Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.5, 5.13.1, 5.14.0 Alpha
Affects Version/s: 5.13.0
Component/s: WebEngine
Labels:
None
Environment:
Linux x86_64

Platform/s:

Linux/X11
Commits:
662de14ceecee701b31478849ae147c70f3fe00f (qt/qtwebengine/5.12)

Description

Ater updating to webengine 5.13, KDE's falkon web browser crashes at startup when loading some websites in background tabs. Can reproduce with Telegram and Whatsapp web.

Thread 1 "falkon" received signal SIGSEGV, Segmentation fault. 
0x00007fffef605d83 in QtWebEngineCore::WebContentsAdapter::<lambda(QtWebEngineCore::WebContentsAdapter*, const content::NavigationController::LoadURLParam
s&)>::operator() (__closure=0x555555b03980, params=..., adapter=0x555555fe4660)                                                                            
    at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.13.0/src/core/web_contents_adapter.cpp:675 
675     /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.13.0/src/core/web_contents_adapter.cpp: No existe el fichero o el directorio. 
(gdb) bt 
#0  0x00007fffef605d83 in QtWebEngineCore::WebContentsAdapter::<lambda(QtWebEngineCore::WebContentsAdapter*, const content::NavigationController::LoadURLP
arams&)>::operator() (__closure=0x555555b03980, params=..., adapter=0x555555fe4660)                                                                        
    at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.13.0/src/core/web_contents_adapter.cpp:675 
#1  base::internal::FunctorTraits<QtWebEngineCore::WebContentsAdapter::load(const QWebEngineHttpRequest&)::<lambda(QtWebEngineCore::WebContentsAdapter*, c
onst content::NavigationController::LoadURLParams&)>, void>::Invoke<QtWebEngineCore::WebContentsAdapter::load(const QWebEngineHttpRequest&)::<lambda(QtWeb
EngineCore::WebContentsAdapter*, const content::NavigationController::LoadURLParams&)>, QtWebEngineCore::WebContentsAdapter*, content::NavigationControlle
r::LoadURLParams> (functor=...) at ../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/bind_internal.h:403
#2  base::internal::InvokeHelper<false, void>::MakeItSo<QtWebEngineCore::WebContentsAdapter::load(const QWebEngineHttpRequest&)::<lambda(QtWebEngineCore::
WebContentsAdapter*, const content::NavigationController::LoadURLParams&)>, QtWebEngineCore::WebContentsAdapter*, content::NavigationController::LoadURLPa
rams> (functor=...) at ../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/bind_internal.h:616
#3  base::internal::Invoker<base::internal::BindState<QtWebEngineCore::WebContentsAdapter::load(const QWebEngineHttpRequest&)::<lambda(QtWebEngineCore::We
bContentsAdapter*, const content::NavigationController::LoadURLParams&)>, QtWebEngineCore::WebContentsAdapter*, content::NavigationController::LoadURLPara
ms>, void()>::RunImpl<QtWebEngineCore::WebContentsAdapter::load(const QWebEngineHttpRequest&)::<lambda(QtWebEngineCore::WebContentsAdapter*, const content
::NavigationController::LoadURLParams&)>, std::tuple<QtWebEngineCore::WebContentsAdapter*, content::NavigationController::LoadURLParams>, 0, 1> (          
    functor=..., bound=...) at ../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/bind_internal.h:690 
#4  base::internal::Invoker<base::internal::BindState<QtWebEngineCore::WebContentsAdapter::load(const QWebEngineHttpRequest&)::<lambda(QtWebEngineCore::We
bContentsAdapter*, const content::NavigationController::LoadURLParams&)>, QtWebEngineCore::WebContentsAdapter*, content::NavigationController::LoadURLPara
ms>, void()>::RunOnce(base::internal::BindStateBase *) (base=0x555555b03960) at ../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/bind_internal.h:658 
#5  0x00007ffff18ab24b in base::OnceCallback<void ()>::Run() && () 
    at ../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/callback.h:99 
#6  base::debug::TaskAnnotator::RunTask () at ./../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/debug/task_annotator.cc:105 
#7  0x00007ffff18c7b07 in base::MessageLoopImpl::RunTask () 
    at ./../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/message_loop/message_loop_impl.cc:355 
#8  0x00007ffff18c8a4e in base::MessageLoopImpl::DeferOrRunPendingTask () 
    at ./../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/message_loop/message_loop_impl.cc:366 
#9  0x00007ffff18c8d1c in base::MessageLoopImpl::DoWork ()    at ./../../../../qtwebengine-everywhere-src-5.13.0/src/3rdparty/chromium/base/message_loop/message_loop_impl.cc:458 
#10 0x00007fffef57de23 in QtWebEngineCore::MessagePumpForUIQt::handleScheduledWork (this=0x555555bbc420) 
    at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.13.0/src/core/browser_main_parts_qt.cpp:197 
#11 QtWebEngineCore::MessagePumpForUIQt::MessagePumpForUIQt()::{lambda()#1}::operator()() const (__closure=<optimized out>) 
    at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-everywhere-src-5.13.0/src/core/browser_main_parts_qt.cpp:114 
#12 std::_Function_handler<void (), QtWebEngineCore::MessagePumpForUIQt::MessagePumpForUIQt()::{lambda()#1}>::_M_invoke(std::_Any_data const&) ( 
    __functor=...) at /usr/include/c++/9.1.0/bits/std_function.h:300 
#13 0x00007ffff72813e5 in QObject::event (this=0x555555bbc430, e=<optimized out>) at kernel/qobject.cpp:1282 
#14 0x00007ffff762d4d5 in QApplicationPrivate::notify_helper (this=this@entry=0x555555594760, receiver=receiver@entry=0x555555bbc430,  
    e=e@entry=0x555556b3a910) at kernel/qapplication.cpp:3740 
#15 0x00007ffff7636a21 in QApplication::notify (this=0x7fffffffe380, receiver=0x555555bbc430, e=0x555556b3a910) at kernel/qapplication.cpp:3486 
#16 0x00007ffff72549c2 in QCoreApplication::notifyInternal2 (receiver=0x555555bbc430, event=0x555556b3a910) 
    at ../../include/QtCore/../../src/corelib/kernel/qobject.h:142 
#17 0x00007ffff7257739 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x5555555948e0) at kernel/qcoreapplication.cpp:1810 
#18 0x00007ffff72ad3a4 in postEventSourceDispatch (s=0x5555555f65e0) at kernel/qeventdispatcher_glib.cpp:277 
#19 0x00007fffeba3c90f in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 
#20 0x00007fffeba3e869 in ?? () from /usr/lib/libglib-2.0.so.0 
#21 0x00007fffeba3e8ae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 
#22 0x00007ffff72ac9a3 in QEventDispatcherGlib::processEvents (this=0x55555560af30, flags=...) at kernel/qeventdispatcher_glib.cpp:423 
#23 0x00007ffff72535ec in QEventLoop::exec (this=this@entry=0x7fffffffe290, flags=..., flags@entry=...) 
    at ../../include/QtCore/../../src/corelib/global/qflags.h:140 
#24 0x00007ffff725b326 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:120 
#25 0x000055555555732c in ?? () 
#26 0x00007ffff6c3eee3 in __libc_start_main () from /usr/lib/libc.so.6 
#27 0x000055555555766e in _start ()

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-76958
#	Subject	Branch	Project	Status	CR	V
268086,3	Fix use-after-free in WebContentsAdapter::load	5.12	qt/qtwebengine	Status: MERGED	+2	0

Activity

People

Assignee:: Jüri Valdmann (Inactive)

Reporter:: Antonio Rojas

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08 Jul '19 16:42

Updated:: 24 Jul '19 13:31

Resolved:: 18 Jul '19 12:58

Gerrit Reviews

There are no open Gerrit changes

Show There is 1 closed Gerrit change

Hide There is 1 closed Gerrit change

Fix use-after-free in WebContentsAdapter::load: Gerrit Review: