WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED INVALID
56552
[Qt] When NSplugins are enabled there is a stack corruption on linux
https://bugs.webkit.org/show_bug.cgi?id=56552
Summary
[Qt] When NSplugins are enabled there is a stack corruption on linux
pvbrowser
Reported
2011-03-17 01:45:21 PDT
Created
attachment 86041
[details]
From valgrind output Using QWebView in an application. When netscape plugins are enabled there is a problem on linux (openSUSE 11.4) On Windows it works as expected. It seems to be a stack corruption caused by the netscape plugin. After the error message our application runs into some problems. When plugins are disabled everything is ok. I have seen this issue on older bug reports i have found with google. But obviously it has not been solved yet. I attach output from valgrind. See: *** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper-1.3.0/src/npw-wrapper.c:3160):invoke_NP_Initialize: assertion failed: (rpc_method_invoke_possible(g_rpc_connection)) *** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue() *** NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue()
Attachments
From valgrind output
(7.61 KB, text/plain)
2011-03-17 01:45 PDT
,
pvbrowser
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Benjamin Poulain
Comment 1
2011-03-17 03:46:53 PDT
What do you expect us to do with that kind of information?
pvbrowser
Comment 2
2011-03-17 04:24:38 PDT
(In reply to
comment #1
)
> What do you expect us to do with that kind of information?
There is a stack corruption when you enable plugins on QtWebView on openSUSE 11.4, not on Windows. The question is: "Who is responsible ?" Apple, Nokia, Novell, Mozilla ? This problem seems to be around very long from what i see from searching with google. It should be solved. The question is who is responsible for that. I expect that you verify the issue and forward the issue to the responsible organisation. If you need more information please tell me.
Benjamin Poulain
Comment 3
2011-03-17 04:37:18 PDT
I am not debating the responsibility of bug fixing. I do not see how would could work without test case, nor which plugin is used. And I do not see anything useful in the valgrind trace. (You are not making friends by reopening the bug yourself.)
pvbrowser
Comment 4
2011-03-17 04:55:11 PDT
Here is a test program for reproducing the isse: /**************************************************************************** Test program for showing issue with NSplugin on openSUSE 11.4 (other Linux ???) After loading the web page please wait about 10 seconds. Project file: QT += webkit SOURCES = main.cpp TARGET = plugintest ****************************************************************************/ #include <QApplication> #include <QWebView> int main(int argc, char *argv[]) { QApplication app(argc, argv); QWebView w; w.settings()->setAttribute(QWebSettings::PluginsEnabled, true); w.load(QUrl("
http://pro-linux.de
")); w.show(); return app.exec(); } ########################################################## The output of "valgrind ./plugintest" ########################################################## ==23270== Memcheck, a memory error detector ==23270== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al. ==23270== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info ==23270== Command: ./plugintest ==23270== ==23270== Conditional jump or move depends on uninitialised value(s) ==23270== at 0x5C7EAFA: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x42170CD: ??? ==23270== by 0x5C696AE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5C95776: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55E88A7: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55E9061: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56008AC: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57FABCE: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57FFABD: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x584CF43: WebCore::CachedScript::checkNotify() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5884D9C: WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5899219: WebCore::SubresourceLoader::didFinishLoading() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== ==23270== Conditional jump or move depends on uninitialised value(s) ==23270== at 0x5C7EAC9: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x42170CD: ??? ==23270== by 0x5C696AE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5C95776: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55E88A7: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55E9061: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56008AC: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57FABCE: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57FFABD: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x584CF43: WebCore::CachedScript::checkNotify() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5884D9C: WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5899219: WebCore::SubresourceLoader::didFinishLoading() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== ==23270== Conditional jump or move depends on uninitialised value(s) ==23270== at 0x5C7EAC9: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x42170CD: ??? ==23270== by 0x5C6A054: JSC::Interpreter::execute(JSC::CallFrameClosure&, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5D9FC64: JSC::arrayProtoFuncForEach(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x42171B3: ??? ==23270== by 0x5C696AE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5C95776: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55E88A7: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55E9061: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56008AC: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57FABCE: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57FFABD: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== /usr/src/packages/BUILD/icedtea6-1.9.7/plugin/icedteanp/IcedTeaNPPlugin.cc:1978: thread 0xbe2e8a0: Error: Invalid plugin function table. ==23310== Warning: invalid file descriptor 1024 in syscall close() ==23310== Warning: invalid file descriptor 1025 in syscall close() ==23310== Warning: invalid file descriptor 1026 in syscall close() ==23310== Use --log-fd=<number> to select an alternative log fd. ==23310== Warning: invalid file descriptor 1027 in syscall close() ==23310== Warning: invalid file descriptor 1028 in syscall close() ==23348== Warning: invalid file descriptor 1024 in syscall close() ==23348== Warning: invalid file descriptor 1025 in syscall close() ==23348== Warning: invalid file descriptor 1026 in syscall close() ==23348== Use --log-fd=<number> to select an alternative log fd. ==23348== Warning: invalid file descriptor 1027 in syscall close() ==23348== Warning: invalid file descriptor 1028 in syscall close() *** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper-1.3.0/src/npw-wrapper.c:3160):invoke_NP_Initialize: assertion failed: (rpc_method_invoke_possible(g_rpc_connection)) *** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue() ==23270== Conditional jump or move depends on uninitialised value(s) ==23270== at 0x5C7EAC9: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x42170CD: ??? ==23270== by 0x5C69ADD: JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5CB75A6: JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5C8F94F: JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55DFFC0: WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56C7E8C: WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56C7FCD: WebCore::EventTarget::fireEventListeners(WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56D3130: WebCore::Node::handleLocalEvents(WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56D8405: WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56D8794: WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x57CCF1E: WebCore::HTMLImageLoader::dispatchLoadEvent() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== ==23270== Conditional jump or move depends on uninitialised value(s) ==23270== at 0x5C7EAFA: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x42170CD: ??? ==23270== by 0x5C69ADD: JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5CB75A6: JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5C8F94F: JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x55DFFC0: WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56C7E8C: WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56C7FCD: WebCore::EventTarget::fireEventListeners(WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x58B750D: WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x58B76A3: WebCore::DOMWindow::dispatchLoadEvent() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x56A7B14: WebCore::Document::implicitClose() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== by 0x5866864: WebCore::FrameLoader::checkCompleted() (in /usr/lib64/libQtWebKit.so.4.7.1) ==23270== *** NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue() ==23270== ==23270== HEAP SUMMARY: ==23270== in use at exit: 1,309,475 bytes in 6,077 blocks ==23270== total heap usage: 173,041 allocs, 166,964 frees, 53,925,280 bytes allocated ==23270== ==23270== LEAK SUMMARY: ==23270== definitely lost: 3,640 bytes in 19 blocks ==23270== indirectly lost: 3,116 bytes in 28 blocks ==23270== possibly lost: 27,310 bytes in 161 blocks ==23270== still reachable: 1,275,409 bytes in 5,869 blocks ==23270== suppressed: 0 bytes in 0 blocks ==23270== Rerun with --leak-check=full to see details of leaked memory ==23270== ==23270== For counts of detected and suppressed errors, rerun with: -v ==23270== Use --track-origins=yes to see where uninitialised values come from ==23270== ERROR SUMMARY: 148 errors from 5 contexts (suppressed: 78 from 8)
Benjamin Poulain
Comment 5
2011-03-17 05:04:29 PDT
And what is the problem? Crash or just the valgrind output? Because the output from valgrind is very likely just the result of JITed code.
pvbrowser
Comment 6
2011-03-17 05:12:07 PDT
(In reply to
comment #5
)
> And what is the problem? Crash or just the valgrind output? > Because the output from valgrind is very likely just the result of JITed code.
See this output: /usr/src/packages/BUILD/icedtea6-1.9.7/plugin/icedteanp/IcedTeaNPPlugin.cc:1978: thread 0xbe2e8a0: Error: Invalid plugin function table. ==23310== Warning: invalid file descriptor 1024 in syscall close() ==23310== Warning: invalid file descriptor 1025 in syscall close() ==23310== Warning: invalid file descriptor 1026 in syscall close() ==23310== Use --log-fd=<number> to select an alternative log fd. ==23310== Warning: invalid file descriptor 1027 in syscall close() ==23310== Warning: invalid file descriptor 1028 in syscall close() ==23348== Warning: invalid file descriptor 1024 in syscall close() ==23348== Warning: invalid file descriptor 1025 in syscall close() ==23348== Warning: invalid file descriptor 1026 in syscall close() ==23348== Use --log-fd=<number> to select an alternative log fd. ==23348== Warning: invalid file descriptor 1027 in syscall close() ==23348== Warning: invalid file descriptor 1028 in syscall close() *** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper-1.3.0/src/npw-wrapper.c:3160):invoke_NP_Initialize: assertion failed: (rpc_method_invoke_possible(g_rpc_connection)) *** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue() <snip> *** NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue() Obviously there is a problem with NSPlugin. When this occures in our application the application behaves strange afterwards because unhandled assertion results in a stack corruption. These messages should NOT appear. Even when i run plugintest without valgrind i get: me@mybox:~/temp/murx2> ./plugintest /usr/src/packages/BUILD/icedtea6-1.9.7/plugin/icedteanp/IcedTeaNPPlugin.cc:1978: thread 0x608110: Error: Invalid plugin function table. *** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper-1.3.0/src/npw-wrapper.c:3160):invoke_NP_Initialize: assertion failed: (rpc_method_invoke_possible(g_rpc_connection)) *** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue() *** NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue() me@mybox:~/temp/murx2>
Benjamin Poulain
Comment 7
2011-03-17 05:33:04 PDT
Ok, if you really want to screw with us... Qt WebKittens: please ignore this bug. The guy is just trolling, he reseted the flags himself.
pvbrowser
Comment 8
2011-03-17 05:39:59 PDT
(In reply to
comment #7
)
> Ok, if you really want to screw with us... > > Qt WebKittens: please ignore this bug. The guy is just trolling, he reseted the flags himself.
Trolling ??? The test case is very simple. Did you test it ? Why do you run a bugzilla at all ? Qt WebKittens: Run the test case yourself and you will see what i mean. If i'm wrong please tell me what is wrong about my test case. Don't let me die stupid.
pvbrowser
Comment 9
2011-03-17 06:11:59 PDT
Since Benjamin thinks I'm trolling review this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=675937
It seems to be the same issue. It seems to be related to the flash plugin.
pvbrowser
Comment 10
2011-03-17 06:46:19 PDT
Benjamin blames me as "Troll". I think this is arrogant. If Benjamin thinks i should post with my real name here is my reason. pvbrowser stands for
http://pvbrowser.org
and you can find my real name here
http://pvbrowser.de/pvbrowser/index.php?menu=8&topic=8&subtopic=4
When i owned the commercial license of Qt back in days of Trolltech they have been polite at
support@trolltech.com
Benjamin Poulain
Comment 11
2011-03-17 08:15:52 PDT
Ok, let me try to explain. What we usually get is: (and by usually, I mean every single bug but this one for the last ~2 years): -someone report a bug -someone from WebKit triage the bug. She/he sets the priority, the tags, flags etc -the bug usually miss a good test case, so he gets a low priority -the reporter add a good test case, and explain why it is important -the priority is adjusted accordingly by someone from WebKit We sometime have fights about bug priority. But the reporter resetting the flags and debating our responsibilities, that is a new one. We have other bugs, reported by people acting nicer. That is why I won't worry about this particular one for now...
pvbrowser
Comment 12
2011-03-17 23:32:38 PDT
Bug reporting and using bugzilla is not a task i do every day. If i have done anything bad excuse me. But from time to time there is something to report. I do not exactly know who is responsible for this bug because several companies / projects are involved. Now that you have a small test case i hope you will take care for the issue. Eventually must forward the bug report to another instance. PS: In Trolltech times (pre LGPL) i owned a commercial license of Qt. Back in these times the Trolltech support team has been a big help to me. But i also reported some issues that turned out to be a bug. Please be patiend with your users.
Benjamin Poulain
Comment 13
2011-03-18 07:25:41 PDT
Andreas tried the test case on trunk and did not have any problem. Did you tested WebKit trunk?
http://trac.webkit.org/wiki/BuildingQtOnLinux
pvbrowser
Comment 14
2011-03-18 09:22:42 PDT
> Did you tested WebKit trunk?
http://trac.webkit.org/wiki/BuildingQtOnLinux
No i used the Qt libaries that are delivered with openSUSE 11.4 When i enable plugins on QWebView and goto a webpage like youtube i get: /usr/src/packages/BUILD/icedtea6-1.9.7/plugin/icedteanp/IcedTeaNPPlugin.cc:1978: thread 0x752540: Error: Invalid plugin function table. *** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper-1.3.0/src/npw-wrapper.c:3160):invoke_NP_Initialize: assertion failed: (rpc_method_invoke_possible(g_rpc_connection)) *** NSPlugin Viewer *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue() *** NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue() The "Error: Invalid plugin function table." worries me. The question is why is there an error (at least on openSUSE 11.4) when NSplugins are loaded. On Windows this works well and you can even watch flash videos in a QWebView. One other thing i noticed meanwhile is this: When the plugins are loaded my locale is reset by the plugin. This has been the reason that our application had problem with floating point numbers. After changing the locale back to setlocale(LC_NUMERIC,"C"); there are no more problems in our application. Thus: Perhaps the problem is not as serious as i thought. But i think somebody should search for the reason for the above error message.
Benjamin Poulain
Comment 15
2011-03-18 16:34:57 PDT
(In reply to
comment #14
)
> Thus: Perhaps the problem is not as serious as i thought. But i think somebody should search for the reason for the above error message.
I think you underestimate how totally buggy NPAPI plugins generally are :) The warning comes from NSPluginWrapper. Someone will have to check that code. I might have a quick look at the code of NSPluginWrapper next week but I will not invest serious time without a reduction.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug