RESOLVED INVALID 29439
[Qt] Webkit might crash while updating scrollbar 
https://bugs.webkit.org/show_bug.cgi?id=29439
Summary [Qt] Webkit might crash while updating scrollbar
Tor Arne Vestbø
Reported 2009-09-18 07:48:56 PDT
This bug report originated from issue QTBUG-4273 <http://bugreports.qt.nokia.com/browse/QTBUG-4273> --- Description --- How to reproduce the problem: 1. Compile "fancybrowser" example 2. Open http://trac.webkit.org/export/41842/trunk/LayoutTests/scrollbars/overflow-scrollbar-combinations.html 3. Resize window and press reload button 4. You will recieve crash with next call stack: QtWebKitd4.dll!WebCore::RenderScrollbar::updateScrollbarPart(WebCore::ScrollbarPart partType=ScrollbarBGPart, bool destroy=true) Line 219 + 0x8 bytes C++ QtWebKitd4.dll!WebCore::RenderScrollbar::updateScrollbarParts(bool destroy=true) Line 133 C++ QtWebKitd4.dll!WebCore::RenderScrollbar::setParent(WebCore::ScrollView * parent=0x00000000) Line 56 C++ QtWebKitd4.dll!WebCore::ScrollView::removeChild(WebCore::Widget * child=0x038c7038) Line 75 C++ QtWebKitd4.dll!WebCore::ScrollView::setHasVerticalScrollbar(bool hasBar=false) Line 98 C++ QtWebKitd4.dll!WebCore::FrameView::~FrameView() Line 205 C++ QtWebKitd4.dll!WebCore::FrameView::`scalar deleting destructor'() + 0xf bytes C++ QtWebKitd4.dll!WebCore::FrameView::deref() Line 68 + 0x4a bytes C++ QtWebKitd4.dll!WTF::RefPtr<WebCore::FrameView>::operator=(WebCore::FrameView * optr=0x00000000) Line 123 C++ QtWebKitd4.dll!WebCore::Frame::setView(WebCore::FrameView * view=0x00000000) Line 220 C++ QtWebKitd4.dll!WebCore::FrameLoaderClient::transitionToCommittedForNewPage(WebCore::Frame * frame=0x0154b560, const WebCore::IntSize & viewportSize={...}, const WebCore::Color & backgroundColor={...}, bool transparent=false, const WebCore::IntSize & fixedLayoutSize={...}, bool useFixedLayout=false, WebCore::ScrollbarMode horizontalScrollbarMode=ScrollbarAuto, WebCore::ScrollbarMode verticalScrollbarMode=ScrollbarAuto) Line 64 C++ QtWebKitd4.dll!WebCore::FrameLoaderClientQt::transitionToCommittedForNewPage() Line 223 + 0x75 bytes C++ QtWebKitd4.dll!WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage> cachedPage={...}) Line 2801 C++ QtWebKitd4.dll!WebCore::FrameLoader::commitProvisionalLoad(WTF::PassRefPtr<WebCore::CachedPage> prpCachedPage={...}) Line 2721 C++ QtWebKitd4.dll!WebCore::DocumentLoader::commitIfReady() Line 335 C++ QtWebKitd4.dll!WebCore::DocumentLoader::commitLoad(const char * data=0x039d5300, int length=1043) Line 354 C++ QtWebKitd4.dll!WebCore::DocumentLoader::receivedData(const char * data=0x039d5300, int length=1043) Line 368 C++ QtWebKitd4.dll!WebCore::FrameLoader::receivedData(const char * data=0x039d5300, int length=1043) Line 2342 C++ QtWebKitd4.dll!WebCore::MainResourceLoader::addData(const char * data=0x039d5300, int length=1043, bool allAtOnce=false) Line 147 C++ QtWebKitd4.dll!WebCore::ResourceLoader::didReceiveData(const char * data=0x039d5300, int length=1043, __int64 lengthReceived=1043, bool allAtOnce=false) Line 267 C++ QtWebKitd4.dll!WebCore::MainResourceLoader::didReceiveData(const char * data=0x039d5300, int length=1043, __int64 lengthReceived=1043, bool allAtOnce=false) Line 342 C++ QtWebKitd4.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle * __formal=0x03a92590, const char * data=0x039d5300, int length=1043, int lengthReceived=1043) Line 418 C++ QtWebKitd4.dll!WebCore::QNetworkReplyHandler::forwardData() Line 339 C++ QtWebKitd4.dll!WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call _c=InvokeMetaMethod, int _id=2, void * * _a=0x03a744a0) Line 74 C++ QtCored4.dll!QMetaCallEvent::placeMetaCall(QObject * object=0x0395efd8) Line 478 C++ QtCored4.dll!QObject::event(QEvent * e=0x03a886b0) Line 1102 + 0x14 bytes C++ QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0395efd8, QEvent * e=0x03a886b0) Line 4056 + 0x11 bytes C++ QtGuid4.dll!QApplication::notify(QObject * receiver=0x0395efd8, QEvent * e=0x03a886b0) Line 3603 + 0x10 bytes C++ QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0395efd8, QEvent * event=0x03a886b0) Line 610 + 0x15 bytes C++ QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x0395efd8, QEvent * event=0x03a886b0) Line 213 + 0x39 bytes C++ QtCored4.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x007f7200) Line 1247 + 0xd bytes C++ QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 679 + 0x10 bytes C++ QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 1182 + 0x15 bytes C++ QtCored4.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 150 C++ QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 201 + 0x2d bytes C++ QtCored4.dll!QCoreApplication::exec() Line 888 + 0x15 bytes C++ QtGuid4.dll!QApplication::exec() Line 3526 C++ fancybrowser.exe!main(int argc=1, char * * argv=0x007f70c0) Line 50 + 0x6 bytes C++ fancybrowser.exe!_WinMain@16() + 0xb9 bytes fancybrowser.exe!__tmainCRTStartup() Line 574 + 0x35 bytes C fancybrowser.exe!WinMainCRTStartup() Line 399 C
Attachments
Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2009-10-06 04:32:12 PDT
The issue can be reproduced on Qt 4.5.2 but not on Qt 4.6.x.
Note You need to log in before you can comment on or make changes to this bug.