Bug 55467 - [Qt] crash in QtWebKitd4.dll!WebCore::Document::~Document() Line 525 C++
Summary: [Qt] crash in QtWebKitd4.dll!WebCore::Document::~Document() Line 525 C++
Status: RESOLVED DUPLICATE of bug 49216
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P1 Normal
Assignee: Nobody
URL:
Keywords: Qt, QtTriaged
Depends on:
Blocks:
 
Reported: 2011-03-01 07:31 PST by stawel
Modified: 2011-03-01 07:41 PST (History)
2 users (show)

See Also:

Attachments
SimpleWebViewApp test case (3.53 KB, application/zip)
2011-03-01 07:38 PST, stawel 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description stawel 2011-03-01 07:31:52 PST 
Hi,

I'm getting a crash in ~Document() destructor.
It's the Qt4.7.1 version of webkit.

I have previously reported this problem:
https://bugs.webkit.org/show_bug.cgi?id=43553

now I found the time to look at this.
the crash is deterministic.
I'm attaching a test project which reproduce the crash.


the problem seems to be that, in:

Document::Document(Frame* frame, bool isXHTML, bool isHTML) 
{
....
    m_docLoader = new DocLoader(this);
....
}

and the m_docLoader is deleted i the destructor Document (~Document).
The DocLoader destructor (~DocLoader)  runs occasionally "Loader::Host::didFail"
which looks like this:

void Loader::Host::didFail(SubresourceLoader* loader, bool cancelled) 
{
...
    DocLoader* docLoader = request->docLoader();
    // Prevent the document from being destroyed before we are done with
    // the docLoader that it will delete when the document gets deleted.
    RefPtr<Document> protector(docLoader->doc());
...
}


Best Regards
Paweł 





callstack:
 	QtWebKitd4.dll!WTF::ListHashSet<WebCore::CachedResource *,256,WTF::PtrHash<WebCore::CachedResource *> >::begin()  Line 421 + 0x3 bytes	C++
 	QtWebKitd4.dll!WebCore::DocLoader::clearPreloads()  Line 432 + 0x16 bytes	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 69	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x04b93ea8, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x04ba01b0, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x0314b740, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x0315e248, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x03134a20, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x0314ff08, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x04b9cd88, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::Document::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 500 + 0x24 bytes	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::~RefPtr<WebCore::Document>()  Line 54 + 0x12 bytes	C++
>	QtWebKitd4.dll!WebCore::Loader::Host::didFail(WebCore::SubresourceLoader * loader=0x04b989b0, bool cancelled=true)  Line 459 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::Loader::Host::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 588	C++
 	QtWebKitd4.dll!WebCore::Loader::cancelRequests(WebCore::DocLoader * docLoader=0x04ba1fa0)  Line 254	C++
 	QtWebKitd4.dll!WebCore::DocLoader::~DocLoader()  Line 68	C++
 	QtWebKitd4.dll!WebCore::DocLoader::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WTF::deleteOwnedPtr<WebCore::DocLoader>(WebCore::DocLoader * ptr=0x04ba1fa0)  Line 55 + 0x1c bytes	C++
 	QtWebKitd4.dll!WTF::OwnPtr<WebCore::DocLoader>::clear()  Line 60 + 0x12 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::~Document()  Line 525	C++
 	QtWebKitd4.dll!WebCore::HTMLDocument::~HTMLDocument()  Line 91 + 0x56 bytes	C++
 	QtWebKitd4.dll!WebCore::HTMLDocument::`scalar deleting destructor'()  + 0xf bytes	C++
 	QtWebKitd4.dll!WebCore::Document::selfOnlyDeref()  Line 217 + 0x21 bytes	C++
 	QtWebKitd4.dll!WebCore::Document::removedLastRef()  Line 496	C++
 	QtWebKitd4.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 71	C++
 	QtWebKitd4.dll!WTF::derefIfNotNull<WebCore::Document>(WebCore::Document * ptr=0x04b902a8)  Line 54	C++
 	QtWebKitd4.dll!WTF::RefPtr<WebCore::Document>::operator=(const WTF::PassRefPtr<WebCore::Document> & o={...})  Line 131 + 0x9 bytes	C++
 	QtWebKitd4.dll!WebCore::Frame::setDocument(WTF::PassRefPtr<WebCore::Document> newDoc={...})  Line 293	C++
 	QtWebKitd4.dll!WebCore::FrameLoader::clear(bool clearWindowProperties=true, bool clearScriptObjects=true, bool clearFrameView=true)  Line 735	C++
 	QtWebKitd4.dll!WebCore::FrameLoader::begin(const WebCore::KURL & url={...}, bool dispatch=true, WebCore::SecurityOrigin * origin=0x00000000)  Line 821	C++
 	QtWebKitd4.dll!QWebFrame::setUrl(const QUrl & url={...})  Line 803 + 0x4d bytes	C++
 	QtWebKitd4.dll!QWebView::setUrl(const QUrl & url={...})  Line 546	C++
 	test.exe!Widget::on_pushButton_clicked()  Line 42 + 0x23 bytes	C++
 	test.exe!Widget::qt_metacall(QMetaObject::Call _c=InvokeMetaMethod, int _id=0, void * * _a=0x0012cde0)  Line 77 + 0x8 bytes	C++
 	QtCored4.dll!QMetaObject::metacall(QObject * object=0x0012febc, QMetaObject::Call cl=InvokeMetaMethod, int idx=27, void * * argv=0x0012cde0)  Line 238	C++
 	QtCored4.dll!QMetaObject::activate(QObject * sender=0x030d0c40, const QMetaObject * m=0x65aabad0, int local_signal_index=2, void * * argv=0x0012cde0)  Line 3272 + 0x27 bytes	C++
 	QtGuid4.dll!QAbstractButton::clicked(bool _t1=false)  Line 204 + 0x15 bytes	C++
 	QtGuid4.dll!QAbstractButtonPrivate::emitClicked()  Line 548	C++
 	QtGuid4.dll!QAbstractButtonPrivate::click()  Line 540	C++
 	QtGuid4.dll!QAbstractButton::mouseReleaseEvent(QMouseEvent * e=0x0012d6dc)  Line 1122	C++
 	QtGuid4.dll!QWidget::event(QEvent * event=0x0012d6dc)  Line 8201	C++
 	QtGuid4.dll!QAbstractButton::event(QEvent * e=0x0012d6dc)  Line 1081	C++
 	QtGuid4.dll!QPushButton::event(QEvent * e=0x0012d6dc)  Line 684	C++
 	QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x030d0c40, QEvent * e=0x0012d6dc)  Line 4445 + 0x11 bytes	C++
 	QtGuid4.dll!QApplication::notify(QObject * receiver=0x030d0c40, QEvent * e=0x0012d6dc)  Line 4006 + 0x2f bytes	C++
 	QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x030d0c40, QEvent * event=0x0012d6dc)  Line 732 + 0x15 bytes	C++
 	QtCored4.dll!QCoreApplication::sendSpontaneousEvent(QObject * receiver=0x030d0c40, QEvent * event=0x0012d6dc)  Line 218 + 0x38 bytes	C++
 	QtGuid4.dll!QApplicationPrivate::sendMouseEvent(QWidget * receiver=0x030d0c40, QMouseEvent * event=0x0012d6dc, QWidget * alienWidget=0x030d0c40, QWidget * nativeWidget=0x0012febc, QWidget * * buttonDown=0x65cd7aa4, QPointer<QWidget> & lastMouseReceiver={...}, bool spontaneous=true)  Line 3103 + 0xe bytes	C++
 	QtGuid4.dll!QETWidget::translateMouseEvent(const tagMSG & msg={...})  Line 3321 + 0x2a bytes	C++
 	QtGuid4.dll!QtWndProc(HWND__ * hwnd=0x001715b4, unsigned int message=514, unsigned int wParam=0, long lParam=14418057)  Line 1659 + 0xc bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xc8 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xe9 bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes	
 	QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 807	C++
 	QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 1170 + 0x15 bytes	C++
 	QtCored4.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 150	C++
 	QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 201 + 0x2d bytes	C++
 	QtCored4.dll!QCoreApplication::exec()  Line 1009 + 0x15 bytes	C++
 	QtGuid4.dll!QApplication::exec()  Line 3720	C++
 	test.exe!main(int argc=1, char * * argv=0x02f58788)  Line 10 + 0x6 bytes	C++
 	test.exe!WinMain(HINSTANCE__ * instance=0x00400000, HINSTANCE__ * prevInstance=0x00000000, char * __formal=0x002220cf, int cmdShow=1)  Line 131 + 0x12 bytes	C++
 	test.exe!__tmainCRTStartup()  Line 589 + 0x35 bytes	C
 	test.exe!WinMainCRTStartup()  Line 414	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x28 bytes	

output:
First-chance exception at 0x00a61a9a (QtWebKitd4.dll) in test.exe: 0xC0000005: Access violation reading location 0xfeeeff02.
Comment 1 Benjamin Poulain 2011-03-01 07:35:40 PST 
You forgot to attach the test case.
Comment 2 stawel 2011-03-01 07:38:20 PST 
Created attachment 84230 [details]
SimpleWebViewApp test case
Comment 3 Andreas Kling 2011-03-01 07:41:51 PST 
Fixed this a couple of days ago. :)

*** This bug has been marked as a duplicate of bug 49216 ***