43553 – crash in QtWebKit4.dll!WebCore::Document::~Document() Line 482 + 0x11 bytes C++

Bug 43553 - crash in QtWebKit4.dll!WebCore::Document::~Document() Line 482 + 0x11 bytes C++

Summary: crash in QtWebKit4.dll!WebCore::Document::~Document() Line 482 + 0x11 bytes C++

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Qt (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows XP

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-05 04:59 PDT by stawel
Modified:	2010-12-16 12:32 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Simple Test app for setUrl testing (2.04 KB, application/x-zip-compressed) 2010-11-11 12:26 PST, Pat	no flags	Details
Simple Test app for setUrl testing (using ui form) (3.29 KB, application/x-zip-compressed) 2010-11-11 12:47 PST, Pat	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description stawel 2010-08-05 04:59:38 PDT

Hi,

I'm getting a crash in ~Document() destructor.
It's the Qt4.6.2 version of webkit.

callstack:
 	QtWebKit4.dll!WTF::HashTable<WebCore::AtomicStringImpl *,std::pair<WebCore::AtomicStringImpl *,WebCore::CSSRuleDataList *>,WTF::PairFirstExtractor<std::pair<WebCore::AtomicStringImpl *,WebCore::CSSRuleDataList *> >,WTF::PtrHash<WebCore::AtomicStringImpl *>,WTF::PairHashTraits<WTF::HashTraits<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::CSSRuleDataList *> >,WTF::HashTraits<WebCore::AtomicStringImpl *> >::makeConstIterator(std::pair<WebCore::AtomicStringImpl *,WebCore::CSSRuleDataList *> * pos=(...,...)  Line 382 + 0x22 bytes	C++
 	QtWebKit4.dll!WTF::deleteAllPairSeconds<WebCore::CSSRuleDataList *,WTF::HashMap<WebCore::AtomicStringImpl *,WebCore::CSSRuleDataList *,WTF::PtrHash<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::CSSRuleDataList *> > const >(const WTF::HashMap<WebCore::AtomicStringImpl *,WebCore::CSSRuleDataList *,WTF::PtrHash<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::CSSRuleDataList *> > & collection={...})  Line 277 + 0xf bytes	C++
 	QtWebKit4.dll!WebCore::CSSRuleSet::~CSSRuleSet()  Line 2702	C++
 	QtWebKit4.dll!WebCore::CSSStyleSelector::~CSSStyleSelector()  Line 500 + 0xd bytes	C++
>	QtWebKit4.dll!WebCore::Document::~Document()  Line 482 + 0x11 bytes	C++
 	QtWebKit4.dll!WebCore::Document::`scalar deleting destructor'()  + 0x8 bytes	C++
 	QtWebKit4.dll!WebCore::Document::removedLastRef()  Line 459 + 0x10 bytes	C++
 	QtWebKit4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x13f051b8, bool cancelled=true)  Line 427 + 0x25 bytes	C++
 	QtWebKit4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x13f051b8)  Line 555 + 0xa bytes	C++
 	QtWebKit4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x13f051b8)  Line 224 + 0xa bytes	C++
 	QtWebKit4.dll!WebCore::DocLoader::~DocLoader()  Line 67	C++
 	QtWebKit4.dll!WebCore::Document::~Document()  Line 483 + 0x11 bytes	C++
 	QtWebKit4.dll!WebCore::HTMLDocument::~HTMLDocument()  Line 91 + 0x41 bytes	C++
 	QtWebKit4.dll!WebCore::HTMLDocument::`scalar deleting destructor'()  + 0x8 bytes	C++
 	QtWebKit4.dll!WebCore::Document::removedLastRef()  Line 454 + 0x1a bytes	C++
 	QtWebKit4.dll!WebCore::Frame::setDocument(WTF::PassRefPtr<WebCore::Document> newDoc={...})  Line 280	C++
 	QtWebKit4.dll!WebCore::FrameLoader::clear(bool clearWindowProperties=true, bool clearScriptObjects=true, bool clearFrameView=true)  Line 718	C++
 	QtWebKit4.dll!WebCore::FrameLoader::begin(const WebCore::KURL & url={...}, bool dispatch=true, WebCore::SecurityOrigin * origin=0x00000000)  Line 804	C++
 	QtWebKit4.dll!QWebFrame::setUrl(const QUrl & url={...})  Line 637 + 0x40 bytes	C++
 	QtWebKit4.dll!QWebView::setUrl(const QUrl & url={...})  Line 484	C++
	.....


I'm calling:
ui.m_webView->setUrl(QString("about:blank"));


The crash callstack is from a minidump automatically 
send from users (don't now how to reproduce).


Looks to me that the destructor (~Document) was executed twice.
(see callstack)

Best Regards

Comment 1 Alexey Proskuryakov 2010-08-06 06:27:09 PDT

> Looks to me that the destructor (~Document) was executed twice.

Although possible, this is not necessarily so - it can be a Document object for a subframe.

Comment 2 Pat 2010-11-11 12:26:00 PST

Created attachment 73637 [details]
Simple Test app for setUrl testing

Tried on Qt 4.7 and QtWebKit (trunk) and the crash is not reproducible.
This simple app, using QWebView.setUrl(), can be modified as needed.
Tested on win, symbian, and linux - no crash.

Comment 3 Pat 2010-11-11 12:47:57 PST

Created attachment 73638 [details]
Simple Test app for setUrl testing (using ui form)

Tried on Qt 4.7 and QtWebKit (trunk) and the crash is not reproducible.
This simple app, using ui->webview->setUrl(), can be modified as needed. I.e., using ui form.
Tested on win, symbian, and linux - no crash observed.

Comment 4 Pat 2010-12-15 10:05:50 PST

Hi,
Did you get a chance to try the sample apps (reduced test case) that I attached on your environment yet.  We are interested in closing this bug, if you can not reproduce it on the trunk or have gotten pass this issue.
Let me know. Thanks.

Comment 5 stawel 2010-12-16 01:51:54 PST

Unfortunately, I do not have time to check it now.
You can close the ticket if you want and I will
check it when I have some time and possibly report it again.

Best Regards.

Comment 6 Pat 2010-12-16 12:32:54 PST

Closing bug, since not reproducible.