Description
When using the embedded developer tools, choosing the "Open in New Tab" context menu action for a link will immediately cause a SEGV. I have tested this on viper-browser, otter-browser and falkon, the issue occurs every time.
The fix for the issue is to add a null pointer check:
diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp index aae7f4a4..774be9cd 100644 --- a/src/core/web_contents_delegate_qt.cpp +++ b/src/core/web_contents_delegate_qt.cpp @@ -122,7 +122,7 @@ content::WebContents *WebContentsDelegateQt::OpenURLFromTab(content::WebContents if (params.disposition != WindowOpenDisposition::CURRENT_TAB) { QSharedPointer<WebContentsAdapter> targetAdapter = createWindow(0, params.disposition, gfx::Rect(), params.user_gesture); if (targetAdapter) { - if (targetAdapter->browserContext() != source->GetBrowserContext()) { + if (!source || targetAdapter->browserContext() != source->GetBrowserContext()) { target_site_instance = nullptr; referrer = content::Referrer(); }
I am also attaching a stack trace which led me to the fix:
backtrace: params=...) at /home/froid/Documents/repos/qtwebengine/src/core/web_contents_delegate_qt.cpp:125 125 if (targetAdapter->browserContext() != source->GetBrowserContext()) { #0 0x00007ffff12548f6 in QtWebEngineCore::WebContentsDelegateQt::OpenURLFromTab(content::WebContents*, content::OpenURLParams const&) (this=<optimized out>, source=<optimized out>, params=...) at /home/froid/Documents/repos/qtwebengine/src/core/web_contents_delegate_qt.cpp:125 #1 0x00007ffff12112b0 in QtWebEngineCore::DevToolsFrontendQt::HandleMessageFromDevToolsFrontend(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (this=0x6e98db0, message=...) at /home/froid/Documents/repos/qtwebengine/src/core/devtools_frontend_qt.cpp:431 #2 0x00007ffff166fc99 in Accept() () at ./gen/third_party/WebKit/public/web/devtools_frontend.mojom.cc:352 #3 0x00007ffff3034c41 in AcceptOnProxyThread() () at ../../3rdparty/chromium/ipc/ipc_mojo_bootstrap.cc:789 #4 0x00007ffff303346c in Invoke<scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController> const&, mojo::Message> () at ../../3rdparty/chromium/base/bind_internal.h:211 #5 0x00007ffff303346c in MakeItSo<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::* const&)(mojo::Message), scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController> const&, mojo::Message> () at ../../3rdparty/chromium/base/bind_internal.h:294 #6 0x00007ffff303346c in RunImpl<void (IPC::(anonymous namespace)::ChannelAssociatedGroupController::* const&)(mojo::Message), std::tuple<scoped_refptr<IPC::(anonymous namespace)::ChannelAssociatedGroupController>, base::internal::PassedWrapper<mojo::Message> > const&, 0, 1> () at ../../3rdparty/chromium/base/bind_internal.h:368 #7 0x00007ffff303346c in Run() () at ../../3rdparty/chromium/base/bind_internal.h:350 #8 0x00007ffff271c84f in Run () at ../../3rdparty/chromium/base/callback.h:65 #9 0x00007ffff271c84f in RunTask() () at ./../../3rdparty/chromium/base/debug/task_annotator.cc:55 #10 0x00007ffff273c5f9 in RunTask () at ./../../3rdparty/chromium/base/message_loop/incoming_task_queue.cc:124 #11 0x00007ffff273c5f9 in RunTask() () at ./../../3rdparty/chromium/base/message_loop/message_loop.cc:399 #12 0x00007ffff273cba8 in DeferOrRunPendingTask () at ./../../3rdparty/chromium/base/message_loop/message_loop.cc:411 #13 0x00007ffff273cba8 in DoWork() () at ./../../3rdparty/chromium/base/message_loop/message_loop.cc:455 #14 0x00007ffff1203d77 in QtWebEngineCore::(anonymous namespace)::MessagePumpForUIQt::handleScheduledWork() (this=0x10139a0) at /home/froid/Documents/repos/qtwebengine/src/core/content_browser_client_qt.cpp:231 #15 0x00007ffff1203d77 in QtWebEngineCore::(anonymous namespace)::MessagePumpForUIQt::customEvent(QEvent*) (this=0x10139a0, ev=0xadbce0) at /home/froid/Documents/repos/qtwebengine/src/core/content_browser_client_qt.cpp:213 #16 0x00007fffee5cf9eb in QObject::event(QEvent*) () at /usr/lib64/libQt5Core.so.5 #17 0x00007ffff7252e8c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5 #18 0x00007ffff725a244 in QApplication::notify(QObject*, QEvent*) () at /usr/lib64/libQt5Widgets.so.5 #19 0x00007fffee5a1a88 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib64/libQt5Core.so.5 #20 0x00007fffee5a4075 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib64/libQt5Core.so.5 #21 0x00007fffee5f8573 in () at /usr/lib64/libQt5Core.so.5 #22 0x00007fffec288f57 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0 #23 0x00007fffec289190 in () at /usr/lib64/libglib-2.0.so.0 #24 0x00007fffec28921c in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0 #25 0x00007fffee5f7bef in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #26 0x00007fffee5a009a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib64/libQt5Core.so.5 #27 0x00007fffee5a89e4 in QCoreApplication::exec() () at /usr/lib64/libQt5Core.so.5 (gdb) info locals targetAdapter = <optimized out> target = <optimized out> target_site_instance = 0x0 referrer = {url = {spec_ = "", is_valid_ = false, parsed_ = {scheme = {begin = 0, len = -1}, username = {begin = 0, len = -1}, password = {begin = 0, len = -1}, host = {begin = 0, len = -1}, port = {begin = 0, len = -1}, path = {begin = 0, len = -1}, query = {begin = 0, len = -1}, ref = {begin = 0, len = -1}, potentially_dangling_markup = false, inner_parsed_ = 0x0}, inner_url_ = std::unique_ptr<GURL> containing 0x0}, policy = blink::kWebReferrerPolicyDefault} load_url_params = <optimized out> (gdb) frame 0 #0 0x00007ffff12548f6 in QtWebEngineCore::WebContentsDelegateQt::OpenURLFromTab (this=<optimized out>, source=<optimized out>, params=...) at /home/froid/Documents/repos/qtwebengine/src/core/web_contents_delegate_qt.cpp:125 125 if (targetAdapter->browserContext() != source->GetBrowserContext()) {
Attachments
For Gerrit Dashboard: QTBUG-69359 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
234135,4 | Fix segfault in devtools openInNewTab handling | 5.11 | qt/qtwebengine | Status: MERGED | +2 | 0 |