Bug 32922 - [Qt] fast/text/find-hidden-text.html
Summary: [Qt] fast/text/find-hidden-text.html
Status: CLOSED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Major
Assignee: Benjamin Poulain
URL:
Keywords: Qt, QtTriaged
Depends on:
Blocks: 35784
  Show dependency treegraph
 
Reported: 2009-12-24 12:05 PST by Robert Hogan
Modified: 2010-05-12 00:49 PDT (History)
5 users (show)

See Also:


Attachments
A reduction (154 bytes, text/html)
2010-01-09 08:41 PST, Jakub Wieczorek
no flags Details
Patch (1.31 KB, patch)
2010-05-10 10:38 PDT, Benjamin Poulain
no flags Details | Formatted Diff | Diff
Patch with test (2.33 KB, patch)
2010-05-10 10:53 PDT, Benjamin Poulain
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Hogan 2009-12-24 12:05:40 PST
In Qt this is failing at:

testNonHiddenTextStyle("position: absolute", "height:0; overflow:scroll");
testNonHiddenTextStyle("position: fixed", "height:0; overflow:scroll");

at

            if (scrollbar->maximum != scrollbar->minimum) {
                uint range = scrollbar->maximum - scrollbar->minimum;
                sliderlen = (qint64(scrollbar->pageStep) * maxlen) / (range + scrollbar->pageStep);

in qcommonstyle.cpp (Qt rather than WebKit).

The bt for testNonHiddenTextStyle("position: absolute", "height:0; overflow:scroll");
 is:

(gdb) quit
gdb --interpreter=mi2 -quiet
(gdb) p maxlen
p maxlen
$1 = -48
^done(gdb) p scrollbar->pageStep
p scrollbar->pageStep
$2 = -16
^done(gdb) p range
p range
$3 = <value optimized out>
^done(gdb) p scrollbar->maximum
p scrollbar->maximum
$4 = 16
^done(gdb) p scrollbar->minimum
p scrollbar->minimum
$5 = 0
^done*** Program received signal SIGFPE (Arithmetic exception) ***(gdb) bt
bt
#0 0x0078b59b in __divdi3 (warning: (Internal error: pc 0x78b59b in read in psymtab, but not in symtab.)
) from /lib/libgcc_s.so.1
#1 0x02df64d2 in QCommonStyle::subControlRect (this=0x810caf0, cc=QStyle::CC_ScrollBar, opt=0x2947ee0, sc=QStyle::SC_ScrollBarGroove, widget=0x0) at /var/tmp/qt-x11-src-4.6.0/src/gui/styles/qcommonstyle.cpp:3991
#2 0x01ff3198 in WebCore::ScrollbarThemeQt::trackLength (this=0x2947f48, scrollbar=0x8216750) at ../../../../WebCore/platform/qt/ScrollbarThemeQt.cpp:226
#3 0x01ff2f5b in WebCore::ScrollbarThemeQt::thumbPosition (this=0x2947f48, scrollbar=0x8216750) at ../../../../WebCore/platform/qt/ScrollbarThemeQt.cpp:205
#4 0x01e44509 in WebCore::Scrollbar::setCurrentPos (this=0x8216750, pos=16) at ../../../../WebCore/platform/Scrollbar.cpp:269
#5 0x01e43c28 in WebCore::Scrollbar::setValue (this=0x8216750, v=16) at ../../../../WebCore/platform/Scrollbar.cpp:96
#6 0x01f156af in WebCore::RenderLayer::scrollToOffset (this=0x81e353c, x=0, y=16, updateScrollbars=true, repaint=true) at ../../../../WebCore/rendering/RenderLayer.cpp:1211
#7 0x01f15d39 in WebCore::RenderLayer::scrollRectToVisible (this=0x81e353c, rect=..., scrollToAnchor=false, alignX=..., alignY=...) at ../../../../WebCore/rendering/RenderLayer.cpp:1260
#8 0x01f160d9 in WebCore::RenderLayer::scrollRectToVisible (this=0x8214d2c, rect=..., scrollToAnchor=false, alignX=..., alignY=...) at ../../../../WebCore/rendering/RenderLayer.cpp:1294
#9 0x01d9c09a in WebCore::Frame::revealSelection (this=0x818bef8, alignment=..., revealExtent=false) at ../../../../WebCore/page/Frame.cpp:1363
#10 0x01d9d66a in WebCore::Frame::findString (this=0x818bef8, target=..., forward=true, caseFlag=false, wrapFlag=true, startInSelection=false) at ../../../../WebCore/page/Frame.cpp:1540
#11 0x01ba1984 in executeFindString (frame=0x818bef8, value=...) at ../../../../WebCore/editing/EditorCommand.cpp:399
#12 0x01ba5869 in WebCore::Editor::Command::execute (this=0xbfffe434, parameter=..., triggeringEvent=0x0) at ../../../../WebCore/editing/EditorCommand.cpp:1525
#13 0x01ac40d2 in WebCore::Document::execCommand (this=0x81aa148, commandName=..., userInterface=false, value=...) at ../../../../WebCore/dom/Document.cpp:3365
#14 0x0209468c in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0xb7aa7248, thisValue=..., args=...) at generated/debug/JSDocument.cpp:1876
#15 0x03c4c16e in ?? ()
#16 0x017dd6b7 in JSC::JITCode::execute (this=0x81e95e0, registerFile=0x81afdfc, callFrame=0xb7aa7050, globalData=0x81ae100, exception=0x81aebbc) at ../../../../JavaScriptCore/jit/JITCode.h:79
#17 0x017e56ac in JSC::Interpreter::execute (this=0x81afdf0, functionExecutable=0x81e95d0, callFrame=0x819edf4, function=0xb7a42e00, thisObj=0xb7a40000, args=..., scopeChain=0x81e9260, exception=0x81aebbc) at ../../../../JavaScriptCore/interpreter/Interpreter.cpp:685
#18 0x0187c219 in JSC::JSFunction::call (this=0xb7a42e00, exec=0x819edf4, thisValue=..., args=...) at ../../../../JavaScriptCore/runtime/JSFunction.cpp:120
#19 0x0184ec05 in JSC::call (exec=0x819edf4, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../../../JavaScriptCore/runtime/CallData.cpp:39
#20 0x01981a5a in WebCore::JSEventListener::handleEvent (this=0x81d99d8, scriptExecutionContext=0x81aa178, event=0x81c6f70) at ../../../../WebCore/bindings/js/JSEventListener.cpp:113
#21 0x01aff363 in WebCore::EventTarget::fireEventListeners (this=0x81a3648, event=0x81c6f70) at ../../../../WebCore/dom/EventTarget.cpp:297
#22 0x01d7c36d in WebCore::DOMWindow::dispatchEvent (this=0x81a3648, prpEvent=..., prpTarget=...) at ../../../../WebCore/page/DOMWindow.cpp:1337
#23 0x01d7bf30 in WebCore::DOMWindow::dispatchLoadEvent (this=0x81a3648) at ../../../../WebCore/page/DOMWindow.cpp:1291
#24 0x01ac1e9a in WebCore::Document::dispatchWindowLoadEvent (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:2904
#25 0x01abd49f in WebCore::Document::implicitClose (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:1730
#26 0x01d0eabe in WebCore::FrameLoader::checkCallImplicitClose (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:1169
#27 0x01d0e887 in WebCore::FrameLoader::checkCompleted (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:1117
#28 0x01d0e614 in WebCore::FrameLoader::finishedParsing (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:1056
#29 0x01ac74d7 in WebCore::Document::finishedParsing (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:4061
#30 0x01c6ee3d in WebCore::HTMLParser::finished (this=0x81b2708) at ../../../../WebCore/html/HTMLParser.cpp:1652
#31 0x01c8dc30 in WebCore::HTMLTokenizer::end (this=0x819d228) at ../../../../WebCore/html/HTMLTokenizer.cpp:1868
#32 0x01c8e0a1 in WebCore::HTMLTokenizer::finish (this=0x819d228) at ../../../../WebCore/html/HTMLTokenizer.cpp:1908
#33 0x01abdbc4 in WebCore::Document::finishParsing (this=0x81aa148) at ../../../../WebCore/dom/Document.cpp:1878
#34 0x01d0dd58 in WebCore::FrameLoader::endIfNotLoadingMainResource (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:959
#35 0x01d0dcb1 in WebCore::FrameLoader::end (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:944
#36 0x01cfb7aa in WebCore::DocumentLoader::finishedLoading (this=0x81a5758) at ../../../../WebCore/loader/DocumentLoader.cpp:330
#37 0x01d172eb in WebCore::FrameLoader::finishedLoading (this=0x818bf24) at ../../../../WebCore/loader/FrameLoader.cpp:2733
#38 0x01d3ceba in WebCore::MainResourceLoader::didFinishLoading (this=0x81a6338) at ../../../../WebCore/loader/MainResourceLoader.cpp:424
#39 0x01d48cfa in WebCore::ResourceLoader::didFinishLoading (this=0x81a6338) at ../../../../WebCore/loader/ResourceLoader.cpp:403
#40 0x01fda6ed in WebCore::QNetworkReplyHandler::finish (this=0x81a7440) at ../../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:245
#41 0x01fdc7c1 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x81a7440, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x81a6248) at ./moc_QNetworkReplyHandler.cpp:82
#42 0x00591fbb in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#43 0x0059c296 in QMetaCallEvent::placeMetaCall(QObject*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#44 0x0059e028 in QObject::event(QEvent*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#45 0x02aa354f in QApplicationPrivate::notify_helper (this=0x81307b0, receiver=0x81a7440, e=0x81a4188) at /var/tmp/qt-x11-src-4.6.0/src/gui/kernel/qapplication.cpp:4242
#46 0x02aa7711 in QApplication::notify (this=0xbffff6d4, receiver=0x81a7440, e=0x81a4188) at /var/tmp/qt-x11-src-4.6.0/src/gui/kernel/qapplication.cpp:3661
#47 0x0058b9db in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#48 0x0058c8fe in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#49 0x0058cbad in QCoreApplication::sendPostedEvents(QObject*, int) () from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#50 0x005b924f in postEventSourceDispatch(_GSource*, int (*)(void*), void*) (warning: (Internal error: pc 0x5b924e in read in psymtab, but not in symtab.)
) from /home/robert/qtsdk-2009.05/qt/lib/libQtCore.so.4
#51 0x00b9ee88 in g_main_context_dispatch (warning: (Internal error: pc 0xb9ee87 in read in psymtab, but not in symtab.)
) from /lib/libglib-2.0.so.0
Comment 1 Jakub Wieczorek 2010-01-09 08:41:43 PST
Created attachment 46207 [details]
A reduction

Reproducable when selecting the text in the following example.
Comment 2 Tor Arne Vestbø 2010-03-10 06:28:08 PST
Please follow the QtWebKit bug reporting guidelines when reporting bugs.

See http://trac.webkit.org/wiki/QtWebKitBugs

Specifically:

  - The 'QtWebKit' component should only be used for bugs/features in the
    public QtWebKit API layer, not to signify that the bug is specific to
    the Qt port of WebKit

      http://trac.webkit.org/wiki/QtWebKitBugs#Component

  - Add the keyword 'Qt' to signal that it's a Qt-related bug

      http://trac.webkit.org/wiki/QtWebKitBugs#Keywords
Comment 3 Kent Hansen 2010-03-16 04:00:12 PDT
I'm not able to reproduce this on Mac with r55986, Qt 4.7.
Comment 4 Benjamin Poulain 2010-05-10 02:17:29 PDT
I don't have the problem with the reduction on 4.7.
Is there anything special to do in order to reproduce the crash? Do you select all the text or a specific sub-string?
Comment 5 Jakub Wieczorek 2010-05-10 08:21:50 PDT
(In reply to comment #4)
> I don't have the problem with the reduction on 4.7.

I can still reproduce this with Qt 4.7 and WebKit trunk.

My suspicion is that Kent and you are using a style that does not call 
the standard QCommonStyle's ::subControlRect() implementation in this case and at the same time does not trigger this crash.

> Is there anything special to do in order to reproduce the crash? Do you select all the text or a specific sub-string?

