[Qtwebengine] webengine crash

Peter Varga pvarga at inf.u-szeged.hu
Tue Feb 3 11:26:45 CET 2015 

Hi Tom,

I tried to reproduce the reported problem but I couldn't. I compiled the
32bit Qt5 as I usually do:
made the build in an already set up 32bit chroot environment. Therefore
I suppose that the problem is
related to the cross-compilation. It might be possible some platform
specific configuration are passed
to the V8 compilation in a wrong way.

Could you elaborate a bit how you cross-compiled the Qt5? First of all I
need answers for the following
questions:
- Just to make things clear: your target is x86 32bit and Linux, isn't it?
- I generated a 32bit cross-toolchain with buildroot. I used the default
configuration. Did you change
anything compared to the default settings in buildroot? For example, do
you use uclibc or glibc?
- Which configuration options was passed to the Qt5's configure script?
I don't know how to set the
cross-compile toolchain. The easiest way is seemed to me to use the
-device-option CROSS_COMPILE=...
option but it is useless without specifying -device option.

Regards,
Peter

On 01/30/2015 04:20 PM, Tom Deblauwe wrote:
> Hello,
> 
> I am trying out QtWebEngine 5.4.0 and I'm having a crash when enabling 
> javascript. I am crosscompiling for 32-bit on a 64-bit linux using 
> buildroot. I get it to compile and run, but only when I disable 
> javascript. Upon further investigation, I found it has something to do 
> with some types of javascript. I tested some things and it seems I get 
> the crash with "jquery" version 1.11.0, like for example that is used on 
> "xkcd.org". When I use the latest "jquery" I don't get the crash, e.g. 
> jquery 2.1.3. Anyway, in all cases, the last part of the stack trace is 
> almost the same.
> 
> It always ends with the "WriteToFlat" function.
> 
> I have set a breakpoint and the function works, it is not crashing on 
> the first try, but after a while it seems.
> Then I also checked that it was not some sort of javascript out of 
> memory thing, so I wrote a little javascript that just creates a huge 
> array, and that fails gratiously, it doesn't crash. So it seems it is 
> really some kind of internal issue. I suspect it has something to do 
> with regular expressions, or maybe the "String::Flatten" function is 
> called often in regexp's. Anyways, on this line:
> 
> src/3rdparty/chromium/v8/src/jsregexp.cc:169
> 
> There is a "pattern = String::Flatten(pattern);" call.
> 
> So any clues in what direction I would have to search to find the problem?
> 
> The problem is not reproducable when I use the regular desktop builds 
> downloadable using the qt installer.
> 
> On different sites I have differen backtraces, but all end with a call 
> to "WriteToFlat<unsigned char>".
> 
> And when I disable javascript, every site renders okay, so there is not 
> a problem with the rendering itself, everything is seen as intended.
> 
> Any help would be greatly appreciated!
> 
> Best regards,
> Tom Deblauwe
> 
> 
> gdb --args ./browser --log-level=0 --single-process
> (gdb) bt
> #0  v8::internal::String::WriteToFlat<unsigned char> (src=0xdd094881, 
> src at entry=0xdd0949a9,
>      sink=sink at entry=0xdd094e8c 
> "\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336)*)|.*)\\)|)\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336"..., 
> f=119, f at entry=0, t=171) at 
> ../../../src/3rdparty/chromium/v8/src/objects.cc:8823
> #1  0xeeceae64 in v8::internal::String::WriteToFlat<unsigned char> 
> (src=0xdd0949ed,
>      sink=0xdd094e15 
> "\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336)*)|.*)\\)|)\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357"..., 
> 
>      f=f at entry=0, t=171, t at entry=263) at 
> ../../../src/3rdparty/chromium/v8/src/objects.cc:8864
> #2  0xeecec384 in v8::internal::String::SlowFlatten 
> (cons=cons at entry=..., pretenure=pretenure at entry=v8::internal::NOT_TENURED)
>      at ../../../src/3rdparty/chromium/v8/src/objects.cc:1044
> #3  0xee9f800a in v8::internal::String::Flatten (string=..., 
> pretenure=v8::internal::NOT_TENURED)
>      at ../../../src/3rdparty/chromium/v8/src/objects-inl.h:3180
> #4  0xeec50fd8 in v8::internal::RegExpImpl::Compile (re=re at entry=..., 
> pattern=pattern at entry=..., flag_str=...)
>      at ../../../src/3rdparty/chromium/v8/src/jsregexp.cc:169
> #5  0xeed7e513 in __RT_impl_Runtime_RegExpCompile (isolate=0xe79450d0, 
> args=...)
>      at ../../../src/3rdparty/chromium/v8/src/runtime.cc:2124
> #6  v8::internal::Runtime_RegExpCompile (args_length=3, 
> args_object=0xe16f2ee0, isolate=0xe79450d0)
>      at ../../../src/3rdparty/chromium/v8/src/runtime.cc:2117
> #7  0x20e0a076 in ?? ()
> #8  0x20e594f2 in ?? ()
> #9  0x20e3b0c4 in ?? ()
> #10 0x20e1e85b in ?? ()
> #11 0x20e1eb3b in ?? ()
> #12 0x3750ad73 in ?? ()
> #13 0x3750fe29 in ?? ()
> #14 0x20e1e85b in ?? ()
> #15 0x20e80a11 in ?? ()
> #16 0x20e80b6b in ?? ()
> #17 0x20e1edf5 in ?? ()
> #18 0x20e1e0ea in ?? ()
> #19 0xeeae7336 in v8::internal::Invoke 
> (is_construct=is_construct at entry=false, function=function at entry=..., 
> receiver=...,
>      receiver at entry=..., argc=argc at entry=0, args=args at entry=0x0) at 
> ../../../src/3rdparty/chromium/v8/src/execution.cc:94
> #20 0xeeae9580 in v8::internal::Execution::Call 
> (isolate=isolate at entry=0xe79450d0, callable=..., callable at entry=..., 
> receiver=...,
>      argc=argc at entry=0, argv=argv at entry=0x0, 
> convert_receiver=convert_receiver at entry=false)
>      at ../../../src/3rdparty/chromium/v8/src/execution.cc:149
> #21 0xeea1ceba in v8::Script::Run (this=0xe796bd48) at 
> ../../../src/3rdparty/chromium/v8/src/api.cc:1637
> #22 0xf15b8aa8 in WebCore::V8ScriptRunner::runCompiledScript 
> (script=..., context=0x5f404078, isolate=0xe79450d0)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/V8ScriptRunner.cpp:105
> #23 0xf1562e44 in WebCore::ScriptController::executeScriptAndReturnValue 
> (this=0xe7970d88, context=..., source=...,
>      corsStatus=WebCore::NotSharableCrossOrigin)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:187
> #24 0xf1564bc3 in WebCore::ScriptController::evaluateScriptInMainWorld 
> (this=0xe7970d88, sourceCode=...,
>      corsStatus=WebCore::NotSharableCrossOrigin, 
> policy=WebCore::ScriptController::DoNotExecuteScriptWhenScriptsDisabled)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:582
> #25 0xf15649ad in WebCore::ScriptController::executeScriptInMainWorld 
> (this=0xe7970d88, sourceCode=...,
>      corsStatus=WebCore::NotSharableCrossOrigin)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:551
> #26 0xef763ff0 in WebCore::ScriptLoader::executeScript (this=0xe7972870, 
> sourceCode=...)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/core/dom/ScriptLoader.cpp:335
> #27 0xf1d0bf9f in 
> WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent 
> (this=0x466e47f0, pendingScript=...,
> pendingScriptType=WebCore::HTMLScriptRunner::PendingScriptBlockingParser)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:165
> #28 0xf1d0bda0 in 
> WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x466e47f0)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:134
> #29 0xf1d0c395 in 
> WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x466e47f0)
>      at 
> ../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:226
> #30 0xf1d0c556 in 
> WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad 
> (this=0x466e47f0, resource=0x467c03d0)
> 
> 
> 
> _______________________________________________
> QtWebEngine mailing list
> QtWebEngine at qt-project.org
> http://lists.qt-project.org/mailman/listinfo/qtwebengine
>

More information about the QtWebEngine mailing list