[Qtwebengine] webengine crash
Tom Deblauwe
deblauwetom at gmail.com
Fri Jan 30 16:20:12 CET 2015
Hello,
I am trying out QtWebEngine 5.4.0 and I'm having a crash when enabling
javascript. I am crosscompiling for 32-bit on a 64-bit linux using
buildroot. I get it to compile and run, but only when I disable
javascript. Upon further investigation, I found it has something to do
with some types of javascript. I tested some things and it seems I get
the crash with "jquery" version 1.11.0, like for example that is used on
"xkcd.org". When I use the latest "jquery" I don't get the crash, e.g.
jquery 2.1.3. Anyway, in all cases, the last part of the stack trace is
almost the same.
It always ends with the "WriteToFlat" function.
I have set a breakpoint and the function works, it is not crashing on
the first try, but after a while it seems.
Then I also checked that it was not some sort of javascript out of
memory thing, so I wrote a little javascript that just creates a huge
array, and that fails gratiously, it doesn't crash. So it seems it is
really some kind of internal issue. I suspect it has something to do
with regular expressions, or maybe the "String::Flatten" function is
called often in regexp's. Anyways, on this line:
src/3rdparty/chromium/v8/src/jsregexp.cc:169
There is a "pattern = String::Flatten(pattern);" call.
So any clues in what direction I would have to search to find the problem?
The problem is not reproducable when I use the regular desktop builds
downloadable using the qt installer.
On different sites I have differen backtraces, but all end with a call
to "WriteToFlat<unsigned char>".
And when I disable javascript, every site renders okay, so there is not
a problem with the rendering itself, everything is seen as intended.
Any help would be greatly appreciated!
Best regards,
Tom Deblauwe
gdb --args ./browser --log-level=0 --single-process
(gdb) bt
#0 v8::internal::String::WriteToFlat<unsigned char> (src=0xdd094881,
src at entry=0xdd0949a9,
sink=sink at entry=0xdd094e8c
"\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336)*)|.*)\\)|)\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336"...,
f=119, f at entry=0, t=171) at
../../../src/3rdparty/chromium/v8/src/objects.cc:8823
#1 0xeeceae64 in v8::internal::String::WriteToFlat<unsigned char>
(src=0xdd0949ed,
sink=0xdd094e15
"\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336)*)|.*)\\)|)\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357"...,
f=f at entry=0, t=171, t at entry=263) at
../../../src/3rdparty/chromium/v8/src/objects.cc:8864
#2 0xeecec384 in v8::internal::String::SlowFlatten
(cons=cons at entry=..., pretenure=pretenure at entry=v8::internal::NOT_TENURED)
at ../../../src/3rdparty/chromium/v8/src/objects.cc:1044
#3 0xee9f800a in v8::internal::String::Flatten (string=...,
pretenure=v8::internal::NOT_TENURED)
at ../../../src/3rdparty/chromium/v8/src/objects-inl.h:3180
#4 0xeec50fd8 in v8::internal::RegExpImpl::Compile (re=re at entry=...,
pattern=pattern at entry=..., flag_str=...)
at ../../../src/3rdparty/chromium/v8/src/jsregexp.cc:169
#5 0xeed7e513 in __RT_impl_Runtime_RegExpCompile (isolate=0xe79450d0,
args=...)
at ../../../src/3rdparty/chromium/v8/src/runtime.cc:2124
#6 v8::internal::Runtime_RegExpCompile (args_length=3,
args_object=0xe16f2ee0, isolate=0xe79450d0)
at ../../../src/3rdparty/chromium/v8/src/runtime.cc:2117
#7 0x20e0a076 in ?? ()
#8 0x20e594f2 in ?? ()
#9 0x20e3b0c4 in ?? ()
#10 0x20e1e85b in ?? ()
#11 0x20e1eb3b in ?? ()
#12 0x3750ad73 in ?? ()
#13 0x3750fe29 in ?? ()
#14 0x20e1e85b in ?? ()
#15 0x20e80a11 in ?? ()
#16 0x20e80b6b in ?? ()
#17 0x20e1edf5 in ?? ()
#18 0x20e1e0ea in ?? ()
#19 0xeeae7336 in v8::internal::Invoke
(is_construct=is_construct at entry=false, function=function at entry=...,
receiver=...,
receiver at entry=..., argc=argc at entry=0, args=args at entry=0x0) at
../../../src/3rdparty/chromium/v8/src/execution.cc:94
#20 0xeeae9580 in v8::internal::Execution::Call
(isolate=isolate at entry=0xe79450d0, callable=..., callable at entry=...,
receiver=...,
argc=argc at entry=0, argv=argv at entry=0x0,
convert_receiver=convert_receiver at entry=false)
at ../../../src/3rdparty/chromium/v8/src/execution.cc:149
#21 0xeea1ceba in v8::Script::Run (this=0xe796bd48) at
../../../src/3rdparty/chromium/v8/src/api.cc:1637
#22 0xf15b8aa8 in WebCore::V8ScriptRunner::runCompiledScript
(script=..., context=0x5f404078, isolate=0xe79450d0)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/V8ScriptRunner.cpp:105
#23 0xf1562e44 in WebCore::ScriptController::executeScriptAndReturnValue
(this=0xe7970d88, context=..., source=...,
corsStatus=WebCore::NotSharableCrossOrigin)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:187
#24 0xf1564bc3 in WebCore::ScriptController::evaluateScriptInMainWorld
(this=0xe7970d88, sourceCode=...,
corsStatus=WebCore::NotSharableCrossOrigin,
policy=WebCore::ScriptController::DoNotExecuteScriptWhenScriptsDisabled)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:582
#25 0xf15649ad in WebCore::ScriptController::executeScriptInMainWorld
(this=0xe7970d88, sourceCode=...,
corsStatus=WebCore::NotSharableCrossOrigin)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:551
#26 0xef763ff0 in WebCore::ScriptLoader::executeScript (this=0xe7972870,
sourceCode=...)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/dom/ScriptLoader.cpp:335
#27 0xf1d0bf9f in
WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent
(this=0x466e47f0, pendingScript=...,
pendingScriptType=WebCore::HTMLScriptRunner::PendingScriptBlockingParser)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:165
#28 0xf1d0bda0 in
WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x466e47f0)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:134
#29 0xf1d0c395 in
WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x466e47f0)
at
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:226
#30 0xf1d0c556 in
WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad
(this=0x466e47f0, resource=0x467c03d0)
More information about the QtWebEngine
mailing list