Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-44245

WebKit: Segfault in QImage::invertPixels on html5video.org

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.4.2
    • 5.4.0
    • WebKit
    • None
    • Archlinux

    Description

      When playing the video on http://www.html5video.org/ (e.g. with the demo browser), a segfault in QImage::invertPixels occurs after playing for 2 seconds.

      I haven't been able to test if the change for QTBUG-43520 (https://codereview.qt-project.org/#/c/102971/) resolves that, as it seems to be related.

      Stack trace:

      #0  QImage::invertPixels (this=this@entry=0x7fffffffa5c0, mode=mode@entry=QImage::InvertRgb)
    at image/qimage.cpp:1871
#1  0x00007ffff5d410f8 in WebCore::ImageGStreamer::ImageGStreamer (this=0x7fff6ec68280, buffer=0x13d0920, 
    caps=<optimized out>) at platform/graphics/gstreamer/ImageGStreamerQt.cpp:68
#2  0x00007ffff5d36cfb in createImage (caps=<optimized out>, buffer=<optimized out>)
    at platform/graphics/gstreamer/ImageGStreamer.h:39
#3  WebCore::MediaPlayerPrivateGStreamerBase::paint (this=0x7fff6e897a80, context=0x7fffffffcdb0, rect=...)
    at platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp:440
#4  0x00007ffff6714363 in WebCore::RenderVideo::paintReplaced (this=0x7fff65fc47a0, paintInfo=..., 
    paintOffset=...) at rendering/RenderVideo.cpp:221
#5  0x00007ffff6790a54 in WebCore::RenderReplaced::paint (this=this@entry=0x7fff65fc47a0, paintInfo=..., 
    paintOffset=...) at rendering/RenderReplaced.cpp:158
#6  0x00007ffff6790d51 in WebCore::RenderImage::paint (this=0x7fff65fc47a0, paintInfo=..., paintOffset=...)
    at rendering/RenderImage.cpp:411
#7  0x00007ffff6718f20 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (
    this=this@entry=0x7fff65fc4850, phase=phase@entry=WebCore::PaintPhaseForeground, layerFragments=..., 
    context=context@entry=0x7fffffffcdb0, localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, 
    subtreePaintRootForRenderer=0x0) at rendering/RenderLayer.cpp:4234
#8  0x00007ffff674362f in WebCore::RenderLayer::paintForegroundForFragments (this=0x7fff65fc4850, 
    layerFragments=..., context=0x7fffffffcdb0, transparencyLayerContext=<optimized out>, 
    transparencyPaintDirtyRect=..., haveTransparency=<optimized out>, localPaintingInfo=..., paintBehavior=0, 
    subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false)
    at rendering/RenderLayer.cpp:4210
#9  0x00007ffff67e6dd7 in WebCore::RenderLayer::paintLayerContents (this=0x7fff65fc4850, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:3941
#10 0x00007ffff67e7344 in WebCore::RenderLayer::paintLayerContentsAndReflection (
    this=this@entry=0x7fff65fc4850, context=context@entry=0x7fffffffcdb0, paintingInfo=..., 
    paintFlags=paintFlags@entry=224) at rendering/RenderLayer.cpp:3701
#11 0x00007ffff67e7af0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7fff65fc4850, 
    context=context@entry=0x7fffffffcdb0, paintingInfo=..., paintFlags=paintFlags@entry=224)
    at rendering/RenderLayer.cpp:3683
#12 0x00007ffff67e8b72 in WebCore::RenderLayer::paintList (this=0x7fff65fc4348, list=0x7fff866768d0, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:4027
#13 0x00007ffff67e715e in WebCore::RenderLayer::paintLayerContents (this=0x7fff65fc4348, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:3952
#14 0x00007ffff67e7344 in WebCore::RenderLayer::paintLayerContentsAndReflection (
    this=this@entry=0x7fff65fc4348, context=context@entry=0x7fffffffcdb0, paintingInfo=..., 
    paintFlags=paintFlags@entry=224) at rendering/RenderLayer.cpp:3701
#15 0x00007ffff67e7af0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7fff65fc4348, 
    context=context@entry=0x7fffffffcdb0, paintingInfo=..., paintFlags=paintFlags@entry=224)
    at rendering/RenderLayer.cpp:3683
#16 0x00007ffff67e8b72 in WebCore::RenderLayer::paintList (this=0x7fff65fc4170, list=0x7fff866d7550, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:4027
#17 0x00007ffff67e715e in WebCore::RenderLayer::paintLayerContents (this=0x7fff65fc4170, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:3952
#18 0x00007ffff67e7344 in WebCore::RenderLayer::paintLayerContentsAndReflection (
    this=this@entry=0x7fff65fc4170, context=context@entry=0x7fffffffcdb0, paintingInfo=..., 
    paintFlags=paintFlags@entry=0) at rendering/RenderLayer.cpp:3701
#19 0x00007ffff67e7af0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7fff65fc4170, 
    context=context@entry=0x7fffffffcdb0, paintingInfo=..., paintFlags=paintFlags@entry=0)
    at rendering/RenderLayer.cpp:3683
#20 0x00007ffff67e7ce8 in WebCore::RenderLayer::paint (this=0x7fff65fc4170, context=0x7fffffffcdb0, 
    damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0)
    at rendering/RenderLayer.cpp:3493
#21 0x00007ffff5ac6310 in WebCore::FrameView::paintContents (this=0x7fff6c1e4d00, p=0x7fffffffcdb0, rect=...)
    at page/FrameView.cpp:3642
#22 0x00007ffff5b9d376 in WebCore::ScrollView::paint (this=0x7fff6c1e4d00, context=0x7fffffffcdb0, rect=...)
    at platform/ScrollView.cpp:1102
#23 0x00007ffff67d3d89 in WebCore::RenderWidget::paintContents (this=0x7fff866596d8, paintInfo=..., 
    paintOffset=...) at rendering/RenderWidget.cpp:260
#24 0x00007ffff6789391 in WebCore::RenderWidget::paint (this=0x7fff866596d8, paintInfo=..., paintOffset=...)
    at rendering/RenderWidget.cpp:315
#25 0x00007ffff66fd731 in WebCore::InlineBox::paint (this=0x7fff86659820, paintInfo=..., paintOffset=...)
    at rendering/InlineBox.cpp:237
#26 0x00007ffff67ad228 in WebCore::InlineFlowBox::paint (this=this@entry=0x7fff86659858, paintInfo=..., 
    paintOffset=..., lineTop=..., lineTop@entry=..., lineBottom=..., lineBottom@entry=...)
    at rendering/InlineFlowBox.cpp:1170
#27 0x00007ffff67ad62c in WebCore::RootInlineBox::paint (this=0x7fff86659858, paintInfo=..., paintOffset=..., 
    lineTop=..., lineBottom=...) at rendering/RootInlineBox.cpp:218
#28 0x00007ffff67886c3 in WebCore::RenderLineBoxList::paint (this=this@entry=0x7fff864a2ea8, 
    renderer=renderer@entry=0x7fff864a2e10, paintInfo=..., paintOffset=...)
    at rendering/RenderLineBoxList.cpp:262
#29 0x00007ffff678897d in WebCore::RenderBlock::paintContents (this=0x7fff864a2e10, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3177
#30 0x00007ffff678ca5e in WebCore::RenderBlock::paintObject (this=0x7fff864a2e10, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3295
#31 0x00007ffff6739f26 in WebCore::RenderBlock::paint (this=0x7fff864a2e10, paintInfo=..., paintOffset=...)
    at rendering/RenderBlock.cpp:2990
#32 0x00007ffff66d88c2 in WebCore::RenderBlock::paintChild (this=this@entry=0x7fff864a2d60, 
    child=child@entry=0x7fff864a2e10, paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=usePrintRect@entry=false) at rendering/RenderBlock.cpp:3228
#33 0x00007ffff66d8a38 in WebCore::RenderBlock::paintChildren (this=0x7fff864a2d60, paintInfo=..., 
    paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at rendering/RenderBlock.cpp:3197
#34 0x00007ffff6788914 in WebCore::RenderBlock::paintContents (this=0x7fff864a2d60, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3190
#35 0x00007ffff678ca5e in WebCore::RenderBlock::paintObject (this=0x7fff864a2d60, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3295
#36 0x00007ffff6739f26 in WebCore::RenderBlock::paint (this=0x7fff864a2d60, paintInfo=..., paintOffset=...)
    at rendering/RenderBlock.cpp:2990
#37 0x00007ffff66d88c2 in WebCore::RenderBlock::paintChild (this=this@entry=0x7fff864a2b88, 
    child=child@entry=0x7fff864a2d60, paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=usePrintRect@entry=false) at rendering/RenderBlock.cpp:3228
#38 0x00007ffff66d8a38 in WebCore::RenderBlock::paintChildren (this=0x7fff864a2b88, paintInfo=..., 
    paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at rendering/RenderBlock.cpp:3197
#39 0x00007ffff6788914 in WebCore::RenderBlock::paintContents (this=0x7fff864a2b88, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3190
#40 0x00007ffff678ca5e in WebCore::RenderBlock::paintObject (this=0x7fff864a2b88, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3295
#41 0x00007ffff6739f26 in WebCore::RenderBlock::paint (this=0x7fff864a2b88, paintInfo=..., paintOffset=...)
    at rendering/RenderBlock.cpp:2990
#42 0x00007ffff66d88c2 in WebCore::RenderBlock::paintChild (this=this@entry=0x7fff6f54b470, 
    child=child@entry=0x7fff864a2b88, paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=usePrintRect@entry=false) at rendering/RenderBlock.cpp:3228
#43 0x00007ffff66d8a38 in WebCore::RenderBlock::paintChildren (this=0x7fff6f54b470, paintInfo=..., 
    paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at rendering/RenderBlock.cpp:3197
#44 0x00007ffff6788914 in WebCore::RenderBlock::paintContents (this=0x7fff6f54b470, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3190
#45 0x00007ffff678ca5e in WebCore::RenderBlock::paintObject (this=0x7fff6f54b470, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3295
#46 0x00007ffff6739f26 in WebCore::RenderBlock::paint (this=0x7fff6f54b470, paintInfo=..., paintOffset=...)
    at rendering/RenderBlock.cpp:2990
#47 0x00007ffff66d88c2 in WebCore::RenderBlock::paintChild (this=this@entry=0x7fff6f54b298, 
    child=child@entry=0x7fff6f54b470, paintInfo=..., paintOffset=..., paintInfoForChild=..., 
    usePrintRect=usePrintRect@entry=false) at rendering/RenderBlock.cpp:3228
#48 0x00007ffff66d8a38 in WebCore::RenderBlock::paintChildren (this=0x7fff6f54b298, paintInfo=..., 
    paintOffset=..., paintInfoForChild=..., usePrintRect=<optimized out>) at rendering/RenderBlock.cpp:3197
#49 0x00007ffff6788914 in WebCore::RenderBlock::paintContents (this=0x7fff6f54b298, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3190
#50 0x00007ffff678ca5e in WebCore::RenderBlock::paintObject (this=0x7fff6f54b298, paintInfo=..., 
    paintOffset=...) at rendering/RenderBlock.cpp:3295
#51 0x00007ffff6739f26 in WebCore::RenderBlock::paint (this=0x7fff6f54b298, paintInfo=..., paintOffset=...)
    at rendering/RenderBlock.cpp:2990
#52 0x00007ffff6718f20 in WebCore::RenderLayer::paintForegroundForFragmentsWithPhase (
    this=this@entry=0x7fff6f54b348, phase=phase@entry=WebCore::PaintPhaseForeground, layerFragments=..., 
    context=context@entry=0x7fffffffcdb0, localPaintingInfo=..., paintBehavior=paintBehavior@entry=0, 
    subtreePaintRootForRenderer=0x0) at rendering/RenderLayer.cpp:4234
#53 0x00007ffff674362f in WebCore::RenderLayer::paintForegroundForFragments (this=0x7fff6f54b348, 
    layerFragments=..., context=0x7fffffffcdb0, transparencyLayerContext=<optimized out>, 
    transparencyPaintDirtyRect=..., haveTransparency=<optimized out>, localPaintingInfo=..., paintBehavior=0, 
    subtreePaintRootForRenderer=0x0, selectionOnly=false, forceBlackText=false)
    at rendering/RenderLayer.cpp:4210
#54 0x00007ffff67e6dd7 in WebCore::RenderLayer::paintLayerContents (this=0x7fff6f54b348, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:3941
#55 0x00007ffff67e7344 in WebCore::RenderLayer::paintLayerContentsAndReflection (
    this=this@entry=0x7fff6f54b348, context=context@entry=0x7fffffffcdb0, paintingInfo=..., 
    paintFlags=paintFlags@entry=224) at rendering/RenderLayer.cpp:3701
#56 0x00007ffff67e7af0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7fff6f54b348, 
    context=context@entry=0x7fffffffcdb0, paintingInfo=..., paintFlags=paintFlags@entry=224)
    at rendering/RenderLayer.cpp:3683
#57 0x00007ffff67e8b72 in WebCore::RenderLayer::paintList (this=0x7fff6f54b170, list=0x7fff65f7c200, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:4027
#58 0x00007ffff67e715e in WebCore::RenderLayer::paintLayerContents (this=0x7fff6f54b170, 
    context=0x7fffffffcdb0, paintingInfo=..., paintFlags=224) at rendering/RenderLayer.cpp:3952
#59 0x00007ffff67e7344 in WebCore::RenderLayer::paintLayerContentsAndReflection (
    this=this@entry=0x7fff6f54b170, context=context@entry=0x7fffffffcdb0, paintingInfo=..., 
    paintFlags=paintFlags@entry=0) at rendering/RenderLayer.cpp:3701
#60 0x00007ffff67e7af0 in WebCore::RenderLayer::paintLayer (this=this@entry=0x7fff6f54b170, 
    context=context@entry=0x7fffffffcdb0, paintingInfo=..., paintFlags=paintFlags@entry=0)
    at rendering/RenderLayer.cpp:3683
#61 0x00007ffff67e7ce8 in WebCore::RenderLayer::paint (this=0x7fff6f54b170, context=0x7fffffffcdb0, 
    damageRect=..., paintBehavior=0, subtreePaintRoot=0x0, region=0x0, paintFlags=0)
    at rendering/RenderLayer.cpp:3493
#62 0x00007ffff5ac6310 in WebCore::FrameView::paintContents (this=0x7fffe443ea00, p=0x7fffffffcdb0, rect=...)
    at page/FrameView.cpp:3642
#63 0x00007ffff5703592 in QWebFrameAdapter::renderRelativeCoords (this=0x911f50, 
    painter=painter@entry=0x7fffffffcf00, layers=layers@entry=255, clip=...)
    at qt/WebCoreSupport/QWebFrameAdapter.cpp:537
#64 0x00007ffff7f94c4e in QWebFrame::render (this=this@entry=0x91c100, painter=painter@entry=0x7fffffffcf00, 
    layer=layer@entry=..., clip=...) at WebKit/qt/WidgetApi/qwebframe.cpp:644
#65 0x00007ffff7f94c71 in QWebFrame::render (this=this@entry=0x91c100, painter=painter@entry=0x7fffffffcf00, 
    clip=...) at WebKit/qt/WidgetApi/qwebframe.cpp:654
#66 0x00007ffff7fa0105 in QWebView::paintEvent (this=0x91b6f0, ev=0x7fffffffd250)
    at WebKit/qt/WidgetApi/qwebview.cpp:827
#67 0x00007ffff78d8e68 in QWidget::event (this=this@entry=0x91b6f0, event=event@entry=0x7fffffffd250)
    at kernel/qwidget.cpp:9022
#68 0x00007ffff7fa113b in QWebView::event (this=0x91b6f0, e=0x7fffffffd250)
    at WebKit/qt/WidgetApi/qwebview.cpp:731
#69 0x00007ffff7895d5c in QApplicationPrivate::notify_helper (this=0x730ce0, receiver=0x91b6f0, 
    e=0x7fffffffd250) at kernel/qapplication.cpp:3722
#70 0x00007ffff789b340 in QApplication::notify (this=0x7fffffffdd40, receiver=0x91b6f0, e=0x7fffffffd250)
    at kernel/qapplication.cpp:3505
#71 0x00007ffff49766cb in QCoreApplication::notifyInternal (this=0x7fffffffdd40, 
    receiver=receiver@entry=0x91b6f0, event=event@entry=0x7fffffffd250) at kernel/qcoreapplication.cpp:932
#72 0x00007ffff78d2579 in sendSpontaneousEvent (event=0x7fffffffd250, receiver=0x91b6f0)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#73 QWidgetPrivate::sendPaintEvent (this=this@entry=0x918c70, toBePainted=...) at kernel/qwidget.cpp:5597
#74 0x00007ffff78d2bd0 in QWidgetPrivate::drawWidget (this=0x918c70, pdev=0x792300, rgn=..., offset=..., 
    flags=36, sharedPainter=0x0, backingStore=0x81e7f0) at kernel/qwidget.cpp:5537
#75 0x00007ffff78a2f86 in QWidgetBackingStore::doSync (this=0x105d000, this@entry=0x81e7f0)
    at kernel/qwidgetbackingstore.cpp:1229
#76 0x00007ffff78a3379 in QWidgetBackingStore::sync (this=0x81e7f0) at kernel/qwidgetbackingstore.cpp:1033
#77 0x00007ffff78c400f in QWidgetPrivate::syncBackingStore (this=0x785390) at kernel/qwidget.cpp:1886
#78 0x00007ffff78d8f18 in QWidget::event (this=this@entry=0x7885e0, event=event@entry=0xd2d730)
    at kernel/qwidget.cpp:8961
#79 0x00007ffff79eca3b in QMainWindow::event (this=0x7885e0, event=0xd2d730) at widgets/qmainwindow.cpp:1495
#80 0x00007ffff7895d5c in QApplicationPrivate::notify_helper (this=0x730ce0, receiver=0x7885e0, e=0xd2d730)
    at kernel/qapplication.cpp:3722
#81 0x00007ffff789b340 in QApplication::notify (this=0x7fffffffdd40, receiver=0x7885e0, e=0xd2d730)
    at kernel/qapplication.cpp:3505
#82 0x00007ffff49766cb in QCoreApplication::notifyInternal (this=0x7fffffffdd40, receiver=0x7885e0, 
    event=event@entry=0xd2d730) at kernel/qcoreapplication.cpp:932
#83 0x00007ffff497870b in sendEvent (event=0xd2d730, receiver=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:228
#84 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, 
    data=0x730e50) at kernel/qcoreapplication.cpp:1536
#85 0x00007ffff4978d08 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, 
    event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1394
#86 0x00007ffff49cd8b3 in postEventSourceDispatch (s=0x75d1d0) at kernel/qeventdispatcher_glib.cpp:271
#87 0x00007ffff33e9a0d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#88 0x00007ffff33e9cf8 in ?? () from /usr/lib/libglib-2.0.so.0
#89 0x00007ffff33e9dac in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#90 0x00007ffff49cdca7 in QEventDispatcherGlib::processEvents (this=0x75d8c0, flags=...)
    at kernel/qeventdispatcher_glib.cpp:418
#91 0x00007ffff4974162 in QEventLoop::exec (this=this@entry=0x7fffffffdcd0, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:204
#92 0x00007ffff497bb3c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1185
#93 0x000000000042cd5f in main ()

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-43520 Youtube HTML5 video flashes in inverted colors once per second

          • P2: Important - Urgent, should be fixed, but will not stop the release.
          • Closed
          For Gerrit Dashboard: QTBUG-44245
          # Subject Branch Project Status CR V
          106909,8 Fix crash on html5video.org by detecting inconsistent frame data 5.4 qt/qtwebkit Status: MERGED +2 0

          Activity

            People

              allan.jensen Allan Sandfeld Jensen
              the compiler Florian Bruhin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes