[Webkit-unassigned] [Bug 35051] New: PopupMenu::show() assumes FrameView::hostWindow()->platformPageClient() is non-null

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 17 12:58:33 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=35051

           Summary: PopupMenu::show() assumes
                    FrameView::hostWindow()->platformPageClient() is
                    non-null
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aseigo at kde.org


If a QWebPage is created without a QWidget parent, such as when being used on a
QGraphicsScene where the parent is a QGraphicsWidget, then QWebPage::d->client
will be null, and this is what ChromeClientQt::platformPageClient() returns.
PopupMenu::show() assumes that it is non-null:

void PopupMenu::show(const IntRect& r, FrameView* v, int index)
{
    QWebPageClient* client = v->hostWindow()->platformPageClient();
    populate(r);
    QRect rect = r;
    rect.moveTopLeft(v->contentsToWindow(r.topLeft()));
    rect.setHeight(m_popup->sizeHint().height());

    if (QGraphicsView* view =
qobject_cast<QGraphicsView*>(client->ownerWidget())) {

and therefore any popup, such as triggered by clicking on a combobox in an HTML
form, will trigger a crash. the backtrace ends up looking like this:

#
Thread 1 (Thread 0xb3091b30 (LWP 6207)):
#
[KCrash Handler]
#
#6  0xb48b4916 in WebCore::PopupMenu::show(WebCore::IntRect const&,
WebCore::FrameView*, int) () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#7  0xb4815114 in WebCore::RenderMenuList::showPopup() () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#8  0xb451be32 in
WebCore::SelectElement::menuListDefaultEventHandler(WebCore::SelectElementData&,
WebCore::Element*, WebCore::Event*, WebCore::HTMLFormElement*) ()
#
   from /home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#9  0xb451c734 in
WebCore::SelectElement::defaultEventHandler(WebCore::SelectElementData&,
WebCore::Element*, WebCore::Event*, WebCore::HTMLFormElement*) ()
#
   from /home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#10 0xb46107f3 in
WebCore::HTMLSelectElement::defaultEventHandler(WebCore::Event*) () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#11 0xb44fb365 in
WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#12 0xb44fad50 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>)
() from /home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#13 0xb44fc35c in WebCore::Node::dispatchMouseEvent(WebCore::AtomicString
const&, int, int, int, int, int, int, bool, bool, bool, bool, bool,
WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) ()
#
   from /home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#14 0xb44fbb3f in WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent
const&, WebCore::AtomicString const&, int, WebCore::Node*) () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#15 0xb46ec782 in
WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&,
WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) ()
#
   from /home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#16 0xb46ea830 in
WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent
const&) () from /home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#17 0xb48da4bf in QWebPagePrivate::mousePressEvent(QMouseEvent*) () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#18 0xb48e1a89 in QWebPage::event(QEvent*) () from
/home/aseigo/kde4/qt-copy/lib/libQtWebKit.so.4
#
#19 0xb73017bb in Plasma::WebView::mousePressEvent (this=0x8268958,
event=0xbf82d42c) at
/home/aseigo/kde4/KDE/kdelibs/plasma/widgets/webview.cpp:294
#
#20 0xb66387c4 in QGraphicsItem::sceneEvent (this=0x8268960, event=0xbf82d42c)
at /home/aseigo/kde4/qt/src/gui/graphicsview/qgraphicsitem.cpp:6497
#
#21 0xb669ec31 in QGraphicsWidget::sceneEvent (this=0x8268958,
event=0xbf82d42c) at
/home/aseigo/kde4/qt/src/gui/graphicsview/qgraphicswidget.cpp:1129
#
#22 0xb66614be in QGraphicsScenePrivate::sendEvent (this=0x8176728,
item=0x8268960, event=0xbf82d42c) at
/home/aseigo/kde4/qt/src/gui/graphicsview/qgraphicsscene.cpp:1181
#
#23 0xb667081b in QGraphicsScene::sendEvent (this=0xbf82e604, item=0x8268960,
event=0xbf82d42c) at
/home/aseigo/kde4/qt/src/gui/graphicsview/qgraphicsscene.cpp:5564
#
#24 0xb7290086 in Plasma::KineticScrolling::eventFilter (this=0x823a370,
watched=0x8268958, event=0xbf82d42c) at
/home/aseigo/kde4/KDE/kdelibs/plasma/private/kineticscroll.cpp:385
#
#25 0xb6c47af3 in QCoreApplicationPrivate::sendThroughObjectEventFilters
(this=0x80776a0, receiver=0x8268958, event=0xbf82d42c) at
/home/aseigo/kde4/qt/src/corelib/kernel/qcoreapplication.cpp:819


right now we are working around this in libplasma (part of KDE's kdelibs
package) by passing a QGraphicsView into QWebPage::setView. however, this is
quite sub-optimal since there is often more than one QGraphicsView on the same
QGraphicsItem in our case, so the QGraphicsView passed to QWebPage::setView is
fairly "random" in terms of being the current view. also, if that view were to
go away, i expect it would once again be able to easily trigger crashes.

a possible solution might be to allow QWebPage to have a QGraphicsObject as
parent to note that it is being used on a scene and create a
QWebPageWidgetClient in that case as well. of course, i'm sure the QtWebkit
devs will have even better ideas :)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list