PDA

View Full Version : QWebView crash (qt 4.7.2)



mentalmushroom
5th June 2012, 16:12
Today I noticed QWebView suddenly crashed while browsing. I post screenshots and copy of local variables.

7803

The crash was in the setUpIterator function in TextBreakIteratorQt.cpp unit. Iterator.string is a bad pointer and memcmp crashed trying to compare it with another string of length 10.

Local data:


- iterator {length=10 string=0x0898f8ec <Bad Ptr> } WebCore::TextBreakIterator &
+ QTextBoundaryFinder {t=Line s="" chars=0x0898f8ec ...} QTextBoundaryFinder
length 10 int
+ string 0x0898f8ec <Bad Ptr> const wchar_t *
iterator.length 10 int
+ iterator.string 0x0898f8ec <Bad Ptr> const wchar_t *
length 10 int
+ string 0x0736af6c "Adem Kiliç﷽﷽ꮫꮫꮫꮫﻮ ﻮ" const wchar_t *
type Line QTextBoundaryFinder::BoundaryType


Callstack:


msvcr90d.dll!cmpDWORD(const void * lhs=0x0736af6c, const void * rhs=0x0898f8ec) + 0x1c bytes C
msvcr90d.dll!unaligned_memcmp(const unsigned char * bLHS=0x0736af76, const unsigned char * bRHS=0x0898f8f6, unsigned int siz=10) + 0x4aa bytes C
msvcr90d.dll!memcmp(const void * lhs=0x0736af6c, const void * rhs=0x0898f8ec, unsigned int siz=10) + 0x19c bytes C
> QtWebKitd4.dll!WebCore::setUpIterator(WebCore::Tex tBreakIterator & iterator={...}, QTextBoundaryFinder::BoundaryType type=Line, const wchar_t * string=0x0736af6c, int length=10) Line 59 + 0x3d bytes C++
QtWebKitd4.dll!WebCore::lineBreakIterator(const wchar_t * string=0x0736af6c, int length=10) Line 89 + 0x14 bytes C++
QtWebKitd4.dll!WebCore::nextBreakablePosition(cons t wchar_t * str=0x0736af6c, int pos=5, int len=10, bool treatNoBreakSpaceAsBreak=false) Line 120 + 0xd bytes C++
QtWebKitd4.dll!WebCore::isBreakable(const wchar_t * str=0x0736af6c, int pos=5, int len=10, int & nextBreakable=4, bool breakNBSP=false) Line 33 + 0x16 bytes C++
QtWebKitd4.dll!WebCore::RenderBlock::findNextLineB reak(WebCore::BidiResolver<WebCore::InlineIterator,WebCore::BidiRun> & resolver={...}, bool firstLine=true, bool & isLineEmpty=false, bool & previousLineBrokeCleanly=false, WebCore::EClear * clear=0x005fbbc0) Line 1600 + 0x3d bytes C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutInlineC hildren(bool relayoutChildren=true, int & repaintTop=0, int & repaintBottom=0) Line 671 + 0x33 bytes C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=true) Line 745 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ild(WebCore::RenderBox * child=0x08d8ec5c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0) Line 1364 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ildren(bool relayoutChildren=true, int & maxFloatBottom=0) Line 1304 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=true) Line 749 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ild(WebCore::RenderBox * child=0x075e9b98, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=4354) Line 1364 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ildren(bool relayoutChildren=false, int & maxFloatBottom=4354) Line 1304 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=false) Line 749 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderObject::layoutIfNeed ed() Line 518 + 0x26 bytes C++
QtWebKitd4.dll!WebCore::RenderBlock::insertFloatin gObject(WebCore::RenderBox * o=0x087e3898) Line 2343 C++
QtWebKitd4.dll!WebCore::RenderBlock::handleFloatin gChild(WebCore::RenderBox * child=0x087e3898, const WebCore::RenderBlock::MarginInfo & marginInfo={...}) Line 939 C++
QtWebKitd4.dll!WebCore::RenderBlock::handleSpecial Child(WebCore::RenderBox * child=0x087e3898, const WebCore::RenderBlock::MarginInfo & marginInfo={...}) Line 921 + 0x27 bytes C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ildren(bool relayoutChildren=false, int & maxFloatBottom=0) Line 1299 + 0x10 bytes C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=false) Line 749 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ild(WebCore::RenderBox * child=0x07300a08, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=1068, int & maxFloatBottom=117) Line 1364 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ildren(bool relayoutChildren=false, int & maxFloatBottom=117) Line 1304 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=false) Line 749 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ild(WebCore::RenderBox * child=0x077d6118, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=1068, int & maxFloatBottom=0) Line 1364 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ildren(bool relayoutChildren=false, int & maxFloatBottom=0) Line 1304 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=false) Line 749 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ild(WebCore::RenderBox * child=0x077d5fe0, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=1068, int & maxFloatBottom=0) Line 1364 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockCh ildren(bool relayoutChildren=false, int & maxFloatBottom=0) Line 1304 C++
QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(b ool relayoutChildren=false) Line 749 C++
QtWebKitd4.dll!WebCore::RenderBlock::layout() Line 674 C++
QtWebKitd4.dll!WebCore::RenderView::layout() Line 125 C++
QtWebKitd4.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 720 C++
QtWebKitd4.dll!WebCore::Document::updateLayout() Line 1432 C++
QtWebKitd4.dll!WebCore::Document::updateLayoutIgno rePendingStylesheets() Line 1464 C++
QtWebKitd4.dll!WebCore::Element::offsetWidth() Line 346 C++
QtWebKitd4.dll!WebCore::jsElementOffsetWidth(JSC:: ExecState * exec=0x08240120, JSC::JSValue slotBase={...}, const JSC::Identifier & __formal={...}) Line 297 + 0x8 bytes C++
QtWebKitd4.dll!JSC::PropertySlot::getValue(JSC::Ex ecState * exec=0x08240120, const JSC::Identifier & propertyName={...}) Line 78 + 0x26 bytes C++
QtWebKitd4.dll!JSC::JSValue::get(JSC::ExecState * exec=0x08240120, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 630 + 0x14 bytes C++
QtWebKitd4.dll!cti_op_get_by_id(void * * args=0x005fcc28) Line 1296 C++
052e1344()
QtWebKitd4.dll!JSC::FunctionExecutable::generateJI TCode(JSC::ExecState * exec=0x08240120, JSC::ScopeChainNode * scopeChainNode=0x0737f310) Line 171 C++
07380d64()
QtWebKitd4.dll!JSC::Interpreter::execute(JSC::Func tionExecutable * functionExecutable=0x08c748d0, JSC::ExecState * callFrame=0x0740b9a8, JSC::JSFunction * function=0x08049d80, JSC::JSObject * thisObj=0x080443c0, const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x08e086b0, JSC::JSValue * exception=0x0737f310) Line 687 + 0x31 bytes C++
QtWebKitd4.dll!JSC::JSFunction::call(JSC::ExecStat e * exec=0x0740b9a8, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}) Line 122 + 0x4e bytes C++
QtWebKitd4.dll!JSC::call(JSC::ExecState * exec=0x0740b9a8, JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}) Line 39 + 0x2b bytes C++
QtWebKitd4.dll!WebCore::JSEventListener::handleEve nt(WebCore::ScriptExecutionContext * scriptExecutionContext=, WebCore::Event * event=) Line 115 + 0xd3 bytes C++
QtWebKitd4.dll!WebCore::EventTarget::fireEventList eners(WebCore::Event * event=0x0770ec88, WebCore::EventTargetData * d=0x04346198, WTF::Vector<WebCore::RegisteredEventListener,1> & entry={...}) Line 316 C++
QtWebKitd4.dll!WebCore::EventTarget::fireEventList eners(WebCore::Event * event=0x0770ec88) Line 281 C++
QtWebKitd4.dll!WebCore::Node::handleLocalEvents(We bCore::Event * event=0x0770ec88) Line 2505 C++
QtWebKitd4.dll!WebCore::Node::dispatchGenericEvent (WTF::PassRefPtr<WebCore::Event> prpEvent={...}) Line 2645 C++
QtWebKitd4.dll!WebCore::Node::dispatchEvent(WTF::P assRefPtr<WebCore::Event> prpEvent={...}) Line 2567 + 0x1a bytes C++
QtWebKitd4.dll!WebCore::Document::finishedParsing( ) Line 4289 C++
QtWebKitd4.dll!WebCore::HTMLParser::finished() Line 1667 C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::end() Line 1879 C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str={...}, bool appendData=true) Line 1822 C++
QtWebKitd4.dll!WebCore::HTMLTokenizer::timerFired( WebCore::Timer<WebCore::HTMLTokenizer> * __formal=0x0732f8a8) Line 1856 + 0x2b bytes C++
QtWebKitd4.dll!WebCore::Timer<WebCore::HTMLTokenizer>::fired() Line 98 + 0x1f bytes C++
QtWebKitd4.dll!WebCore::ThreadTimers::sharedTimerF iredInternal() Line 115 C++
QtWebKitd4.dll!WebCore::ThreadTimers::sharedTimerF ired() Line 91 C++
QtWebKitd4.dll!WebCore::SharedTimerQt::timerEvent( QTimerEvent * ev=0x005fd7d0) Line 118 C++
QtCored4.dll!QObject::event(QEvent * e=0x005fd7d0) Line 1182 C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QOb ject * receiver=0x04095a50, QEvent * e=0x005fd7d0) Line 4462 + 0x11 bytes C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x04095a50, QEvent * e=0x005fd7d0) Line 3862 + 0x10 bytes C++
QtCored4.dll!QCoreApplication::notifyInternal(QObj ect * receiver=0x04095a50, QEvent * event=0x005fd7d0) Line 731 + 0x15 bytes C++
QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x04095a50, QEvent * event=0x005fd7d0) Line 215 + 0x39 bytes C++
QtCored4.dll!QEventDispatcherWin32::event(QEvent * e=0x086df3d8) Line 1139 + 0x10 bytes C++
QtGuid4.dll!QApplicationPrivate::notify_helper(QOb ject * receiver=0x03953260, QEvent * e=0x086df3d8) Line 4462 + 0x11 bytes C++
QtGuid4.dll!QApplication::notify(QObject * receiver=0x03953260, QEvent * e=0x086df3d8) Line 3862 + 0x10 bytes C++
QtCored4.dll!QCoreApplication::notifyInternal(QObj ect * receiver=0x03953260, QEvent * event=0x086df3d8) Line 731 + 0x15 bytes C++
QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x03953260, QEvent * event=0x086df3d8) Line 215 + 0x39 bytes C++
...