Bug 22617 - Segfault when logging into inbox.com
Summary: Segfault when logging into inbox.com
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: 528+ (Nightly build)
Hardware: Macintosh OS X 10.5
: P2 Critical
Assignee: Nobody
URL: http://inbox.com
Keywords: Qt
Depends on: 29013 29015
  Show dependency treegraph
Reported: 2008-12-02 20:08 PST by Benjamin Meyer
Modified: 2010-03-17 04:42 PDT (History)
4 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Benjamin Meyer 2008-12-02 20:08:41 PST
Originally reported in the Arora bug tracking system:


After getting a message box from inbox.com saying that my browser is not fully supported 
(instead of seeing my mail) press Ok and then it will crash.

Tested with 4.5

It is crashing in WebCore::QNetworkReplyHandler::finish() when deleteLater is called, so it might be a Qt network related issue.
Comment 1 Robert Hogan 2009-05-24 11:39:44 PDT
better backtrace i think:

0xb64139b6 in WTF::RefPtr<WebCore::StringImpl>::operator! (this=0x1)
    at ../../../JavaScriptCore/wtf/RefPtr.h:62                      
62              bool operator!() const { return !m_ptr; }           
(gdb) bt                                                            
#0  0xb64139b6 in WTF::RefPtr<WebCore::StringImpl>::operator! (this=0x1)
    at ../../../JavaScriptCore/wtf/RefPtr.h:62                          
#1  0xb6926d53 in WebCore::String::operator JSC::UString (this=0x1)     
    at ../../../WebCore/platform/text/String.cpp:652                    
#2  0xb68d103d in WebCore::AtomicString::operator JSC::UString (this=0x1)
    at ../../../WebCore/platform/text/AtomicString.cpp:280               
#3  0xb6e6f94b in WebCore::jsHTMLButtonElementType (exec=0xb2e7826c, slot=@0xbfea7ba0)
    at generated/debug/JSHTMLButtonElement.cpp:186                                    
#4  0xb62e0bc6 in JSC::PropertySlot::getValue (this=0xbfea7ba0, exec=0xb2e7826c, propertyName=@0x85ea838)
    at ../../../JavaScriptCore/runtime/PropertySlot.h:63                                                 
#5  0xb6360ec8 in JSC::JSValue::get (this=0xbfea7e54, exec=0xb2e7826c, propertyName=@0x85ea838,          
    slot=@0xbfea7ba0) at ../../../JavaScriptCore/runtime/JSObject.h:507                                  
#6  0xb6353569 in JSC::Interpreter::privateExecute (this=0x83e1088, flag=JSC::Interpreter::Normal,       
    registerFile=0x83e1090, callFrame=0xb2e7826c, exception=0xbfeaa1a8)                                  
    at ../../../JavaScriptCore/interpreter/Interpreter.cpp:2290                                          
#7  0xb6359fbd in JSC::Interpreter::execute (this=0x83e1088, evalNode=0x88167b8, callFrame=0xb2e781d8,   
    thisObj=0xb331cba0, globalRegisterOffset=142, scopeChain=0x87690c0, exception=0xbfeaa1a8)            
    at ../../../JavaScriptCore/interpreter/Interpreter.cpp:870                                           
#8  0xb635a361 in JSC::Interpreter::callEval (this=0x83e1088, callFrame=0xb2e781d8,                      
    registerFile=0x83e1090, argv=0xb2e78210, argc=2, registerOffset=24, exceptionValue=@0xbfeaa1a8)      
    at ../../../JavaScriptCore/interpreter/Interpreter.cpp:359                                           
#9  0xb6356382 in JSC::Interpreter::privateExecute (this=0x83e1088, flag=JSC::Interpreter::Normal,       
    registerFile=0x83e1090, callFrame=0xb2e781d8, exception=0xbfeaa65c)                                  
    at ../../../JavaScriptCore/interpreter/Interpreter.cpp:2992                                          
#10 0xb635ad13 in JSC::Interpreter::execute (this=0x83e1088, programNode=0x85f3e78, callFrame=0x85ae4e4, 
    scopeChain=0x862a638, thisObj=0xb3310000, exception=0xbfeaa65c)                                      
    at ../../../JavaScriptCore/interpreter/Interpreter.cpp:641                                           
#11 0xb6393cae in JSC::evaluate (exec=0x85ae4e4, scopeChain=@0x85ae4c0, source=@0xbfeaaa48, thisValue=   
      {m_ptr = 0xb3310000}) at ../../../JavaScriptCore/runtime/Completion.cpp:67                         
#12 0xb64852a1 in WebCore::ScriptController::evaluate (this=0x822d408, sourceCode=@0xbfeaaa48)           
    at ../../../WebCore/bindings/js/ScriptController.cpp:101                                             
#13 0xb680e271 in WebCore::FrameLoader::executeScript (this=0x822d184, sourceCode=@0xbfeaaa48)           
    at ../../../WebCore/loader/FrameLoader.cpp:807                                                       
#14 0xb678fc2e in WebCore::HTMLTokenizer::scriptExecution (this=0x8743208, sourceCode=@0xbfeaaa48, state=
      {static EntityShift = 4, m_bits = 0}) at ../../../WebCore/html/HTMLTokenizer.cpp:560               
#15 0xb6790b18 in WebCore::HTMLTokenizer::scriptHandler (this=0x8743208, state=                          
      {static EntityShift = 4, m_bits = 0}) at ../../../WebCore/html/HTMLTokenizer.cpp:502               
#16 0xb679135f in WebCore::HTMLTokenizer::parseSpecial (this=0x8743208, src=@0x8743b60, state=           
      {static EntityShift = 4, m_bits = 128}) at ../../../WebCore/html/HTMLTokenizer.cpp:349             
#17 0xb6793636 in WebCore::HTMLTokenizer::parseTag (this=0x8743208, src=@0x8743b60, state=               
      {static EntityShift = 4, m_bits = 128}) at ../../../WebCore/html/HTMLTokenizer.cpp:1492
#18 0xb6794241 in WebCore::HTMLTokenizer::write (this=0x8743208, str=@0xbfeaad6c, appendData=false)
    at ../../../WebCore/html/HTMLTokenizer.cpp:1723
#19 0xb679027b in WebCore::HTMLTokenizer::notifyFinished (this=0x8743208)
    at ../../../WebCore/html/HTMLTokenizer.cpp:2028
#20 0xb67dee82 in WebCore::CachedScript::checkNotify (this=0x85ed7c8)
    at ../../../WebCore/loader/CachedScript.cpp:106
#21 0xb67def8e in WebCore::CachedScript::data (this=0x85ed7c8, data={m_ptr = 0xbfeaaee4},
    allDataReceived=true) at ../../../WebCore/loader/CachedScript.cpp:96
#22 0xb682d1b9 in WebCore::Loader::Host::didFinishLoading (this=0x85cdc08, loader=0x8732ca0)
    at ../../../WebCore/loader/loader.cpp:318
#23 0xb6841442 in WebCore::SubresourceLoader::didFinishLoading (this=0x8732ca0)
---Type <return> to continue, or q <return> to quit---
    at ../../../WebCore/loader/SubresourceLoader.cpp:183
#24 0xb683e2a0 in WebCore::ResourceLoader::didFinishLoading (this=0x8732ca0)
    at ../../../WebCore/loader/ResourceLoader.cpp:416
#25 0xb6abcc69 in WebCore::QNetworkReplyHandler::finish (this=0x86244e8)
    at ../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:225
#26 0xb6abccfe in WebCore::QNetworkReplyHandler::qt_metacall (this=0x86244e8,
    _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x82fd6a0) at ./moc_QNetworkReplyHandler.cpp:69
#27 0xb46a437b in QMetaCallEvent::placeMetaCall (this=0x85cac18, object=0x86244e8)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:489
#28 0xb46a5ec8 in QObject::event (this=0x86244e8, e=0x85cac18)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:1109
#29 0xb4afca7f in QApplicationPrivate::notify_helper (this=0x817d550, receiver=0x86244e8, e=0x85cac18)
    at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4084
#30 0xb4b006b9 in QApplication::notify (this=0xbfeab7d0, receiver=0x86244e8, e=0x85cac18)
    at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3631
#31 0xb469481b in QCoreApplication::notifyInternal (this=0xbfeab7d0, receiver=0x86244e8, event=0x85cac18)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:602
#32 0xb469598e in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x817d610)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:213
#33 0xb4695c3d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:1132
#34 0xb46c0c8f in postEventSourceDispatch (s=0x8185d78)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:218
#35 0xb44b0b88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#36 0xb44b40eb in ?? () from /usr/lib/libglib-2.0.so.0
#37 0xb44b4268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#38 0xb46c103e in QEventDispatcherGlib::processEvents (this=0x8183370, flags=@0xbfeab618)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventdispatcher_glib.cpp:323
#39 0xb4b96bd5 in QGuiEventDispatcherGlib::processEvents (this=0x8183370, flags=@0xbfeab648)
    at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#40 0xb46939ed in QEventLoop::processEvents (this=0xbfeab6c0, flags=@0xbfeab688)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:149
#41 0xb4693d5d in QEventLoop::exec (this=0xbfeab6c0, flags=@0xbfeab6c8)
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:200
#42 0xb4695cfc in QCoreApplication::exec ()
    at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:880
#43 0xb4afc217 in QApplication::exec () at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3553
#44 0x08059645 in main (argc=-1288582240, argv=0xbfea7db8)
    at /home/robert/WebKit/WebKit/qt/QtLauncher/main.cpp:462

Comment 2 Tor Arne Vestbø 2009-09-07 09:27:46 PDT
Tried reproducing this but failed to log in, creating spinnoffs.
Comment 3 Tor Arne Vestbø 2010-03-05 09:22:08 PST
Can't reproduce on Windows, get "Frame load interrupted by policy change" when trying to sign up.

The main landing page also renders really slow, possibly related to bug #35652
Comment 4 Tor Arne Vestbø 2010-03-05 09:24:24 PST
Crappy site, requires "you need to activate your free Inbox.com 5GB account using free Inbox.com Toolbar with Email Notifier."
Comment 5 Kent Hansen 2010-03-16 02:55:41 PDT
(In reply to comment #3)
> Can't reproduce on Windows, get "Frame load interrupted by policy change" when
> trying to sign up.

I get that on Mac too. But that seems like a bug to me.
Comment 6 Robert Hogan 2010-03-17 03:52:47 PDT
(In reply to comment #5)
> (In reply to comment #3)
> > Can't reproduce on Windows, get "Frame load interrupted by policy change" when
> > trying to sign up.
> I get that on Mac too. But that seems like a bug to me.

This seems to be generated by:

    case PolicyDownload:
        // m_handle can be null, e.g. when loading a substitute resource from application cache.
        if (!m_handle) {
        frameLoader()->client()->download(m_handle.get(), request(), m_handle.get()->request(), r);
        // It might have gone missing
        if (frameLoader())

in MainResourceLoader.cpp. 

Not sure why it generates an error when frameLoader() is still around, the comment suggests it should be !frameLoader().
Comment 7 Robert Hogan 2010-03-17 04:02:26 PDT
(In reply to comment #6)
> Not sure why it generates an error when frameLoader() is still around, the
> comment suggests it should be !frameLoader().

Changing the check to !frameLoader() gets rid of the error message but qtlauncher doesn't prompt for the download - it just displays the next page which describes the download's installation procedure. Given that qtlauncher doesn't have a download manager maybe this is expected or maybe it's still wrong!
Comment 8 Tor Arne Vestbø 2010-03-17 04:42:42 PDT
Inbox.com does not seem like a very good test-case, as evident by the earlier comments. Please reopen with a simpler test-case that can be reproduced without jumping through a bunch of hoops.