It's crashing right after I start the selection.
Comment 6 Benjamin Poulain 2010-05-10 08:28:36 PDT
(In reply to comment #5)
> My suspicion is that Kent and you are using a style that does not call 
> the standard QCommonStyle's ::subControlRect() implementation in this case and at the same time does not trigger this crash.

Which style are you using?
Comment 7 Jakub Wieczorek 2010-05-10 08:36:03 PDT
(In reply to comment #6)
> (In reply to comment #5)
> > My suspicion is that Kent and you are using a style that does not call 
> > the standard QCommonStyle's ::subControlRect() implementation in this case and at the same time does not trigger this crash.
> 
> Which style are you using?

I can reproduce this with QGtkStyle as well as pretty much any standard style included in Qt. I recall reproducing it with Oxygen in the past but I can't say for sure.
Comment 8 Jakub Wieczorek 2010-05-10 08:39:25 PDT
(In reply to comment #7)
> I can reproduce this with QGtkStyle as well as pretty much any standard style included in Qt. I recall reproducing it with Oxygen in the past but I can't say for sure.

OK, I checked Oxygen and it's not crashing.
Comment 9 Benjamin Poulain 2010-05-10 09:02:00 PDT
I am using Oxygen.

Confirmed with plastique style:
0x00007ffff37e7461 in QCommonStyle::subControlRect (this=0x76ee60, cc=QStyle::CC_ScrollBar, opt=0x7ffff7dddae0, sc=QStyle::SC_ScrollBarGroove, widget=0x0) at /home/ikipou/dev/oslo-staging-1/src/gui/styles/qcommonstyle.cpp:3989
3989                    sliderlen = (qint64(scrollbar->pageStep) * maxlen) / (range + scrollbar->pageStep);
(gdb) print range
$1 = 16
(gdb) print scrollbar->pageStep
$2 = -16
Comment 10 Robert Hogan 2010-05-10 10:22:43 PDT
Forgot to mention the merge request here:

http://qt.gitorious.org/qt/qt/merge_requests/2387

and also see Benjamin's comment there:

"“Revise and resubmit” because this misses an autotest.

I also don’t agree with the fix. since (scrollbar->maximum != scrollbar->minimum), range is Superior to 0.
The way to have 0 for the denominator is to have scrollbar->pageStep equals -range. For me it looks like a wrong value to have QStyleOptionSlider with a negative page step."
Comment 11 Benjamin Poulain 2010-05-10 10:38:40 PDT
Created attachment 55567 [details]
Patch

Robert, If I understand correctly, there is already a test to reproduce the crash?
Comment 12 Robert Hogan 2010-05-10 10:44:08 PDT
(In reply to comment #11)
> Created an attachment (id=55567) [details]
> Patch
> 
> Robert, If I understand correctly, there is already a test to reproduce the crash?

Yup:  fast/text/find-hidden-text.html ;-)

That patch looks like a good spot!
Comment 13 Benjamin Poulain 2010-05-10 10:53:26 PDT
Created attachment 55570 [details]
Patch with test

> Yup:  fast/text/find-hidden-text.html ;-)

Arg, of course, it was carefully hidden in plain sight in the title :)

Same patch, but remove the test from the skipped list.
Comment 14 Robert Hogan 2010-05-10 11:17:33 PDT
(In reply to comment #13)
> Created an attachment (id=55570) [details]
> Patch with test
> 
> > Yup:  fast/text/find-hidden-text.html ;-)
> 
> Arg, of course, it was carefully hidden in plain sight in the title :)
> 

Just like the fix. Shortly before your patch I looked up pageStep in WebCore and didn't blink when I saw opt.pageStep = scrollbar->visibleSize.

Odd that so much of the scrollbars tests passed with that in there.
Comment 15 WebKit Commit Bot 2010-05-11 08:16:04 PDT
Comment on attachment 55570 [details]
Patch with test

Clearing flags on attachment: 55570

Committed r59151: <http://trac.webkit.org/changeset/59151>
Comment 16 WebKit Commit Bot 2010-05-11 08:16:10 PDT
All reviewed patches have been landed.  Closing bug.
Comment 17 Simon Hausmann 2010-05-12 00:49:08 PDT
Revision r59151 cherry-picked into qtwebkit-2.0 with commit 4aa4ea037fc467194c16a4959caca96a8da4f412