RESOLVED INVALID 57411
[Qt] application crashes performing findFirst(":focus") with QtWebKit 2.0 
https://bugs.webkit.org/show_bug.cgi?id=57411
Summary [Qt] application crashes performing findFirst(":focus") with QtWebKit 2.0
Oleksandr Tymoshenko
Reported 2011-03-29 18:02:14 PDT
Sometimes application crashes while performing findFirst(":focus") in microFocusChanged signal handler. Mostly it happens when GoBack action is triggered for page Code that causes crash looks like: return page()->currentFrame()->documentElement().findFirst(":focus"); backtrace: QtWebKitd4.dll!WebCore::SelectionController::isFocusedAndActive() Line 1346 + 0x3 bytes C++ QtWebKitd4.dll!WebCore::CSSStyleSelector::SelectorChecker::checkOneSelector(WebCore::CSSSelector * sel=0x04733e08, WebCore::Element * e=0x0471d798, WTF::HashSet<WebCore::AtomicStringImpl *,WTF::PtrHash<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::AtomicStringImpl *> > * selectorAttrs=0x00000000, WebCore::PseudoId & dynamicPseudo=NOPSEUDO, bool isAncestor=true, bool isSubSelector=false, WebCore::RenderStyle * elementStyle=0x00000000, WebCore::RenderStyle * elementParentStyle=0x00000000) Line 2384 + 0x32 bytes C++ QtWebKitd4.dll!WebCore::CSSStyleSelector::SelectorChecker::checkSelector(WebCore::CSSSelector * sel=0x04733e08, WebCore::Element * e=0x0471d798, WTF::HashSet<WebCore::AtomicStringImpl *,WTF::PtrHash<WebCore::AtomicStringImpl *>,WTF::HashTraits<WebCore::AtomicStringImpl *> > * selectorAttrs=0x00000000, WebCore::PseudoId & dynamicPseudo=NOPSEUDO, bool isAncestor=true, bool isSubSelector=false, WebCore::RenderStyle * elementStyle=0x00000000, WebCore::RenderStyle * elementParentStyle=0x00000000) Line 1792 + 0x28 bytes C++ QtWebKitd4.dll!WebCore::CSSStyleSelector::SelectorChecker::checkSelector(WebCore::CSSSelector * sel=0x04733e08, WebCore::Element * element=0x0471d798) Line 929 + 0x1e bytes C++ QtWebKitd4.dll!WebCore::Node::querySelector(const WebCore::String & selectors={...}, int & ec=0) Line 1666 + 0x19 bytes C++ QtWebKitd4.dll!QWebElement::findFirst(const QString & selectorQuery={...}) Line 245 + 0x2a bytes C++ Qt version is 4.7.1 Most likely the problem is in src\3rdparty\webkit\webcore\css\cssstyleselector.cpp:2384 this in isFocusedAndActive is 0x000002f0 I'll try to write isolated test case if you need one.
Attachments
CSS selector crash testcase (2.04 KB, application/x-gzip)
2011-03-30 11:17 PDT, Oleksandr Tymoshenko 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Benjamin Poulain
Comment 1 2011-03-30 04:43:47 PDT
Please attach a test case and explain the best way to reproduce with the test case. Setting as P1 since it is a crash.
Oleksandr Tymoshenko
Comment 2 2011-03-30 11:17:17 PDT
Created attachment 87577 [details] CSS selector crash testcase In order to reproduce bug, build attached project, run it, wait for google page to appear, click "Images" (or any other link), then when new page is loaded, click "back" button. Application will crash. tested with QtWebKit shipped with Qt 4.7.1
Benjamin Poulain
Comment 3 2011-03-31 05:02:43 PDT
I can reproduce with WebKit 2.0 (on Linux). I cannot reproduce with WebKit trunk (and valgrind's memcheck does not complain at all). I downgrade to P3 since it is for the previous version of WebKit. I let Ademar decide the faith of this. If you want, you can try WebKit trunk yourself. Here are the instructions to build it: http://trac.webkit.org/wiki/BuildingQtOnWindows If you can reproduce the bug on WebKit trunk, please comment so I raise the priority back to P1.
Note You need to log in before you can comment on or make changes to this bug.