UNCONFIRMED 65240
crash on JSC::FunctionBodyNode::finishParsing() 
https://bugs.webkit.org/show_bug.cgi?id=65240
Summary crash on JSC::FunctionBodyNode::finishParsing()
mmeteorx
Reported 2011-07-27 02:32:27 PDT
A simple program using QWebPage visit some website, compiled qt-everywhere-opensource-src-4.7.3 with -debug. It crashed when try to visit http://www.diyishiyou.com. Here is callstack: #0 0x0000002a974f01c1 in WTF::RefPtr<JSC::FunctionParameters>::operator= () from /home/work/local/qt/lib/libQtWebKit.so.4 #1 0x0000002a974ef39b in JSC::FunctionBodyNode::finishParsing () from /home/work/local/qt/lib/libQtWebKit.so.4 #2 0x0000002a974603b4 in JSC::FunctionExecutable::compile () from /home/work/local/qt/lib/libQtWebKit.so.4 #3 0x0000002a97444120 in JSC::FunctionExecutable::bytecode () from /home/work/local/qt/lib/libQtWebKit.so.4 #4 0x0000002a9743fb7e in JSC::Interpreter::privateExecute () from /home/work/local/qt/lib/libQtWebKit.so.4 #5 0x0000002a97436b9b in JSC::Interpreter::execute () from /home/work/local/qt/lib/libQtWebKit.so.4 #6 0x0000002a97474144 in JSC::JSFunction::call () from /home/work/local/qt/lib/libQtWebKit.so.4 #7 0x0000002a97452bdd in JSC::call () from /home/work/local/qt/lib/libQtWebKit.so.4 #8 0x0000002a96ba9be5 in WebCore::JSEventListener::handleEvent () from /home/work/local/qt/lib/libQtWebKit.so.4 #9 0x0000002a96d0121e in WebCore::EventTarget::fireEventListeners () from /home/work/local/qt/lib/libQtWebKit.so.4 #10 0x0000002a96d0106e in WebCore::EventTarget::fireEventListeners () from /home/work/local/qt/lib/libQtWebKit.so.4 #11 0x0000002a96d16788 in WebCore::Node::handleLocalEvents () from /home/work/local/qt/lib/libQtWebKit.so.4 #12 0x0000002a96d16ec0 in WebCore::Node::dispatchGenericEvent () from /home/work/local/qt/lib/libQtWebKit.so.4 #13 0x0000002a96d168e5 in WebCore::Node::dispatchEvent () from /home/work/local/qt/lib/libQtWebKit.so.4 #14 0x0000002a96cd6b95 in WebCore::Document::finishedParsing () from /home/work/local/qt/lib/libQtWebKit.so.4 #15 0x0000002a96e4e8f7 in WebCore::HTMLParser::finished () from /home/work/local/qt/lib/libQtWebKit.so.4 #16 0x0000002a96e6aa3a in WebCore::HTMLTokenizer::end () from /home/work/local/qt/lib/libQtWebKit.so.4 #17 0x0000002a96e6a543 in WebCore::HTMLTokenizer::write () from /home/work/local/qt/lib/libQtWebKit.so.4 #18 0x0000002a96e6c25f in WebCore::HTMLTokenizer::executeExternalScriptsIfReady () from /home/work/local/qt/lib/libQtWebKit.so.4 #19 0x0000002a96e6be5b in WebCore::HTMLTokenizer::notifyFinished () from /home/work/local/qt/lib/libQtWebKit.so.4 #20 0x0000002a96ec8acb in WebCore::CachedScript::checkNotify () from /home/work/local/qt/lib/libQtWebKit.so.4 #21 0x0000002a96ec8a6e in WebCore::CachedScript::data () from /home/work/local/qt/lib/libQtWebKit.so.4 #22 0x0000002a96f022dd in WebCore::Loader::Host::didFinishLoading () from /home/work/local/qt/lib/libQtWebKit.so.4 #23 0x0000002a96f156ec in WebCore::SubresourceLoader::didFinishLoading () from /home/work/local/qt/lib/libQtWebKit.so.4 #24 0x0000002a96f13ae2 in WebCore::ResourceLoader::didFinishLoading () from /home/work/local/qt/lib/libQtWebKit.so.4 #25 0x0000002a9716ad63 in