[Webkit-unassigned] [Bug 56552] [Qt] When NSplugins are enabled there is a stack corruption on linux

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 17 04:55:11 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=56552


pvbrowser <lehrig at t-online.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |UNCONFIRMED
         Resolution|INVALID                     |




--- Comment #4 from pvbrowser <lehrig at t-online.de>  2011-03-17 04:55:11 PST ---
Here is a test program for reproducing the isse:
/****************************************************************************
Test program for showing issue with NSplugin on openSUSE 11.4 (other Linux ???)
After loading the web page please wait about 10 seconds.

Project file:
QT           += webkit
SOURCES       = main.cpp
TARGET        = plugintest

****************************************************************************/
#include <QApplication>
#include <QWebView>

int main(int argc, char *argv[])
{
  QApplication app(argc, argv);
  QWebView w;
  w.settings()->setAttribute(QWebSettings::PluginsEnabled, true);
  w.load(QUrl("http://pro-linux.de"));
  w.show();
  return app.exec();
}

##########################################################
The output of "valgrind ./plugintest"
##########################################################
==23270== Memcheck, a memory error detector
==23270== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==23270== Using Valgrind-3.6.0 and LibVEX; rerun with -h for copyright info
==23270== Command: ./plugintest
==23270== 
==23270== Conditional jump or move depends on uninitialised value(s)
==23270==    at 0x5C7EAFA: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x42170CD: ???
==23270==    by 0x5C696AE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5C95776: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55E88A7: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55E9061: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56008AC: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57FABCE: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57FFABD: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x584CF43: WebCore::CachedScript::checkNotify() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5884D9C: WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5899219: WebCore::SubresourceLoader::didFinishLoading() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270== 
==23270== Conditional jump or move depends on uninitialised value(s)
==23270==    at 0x5C7EAC9: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x42170CD: ???
==23270==    by 0x5C696AE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5C95776: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55E88A7: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55E9061: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56008AC: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57FABCE: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57FFABD: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x584CF43: WebCore::CachedScript::checkNotify() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5884D9C: WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5899219: WebCore::SubresourceLoader::didFinishLoading() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270== 
==23270== Conditional jump or move depends on uninitialised value(s)
==23270==    at 0x5C7EAC9: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x42170CD: ???
==23270==    by 0x5C6A054: JSC::Interpreter::execute(JSC::CallFrameClosure&, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5D9FC64: JSC::arrayProtoFuncForEach(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x42171B3: ???
==23270==    by 0x5C696AE: JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5C95776: JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55E88A7: WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55E9061: WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56008AC: WebCore::ScriptController::executeScript(WebCore::ScriptSourceCode const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57FABCE: WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57FFABD: WebCore::HTMLTokenizer::executeExternalScriptsIfReady() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270== 
/usr/src/packages/BUILD/icedtea6-1.9.7/plugin/icedteanp/IcedTeaNPPlugin.cc:1978: thread 0xbe2e8a0: Error: Invalid plugin function table.
==23310== Warning: invalid file descriptor 1024 in syscall close()
==23310== Warning: invalid file descriptor 1025 in syscall close()
==23310== Warning: invalid file descriptor 1026 in syscall close()
==23310==    Use --log-fd=<number> to select an alternative log fd.
==23310== Warning: invalid file descriptor 1027 in syscall close()
==23310== Warning: invalid file descriptor 1028 in syscall close()
==23348== Warning: invalid file descriptor 1024 in syscall close()
==23348== Warning: invalid file descriptor 1025 in syscall close()
==23348== Warning: invalid file descriptor 1026 in syscall close()
==23348==    Use --log-fd=<number> to select an alternative log fd.
==23348== Warning: invalid file descriptor 1027 in syscall close()
==23348== Warning: invalid file descriptor 1028 in syscall close()
*** NSPlugin Wrapper *** WARNING:(/usr/src/packages/BUILD/nspluginwrapper-1.3.0/src/npw-wrapper.c:3160):invoke_NP_Initialize: assertion failed: (rpc_method_invoke_possible(g_rpc_connection))
*** NSPlugin Viewer  *** WARNING: unhandled variable 18 (<unknown variable>) in NPN_GetValue()
==23270== Conditional jump or move depends on uninitialised value(s)
==23270==    at 0x5C7EAC9: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x42170CD: ???
==23270==    by 0x5C69ADD: JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5CB75A6: JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5C8F94F: JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55DFFC0: WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56C7E8C: WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56C7FCD: WebCore::EventTarget::fireEventListeners(WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56D3130: WebCore::Node::handleLocalEvents(WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56D8405: WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56D8794: WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x57CCF1E: WebCore::HTMLImageLoader::dispatchLoadEvent() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270== 
==23270== Conditional jump or move depends on uninitialised value(s)
==23270==    at 0x5C7EAFA: cti_vm_lazyLinkCall (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x42170CD: ???
==23270==    by 0x5C69ADD: JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5CB75A6: JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5C8F94F: JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x55DFFC0: WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56C7E8C: WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56C7FCD: WebCore::EventTarget::fireEventListeners(WebCore::Event*) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x58B750D: WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x58B76A3: WebCore::DOMWindow::dispatchLoadEvent() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x56A7B14: WebCore::Document::implicitClose() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270==    by 0x5866864: WebCore::FrameLoader::checkCompleted() (in /usr/lib64/libQtWebKit.so.4.7.1)
==23270== 
*** NSPlugin Wrapper *** WARNING: unhandled variable 18 in NPP_GetValue()
==23270== 
==23270== HEAP SUMMARY:
==23270==     in use at exit: 1,309,475 bytes in 6,077 blocks
==23270==   total heap usage: 173,041 allocs, 166,964 frees, 53,925,280 bytes allocated
==23270== 
==23270== LEAK SUMMARY:
==23270==    definitely lost: 3,640 bytes in 19 blocks
==23270==    indirectly lost: 3,116 bytes in 28 blocks
==23270==      possibly lost: 27,310 bytes in 161 blocks
==23270==    still reachable: 1,275,409 bytes in 5,869 blocks
==23270==         suppressed: 0 bytes in 0 blocks
==23270== Rerun with --leak-check=full to see details of leaked memory
==23270== 
==23270== For counts of detected and suppressed errors, rerun with: -v
==23270== Use --track-origins=yes to see where uninitialised values come from
==23270== ERROR SUMMARY: 148 errors from 5 contexts (suppressed: 78 from 8)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list