Details
P2: Important Description
When serializing a QWebEngineHistory with no page fully loaded yet, with Qt 6.5, this results in a QDataStream claiming that it has one entry (which isn't actually the case). When then deserializing it, this results QtWebEngine to read past the end of the data stream.
Possible culprit: Create initial NavigationEntry on FrameTree initialization (3237491) ยท Gerrit Code Review - though that landed in Chromium 98, yet this issue is not present in Qt 6.4.
Reproducer:
#include <QtWidgets/QApplication> #include <QtWebEngineWidgets/QWebEngineView> #include <QtWebEngineCore/QWebEngineHistory> #include <QtCore/QDataStream> #include <QtCore/QIODevice> int main(int argc, char *argv[]) { QApplication app{argc, argv}; QWebEngineView view{}; QByteArray data{}; QDataStream stream1{&data, QIODeviceBase::ReadWrite}; stream1 << *(view.history()); // 0 (The data stream is operating normally.) qDebug() << stream1.status(); // Qt 6.4.3: "00 00 00 04 00 00 00 00 ff ff ff ff" // Qt 6.5.2: "00 00 00 04 00 00 00 01 00 00 00 00" // ^^^^^^^^^^^ ^^^^^^^^^^^ ^^^^^^^^^^^ // | '-- count '-- currentIndex // '-- kHistoryStreamVersion qDebug() << data.toHex(' '); QDataStream stream2{data}; stream2 >> *(view.history()); // Qt 6.4.3: 0 (The data stream is operating normally.) // Qt 6.5.2: 1 (The data stream has read past the end of the data in the underlying device.) qDebug() << stream2.status(); app.exec(); }
Attachments
| For Gerrit Dashboard: QTBUG-117489 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 507336,6 | Handle initial NavigationEntries | dev | qt/qtwebengine | Status: MERGED | +2 | 0 |
| 508102,2 | Handle initial NavigationEntries | 6.6 | qt/qtwebengine | Status: MERGED | +2 | 0 |
| 508444,2 | Handle initial NavigationEntries | 6.5 | qt/qtwebengine | Status: MERGED | +2 | 0 |