[Webkit-unassigned] [Bug 25876] New: crash in malformed html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 19 14:55:19 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=25876
Summary: crash in malformed html
Product: WebKit
Version: 528+ (Nightly build)
Platform: Other
OS/Version: Linux
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebKit Qt
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: robert at roberthogan.net
<html>
<frameset cols="25%,50%,25%">
<frame src="http://www.youtube.com/v/loXfcsXRB-w&hl=en&fs=1"
type="application/x-shockwave-flash"
width="5" height="200">
</frameset>
</html>
The above html crashes for me when using Arora. It crashes in webkit though,
hence reporting here:
gdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) quitquit
The program is running. Exit anyway? (y or n) [answered Y; input not from
terminal]
(gdb) Process exited
gdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) quitgdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) quitquit
The program is running. Exit anyway? (y or n) [answered Y; input not from
terminal]
(gdb) Process exited
gdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) p clipRect
p clipRect
$126 = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 0, m_height = 0}}
^done(gdb) p clipRect
p clipRect
$147 = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 0, m_height = 0}}
^done(gdb) p static_cast<FrameView*>(parentScrollView)->windowClipRect()
p static_cast<FrameView*>(parentScrollView)->windowClipRect()
No symbol "static_cast<FrameView*>" in current context.
^error,msg="No symbol \"static_cast<FrameView*>\" in current context."(gdb) p
(parentScrollView)->windowClipRect()
p (parentScrollView)->windowClipRect()
too few arguments in function call
^error,msg="too few arguments in function call"(gdb) p
parentScrollView->windowClipRect()
p parentScrollView->windowClipRect()
too few arguments in function call
^error,msg="too few arguments in function call"(gdb) p windowRect
p windowRect
$168 = {m_location = {m_x = 8, m_y = 8}, m_size = {m_width = 110, m_height =
25}}
^done(gdb) p clipRect
p clipRect
$179 = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 6, m_height =
807}}
^done(gdb) p clipRect.isEmpty()
p clipRect.isEmpty()
$180 = false
^done(gdb) p clipRect.isEmpty()
p clipRect.isEmpty()
$186 = true
^done(gdb) quitquit
The program is running. Exit anyway? (y or n) [answered Y; input not from
terminal]
(gdb) Process exited
gdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) bt
bt
#0 0xb72c37a3 in typeinfo name for WebCore::QtPluginWidget () from
/home/robert/WebKit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#1 0xb67ad6cc in WebCore::ResourceLoader::didSendData (this=0x870cc40,
bytesSent=3280145686516, totalBytesToBeSent=599739804683467960) at
../../../WebCore/loader/ResourceLoader.cpp:396
#2 0xb676f9ea in WebCore::FrameLoader::committedLoad (this=0x852b42c,
loader=0x85e31f8, data=0x86aa1d0 "CWS\bZ\005", length=763) at
../../../WebCore/loader/FrameLoader.cpp:3617
#3 0xb675d987 in WebCore::DocumentLoader::commitLoad (this=0x85e31f8,
data=0x86aa1d0 "CWS\bZ\005", length=763) at
../../../WebCore/loader/DocumentLoader.cpp:361
#4 0xb675da16 in WebCore::DocumentLoader::receivedData (this=0x85e31f8,
data=0x86aa1d0 "CWS\bZ\005", length=763) at
../../../WebCore/loader/DocumentLoader.cpp:373
#5 0xb67747b5 in WebCore::FrameLoader::receivedData (this=0x852b42c,
data=0x86aa1d0 "CWS\bZ\005", length=763) at
../../../WebCore/loader/FrameLoader.cpp:2443
#6 0xb67a6998 in WebCore::MainResourceLoader::addData (this=0x85175b8,
data=0x86aa1d0 "CWS\bZ\005", length=763, allAtOnce=false) at
../../../WebCore/loader/MainResourceLoader.cpp:148
#7 0xb67ae652 in WebCore::ResourceLoader::didReceiveData (this=0x85175b8,
data=0x86aa1d0 "CWS\bZ\005", length=763, lengthReceived=763, allAtOnce=false)
at ../../../WebCore/loader/ResourceLoader.cpp:257
#8 0xb67a56e2 in WebCore::MainResourceLoader::didReceiveData (this=0x85175b8,
data=0x86aa1d0 "CWS\bZ\005", length=763, lengthReceived=763, allAtOnce=false)
at ../../../WebCore/loader/MainResourceLoader.cpp:360
#9 0xb67ad70a in WebCore::ResourceLoader::didReceiveData (this=0x85175b8,
data=0x86aa1d0 "CWS\bZ\005", length=763, lengthReceived=763) at
../../../WebCore/loader/ResourceLoader.cpp:411
#10 0xb6a71bbd in WebCore::QNetworkReplyHandler::forwardData (this=0x857c108)
at ../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:338
#11 0xb6a735f4 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x857c108,
_c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x85e5550) at
./moc_QNetworkReplyHandler.cpp:71
#12 0xb451037b in QMetaCallEvent::placeMetaCall (this=0x8474158,
object=0x857c108) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:489
#13 0xb4511ec8 in QObject::event (this=0x857c108, e=0x8474158) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:1109
#14 0xb4969a7f in QApplicationPrivate::notify_helper (this=0x821f5c0,
receiver=0x857c108, e=0x8474158) at
/var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4084
#15 0xb496d6b9 in QApplication::notify (this=0xbfd205b8, receiver=0x857c108,
e=0x8474158) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3631
#16 0xb450081b in QCoreApplication::notifyInternal (this=0xbfd205b8,
receiver=0x857c108, event=0x8474158) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:602
#17 0xb450198e in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0,
event_type=0, data=0x821f690) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:213
#18 0xb4501c3d in QCoreApplication::sendPostedEvents (receiver=0x0,
event_type=0) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:1132
#19 0xb452cc8f in postEventSourceDispatch (s=0x8227f10) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:218
#20 0xb431db88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#21 0xb43210eb in ?? () from /usr/lib/libglib-2.0.so.0
#22 0xb4321268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#23 0xb452d03e in QEventDispatcherGlib::processEvents (this=0x82253b8,
flags=@0xbfd204b8) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventdispatcher_glib.cpp:323
#24 0xb4a03bd5 in QGuiEventDispatcherGlib::processEvents (this=0x82253b8,
flags=@0xbfd204e8) at
/var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#25 0xb44ff9ed in QEventLoop::processEvents (this=0xbfd20560,
flags=@0xbfd20528) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:149
#26 0xb44ffd5d in QEventLoop::exec (this=0xbfd20560, flags=@0xbfd20568) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:200
#27 0xb4501cfc in QCoreApplication::exec () at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:880
#28 0xb4969217 in QApplication::exec () at
/var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3553
#29 0x08129bd4 in main (argc=1, argv=0xbfd20684) at main.cpp:37
^done(gdb) quitquit
The program is running. Exit anyway? (y or n) [answered Y; input not from
terminal]
(gdb) Process exited
gdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) p clipRegion
p clipRegion
$43 = {d = 0xa3cbc78}
^done(gdb) p clipRegion.isEmpty()
p clipRegion.isEmpty()
$44 = false
^done(gdb) p clipRect
p clipRect
$45 = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 1, m_height = 25}}
^done(gdb) p clipRect
p clipRect
$70 = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 1, m_height = 25}}
^done(gdb) p clipRect
p clipRect
$83 = {m_location = {m_x = 0, m_y = 0}, m_size = {m_width = 0, m_height = 0}}
^done(gdb) p clipRegion.isEmpty()
p clipRegion.isEmpty()
$84 = true
^done(gdb) quitquit
The program is running. Exit anyway? (y or n) [answered Y; input not from
terminal]
(gdb) Process exited
gdb /home/robert/Development/torora/arora --interpreter=mi2 -quiet
(gdb) bt
bt
#0 0xb72d6563 in typeinfo name for WebCore::QtPluginWidget () from
/home/robert/WebKit/WebKitBuild/Debug/lib/libQtWebKit.so.4
#1 0xb67c05fc in WebCore::ResourceLoader::didSendData (this=0x86f14e8,
bytesSent=3280145764340, totalBytesToBeSent=613671922676468680) at
../../../WebCore/loader/ResourceLoader.cpp:396
#2 0xb678291a in WebCore::FrameLoader::committedLoad (this=0x884335c,
loader=0x88f4428, data=0x89b0da8 "CWS\bZ\005", length=763) at
../../../WebCore/loader/FrameLoader.cpp:3617
#3 0xb67708b7 in WebCore::DocumentLoader::commitLoad (this=0x88f4428,
data=0x89b0da8 "CWS\bZ\005", length=763) at
../../../WebCore/loader/DocumentLoader.cpp:361
#4 0xb6770946 in WebCore::DocumentLoader::receivedData (this=0x88f4428,
data=0x89b0da8 "CWS\bZ\005", length=763) at
../../../WebCore/loader/DocumentLoader.cpp:373
#5 0xb67876e5 in WebCore::FrameLoader::receivedData (this=0x884335c,
data=0x89b0da8 "CWS\bZ\005", length=763) at
../../../WebCore/loader/FrameLoader.cpp:2443
#6 0xb67b98c8 in WebCore::MainResourceLoader::addData (this=0x88f5c30,
data=0x89b0da8 "CWS\bZ\005", length=763, allAtOnce=false) at
../../../WebCore/loader/MainResourceLoader.cpp:148
#7 0xb67c1582 in WebCore::ResourceLoader::didReceiveData (this=0x88f5c30,
data=0x89b0da8 "CWS\bZ\005", length=763, lengthReceived=763, allAtOnce=false)
at ../../../WebCore/loader/ResourceLoader.cpp:257
#8 0xb67b8612 in WebCore::MainResourceLoader::didReceiveData (this=0x88f5c30,
data=0x89b0da8 "CWS\bZ\005", length=763, lengthReceived=763, allAtOnce=false)
at ../../../WebCore/loader/MainResourceLoader.cpp:360
#9 0xb67c063a in WebCore::ResourceLoader::didReceiveData (this=0x88f5c30,
data=0x89b0da8 "CWS\bZ\005", length=763, lengthReceived=763) at
../../../WebCore/loader/ResourceLoader.cpp:411
#10 0xb6a84aed in WebCore::QNetworkReplyHandler::forwardData (this=0x8776300)
at ../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:338
#11 0xb6a86524 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x8776300,
_c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x8987a68) at
./moc_QNetworkReplyHandler.cpp:71
#12 0xb452337b in QMetaCallEvent::placeMetaCall (this=0x8a1e0d8,
object=0x8776300) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:489
#13 0xb4524ec8 in QObject::event (this=0x8776300, e=0x8a1e0d8) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:1109
#14 0xb497ca7f in QApplicationPrivate::notify_helper (this=0x85205c0,
receiver=0x8776300, e=0x8a1e0d8) at
/var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4084
#15 0xb49806b9 in QApplication::notify (this=0xbfc314c8, receiver=0x8776300,
e=0x8a1e0d8) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3631
#16 0xb451381b in QCoreApplication::notifyInternal (this=0xbfc314c8,
receiver=0x8776300, event=0x8a1e0d8) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:602
#17 0xb451498e in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0,
event_type=0, data=0x8520690) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:213
#18 0xb4514c3d in QCoreApplication::sendPostedEvents (receiver=0x0,
event_type=0) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:1132
#19 0xb453fc8f in postEventSourceDispatch (s=0x8528f10) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:218
#20 0xb4330b88 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#21 0xb43340eb in ?? () from /usr/lib/libglib-2.0.so.0
#22 0xb4334268 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#23 0xb454003e in QEventDispatcherGlib::processEvents (this=0x85263b8,
flags=@0xbfc313c8) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventdispatcher_glib.cpp:323
#24 0xb4a16bd5 in QGuiEventDispatcherGlib::processEvents (this=0x85263b8,
flags=@0xbfc313f8) at
/var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#25 0xb45129ed in QEventLoop::processEvents (this=0xbfc31470,
flags=@0xbfc31438) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:149
#26 0xb4512d5d in QEventLoop::exec (this=0xbfc31470, flags=@0xbfc31478) at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:200
#27 0xb4514cfc in QCoreApplication::exec () at
/var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:880
#28 0xb497c217 in QApplication::exec () at
/var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3553
#29 0x08129bd4 in main (argc=1, argv=0xbfc31594) at main.cpp:37
^done
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list