RESOLVED WORKSFORME 29566
[Qt] WebKit crash when showing JavaScript prompt immediately upon pa ge load 
https://bugs.webkit.org/show_bug.cgi?id=29566
Summary [Qt] WebKit crash when showing JavaScript prompt immediately upon pa ge load
Tor Arne Vestbø
Reported 2009-09-21 08:14:16 PDT
This bug report originated from Nokia internal issue QT-1736 --- Comments --- Product Qt Function webkit Version 4.5.2 Platform Mac OS X Platform details Mac OS X 10.5.7, quad-core 2.66 GHz Mac Pro. Compilers GCC Compiler details i686-apple-darwin9-gcc-4.0.1 (GCC) 4.0.1 (Apple Inc. build 5490) Subject WebKit crash when showing JavaScript prompt immediately upon page load Steps to reproduce / test case Build and run the attached project. In the Address field, type the path to the crash.html file included in the zip file. ("../../../crash.html" should work.) When the prompt appears, press either Cancel or OK, or hit escape or return. If another prompt appears, repeat. If the application does not crash, hit return to reload the page. Observe that within a few loads, the application crashes. More information This bug is a memory smasher. Oftentimes, you will see the following written out to the console after loading the page: QtWebKitCrashReduction2(12355) malloc: *** error for object 0x200000: pointer being freed was not allocated *** set a breakpoint in malloc_error_break to debug The stack trace when it eventually crashes varies, of course, but here are a couple I've seen: 0 QtCore 0x003e4446 QCoreApplication::postEvent(QObject*, QEvent*, int) + 38 1 QtCore 0x003e46e0 QCoreApplication::postEvent(QObject*, QEvent*) + 32 2 QtCore 0x003f0ce9 QObject::deleteLater() + 57 3 QtWebKit 0x01a8afb0 WebCore::QNetworkReplyHandler::finish() + 720 4 QtWebKit 0x01a8b2be WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call, int, void**) + 126 5 QtCore 0x003f0c2b QMetaCallEvent::placeMetaCall(QObject*) + 43 6 QtCore 0x003f3b84 QObject::event(QEvent*) + 548 7 QtGui 0x029a691f QApplicationPrivate::notify_helper(QObject*, QEvent*) + 191 8 QtGui 0x029ad43c QApplication::notify(QObject*, QEvent*) + 268 9 QtCore 0x003e0c52 QCoreApplication::notifyInternal(QObject*, QEvent*) + 98 10 QtCore 0x003e3f81 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 705 11 QtGui 0x029521a8 QEventDispatcherMacPrivate::postedEventsSourcePerformCallback(void*) + 56 12 com.apple.CoreFoundation 0x9463f595 CFRunLoopRunSpecific + 3141 13 com.apple.CoreFoundation 0x9463fc78 CFRunLoopRunInMode + 88 14 com.apple.HIToolbox 0x9355028c RunCurrentEventLoopInMode + 283 15 com.apple.HIToolbox 0x935500a5 ReceiveNextEventCommon + 374 16 com.apple.HIToolbox 0x93693357 ReceiveNextEvent + 58 17 QtGui 0x02952769 QEventDispatcherMac::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 313 18 QtCore 0x003e0201 QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 65 19 QtCore 0x003e03ad QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 157 20 QtCore 0x003e41fe QCoreApplication::exec() + 174 0 libSystem.B.dylib 0x94140e42 __kill + 10 1 libSystem.B.dylib 0x941b323a raise + 26 2 libSystem.B.dylib 0x941bf679 abort + 73 3 libstdc++.6.dylib 0x91110005 0x910c8000 + 294917 4 libstdc++.6.dylib 0x9110e10c __gxx_personality_v0 + 1108 5 libstdc++.6.dylib 0x9110e14b std::terminate() + 29 6 libstdc++.6.dylib 0x9110e6da std::type_info::~type_info() + 0 7 QtWebKit 0x01966079 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 137 8 QtWebKit 0x01966142 WebCore::TimerBase::sharedTimerFired() + 162 9 QtCore 0x003f3b08 QObject::event(QEvent*) + 424 10 QtGui 0x029a691f QApplicationPrivate::notify_helper(QObject*, QEvent*) + 191 11 QtGui 0x029ad43c QApplication::notify(QObject*, QEvent*) + 268 12 QtCore 0x003e0c52 QCoreApplication::notifyInternal(QObject*, QEvent*) + 98 13 QtGui 0x029a495c qt_sendSpontaneousEvent(QObject*, QEvent*) + 60 14 QtGui 0x029522f8 QEventDispatcherMacPrivate::activateTimer(__CFRunLoopTimer*, void*) + 152 15 com.apple.CoreFoundation 0x9463fac5 CFRunLoopRunSpecific + 4469 16 com.apple.CoreFoundation 0x9463fc78 CFRunLoopRunInMode + 88 17 com.apple.HIToolbox 0x9355028c RunCurrentEventLoopInMode + 283 18 com.apple.HIToolbox 0x9354ffde ReceiveNextEventCommon + 175 19 com.apple.HIToolbox 0x93693357 ReceiveNextEvent + 58 20 QtGui 0x02952769 QEventDispatcherMac::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 313 21 QtCore 0x003e0201 QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 65 22 QtCore 0x003e03ad QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 157 23 QtCore 0x003e41fe QCoreApplication::exec() + 174 0 QtWebKit 0x0180f7cf WebCore::HTMLTokenizer::parseEntity(WebCore::SegmentedString&, unsigned short*&, WebCore::HTMLTokenizer::State, unsigned int&, bool, bool) + 1583 1 QtWebKit 0x0181459c WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1900 2 QtWebKit 0x01862cb8 WebCore::FrameLoader::write(char const*, int, bool) + 472 3 QtWebKit 0x01863367 WebCore::FrameLoader::addData(char const*, int) + 39 4 QtWebKit 0x01aa6271 WebCore::FrameLoaderClientQt::committedLoad(WebCore::DocumentLoader*, char const*, int) + 193 5 QtWebKit 0x01852ca6 WebCore::DocumentLoader::commitLoad(char const*, int) + 70 6 QtWebKit 0x018a0cb5 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 69 7 QtWebKit 0x01897d87 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 71 8 QtWebKit 0x018a0748 WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 56 9 QtWebKit 0x01a8acb1 WebCore::QNetworkReplyHandler::forwardData() + 209 10 QtWebKit 0x01a8b2ce WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call, int, void**) + 142 11 QtCore 0x003f0c2b QMetaCallEvent::placeMetaCall(QObject*) + 43 12 QtCore 0x003f3b84 QObject::event(QEvent*) + 548 13 QtGui 0x029a691f QApplicationPrivate::notify_helper(QObject*, QEvent*) + 191 14 QtGui 0x029ad43c QApplication::notify(QObject*, QEvent*) + 268 15 QtCore 0x003e0c52 QCoreApplication::notifyInternal(QObject*, QEvent*) + 98 16 QtCore 0x003e3f81 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 705 17 QtGui 0x029521a8 QEventDispatcherMacPrivate::postedEventsSourcePerformCallback(void*) + 56 18 com.apple.CoreFoundation 0x9463f595 CFRunLoopRunSpecific + 3141 19 com.apple.CoreFoundation 0x9463fc78 CFRunLoopRunInMode + 88 20 com.apple.HIToolbox 0x9355028c RunCurrentEventLoopInMode + 283 21 com.apple.HIToolbox 0x935500a5 ReceiveNextEventCommon + 374 22 com.apple.HIToolbox 0x93693357 ReceiveNextEvent + 58 23 QtGui 0x02952769 QEventDispatcherMac::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 313 24 QtCore 0x003e0201 QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 65 25 QtCore 0x003e03ad QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 157 26 QtCore 0x003e41fe QCoreApplication::exec() + 174
Attachments
Test case (from original bug) (6.78 KB, application/octet-stream)
2010-01-20 06:49 PST, Jocelyn Turcotte 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Jocelyn Turcotte
Comment 1 2010-01-20 06:49:21 PST
Created attachment 47021 [details] Test case (from original bug) Tried to reproduce it on Windows with 4.6 and could'nt.
