Details
-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.7.0
-
None
Description
With certain redirects, blocking a request causes QtWebEngine to crash (SIGTRAP), due to the following CHECK failing: https://github.com/qt/qtwebengine-chromium/blob/b916ca00cc5222253ac5860c3e612ccf00d899c3/chromium/content/browser/renderer_host/render_frame_host_manager.cc#L2611
Relevant stack:
#0 0x00007ffff062f0b1 in base::ImmediateCrash () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/immediate_crash.h:146
#1 logging::CheckFailure () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/base/check.h:193
#2 content::RenderFrameHostManager::GetSiteInstanceForNavigation () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:2611
#3 0x00007ffff062f35b in content::RenderFrameHostManager::GetSiteInstanceForNavigationRequest () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:4154
#4 0x00007ffff06322b8 in content::RenderFrameHostManager::GetFrameHostForNavigation () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/render_frame_host_manager.cc:1542
#5 0x00007ffff05a9d7b in content::NavigationRequest::SelectFrameHostForOnRequestFailedInternal () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.cc:4680
#6 0x00007ffff05acb59 in content::NavigationRequest::OnRequestFailedInternal () at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.cc:4637
#7 0x00007ffff05b3e02 in non-virtual thunk to content::NavigationRequest::OnRequestFailed(network::URLLoaderCompletionStatus const&) ()
at ../../../../../qtwebengine-everywhere-src-6.7.0/src/3rdparty/chromium/content/browser/renderer_host/navigation_request.h:1393
[...]
A qutebrowser user reported this happening when clicking sponsored Google results that are blocked by qutebrowser's ad blocker. I was unable to reproduce that, but found a reliable reproducer requiring Outlook Web access:
#include <QApplication> #include <QtWebEngineWidgets> #include <QtWebEngineCore> #include <QUrl> class Interceptor : public QWebEngineUrlRequestInterceptor { public: void interceptRequest(QWebEngineUrlRequestInfo &info) override { if (info.requestUrl().host() == "example.org") { info.block(true); } } }; int main(int argc, char *argv[]) { QApplication app(argc, argv); Interceptor interceptor; QWebEngineProfile::defaultProfile()->setUrlRequestInterceptor(&interceptor); QWebEngineView view; QObject::connect(view.page(), &QWebEnginePage::newWindowRequested, [&view](QWebEngineNewWindowRequest &request){ request.openIn(view.page()); }); view.load(QUrl("https://outlook.office.com")); view.show(); return app.exec(); }
QT += core webenginewidgets widgets SOURCES += main.cpp
After running the code:
- Log into Outlook Web
- Paste https://example.org into a mail draft (might need to add a space for it to be turned into a link)
- Click it so that it gets opened via Outlook's Safelink feature, that redirects to the real URL after "checking it".
Seems to be a Qt 6.7 regression, Qt 6.6 looks to be fine.
Attachments
| For Gerrit Dashboard: QTBUG-125284 | ||||||
|---|---|---|---|---|---|---|
| # | Subject | Branch | Project | Status | CR | V |
| 567516,2 | Relax CHECK for swapping site instance in RenderFrameHostManager | 122-based | qt/qtwebengine-chromium | Status: ABANDONED | 0 | 0 |