[Qtwebengine] webengine crash

Tom Deblauwe deblauwetom at gmail.com
Fri Jan 30 16:20:12 CET 2015 

Hello,

I am trying out QtWebEngine 5.4.0 and I'm having a crash when enabling 
javascript. I am crosscompiling for 32-bit on a 64-bit linux using 
buildroot. I get it to compile and run, but only when I disable 
javascript. Upon further investigation, I found it has something to do 
with some types of javascript. I tested some things and it seems I get 
the crash with "jquery" version 1.11.0, like for example that is used on 
"xkcd.org". When I use the latest "jquery" I don't get the crash, e.g. 
jquery 2.1.3. Anyway, in all cases, the last part of the stack trace is 
almost the same.

It always ends with the "WriteToFlat" function.

I have set a breakpoint and the function works, it is not crashing on 
the first try, but after a while it seems.
Then I also checked that it was not some sort of javascript out of 
memory thing, so I wrote a little javascript that just creates a huge 
array, and that fails gratiously, it doesn't crash. So it seems it is 
really some kind of internal issue. I suspect it has something to do 
with regular expressions, or maybe the "String::Flatten" function is 
called often in regexp's. Anyways, on this line:

src/3rdparty/chromium/v8/src/jsregexp.cc:169

There is a "pattern = String::Flatten(pattern);" call.

So any clues in what direction I would have to search to find the problem?

The problem is not reproducable when I use the regular desktop builds 
downloadable using the qt installer.

On different sites I have differen backtraces, but all end with a call 
to "WriteToFlat<unsigned char>".

And when I disable javascript, every site renders okay, so there is not 
a problem with the rendering itself, everything is seen as intended.

Any help would be greatly appreciated!

Best regards,
Tom Deblauwe


gdb --args ./browser --log-level=0 --single-process
(gdb) bt
#0  v8::internal::String::WriteToFlat<unsigned char> (src=0xdd094881, 
src at entry=0xdd0949a9,
     sink=sink at entry=0xdd094e8c 
"\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336)*)|.*)\\)|)\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336"..., 
f=119, f at entry=0, t=171) at 
../../../src/3rdparty/chromium/v8/src/objects.cc:8823
#1  0xeeceae64 in v8::internal::String::WriteToFlat<unsigned char> 
(src=0xdd0949ed,
     sink=0xdd094e15 
"\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336)*)|.*)\\)|)\336\357\276\255\336\357\276\255\336\357\276\255\336\357\276\255\336\357"..., 

     f=f at entry=0, t=171, t at entry=263) at 
../../../src/3rdparty/chromium/v8/src/objects.cc:8864
#2  0xeecec384 in v8::internal::String::SlowFlatten 
(cons=cons at entry=..., pretenure=pretenure at entry=v8::internal::NOT_TENURED)
     at ../../../src/3rdparty/chromium/v8/src/objects.cc:1044
#3  0xee9f800a in v8::internal::String::Flatten (string=..., 
pretenure=v8::internal::NOT_TENURED)
     at ../../../src/3rdparty/chromium/v8/src/objects-inl.h:3180
#4  0xeec50fd8 in v8::internal::RegExpImpl::Compile (re=re at entry=..., 
pattern=pattern at entry=..., flag_str=...)
     at ../../../src/3rdparty/chromium/v8/src/jsregexp.cc:169
#5  0xeed7e513 in __RT_impl_Runtime_RegExpCompile (isolate=0xe79450d0, 
args=...)
     at ../../../src/3rdparty/chromium/v8/src/runtime.cc:2124
#6  v8::internal::Runtime_RegExpCompile (args_length=3, 
args_object=0xe16f2ee0, isolate=0xe79450d0)
     at ../../../src/3rdparty/chromium/v8/src/runtime.cc:2117
#7  0x20e0a076 in ?? ()
#8  0x20e594f2 in ?? ()
#9  0x20e3b0c4 in ?? ()
#10 0x20e1e85b in ?? ()
#11 0x20e1eb3b in ?? ()
#12 0x3750ad73 in ?? ()
#13 0x3750fe29 in ?? ()
#14 0x20e1e85b in ?? ()
#15 0x20e80a11 in ?? ()
#16 0x20e80b6b in ?? ()
#17 0x20e1edf5 in ?? ()
#18 0x20e1e0ea in ?? ()
#19 0xeeae7336 in v8::internal::Invoke 
(is_construct=is_construct at entry=false, function=function at entry=..., 
receiver=...,
     receiver at entry=..., argc=argc at entry=0, args=args at entry=0x0) at 
../../../src/3rdparty/chromium/v8/src/execution.cc:94
#20 0xeeae9580 in v8::internal::Execution::Call 
(isolate=isolate at entry=0xe79450d0, callable=..., callable at entry=..., 
receiver=...,
     argc=argc at entry=0, argv=argv at entry=0x0, 
convert_receiver=convert_receiver at entry=false)
     at ../../../src/3rdparty/chromium/v8/src/execution.cc:149
#21 0xeea1ceba in v8::Script::Run (this=0xe796bd48) at 
../../../src/3rdparty/chromium/v8/src/api.cc:1637
#22 0xf15b8aa8 in WebCore::V8ScriptRunner::runCompiledScript 
(script=..., context=0x5f404078, isolate=0xe79450d0)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/V8ScriptRunner.cpp:105
#23 0xf1562e44 in WebCore::ScriptController::executeScriptAndReturnValue 
(this=0xe7970d88, context=..., source=...,
     corsStatus=WebCore::NotSharableCrossOrigin)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:187
#24 0xf1564bc3 in WebCore::ScriptController::evaluateScriptInMainWorld 
(this=0xe7970d88, sourceCode=...,
     corsStatus=WebCore::NotSharableCrossOrigin, 
policy=WebCore::ScriptController::DoNotExecuteScriptWhenScriptsDisabled)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:582
#25 0xf15649ad in WebCore::ScriptController::executeScriptInMainWorld 
(this=0xe7970d88, sourceCode=...,
     corsStatus=WebCore::NotSharableCrossOrigin)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/bindings/v8/ScriptController.cpp:551
#26 0xef763ff0 in WebCore::ScriptLoader::executeScript (this=0xe7972870, 
sourceCode=...)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/dom/ScriptLoader.cpp:335
#27 0xf1d0bf9f in 
WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent 
(this=0x466e47f0, pendingScript=...,
pendingScriptType=WebCore::HTMLScriptRunner::PendingScriptBlockingParser)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:165
#28 0xf1d0bda0 in 
WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x466e47f0)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:134
#29 0xf1d0c395 in 
WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x466e47f0)
     at 
../../../src/3rdparty/chromium/third_party/WebKit/Source/core/html/parser/HTMLScriptRunner.cpp:226
#30 0xf1d0c556 in 
WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad 
(this=0x466e47f0, resource=0x467c03d0)

More information about the QtWebEngine mailing list