WebCore::QNetworkReplyHandler::finish () from /home/work/local/qt/lib/libQtWebKit.so.4 #26 0x0000002a9716d3b8 in WebCore::QNetworkReplyHandler::qt_metacall () from /home/work/local/qt/lib/libQtWebKit.so.4 #27 0x0000002a9961f31f in QMetaObject::metacall (object=dwarf2_read_address: Corrupted DWARF expression. ) at kernel/qmetaobject.cpp:237 #28 0x0000002a99634788 in QMetaObject::activate (sender=0x707be0, m=0x535d50, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3278 #29 0x0000002a9922c1b2 in QNetworkReply::finished (this=0x707be0) at .moc/debug-shared/moc_qnetworkreply.cpp:152 #30 0x0000002a9922c0bb in QNetworkReply::qt_metacall (this=0x707be0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fbfffeb30) at .moc/debug-shared/moc_qnetworkreply.cpp:130 #31 0x0000000000423443 in NetworkReplyProxy::qt_metacall (this=0x707be0, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fbfffeb30) at moc_NetworkReplyProxy.cpp:74 #32 0x0000002a9961f31f in QMetaObject::metacall (object=dwarf2_read_address: Corrupted DWARF expression. ) at kernel/qmetaobject.cpp:237 #33 0x0000002a99634788 in QMetaObject::activate (sender=0x6994c0, m=0x535d50, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3278 #34 0x0000002a9922c1b2 in QNetworkReply::finished (this=0x6994c0) at .moc/debug-shared/moc_qnetworkreply.cpp:152 #35 0x0000002a991bac5c in QNetworkReplyImplPrivate::finished (this=0x695d00) at access/qnetworkreplyimpl.cpp:680 #36 0x0000002a9919e89f in QNetworkAccessBackend::finished (this=0x682e90) at access/qnetworkaccessbackend.cpp:298 #37 0x0000002a991a69d0 in QNetworkAccessHttpBackend::finished (this=0x682e90) at access/qnetworkaccesshttpbackend.cpp:342 #38 0x0000002a991a978c in QNetworkAccessHttpBackend::replyFinished (this=0x682e90) at access/qnetworkaccesshttpbackend.cpp:763 #39 0x0000002a991a92ec in QNetworkAccessHttpBackend::downstreamReadyWrite (this=0x682e90) at access/qnetworkaccesshttpbackend.cpp:700 #40 0x0000002a991b9b1d in QNetworkReplyImplPrivate::handleNotifications (this=0x695d00) at access/qnetworkreplyimpl.cpp:390 #41 0x0000002a991bba49 in QNetworkReplyImpl::event (this=0x6994c0, e=0x66f600) at access/qnetworkreplyimpl.cpp:890 #42 0x0000002a98460029 in QApplicationPrivate::notify_helper (this=0x5379e0, receiver=0x6994c0, e=0x66f600) at kernel/qapplication.cpp:4462 #43 0x0000002a9845dc73 in QApplication::notify (this=0x7fbffff800, receiver=0x6994c0, e=0x66f600) at kernel/qapplication.cpp:3862 #44 0x0000002a996176e8 in QCoreApplication::notifyInternal (this=0x7fbffff800, receiver=0x6994c0, event=0x66f600) at kernel/qcoreapplication.cpp:731 #45 0x0000002a9718bc7f in QCoreApplication::sendEvent () from /home/work/local/qt/lib/libQtWebKit.so.4 #46 0x0000002a9961866f in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x537b80) at kernel/qcoreapplication.cpp:1372 #47 0x0000002a99618330 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1265 #48 0x0000002a9852b9a1 in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220 #49 0x0000002a9965123a in postEventSourceDispatch (s=0x53af30) at kernel/qeventdispatcher_glib.cpp:277 #50 0x0000003c99f266bd in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #51 0x0000003c99f28397 in g_main_context_acquire () from /usr/lib64/libglib-2.0.so.0 #52 0x0000003c99f288eb in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0 #53 0x0000002a996523d5 in QEventDispatcherGlib::processEvents (this=0x538f20, flags={i = 36}) at kernel/qeventdispatcher_glib.cpp:422 #54 0x0000002a985381af in QGuiEventDispatcherGlib::processEvents (this=0x538f20, flags={i = 36}) at kernel/qguieventdispatcher_glib.cpp:204 #55 0x0000002a9961481a in QEventLoop::processEvents (this=0x7fbffff720, flags={i = 36}) at kernel/qeventloop.cpp:149 #56 0x0000002a9961494c in QEventLoop::exec (this=0x7fbffff720, flags={i = 0}) at kernel/qeventloop.cpp:201 #57 0x0000002a99617d06 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008 #58 0x0000002a9845d91e in QApplication::exec () at kernel/qapplication.cpp:3736 #59 0x00000000004098ad in main (argc=1, argv=0x7fbffff9a8) at src/main.cpp:34 By the way, why I configure it with "-debug" already, but libQtWebKit.so still does not contain debug info? I tried to edit src/3rdparty/webkit/WebKit.pri and add something like "QMAKE_CXXFLAGS += -g", but it seems "-g" has been ignored.
Attachments
Add attachment proposed patch, testcase, etc.
Oliver Hunt
Comment 1 2011-07-27 10:53:26 PDT
Could we get a debug stack trace please?
Oliver Hunt
Comment 2 2011-07-27 10:54:29 PDT
Oh, qt stacktraces don't include line numbers. Can you catch this in a debug and give us the backtrace there?
mmeteorx
Comment 3 2011-07-27 20:10:00 PDT
backtrace with line number : #0 0x0000002a974f01c1 in WTF::RefPtr<JSC::FunctionParameters>::operator= (this=0x50, o=@0x7fbfffd0a0) at ./wtf/RefPtr.h:129 #1 0x0000002a974ef39b in JSC::FunctionBodyNode::finishParsing (this=0x0, parameters={m_ptr = 0x2a9e23e700}, ident=@0x2a9e26d620) at parser/Nodes.cpp:175 #2 0x0000002a974603b4 in JSC::FunctionExecutable::compile (this=0x2a9e26d5d8, scopeChainNode=0x2a9c9ba000) at runtime/Executable.cpp:121 #3 0x0000002a97444120 in JSC::FunctionExecutable::bytecode (this=0x2a9e26d5d8, exec=0x2a9cffc220, scopeChainNode=0x2a9c9ba000) at runtime/Executable.h:270 #4 0x0000002a9743fb7e in JSC::Interpreter::privateExecute (this=0x2a9c99ca00, flag=JSC::Interpreter::Normal, registerFile=0x2a9c99ca18, callFrame=0x2a9cffc220, exception=0x2a9c995268) at interpreter/Interpreter.cpp:3400 #5 0x0000002a97436b9b in JSC::Interpreter::execute (this=0x2a9c99ca00, functionExecutable=0x2a9e2b36e0, callFrame=0x588018, function=0x2a9d418e00, thisObj=0x2a9d4029c0, args=@0x7fbfffdcf0, scopeChain=0x2a9e1d54b0, exception=0x2a9c995268) at interpreter/Interpreter.cpp:689 #6 0x0000002a97474144 in JSC::JSFunction::call (this=0x2a9d418e00, exec=0x588018, thisValue={m_ptr = 0x2a9d4029c0}, args=@0x7fbfffdcf0) at runtime/JSFunction.cpp:122 #7 0x0000002a97452bdd in JSC::call (exec=0x588018, functionObject={m_ptr = 0x2a9d418e00}, callType=JSC::CallTypeJS, callData=@0x7fbfffdde0, thisValue={m_ptr = 0x2a9d4029c0}, args=@0x7fbfffdcf0) at runtime/CallData.cpp:39 #8 0x0000002a96ba9be5 in WebCore::JSEventListener::handleEvent (this=0x2a9e2cd450, scriptExecutionContext=0x2a9c950c60, event=0x2a9e2040f0) at bindings/js/JSEventListener.cpp:115 #9 0x0000002a96d0121e in WebCore::EventTarget::fireEventListeners (this=0x2a9c950c00, event=0x2a9e2040f0, d=0x2a9e2c8eb0, entry=@0x2a9e24bf50) at dom/EventTarget.cpp:315 #10 0x0000002a96d0106e in WebCore::EventTarget::fireEventListeners (this=0x2a9c950c00, event=0x2a9e2040f0) at dom/EventTarget.cpp:276 #11 0x0000002a96d16788 in WebCore::Node::handleLocalEvents (this=0x2a9c950c00, event=0x2a9e2040f0) at dom/Node.cpp:2504 #12 0x0000002a96d16ec0 in WebCore::Node::dispatchGenericEvent (this=0x2a9c950c00, prpEvent={m_ptr = 0x2a9e23e700}) at dom/Node.cpp:2644 #13 0x0000002a96d168e5 in WebCore::Node::dispatchEvent (this=0x2a9c950c00, prpEvent={m_ptr = 0x0}) at dom/Node.cpp:2567 #14 0x0000002a96cd6b95 in WebCore::Document::finishedParsing (this=0x2a9c950c00) at dom/Document.cpp:4288 #15 0x0000002a96e4e8f7 in WebCore::HTMLParser::finished (this=0x2a9c987990) at html/HTMLParser.cpp:1666 #16 0x0000002a96e6aa3a in WebCore::HTMLTokenizer::end (this=0x2a9c951800) at html/HTMLTokenizer.cpp:1878 #17 0x0000002a96e6a543 in WebCore::HTMLTokenizer::write (this=0x2a9c951800, str=@0x7fbfffe360, appendData=false) at html/HTMLTokenizer.cpp:1819 #18 0x0000002a96e6c25f in WebCore::HTMLTokenizer::executeExternalScriptsIfReady (this=0x2a9c951800) at html/HTMLTokenizer.cpp:2103 #19 0x0000002a96e6be5b in WebCore::HTMLTokenizer::notifyFinished (this=0x2a9c951800) at html/HTMLTokenizer.cpp:2025 #20 0x0000002a96ec8acb in WebCore::CachedScript::checkNotify (this=0x2a9f464600) at loader/CachedScript.cpp:106 #21 0x0000002a96ec8a6e in WebCore::CachedScript::data (this=0x2a9f464600, data={m_ptr = 0x0}, allDataReceived=true) at loader/CachedScript.cpp:96 #22 0x0000002a96f022dd in WebCore::Loader::Host::didFinishLoading (this=0x2a9e230420, loader=0x2a9e38cb80) at loader/loader.cpp:399 #23 0x0000002a96f156ec in WebCore::SubresourceLoader::didFinishLoading (this=0x2a9e38cb80) at loader/SubresourceLoader.cpp:184 #24 0x0000002a96f13ae2 in WebCore::ResourceLoader::didFinishLoading (this=0x2a9e38cb80) at loader/ResourceLoader.cpp:443 #25 0x0000002a9716ad63 in WebCore::QNetworkReplyHandler::finish (this=0x68e7f0) at platform/network/qt/QNetworkReplyHandler.cpp:261 #26 0x0000002a9716d3b8 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x68e7f0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fbfffe920) at .moc/debug-shared/moc_QNetworkReplyHandler.cpp:84 #27 0x0000002a9961f31f in QMetaObject::metacall (object=dwarf2_read_address: Corrupted DWARF expression. ) at kernel/qmetaobject.cpp:237 #28 0x0000002a99634788 in QMetaObject::activate (sender=0x687620, m=0x535d50, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3278 #29 0x0000002a9922c1b2 in QNetworkReply::finished (this=0x687620) at .moc/debug-shared/moc_qnetworkreply.cpp:152 #30 0x0000002a9922c0bb in QNetworkReply::qt_metacall (this=0x687620, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fbfffeb30) at .moc/debug-shared/moc_qnetworkreply.cpp:130 #31 0x0000000000423443 in NetworkReplyProxy::qt_metacall (this=0x687620, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0x7fbfffeb30) at moc_NetworkReplyProxy.cpp:74 #32 0x0000002a9961f31f in QMetaObject::metacall (object=dwarf2_read_address: Corrupted DWARF expression. ) at kernel/qmetaobject.cpp:237 #33 0x0000002a99634788 in QMetaObject::activate (sender=0x62e5f0, m=0x535d50, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3278 #34 0x0000002a9922c1b2 in QNetworkReply::finished (this=0x62e5f0) at .moc/debug-shared/moc_qnetworkreply.cpp:152 #35 0x0000002a991bac5c in QNetworkReplyImplPrivate::finished (this=0x687a70) at access/qnetworkreplyimpl.cpp:680 #36 0x0000002a9919e89f in QNetworkAccessBackend::finished (this=0x68c8d0) at access/qnetworkaccessbackend.cpp:298 #37 0x0000002a991a69d0 in QNetworkAccessHttpBackend::finished (this=0x68c8d0) at access/qnetworkaccesshttpbackend.cpp:342 #38 0x0000002a991a978c in QNetworkAccessHttpBackend::replyFinished (this=0x68c8d0) at access/qnetworkaccesshttpbackend.cpp:763 #39 0x0000002a991a92ec in QNetworkAccessHttpBackend::downstreamReadyWrite (this=0x68c8d0) at access/qnetworkaccesshttpbackend.cpp:700 #40 0x0000002a991b9b1d in QNetworkReplyImplPrivate::handleNotifications (this=0x687a70) at access/qnetworkreplyimpl.cpp:390 #41 0x0000002a991bba49 in QNetworkReplyImpl::event (this=0x62e5f0, e=0x2a9f0b51d0) at access/qnetworkreplyimpl.cpp:890 #42 0x0000002a98460029 in QApplicationPrivate::notify_helper (this=0x5379e0, receiver=0x62e5f0, e=0x2a9f0b51d0) at kernel/qapplication.cpp:4462 #43 0x0000002a9845dc73 in QApplication::notify (this=0x7fbffff800, receiver=0x62e5f0, e=0x2a9f0b51d0) at kernel/qapplication.cpp:3862 #44 0x0000002a996176e8 in QCoreApplication::notifyInternal (this=0x7fbffff800, receiver=0x62e5f0, event=0x2a9f0b51d0) at kernel/qcoreapplication.cpp:731 #45 0x0000002a9718bc7f in QCoreApplication::sendEvent (receiver=0x62e5f0, event=0x2a9f0b51d0) at ../../../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215 #46 0x0000002a9961866f in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x537b80) at kernel/qcoreapplication.cpp:1372 #47 0x0000002a99618330 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1265 #48 0x0000002a9852b9a1 in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220 #49 0x0000002a9965123a in postEventSourceDispatch (s=0x53af30) at kernel/qeventdispatcher_glib.cpp:277 #50 0x0000003c99f266bd in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #51 0x0000003c99f28397 in g_main_context_acquire () from /usr/lib64/libglib-2.0.so.0 #52 0x0000003c99f288eb in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0 #53 0x0000002a996523d5 in QEventDispatcherGlib::processEvents (this=0x538f20, flags={i = 36}) at kernel/qeventdispatcher_glib.cpp:422 #54 0x0000002a985381af in QGuiEventDispatcherGlib::processEvents (this=0x538f20, flags={i = 36}) at kernel/qguieventdispatcher_glib.cpp:204 #55 0x0000002a9961481a in QEventLoop::processEvents (this=0x7fbffff720, flags={i = 36}) at kernel/qeventloop.cpp:149 #56 0x0000002a9961494c in QEventLoop::exec (this=0x7fbffff720, flags={i = 0}) at kernel/qeventloop.cpp:201 #57 0x0000002a99617d06 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008 #58 0x0000002a9845d91e in QApplication::exec () at kernel/qapplication.cpp:3736 #59 0x00000000004098ad in main (argc=1, argv=0x7fbffff9a8) at src/main.cpp:34
Note You need to log in before you can comment on or make changes to this bug.