Tor Arne Vestbø
Comment 2 2010-03-10 07:53:03 PST
Can't reproduce with webkit trunk against upcoming 4.7, but I get lots of these: 2010-03-10 16:51:52.037 QtWebKitCrashReduction2[38752:903] -[NSHIObject isVisible]: unrecognized selector sent to instance 0x2f228c0 2010-03-10 16:51:52.041 QtWebKitCrashReduction2[38752:903] HIToolbox: ignoring exception '-[NSHIObject isVisible]: unrecognized selector sent to instance 0x2f228c0' that raised inside Carbon event dispatch ( 0 CoreFoundation 0x94ca140a __raiseError + 410 1 libobjc.A.dylib 0x934bb509 objc_exception_throw + 56 2 CoreFoundation 0x94ced90b -[NSObject(NSObject) doesNotRecognizeSelector:] + 187 3 CoreFoundation 0x94c48db6 ___forwarding___ + 950 4 CoreFoundation 0x94c48982 _CF_forwarding_prep_0 + 50 5 QtGui 0x0180f0d5 _ZL26qt_mac_should_disable_menuP8QMenuBar + 197 6 QtGui 0x0181358a _ZN15QMenuBarPrivate26macUpdateMenuBarImmediatlyEv + 202 7 QtGui 0x0181382b _ZN8QMenuBar16macUpdateMenuBarEv + 11 8 QtGui 0x017d15c7 _ZN19QApplicationPrivate20globalEventProcessorEP25OpaqueEventHandlerCallRefP14OpaqueEventRefPv + 3591 9 HIToolbox 0x98e6be29 _ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec + 1567 10 HIToolbox 0x98e6b0f0 _ZL30SendEventToEventTargetInternalP14OpaqueEventRefP20OpaqueEventTargetRefP14HandlerCallRec + 411 11 HIToolbox 0x98e6af4f SendEventToEventTargetWithOptions + 58 12 HIToolbox 0x98ef6117 PostActivateEvent + 353 13 HIToolbox 0x98ef56e6 HiliteAndActivateWindow + 418 14 HIToolbox 0x98ef549a _Z27AdjustToNewWindowActivationP10WindowDataP13WindowContextP15OpaqueWindowPtrhS0_ + 238 15 HIToolbox 0x98edb518 _Z38PotentiallyAdjustToNewWindowActivationP10WindowDataS0_P13WindowContextP15OpaqueWindowPtrS0_ + 137 16 HIToolbox 0x98edb482 _Z29BringToFrontAndActivateWindowP10WindowDataP20OpaqueWindowGroupRefh + 135 17 HIToolbox 0x98edb3e7 _ZN10WindowData12SelectWindowEv + 229 18 QtGui 0x017d1f93 _ZN19QApplicationPrivate20globalEventProcessorEP25OpaqueEventHandlerCallRefP14OpaqueEventRefPv + 6099 19 HIToolbox 0x98e6be29 _ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec + 1567 20 HIToolbox 0x98e6b0f0 _ZL30SendEventToEventTargetInternalP14OpaqueEventRefP20OpaqueEventTargetRefP14HandlerCallRec + 411 21 HIToolbox 0x98e6af4f SendEventToEventTargetWithOptions + 58 22 HIToolbox 0x98e9fb2c _ZL29ToolboxEventDispatcherHandlerP25OpaqueEventHandlerCallRefP14OpaqueEventRefPv + 3006 23 HIToolbox 0x98e6c27a _ZL23DispatchEventToHandlersP14EventTargetRecP14OpaqueEventRefP14HandlerCallRec + 2672 24 HIToolbox 0x98e6b0f0 _ZL30SendEventToEventTargetInternalP14OpaqueEventRefP20OpaqueEventTargetRefP14HandlerCallRec + 411 25 HIToolbox 0x98e8d981 SendEventToEventTarget + 52 26 QtGui 0x017e6094 _ZN19QEventDispatcherMac13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE + 580 27 QtCore 0x02579741 _ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEventsFlagEE + 65 28 QtCore 0x02579a7a _ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE + 170 29 QtGui 0x01cc62e5 _ZN7QDialog4execEv + 261 30 QtGui 0x01ce5ac7 _ZN12QInputDialog7getTextEP7QWidgetRK7QStringS4_N9QLineEdit8EchoModeES4_Pb6QFlagsIN2Qt10WindowTypeEE + 119 31 QtWebKit 0x00ad8f07 _ZN8QWebPage16javaScriptPromptEP9QWebFrameRK7QStringS4_PS2_ + 263
Note You need to log in before you can comment on or make changes to this bug.