109785 – [Qt][Windows] Crash in QWebView::paintEvent()

Bug 109785 - [Qt][Windows] Crash in QWebView::paintEvent()

Summary: [Qt][Windows] Crash in QWebView::paintEvent()

Status:	RESOLVED INVALID

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Qt (show other bugs)
Version:	525.x (Safari 3.2)
Hardware:	PC Windows 7

Importance:	P2 Normal
Assignee:	Nobody

URL:	https://bugreports.qt-project.org/bro...
Keywords:	Qt

Depends on:
Blocks:

Reported:	2013-02-13 22:56 PST by 123powerd231
Modified:	2014-01-28 20:36 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Sample application to reproduce the crash (4.64 KB, application/x-zip-compressed) 2013-09-09 21:54 PDT, shob_28	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description 123powerd231 2013-02-13 22:56:08 PST

have crash in paintEvent handler (output message: Access violation reading location 0x00000055): 
>	Qt5Guid.dll!QPainter::save() Line 1577 + 0x24 bytes	C++
Qt5WebKitd.dll!WebCore::GraphicsContext::savePlatformState() Line 349	C++
Qt5WebKitd.dll!WebCore::GraphicsContext::save() Line 103	C++
Qt5WebKitd.dll!QWebFrameAdapter::renderRelativeCoords(QPainter * painter=0x051abb88, int layers=255, const QRegion & clip={...}) Line 517	C++
Qt5WebKitWidgetsd.dll!QWebFrame::render(QPainter * painter=0x051abb88, QFlags<enum QWebFrame::RenderLayer> layer={...}, const QRegion & clip={...}) Line 643 + 0x1d bytes	C++
Qt5WebKitWidgetsd.dll!QWebFrame::render(QPainter * painter=0x051abb88, const QRegion & clip={...}) Line 654	C++
Qt5WebKitWidgetsd.dll!QWebView::paintEvent(QPaintEvent * ev=0x051ac4b8) Line 835	C++
Qt5Widgetsd.dll!QWidget::event(QEvent * event=0x051ac4b8) Line 7994	C++
Qt5WebKitWidgetsd.dll!QWebView::event(QEvent * e=0x051ac4b8) Line 734	C++
Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x06c902dc, QEvent * e=0x051ac4b8) Line 3398 + 0x11 bytes	C++
Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x06c902dc, QEvent * e=0x051ac4b8) Line 3363 + 0x10 bytes	C++
Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x06c902dc, QEvent * event=0x051ac4b8) Line 767 + 0x15 bytes	C++
Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x06c902dc, QEvent * event=0x051ac4b8) Line 206 + 0x38 bytes	C++
Qt5Widgetsd.dll!QWidgetPrivate::drawWidget(QPaintDevice * pdev=0x0baa2cfc, const QRegion & rgn={...}, const QPoint & offset={...}, int flags=5, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x0b678168) Line 5119 + 0xe bytes	C++
Qt5Widgetsd.dll!QWidgetBackingStore::sync() Line 1093	C++
Qt5Widgetsd.dll!QWidgetBackingStore::sync(QWidget * exposedWidget=0x06a1987c, const QRegion & exposedRegion={...}) Line 923	C++
Qt5Widgetsd.dll!QWidgetPrivate::syncBackingStore(const QRegion & region={...}) Line 1674	C++
Qt5Widgetsd.dll!QWidgetWindow::handleExposeEvent(QExposeEvent * event=0x051ace9c) Line 571	C++
Qt5Widgetsd.dll!QWidgetWindow::event(QEvent * event=0x051ace9c) Line 184	C++
Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0b97c7e8, QEvent * e=0x051ace9c) Line 3398 + 0x11 bytes	C++
Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x0b97c7e8, QEvent * e=0x051ace9c) Line 2829 + 0x10 bytes	C++
Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0b97c7e8, QEvent * event=0x051ace9c) Line 767 + 0x15 bytes	C++
Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x0b97c7e8, QEvent * event=0x051ace9c) Line 206 + 0x38 bytes	C++
Qt5Guid.dll!QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent * e=0x0bbc5768) Line 2179 + 0xe bytes	C++
Qt5Guid.dll!QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent * e=0x0bbc5768) Line 1311 + 0x9 bytes	C++
Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEventsImplementation(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 536 + 0x9 bytes	C++
Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 516 + 0x9 bytes	C++
qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents() Line 86 + 0xd bytes	C++
Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd=0x00120daa, unsigned int message=1025, unsigned int wp=0, long lp=0) Line 423	C++
due to the fact that the d->extended already deleted. Removal occurs earlier in the same handler
Qt5Guid.dll!QImage::~QImage() Line 1003	C++
qwindowsd.dll!QWindowsNativeImage::~QWindowsNativeImage() Line 146 + 0xc bytes	C++
qwindowsd.dll!QWindowsNativeImage::`scalar deleting destructor'() + 0xf bytes	C++
qwindowsd.dll!QScopedPointerDeleter<QWindowsNativeImage>::cleanup(QWindowsNativeImage * pointer=0x0baa2cf8) Line 63 + 0x1c bytes	C++
qwindowsd.dll!QScopedPointer<QWindowsNativeImage,QScopedPointerDeleter<QWindowsNativeImage> >::reset(QWindowsNativeImage * other=0x0bbc8450) Line 148 + 0x9 bytes	C++
qwindowsd.dll!QWindowsBackingStore::resize(const QSize & size={...}, const QRegion & region={...}) Line 156	C++
Qt5Guid.dll!QBackingStore::resize(const QSize & size={...}) Line 173	C++
Qt5Widgetsd.dll!QWidgetPrivate::setGeometry_sys(int x=156, int y=612, int w=627, int h=150, bool isMove=true) Line 738	C++
Qt5Widgetsd.dll!QWidget::setGeometry(const QRect & r={...}) Line 6490	C++
Qt5WebKitWidgetsd.dll!QWidgetPluginImpl::setGeometryAndClip(const QRect & geometry={...}, const QRect & clipRect={...}, bool isVisible=true) Line 39	C++
Qt5WebKitd.dll!WebCore::QtPluginWidget::frameRectsChanged() Line 1428	C++
Qt5WebKitd.dll!WebCore::Widget::setFrameRect(const WebCore::IntRect & rect={...}) Line 71	C++
Qt5WebKitd.dll!WebCore::RenderWidget::setWidgetGeometry(const WebCore::LayoutRect & frame={...}) Line 159	C++
Qt5WebKitd.dll!WebCore::RenderWidget::updateWidgetGeometry() Line 179	C++
Qt5WebKitd.dll!WebCore::RenderWidget::updateWidgetPosition() Line 334 + 0x8 bytes	C++
Qt5WebKitd.dll!WebCore::RenderView::updateWidgetPositions() Line 764 + 0x13 bytes	C++
Qt5WebKitd.dll!WebCore::FrameView::performPostLayoutTasks() Line 2499	C++
Qt5WebKitd.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 1255	C++
Qt5WebKitd.dll!WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() Line 3369	C++
Qt5WebKitd.dll!QWebFrameAdapter::renderRelativeCoords(QPainter * painter=0x051abb88, int layers=255, const QRegion & clip={...}) Line 508	C++
Qt5WebKitWidgetsd.dll!QWebFrame::render(QPainter * painter=0x051abb88, QFlags<enum QWebFrame::RenderLayer> layer={...}, const QRegion & clip={...}) Line 643 + 0x1d bytes	C++
Qt5WebKitWidgetsd.dll!QWebFrame::render(QPainter * painter=0x051abb88, const QRegion & clip={...}) Line 654	C++
Qt5WebKitWidgetsd.dll!QWebView::paintEvent(QPaintEvent * ev=0x051ac4b8) Line 835	C++
Qt5Widgetsd.dll!QWidget::event(QEvent * event=0x051ac4b8) Line 7994	C++
Qt5WebKitWidgetsd.dll!QWebView::event(QEvent * e=0x051ac4b8) Line 734	C++
Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x06c902dc, QEvent * e=0x051ac4b8) Line 3398 + 0x11 bytes	C++
Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x06c902dc, QEvent * e=0x051ac4b8) Line 3363 + 0x10 bytes	C++
Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x06c902dc, QEvent * event=0x051ac4b8) Line 767 + 0x15 bytes	C++
Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x06c902dc, QEvent * event=0x051ac4b8) Line 206 + 0x38 bytes	C++
Qt5Widgetsd.dll!QWidgetPrivate::drawWidget(QPaintDevice * pdev=0x0baa2cfc, const QRegion & rgn={...}, const QPoint & offset={...}, int flags=5, QPainter * sharedPainter=0x00000000, QWidgetBackingStore * backingStore=0x0b678168) Line 5119 + 0xe bytes	C++
Qt5Widgetsd.dll!QWidgetBackingStore::sync() Line 1093	C++
Qt5Widgetsd.dll!QWidgetBackingStore::sync(QWidget * exposedWidget=0x06a1987c, const QRegion & exposedRegion={...}) Line 923	C++
Qt5Widgetsd.dll!QWidgetPrivate::syncBackingStore(const QRegion & region={...}) Line 1674	C++
Qt5Widgetsd.dll!QWidgetWindow::handleExposeEvent(QExposeEvent * event=0x051ace9c) Line 571	C++
Qt5Widgetsd.dll!QWidgetWindow::event(QEvent * event=0x051ace9c) Line 184	C++
Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0b97c7e8, QEvent * e=0x051ace9c) Line 3398 + 0x11 bytes	C++
Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x0b97c7e8, QEvent * e=0x051ace9c) Line 2829 + 0x10 bytes	C++
Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0b97c7e8, QEvent * event=0x051ace9c) Line 767 + 0x15 bytes	C++
Qt5Cored.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x0b97c7e8, QEvent * event=0x051ace9c) Line 206 + 0x38 bytes	C++
Qt5Guid.dll!QGuiApplicationPrivate::processExposeEvent(QWindowSystemInterfacePrivate::ExposeEvent * e=0x0bbc5768) Line 2179 + 0xe bytes	C++
Qt5Guid.dll!QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent * e=0x0bbc5768) Line 1311 + 0x9 bytes	C++
Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEventsImplementation(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 536 + 0x9 bytes	C++
Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 516 + 0x9 bytes	C++
qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents() Line 86 + 0xd bytes	C++
Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd=0x00120daa, unsigned int message=1025, unsigned int wp=0, long lp=0) Line 423	C++

Qt 5.0.0, mvs c++ compiler(visual studio 2008sp1+sdk), windows 7

Comment 1 Michael Brüning 2013-03-25 02:28:16 PDT

I think we'll need some more info on how to reproduce this crash (i.e. which website was being rendered etc).

Comment 2 shob_28 2013-09-09 21:54:21 PDT

Created attachment 211157 [details]
Sample application to reproduce the crash

Sample application to reproduce the crash

Comment 3 shob_28 2013-09-09 21:55:35 PDT

I am seeing this crash in one of the applications that I am currently working on. I have added  a simple test app as attachment to this bug. This test app can be used to reproduce this crash. The crash occurs on resizing the application either by clicking the maximize window button or resize using Mouse Cursor.

This bug has been introduces only in Qt5 and above as the application works fine when compiled with Qt4.8.4.

Also, the crash occurs only when a QGLWidget based plugin is initialized. It works fine with other normal QWidget based UI controls.