[Webkit-unassigned] [Bug 78119] New: QtWebkit crashes on QWebView::setUr(QUrl) on sh4 platform

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 8 08:38:36 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=78119

           Summary: QtWebkit crashes on QWebView::setUr(QUrl) on sh4
                    platform
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Qt
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: roberto.chauderlot at mirada.tv


Usin Qt 4.8.0 (QtWebkit 2.2) on SH4 the browser crashes.

When a QWebView::setUr(QUrl) with the URL "http://maps.google.com" the application renders it, but crashes. If a lighter web page is loaded as "http://www.google.com" it renders it, but when it has to render a new page (because a search is entered) it also crashes.

The core file gives this information:

#0  0x00000000 in ?? ()
(gdb) bt
#0  0x00000000 in ?? ()
#1  0x2a907d48 in JSC::HandleHeap::markWeakHandles (this=<value optimized out>, heapRootVisitor=@0x7bd0110c) at heap/HandleHeap.cpp:85
#2  0x2a9091a0 in JSC::Heap::markRoots (this=0x5083a084) at heap/Heap.cpp:259
#3  0x2a90937e in JSC::Heap::reset (this=<value optimized out>, sweepToggle=<value optimized out>) at heap/Heap.cpp:397
#4  0x2a0c715c in collect () at bindings/js/GCController.cpp:42
#5  0x2a0c6f2a in WebCore::Timer<WebCore::GCController>::fired (this=<value optimized out>) at platform/Timer.h:100
#6  0x2a4b10d2 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x5082d120) at platform/ThreadTimers.cpp:112
#7  0x00000000 in ?? ()
(gdb) f 1
#1  0x2a907d48 in JSC::HandleHeap::markWeakHandles (this=<value optimized out>, heapRootVisitor=@0x7bd0110c) at heap/HandleHeap.cpp:85
85            if (!weakOwner->isReachableFromOpaqueRoots(Handle<Unknown>::wrapSlot(node->slot()), node->weakOwnerContext(), visitor))
Current language:  auto; currently c++
(gdb) info args
this = <value optimized out>
heapRootVisitor = (class JSC::HeapRootVisitor &) @0x7bd0110c: {m_visitor = @0x5083a244}
(gdb) info locals
node = (JSC::HandleHeap::Node *) 0x4ffbbd04
visitor = (SlotVisitor &) @0x5083a244: {m_jsArrayVPtr = 0x2acdb768, m_markSets = {m_top = 0, m_allocated = 4096, m_capacity = 341, m_data = 0x4c6c1000}, 
  m_values = {m_top = 0, m_allocated = 4096, m_capacity = 1024, m_data = 0x4a778000}, static s_pageSize = 4096, m_opaqueRoots = {m_impl = {
      static m_minTableSize = 64, static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x525d6300, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 2, 
      m_deletedCount = 0}}}
end = (JSC::HandleHeap::Node *) 0x5083a2e4
(gdb) f 2
#2  0x2a9091a0 in JSC::Heap::markRoots (this=0x5083a084) at heap/Heap.cpp:259
259            m_handleHeap.markWeakHandles(heapRootMarker);
(gdb) info locals
dummy = (void *) 0x4c418000
visitor = (JSC::MarkStack &) @0x5083a244: {m_jsArrayVPtr = 0x2acdb768, m_markSets = {m_top = 0, m_allocated = 4096, m_capacity = 341, m_data = 0x4c6c1000}, 
  m_values = {m_top = 0, m_allocated = 4096, m_capacity = 1024, m_data = 0x4a778000}, static s_pageSize = 4096, m_opaqueRoots = {m_impl = {
      static m_minTableSize = 64, static m_maxLoad = 2, static m_minLoad = 6, m_table = 0x525d6300, m_tableSize = 64, m_tableSizeMask = 63, m_keyCount = 2, 
      m_deletedCount = 0}}}
heapRootMarker = {m_visitor = @0x5083a244}
machineThreadRoots = {static inlineCapacity = 4294967168, static nonInlineCapacity = <optimized out>, m_heap = 0x5083a084, m_roots = 0x7bd00f0c, m_size = 0, 
  m_capacity = 128, m_inlineRoots = {0x0, 0x2cf, 0x0, 0x4ff, 0x20, 0x0, 0x7bd00f28, 0x525f83c0, 0x2acec44f, 0x4, 0x7, 0x7, 0x7, 0x15, 0x15, 0x16, 0x16, 
    0x16, 0x16, 0x0, 0x2a4ad266, 0x80000000, 0x0, 0x2a4ad266, 0x80000000, 0x29ceac0, 0x2c0177b8, 0x7bd01028, 0x7bd00fcc, 0x29ceac0, 0x2c018038, 0x2a5dd4fc, 
    0x24, 0x28, 0x525d7e40, 0x7bd00f9c, 0x0, 0x28b72f8, 0x2bf762f6, 0x8035b8, 0x7bd01074, 0x2c0177b8, 0x24, 0x0, 0x2bf74d94, 0x7bd00fec, 0x7bd01074, 
    0x2c0177b8, 0x28b8d40, 0x7bd01010, 0x2880e48, 0x2c018038, 0x2be36c70, 0x0, 0x0, 0x4af, 0x2bb, 0x0, 0x0, 0x4af, 0x2bb, 0x7bd01010, 0x4ed, 0x2bfbf5d0, 
    0x7bd01028, 0x525e00d8, 0x2c0177b8, 0x1, 0x4ed, 0x2bfbf5d0, 0x7bd01040, 0x4fdfd228, 0x2c0177b8, 0x4fdfa340, 0x4ed, 0x2bfbf5d0, 0x7bd01058, 0x525e0528, 
    0x2c0177b8, 0x1, 0x2acfb24c, 0x2ad004cc, 0x2ad00708, 0x2a8e75c2, 0xfffffff1, 0x2acec44c, 0x2bfbf610, 0x2c0177b8, 0x2acfb24c, 0x2a8e78e2, 0xfffffff1, 
    0x2acec44c, 0x38, 0x50800240, 0x2acf5884, 0x3, 0x525e0528, 0x2a9e41e8, 0x0, 0x525e0528, 0x2acec44c, 0x525d51ac, 0x525dd69c, 0x525d51ac, 0x0, 0x525dd660, 
    0x2acec44c, 0x0, 0x2a4b185a, 0x2a953034, 0x0, 0x525e0528, 0x2acec44c, 0xb0, 0x50800240, 0x0, 0x4c64c780, 0x0, 0x2a94e8ea, 0xcc0be8, 0x525ed800, 
    0x2acec44c, 0x4c64c740, 0x4c418000, 0x0, 0x4c64c780, 0x2a965940, 0x2acec44c}}
registerFileRoots = {static inlineCapacity = 4294967168, static nonInlineCapacity = <optimized out>, m_heap = 0x5083a084, m_roots = 0x7bd00cfc, m_size = 0, 
  m_capacity = 128, m_inlineRoots = {0x94dfcc, 0x2c09fcbc, 0x2962ffb4, 0x2965f680, 0x296421b0, 0x2965f680, 0x296400d2, 0x2965f680, 0x295e5d9e, 0x94dfac, 
    0x2965f680, 0x7bd00d54, 0x7bd00db0, 0xaee290, 0x0, 0xaee2d0, 0x0, 0x6, 0x0, 0x0, 0x4af, 0x2bb, 0x0, 0x0, 0x4af, 0x2bb, 0x41812fa4, 0x94dfcc, 0x94dfac, 
    0x4184b958, 0x4, 0x940df0, 0x2bb, 0x7bd00dc0, 0x29cead0, 0x525d7e40, 0x525d7e54, 0x6, 0xaf9770, 0x40, 0x2bf74d94, 0x7bd00e38, 0x29ceac0, 0x2c0177b8, 
    0x7bd00f28, 0x0, 0x0, 0x4af, 0x2bb, 0x0, 0x0, 0x4af, 0x2bb, 0x0, 0x0, 0x0, 0x41817336, 0x94dfcc, 0x94dfac, 0x4184b958, 0xff, 0x943968, 0x943971, 
    0x7bd00e13, 0x94dfcc, 0x0, 0x0, 0x4ff, 0x2cf, 0xff60b118, 0x2b0a542c, 0x943928, 0x94dfa8, 0x2b60b118, 0x2b0a5024, 0x2b60b118, 0x2b0a502a, 0x2b60b118, 
    0x7bd01688, 0x7bd01090, 0x2b60b118, 0x94dfa8, 0x943928, 0x7bd01688, 0x94dfcc, 0x4ff, 0x2cf, 0x0, 0x0, 0x4ff, 0x2cf, 0x2b0a555c, 0x2b60b118, 0x7bd00e90, 
    0x94dfa8, 0x2c0177b8, 0xacd2a8, 0xacd34c, 0x2b60ac54, 0x2c018038, 0x9a9948, 0x2b60ac54, 0x2b0a6584, 0x0, 0x0, 0x0, 0x94dfa8, 0x2b60b118, 0xacd2a8, 0x0, 
    0x2b0a65a6, 0x2b60b118, 0x7bd00fe0, 0x7bd00f1c, 0x7bd00fd0, 0x7bd00ff0, 0x0, 0x0, 0x0, 0x7bd010a3, 0x7bd01090, 0x7bd01084, 0x7bd0107c, 0x7bd01074, 0x0, 
    0x4fd56640, 0x94dfb0, 0x7bd01024}}
lastOpaqueRootCount = 2
(gdb) info args
this = (class JSC::Heap * const) 0x5083a084
(gdb) f 3
#3  0x2a90937e in JSC::Heap::reset (this=<value optimized out>, sweepToggle=<value optimized out>) at heap/Heap.cpp:397
397        markRoots();
(gdb) info locals
proportionalBytes = <value optimized out>
(gdb) info args
this = <value optimized out>
sweepToggle = <value optimized out>
(gdb) 

Qt 4.8.0 is compiled with this options: 
./configure \
-opensource \
-confirm-license \
-embedded sh4 \
-prefix-install \
-debug \
-plugin-gfx-directfb \
-qt-sql-sqlite \
-no-nas-sound \
-no-phonon \
-no-phonon-backend \
-svg \
-no-qt3support \
-no-xmlpatterns \
-no-accessibility \
-no-opengl \
-qt-libpng \
-qt-libjpeg \
-no-libtiff \
-qt-libmng \
-no-cups \
-no-dbus \
-system-zlib \
-openssl \
-webkit \
-no-mmx -no-3dnow -no-sse -no-sse2 \
-little-endian \
-depths 8,15,16,24,32 \
-arch sh4 \
-reduce-relocations \
-separate-debug-info \
-nomake demos \
-nomake examples \
-webkit-debug

In the file src/3rdparty/webkit/Source/WebCore/WebCore.pri the following two lines are removed to compile it with debug symbols:
!CONFIG(webkit-debug):CONFIG(QTDIR_build) {
    # Remove the following 2 lines if you want debug information in WebCore
    # CONFIG -= separate_debug_info
    # CONFIG += no_debug_info
}

And I attach the patches applyed to the qt (provided by ST for the ST 4.6.0, and rebased to the 4.8.0 version) which are used to the platform.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list