WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
35738
[Qt] Crash when loading html with input tag
https://bugs.webkit.org/show_bug.cgi?id=35738
Summary
[Qt] Crash when loading html with input tag
Tor Arne Vestbø
Reported
2010-03-04 06:44:10 PST
This bug report originated from internal issue QT-1960 --- Comments --- Product: Qt Function: webkit Version: 4.5.1 Platform: WindowsXP OS Name Microsoft(R) Windows(R) XP Professional x64 Edition Version 5.2.3790 Service Pack 2 Build 3790 Other OS Description Not Available OS Manufacturer Microsoft Corporation System Manufacturer Dell Inc. System Model Precision WorkStation 490 System Type x64-based PC Processor EM64T Family 6 Model 15 Stepping 6 GenuineIntel ~2660 Mhz Processor EM64T Family 6 Model 15 Stepping 6 GenuineIntel ~2660 Mhz BIOS Version/Date Dell Inc. A08, 4/25/2008 SMBIOS Version 2.3 Windows Directory C:\WINDOWS System Directory C:\WINDOWS\system32 Boot Device \Device\HarddiskVolume2 Locale United States Hardware Abstraction Layer Version = "5.2.3790.3959 (srv03_sp2_rtm.070216-1710)" Time Zone Pacific Daylight Time Total Physical Memory 2,045.48 MB Available Physical Memory 495.47 MB Total Virtual Memory 3.87 GB Available Virtual Memory 2.57 GB Page File Space 2.00 GB Page File C:\pagefile.sys Compiler: MSVC Microsoft Visual Studio 2008 Version 9.0.30729.1 SP Microsoft .NET Framework Version 3.5 SP1 Installed Edition: Professional Microsoft Visual Basic 2008 91605-031-5000002-60931 Microsoft Visual Basic 2008 Microsoft Visual C# 2008 91605-031-5000002-60931 Microsoft Visual C# 2008 Microsoft Visual C++ 2008 91605-031-5000002-60931 Microsoft Visual C++ 2008 Microsoft Visual Studio 2008 Tools for Office 91605-031-5000002-60931 Microsoft Visual Studio 2008 Tools for Office Microsoft Visual Web Developer 2008 91605-031-5000002-60931 Microsoft Visual Web Developer 2008 Crystal Reports AAJ60-G0MSA4K-68000CF Crystal Reports Basic for Visual Studio 2008 Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB944899) KB944899 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/944899
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB945282) KB945282 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/945282
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB946040) KB946040 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/946040
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB946308) KB946308 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/946308
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB946344) KB946344 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/946344
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB946581) KB946581 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/946581
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB947171) KB947171 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/947171
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB947173) KB947173 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/947173
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB947180) KB947180 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/947180
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB947540) KB947540 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/947540
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB947789) KB947789 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/947789
. Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB948127) KB948127 This hotfix is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this hotfix will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/948127
. Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140) KB945140 This service pack is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this service pack will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/945140
. Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB947888) KB947888 This service pack is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this service pack will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/947888
. Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB948484) KB948484 This service pack is for Microsoft Visual Studio 2008 Professional Edition - ENU. If you later install a more recent service pack, this service pack will be uninstalled automatically. For more information, visit
http://support.microsoft.com/kb/948484
. Qt4 Add-in 1.0.0 For more information about the Qt 4 Add-in, see
http://www.qtsoftware.com
Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies) Short description: Crash when loading html with input tag Did: Loaded a simple html page in an application that uses WebKit (a QWebView). Expected to see: An input form displayed in the WebKit widget. Got instead: A crash (there was an attempt QObject::parent for a NULL object). More details: Here is the html: <html> <head> </head> <body> <input type="text" name="tempio" id="TemperatureIO" /> </body> </html> The demo browser displays this html file correctly, but it crashes in my application. The issue seems to be that RenderThemeQt::computeSizeBasedOnStyle(RenderStyle* renderStyle) calls QStyleSheetStyle::sizeFromContents(ContentsType ct, const QStyleOption *opt, const QSize &csz, const QWidget *w) const as applicationStyle->sizeFromContents(QStyle::CT_LineEdit, &opt, QSize(w,h).expandedTo(QApplication::globalStrut()), 0); but QStyleSheetStyle::sizeFromContents, in the 'case CT_LineEdit:' section, uses w without checking for NULL. Here is the final stack trace: QtCored4.dll!QObject::parent() Line 243 + 0xa bytes C++ QtGuid4.dll!QWidget::parentWidget() Line 988 + 0x10 bytes C++ > QtGuid4.dll!QStyleSheetStyle::sizeFromContents(QStyle::ContentsType ct=CT_LineEdit, const QStyleOption * opt=0x0012d050, const QSize & csz={...}, const QWidget * w=0x00000000) Line 4929 + 0x8 bytes C++ QtWebKitd4.dll!WebCore::RenderThemeQt::computeSizeBasedOnStyle(WebCore::RenderStyle * renderStyle=0x09cba508) Line 350 C++ QtWebKitd4.dll!WebCore::RenderThemeQt::adjustTextFieldStyle(WebCore::CSSStyleSelector * __formal=0x09d082b0, WebCore::RenderStyle * style=0x09cba508, WebCore::CSSStyleSelector * __formal=0x09d082b0) Line 497 C++ QtWebKitd4.dll!WebCore::RenderTheme::adjustStyle(WebCore::CSSStyleSelector * selector=0x09d082b0, WebCore::RenderStyle * style=0x09cba508, WebCore::Element * e=0x09dde468, bool UAHasAppearance=true, const WebCore::BorderData & border={...}, const WebCore::FillLayer & background={...}, const WebCore::Color & backgroundColor={...}) Line 172 + 0x1c bytes C++ QtWebKitd4.dll!WebCore::CSSStyleSelector::adjustRenderStyle(WebCore::RenderStyle * style=0x09cba508, WebCore::Element * e=0x09dde468) Line 1555 C++ QtWebKitd4.dll!WebCore::CSSStyleSelector::styleForElement(WebCore::Element * e=0x09dde468, WebCore::RenderStyle * defaultParent=0x00000000, bool allowSharing=true, bool resolveForRootDefault=false) Line 1225 C++ QtWebKitd4.dll!WebCore::Node::styleForRenderer() Line 1223 + 0x24 bytes C++ QtWebKitd4.dll!WebCore::Node::createRendererIfNeeded() Line 1205 + 0xc bytes C++ QtWebKitd4.dll!WebCore::Element::attach() Line 647 C++ QtWebKitd4.dll!WebCore::HTMLFormControlElement::attach() Line 95 C++ QtWebKitd4.dll!WebCore::HTMLInputElement::attach() Line 778 C++ QtWebKitd4.dll!WebCore::HTMLParser::insertNode(WebCore::Node * n=0x09dde468, bool flat=false) Line 353 C++ QtWebKitd4.dll!WebCore::HTMLParser::parseToken(WebCore::Token * t=0x09e26650) Line 258 + 0x19 bytes C++ QtWebKitd4.dll!WebCore::HTMLTokenizer::processToken() Line 1898 + 0x20 bytes C++ QtWebKitd4.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1480 + 0x12 bytes C++ QtWebKitd4.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str={...}, bool appendData=true) Line 1726 + 0x23 bytes C++ QtWebKitd4.dll!WebCore::FrameLoader::write(const char * str=0x00000000, int len=0, bool flush=true) Line 1035 + 0x23 bytes C++ QtWebKitd4.dll!WebCore::FrameLoader::endIfNotLoadingMainResource() Line 1072 C++ QtWebKitd4.dll!WebCore::FrameLoader::end() Line 1057 C++ QtWebKitd4.dll!WebCore::DocumentLoader::finishedLoading() Line 345 C++ QtWebKitd4.dll!WebCore::FrameLoader::finishedLoading() Line 2985 C++ QtWebKitd4.dll!WebCore::MainResourceLoader::didFinishLoading() Line 352 C++ QtWebKitd4.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x0c3bf2e0) Line 423 C++ QtWebKitd4.dll!WebCore::QNetworkReplyHandler::finish() Line 226 C++ QtWebKitd4.dll!WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call _c=InvokeMetaMethod, int _id=0, void * * _a=0x0987a230) Line 69 + 0x8 bytes C++ QtCored4.dll!QMetaCallEvent::placeMetaCall(QObject * object=0x0c3bd440) Line 490 C++ QtCored4.dll!QObject::event(QEvent * e=0x09992000) Line 1109 + 0x14 bytes C++ QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0c3bd440, QEvent * e=0x09992000) Line 4057 + 0x11 bytes C++ QtGuid4.dll!QApplication::notify(QObject * receiver=0x0c3bd440, QEvent * e=0x09992000) Line 3604 + 0x10 bytes C++ QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0c3bd440, QEvent * event=0x09992000) Line 610 + 0x15 bytes C++ QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x0c3bd440, QEvent * event=0x09992000) Line 213 + 0x39 bytes C++ QtCored4.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x04dc1348) Line 1247 + 0xd bytes C++ QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 679 + 0x10 bytes C++ QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 1182 + 0x15 bytes C++ QtCored4.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 150 C++ QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 200 + 0x2d bytes C++ QtCored4.dll!QCoreApplication::exec() Line 888 + 0x15 bytes C++ QtGuid4.dll!QApplication::exec() Line 3527 C++ OdysseyQtInstructor.exe!main(int argc=1, char * * argv=0x04b6fa78) Line 69 + 0x8 bytes C++ OdysseyQtInstructor.exe!WinMain(HINSTANCE__ * instance=0x00400000, HINSTANCE__ * prevInstance=0x00000000, char * __formal=0x002220ef, int cmdShow=1) Line 136 + 0x12 bytes C++ OdysseyQtInstructor.exe!__tmainCRTStartup() Line 578 + 0x35 bytes C OdysseyQtInstructor.exe!WinMainCRTStartup() Line 403 C kernel32.dll!7d4e7d42() [Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll] –
Attachments
Add attachment
proposed patch, testcase, etc.
Tor Arne Vestbø
Comment 1
2010-03-15 08:24:02 PDT
Can't reproduce in trunk
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug