74174 – [Qt] Navigation with active alert dialog causes crashing

RESOLVED INVALID 74174

[Qt] Navigation with active alert dialog causes crashing

https://bugs.webkit.org/show_bug.cgi?id=74174

Summary [Qt] Navigation with active alert dialog causes crashing

Stepan

Reported 2011-12-09 02:32:14 PST

Created attachment 118552 [details] simple project what reproduce the problem To reproduce: navigate to page what show alert dialog, then navigate to 'about:blank'. After this, if you press 'OK' you'll get Access Violation. Navigation to new url destroys old object - QNetworkReply and HTMLTokenizer (both objects in call-stack listed below). This is call-stack of deleting QNetworkReply (deleting of HTMLTokenizer has alike call-stack): {code:xml} ==2078== at 0x4C27A83: operator delete(void*) (vg_replace_malloc.c:387) ==2078== by 0x95BEE95: QNetworkReplyImpl::~QNetworkReplyImpl() (qnetworkreplyimpl.cpp:728) ==2078== by 0x99EAC07: QObject::event(QEvent*) (qobject.cpp:1202) ==2078== by 0x8A0FFDB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4396) ==2078== by 0x8A15AEC: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4277) ==2078== by 0x99D8CDB: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:732) ==2078== by 0x99DBC21: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:215) ==2078== by 0x9A05652: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qcoreapplication.h:220) ==2078== by 0xCB8A341: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2600.1) ==2078== by 0xCB8E2A7: ??? (in /lib/libglib-2.0.so.0.2600.1) ==2078== by 0xCB8E45B: g_main_context_iteration (in /lib/libglib-2.0.so.0.2600.1) ==2078== by 0x9A05192: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:415) ==2078== by 0x8AC2A4D: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204) ==2078== by 0x99D7A01: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149) ==2078== by 0x99D7DEB: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201) ==2078== by 0x8F047DD: QDialog::exec() (qdialog.cpp:552) ==2078== by 0x8F26A17: showNewMessageBox(QWidget*, QMessageBox::Icon, QString const&, QString const&, QFlags<QMessageBox::StandardButton>, QMessageBox::StandardButton) (qmessagebox.cpp:1533) ==2078== by 0x8F26B6E: QMessageBox::information(QWidget*, QString const&, QString const&, QFlags<QMessageBox::StandardButton>, QMessageBox::StandardButton) (qmessagebox.cpp:1564) ==2078== by 0x72381A2: QWebPage::javaScriptAlert(QWebFrame*, QString const&) (qmessagebox.h:230) ==2078== by 0x721065C: WebCore::ChromeClientQt::runJavaScriptAlert(WebCore::Frame*, WebCore::String const&) (ChromeClientQt.cpp:293) ==2078== by 0x703F624: WebCore::Chrome::runJavaScriptAlert(WebCore::Frame*, WebCore::String const&) (Chrome.cpp:277) ==2078== by 0x6B991A9: WebCore::jsDOMWindowPrototypeFunctionAlert(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) (JSDOMWindow.cpp:8274) ==2078== by 0x21EDF1B3: ??? ==2078== by 0x73FB322: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (JITCode.h:77) ==2078== by 0x742C293: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (Completion.cpp:62) ==2078== by 0x6D7F453: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (ScriptController.cpp:127) ==2078== by 0x6D7F6C1: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (ScriptController.cpp:153) ==2078== by 0x6D96D09: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (ScriptControllerBase.cpp:60) ==2078== by 0x6F90F8C: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (HTMLTokenizer.cpp:580) ==2078== by 0x6F93BA0: WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) (HTMLTokenizer.cpp:522) ==2078== by 0x6F946C1: WebCore::HTMLTokenizer::parseNonHTMLText(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) (HTMLTokenizer.cpp:361) ==2078== by 0x6F96B6C: WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) (HTMLTokenizer.cpp:1539) ==2078== by 0x6F97073: WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) (HTMLTokenizer.cpp:1772) ==2078== by 0x6FF79EF: WebCore::FrameLoader::write(char const*, int, bool) (FrameLoader.cpp:935) ==2078== by 0x6FF7F42: WebCore::FrameLoader::endIfNotLoadingMainResource() (FrameLoader.cpp:970) ==2078== by 0x6FF6433: WebCore::FrameLoader::finishedLoading() (FrameLoader.cpp:2770) ==2078== by 0x70150DE: WebCore::MainResourceLoader::didFinishLoading() (MainResourceLoader.cpp:424) ==2078== by 0x71F758A: WebCore::QNetworkReplyHandler::finish() (QNetworkReplyHandler.cpp:261) ==2078== by 0x71F7B43: WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call, int, void**) (moc_QNetworkReplyHandler.cpp:84) ==2078== by 0x99F0B26: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3280) ==2078== by 0x95C0DA5: QNetworkReplyImplPrivate::finished() (qnetworkreplyimpl.cpp:656) ==2078== by 0x95ACBBD: QNetworkAccessHttpBackend::replyFinished() (qnetworkaccesshttpbackend.cpp:773) ==2078== by 0x95C0B6F: QNetworkReplyImplPrivate::handleNotifications() (qnetworkreplyimpl.cpp:367) ==2078== by 0x95C0BC0: QNetworkReplyImpl::event(QEvent*) (qnetworkreplyimpl.cpp:866) ==2078== by 0x8A0FFDB: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4396) ==2078== by 0x8A15AEC: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4277) ==2078== by 0x99D8CDB: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:732) ==2078== by 0x99DBC21: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:215) ==2078== by 0x9A05652: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qcoreapplication.h:220) ==2078== by 0xCB8A341: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2600.1) {code}

Attachments
simple project what reproduce the problem (1.12 KB, application/octet-stream) 2011-12-09 02:32 PST, Stepan	no flags	Details
simple code to avoid this problem (1.51 KB, application/octet-stream) 2011-12-09 04:09 PST, Stepan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Stepan

Comment 1 2011-12-09 04:09:10 PST

Created attachment 118557 [details] simple code to avoid this problem Sample code how you can avoid this problem, and if you change webView_ from QWebViewSafe to QWebView - you'll get AV.

Jocelyn Turcotte

Comment 2 2014-02-03 03:19:23 PST

=== Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P3

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebKit Qt

Assignee

Nobody

Reported

2011-12-09 02:32 PST

Modified

2014-02-03 03:19 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks