[Webkit-unassigned] [Bug 44048] New: Crash when loading SVG file

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 16 01:35:56 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=44048

           Summary: Crash when loading SVG file
           Product: WebKit
           Version: 420+
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pnr at 4js.com


Created an attachment (id=64477)
 --> (https://bugs.webkit.org/attachment.cgi?id=64477)
html + svg files that crash QWebKit

The issue has been initially reported here: http://bugreports.qt.nokia.com/browse/QTWEBKIT-233

When loading a page with a specific svg file with Qt 4.6.3 and QtWebKit the application crashes.

Steps to reproduce:

1. Unzip attachment
2. run Qt "browser" demo, File, Open, select file "kite.html" from attachment

=> crash.

Hereafter the stack trace with VC 2008 SP1:

> QtWebKitd4.dll!WebCore::StringImpl::hash() Line 104 + 0xa bytes C++
QtWebKitd4.dll!WebCore::StringHash::hash(const WebCore::String & key={...}) Line 82 + 0x12 bytes C++
QtWebKitd4.dll!WTF::IdentityHashTranslator<WebCore::String,WebCore::String,WebCore::StringHash>::hash(const WebCore::String & key={...}) Line 277 + 0xc bytes C++
QtWebKitd4.dll!WTF::HashTable<WebCore::String,WebCore::String,WTF::IdentityExtractor<WebCore::String>,WebCore::StringHash,WTF::HashTraits<WebCore::String>,WTF::HashTraits<WebCore::String> >::add<WebCore::String,WebCore::String,WTF::IdentityHashTranslator<WebCore::String,WebCore::String,WebCore::StringHash> >(const WebCore::String & key={...}, const WebCore::String & extra={...}) Line 634 + 0x9 bytes C++
QtWebKitd4.dll!WTF::HashTable<WebCore::String,WebCore::String,WTF::IdentityExtractor<WebCore::String>,WebCore::StringHash,WTF::HashTraits<WebCore::String>,WTF::HashTraits<WebCore::String> >::add(const WebCore::String & value={...}) Line 315 + 0x24 bytes C++
QtWebKitd4.dll!WTF::HashSet<WebCore::String,WebCore::StringHash,WTF::HashTraits<WebCore::String> >::add(const WebCore::String & value={...}) Line 210 + 0x10 bytes C++
QtWebKitd4.dll!WebCore::DocumentLoader::didTellClientAboutLoad(const WebCore::String & url={...}) Line 197 + 0x1f bytes C++
QtWebKitd4.dll!WebCore::ResourceLoadNotifier::dispatchWillSendRequest(WebCore::DocumentLoader * loader=0x036010d8, unsigned long identifier=4, WebCore::ResourceRequest & request={...}, const WebCore::ResourceResponse & redirectResponse={...}) Line 121 C++
QtWebKitd4.dll!WebCore::ResourceLoadNotifier::willSendRequest(WebCore::ResourceLoader * loader=0x03602690, WebCore::ResourceRequest & clientRequest={...}, const WebCore::ResourceResponse & redirectResponse={...}) Line 65 C++
QtWebKitd4.dll!WebCore::ResourceLoader::willSendRequest(WebCore::ResourceRequest & request={...}, const WebCore::ResourceResponse & redirectResponse={...}) Line 212 C++
QtWebKitd4.dll!WebCore::MainResourceLoader::willSendRequest(WebCore::ResourceRequest & newRequest={...}, const WebCore::ResourceResponse & redirectResponse={...}) Line 173 C++
QtWebKitd4.dll!WebCore::MainResourceLoader::loadNow(WebCore::ResourceRequest & r={...}) Line 475 + 0x42 bytes C++
QtWebKitd4.dll!WebCore::MainResourceLoader::load(const WebCore::ResourceRequest & r={...}, const WebCore::SubstituteData & substituteData={...}) Line 517 + 0x12 bytes C++
QtWebKitd4.dll!WebCore::DocumentLoader::startLoadingMainResource(unsigned long identifier=4) Line 790 + 0x2f bytes C++
QtWebKitd4.dll!WebCore::FrameLoader::continueLoadAfterWillSubmitForm() Line 2979 + 0x19 bytes C++
QtWebKitd4.dll!WebCore::FrameLoader::continueLoadAfterNavigationPolicy(const WebCore::ResourceRequest & __formal={...}, WTF::PassRefPtr<WebCore::FormState> formState={...}, bool shouldContinue=true) Line 3476 C++
QtWebKitd4.dll!WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void * argument=0x035fa288, const WebCore::ResourceRequest & request={...}, WTF::PassRefPtr<WebCore::FormState> formState={...}, bool shouldContinue=true) Line 3407 C++
QtWebKitd4.dll!WebCore::PolicyCallback::call(bool shouldContinue=true) Line 101 + 0x3b bytes C++
QtWebKitd4.dll!WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction policy=PolicyUse) Line 161 C++
QtWebKitd4.dll!WebCore::FrameLoaderClientQt::callPolicyFunction(void (WebCore::PolicyAction)* function=0x10071ed1, WebCore::PolicyAction action=PolicyUse) Line 192 C++
QtWebKitd4.dll!WebCore::FrameLoaderClientQt::dispatchDecidePolicyForNavigationAction(void (WebCore::PolicyAction)* function=0x10071ed1, const WebCore::NavigationAction & action={...}, const WebCore::ResourceRequest & request={...}, WTF::PassRefPtr<WebCore::FormState> __formal={...}) Line 1000 C++
QtWebKitd4.dll!WebCore::PolicyChecker::checkNavigationPolicy(const WebCore::ResourceRequest & request={...}, WebCore::DocumentLoader * loader=0x036010d8, WTF::PassRefPtr<WebCore::FormState> formState={...}, void (void , const WebCore::ResourceRequest &, WTF::PassRefPtr<WebCore::FormState>, bool) function=0x10050871, void * argument=0x035fa288) Line 89 C++
QtWebKitd4.dll!WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader * loader=0x036010d8, WebCore::FrameLoadType type=FrameLoadTypeRedirectWithLockedBackForwardList, WTF::PassRefPtr<WebCore::FormState> prpFormState={...}) Line 2043 C++
QtWebKitd4.dll!WebCore::FrameLoader::loadWithNavigationAction(const WebCore::ResourceRequest & request={...}, const WebCore::NavigationAction & action={...}, bool lockHistory=false, WebCore::FrameLoadType type=FrameLoadTypeRedirectWithLockedBackForwardList, WTF::PassRefPtr<WebCore::FormState> formState={...}) Line 1966 C++
QtWebKitd4.dll!WebCore::FrameLoader::loadURL(const WebCore::KURL & newURL={...}, const WebCore::String & referrer={...}, const WebCore::String & frameName={...}, bool lockHistory=false, WebCore::FrameLoadType newLoadType=FrameLoadTypeRedirectWithLockedBackForwardList, WTF::PassRefPtr<WebCore::Event> event={...}, WTF::PassRefPtr<WebCore::FormState> prpFormState={...}) Line 1909 C++
QtWebKitd4.dll!WebCore::FrameLoader::loadURLIntoChildFrame(const WebCore::KURL & url={...}, const WebCore::String & referer={...}, WebCore::Frame * childFrame=0x035fa260) Line 1203 + 0x95 bytes C++
QtWebKitd4.dll!WebCore::FrameLoaderClientQt::createFrame(const WebCore::KURL & url={...}, const WebCore::String & name={...}, WebCore::HTMLFrameOwnerElement * ownerElement=0x035ee4a8, const WebCore::String & referrer={...}, bool allowsScrolling=true, int marginWidth=-1, int marginHeight=-1) Line 1045 C++
QtWebKitd4.dll!WebCore::FrameLoader::loadSubframe(WebCore::HTMLFrameOwnerElement * ownerElement=0x035ee4a8, const WebCore::KURL & url={...}, const WebCore::String & name={...}, const WebCore::String & referrer={...}) Line 394 + 0x74 bytes C++
QtWebKitd4.dll!WebCore::FrameLoader::requestFrame(WebCore::HTMLFrameOwnerElement * ownerElement=0x035ee4a8, const WebCore::String & urlString={...}, const WebCore::AtomicString & frameName={...}) Line 365 + 0x28 bytes C++
QtWebKitd4.dll!WebCore::FrameLoader::requestObject(WebCore::RenderPart * renderer=0x03534164, const WebCore::String & url={...}, const WebCore::AtomicString & frameName={...}, const WebCore::String & mimeType={...}, const WTF::Vector<WebCore::String,0> & paramNames={...}, const WTF::Vector<WebCore::String,0> & paramValues={...}) Line 1267 + 0x19 bytes C++
QtWebKitd4.dll!WebCore::RenderPartObject::updateWidget(bool onlyCreateNonNetscapePlugins=true) Line 316 C++
QtWebKitd4.dll!WebCore::HTMLEmbedElement::updateWidget() Line 187 C++
QtWebKitd4.dll!WebCore::HTMLPlugInElement::updateWidgetCallback(WebCore::Node * n=0x035ee4a8) Line 181 C++
QtWebKitd4.dll!WebCore::ContainerNode::dispatchPostAttachCallbacks() Line 573 + 0x7 bytes C++
QtWebKitd4.dll!WebCore::ContainerNode::resumePostAttachCallbacks() Line 546 C++
QtWebKitd4.dll!WebCore::Element::attach() Line 747 C++
QtWebKitd4.dll!WebCore::HTMLEmbedElement::attach() Line 172 C++
QtWebKitd4.dll!WebCore::HTMLParser::insertNode(WebCore::Node * n=0x035ee4a8, bool flat=false) Line 379 C++
QtWebKitd4.dll!WebCore::HTMLParser::parseToken(WebCore::Token * t=0x03536214) Line 274 + 0x19 bytes C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::processToken() Line 1947 + 0x20 bytes C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1517 + 0x12 bytes C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str={...}, bool appendData=false) Line 1770 + 0x23 bytes C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource * __formal=0x0356d488) Line 2093 C++
QtWebKitd4.dll!WebCore::CachedScript::checkNotify() Line 105 + 0x11 bytes C++
QtWebKitd4.dll!WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 96 C++
QtWebKitd4.dll!WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader * loader=0x0356e018) Line 368 C++
QtWebKitd4.dll!WebCore::SubresourceLoader::didFinishLoading() Line 186 C++
QtWebKitd4.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x0356d908) Line 404 C++
QtWebKitd4.dll!WebCore::QNetworkReplyHandler::finish() Line 238 C++
QtWebKitd4.dll!WebCore::QNetworkReplyHandler::qt_metacall(QMetaObject::Call _c=InvokeMetaMethod, int _id=1, void * * _a=0x03536e00) Line 82 + 0x8 bytes C++
QtCored4.dll!QMetaObject::metacall(QObject * object=0x0356e5e8, QMetaObject::Call cl=InvokeMetaMethod, int idx=5, void * * argv=0x03536e00) Line 238 C++
QtCored4.dll!QMetaCallEvent::placeMetaCall(QObject * object=0x0356e5e8) Line 561 + 0x19 bytes C++
QtCored4.dll!QObject::event(QEvent * e=0x035706f8) Line 1240 + 0x14 bytes C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x0356e5e8, QEvent * e=0x035706f8) Line 4302 + 0x11 bytes C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x0356e5e8, QEvent * e=0x035706f8) Line 3706 + 0x10 bytes C++
QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x0356e5e8, QEvent * event=0x035706f8) Line 726 + 0x15 bytes C++
QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x0356e5e8, QEvent * event=0x035706f8) Line 215 + 0x39 bytes C++
QtCored4.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x0219fd20) Line 1368 + 0xd bytes C++
QtCored4.dll!qt_internal_proc(HWND__ * hwnd=0x000a1c58, unsigned int message=1025, unsigned int wp=0, long lp=0) Line 490 + 0x10 bytes C++
user32.dll!75916238()
[Frames below may be incorrect and/or missing, no symbols loaded for user32.dll]
user32.dll!759168ea()
user32.dll!75916899()
user32.dll!75917d31()
user32.dll!75917dfa()
QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 781 C++
QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 1151 + 0x15 bytes C++
QtCored4.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 150 C++
QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...}) Line 201 + 0x2d bytes C++
QtCored4.dll!QCoreApplication::exec() Line 1003 + 0x15 bytes C++
QtGuid4.dll!QApplication::exec() Line 3582 C++
browser.exe!main(int argc=1, char * * argv=0x0219e8b0) Line 51 + 0x6 bytes C++
browser.exe!WinMain(HINSTANCE__ * instance=0x00980000, HINSTANCE__ * prevInstance=0x00000000, char * __formal=0x0055fba6, int cmdShow=1) Line 131 + 0x12 bytes C++
browser.exe!__tmainCRTStartup() Line 574 + 0x35 bytes C
browser.exe!WinMainCRTStartup() Line 399 C
kernel32.dll!74d63677()
ntdll.dll!771b9d42()
ntdll.dll!771b9d15()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list