notifyInternal (this=0x7fffffffd700, receiver=0x735fd0, event=0x9aa7b0) at kernel/qcoreapplication.cpp:876 #60 0x00007ffff66081e7 in QCoreApplication::sendEvent (receiver=0x735fd0, event=0x9aa7b0) at ../../../../../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231 #61 0x00007ffff46dfab1 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x6a3500) at kernel/qcoreapplication.cpp:1497 #62 0x00007ffff46df717 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1393 #63 0x00007ffff50c224d in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:236 #64 0x00007ffff4714a91 in postEventSourceDispatch (s=0x6ab1c0) at kernel/qeventdispatcher_glib.cpp:279 #65 0x00007ffff191abd3 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0 #66 0x00007ffff191b3b0 in ?? () from /lib64/libglib-2.0.so.0 #67 0x00007ffff191b650 in g_main_context_iteration () from /lib64/libglib-2.0.so.0 #68 0x00007ffff47152bb in QEventDispatcherGlib::processEvents (this=0x6a86b0, flags=...) at kernel/qeventdispatcher_glib.cpp:424 ---Type <return> to continue, or q <return> to quit--- #69 0x00007ffff517fe66 in QWSEventDispatcherGlib::processEvents (this=0x6a86b0, flags=...) at kernel/qeventdispatcher_glib_qws.cpp:183 #70 0x00007ffff46dc892 in QEventLoop::processEvents (this=0x7fffffffd6a0, flags=...) at kernel/qeventloop.cpp:149 #71 0x00007ffff46dca1c in QEventLoop::exec (this=0x7fffffffd6a0, flags=...) at kernel/qeventloop.cpp:200 #72 0x00007ffff46df1a2 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1148 #73 0x00007ffff50e9a01 in QApplication::exec () at kernel/qapplication.cpp:3811 #74 0x000000000046af3b in main (argc=3, argv=0x7fffffffd828) at main.cpp:51
Robert Hogan
Comment 5 2012-01-13 16:28:46 PST
I can't reproduce this on trunk, even on a Qt debug build.
Robert Hogan
Comment 6 2012-01-13 16:32:46 PST
Can one of the reporters try to reproduce it on WebKit trunk and provide a reduced test case please? Otherwise this will have to be closed as invalid.
Sriram Neelakandan
Comment 7 2012-01-15 21:11:25 PST
Robert, The bug is on Qt-4.8/Qt-Webkit2.2 release ... seems to be fixed on Trunk (not sure what fixed it.. too many changes to RenderBlock since the last 4.8 release) this one Should be blocking 68616
aaron
Comment 8 2012-03-02 17:26:37 PST
I believe that this bug is resolved by Changeset 86060 on trunk (https://trac.webkit.org/changeset/86060). The site http://www.usa.com/chamblee-ga-crime-and-crime-rate.htm in it's current state (3/2/12) should repro the crash 100% of the time.
s
Comment 9 2012-05-03 06:26:33 PDT
Hello, I've encountered the same bug on symbian^3 using QtWebkit and Qt version 4.7.4 when i disable javascript on the QtWebView the crash doesnt not happen so i believe this bug also related to javascript (or any javascript code that runs on load and interact with the html dom) so far what i observed is that all the mentioned sites (and my own sites that are faulting "http://www.themarker.com/misc/iphone-article/1.1681964") are using jquery.min.js perhaps this could help in trackback the bug and solve it and offer a work-around for those that are "stuck" on older versions of QtWebKit (since i cannot do an upgrade on Qt version on symbian device that isnt via the smartinstaller and that is fixed to a certain version)
Dawit A.
Comment 10 2012-09-14 14:29:29 PDT
The suggestion in comment #8 is correct. The issue seems to be resolved by Changeset 86060 on trunk (https://trac.webkit.org/changeset/86060) which is part of the qtwebkit 2.3 branch. Closing as fixed in future qtwebkit release.
Note You need to log in before you can comment on or make changes to this bug.