Qt
  1. Qt
  2. QTBUG-54419

SIGSEGV in QWebEngineScriptCollection

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: P2: Important P2: Important
    • Resolution: Done
    • Affects Version/s: 5.6.1, 5.7.0
    • Fix Version/s: 5.6.2, 5.7.1
    • Component/s: WebEngine
    • Labels:
      None

      Description

      I tried to implement some user scripts support, looking at Otto browser sources.
      And faced with SIGSEGV inside QWebEngineScriptCollection::clear() and QWebEngineScriptCollection::insert() methods. I tried to call these methods from QWebEnginePage::acceptNavigationRequest() reimplemented method, and also just from QWebEnginePage::loadFinished() signal handler.

      This issue happens only on pixiv in manga viewing mode (pixiv registration may be needed for accessing these URLs: http://www.pixiv.net/member_illust.php?mode=manga&illust_id=<some_number>), but works ok on other pixiv pages and other resources. Unfortunately, i unable to build webengine with debug symbols.

      Segfaulting both on x86 and amd64 arch with 5.7.0-1 WebEngine package from Archlinux repo.

      1. addUserScript_debug_qt5.6.1.txt
        16 kB
        Torgashin Konstantin
      2. clearAllScripts_after_loadFinished_debug_qt5.6.1.txt
        17 kB
        Torgashin Konstantin
      3. clearAllScripts_debug_qt5.6.1.txt
        16 kB
        Torgashin Konstantin
      4. source-fragment.cpp
        1 kB
        Torgashin Konstantin
      No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

        Hide
        Allan Sandfeld Jensen added a comment -

        Backtrace on linux below. Note that it crashes a bit earlier.

        Thread 1 (Thread 0x7ffff7e0f900 (LWP 3495)):
        #0 QtWebEngineCore::WebContentsAdapter::webContents (this=0xeb0870) at /src/qt5/qtwebengine/src/core/web_contents_adapter.cpp:1023
        #1 0x00007ffff3257c8a in QtWebEngineCore::UserResourceControllerHost::clearAllScripts (this=0x996df0, adapter=<optimized out>)
        at /src/qt5/qtwebengine/src/core/user_resource_controller_host.cpp:189
        #2 0x00007ffff7fe2c4f in QWebEngineScriptCollectionPrivate::clear (this=<optimized out>) at api/qwebenginescriptcollection.cpp:219
        #3 QWebEngineScriptCollection::clear (this=<optimized out>) at api/qwebenginescriptcollection.cpp:158
        #4 0x0000000000463791 in WebPage::acceptNavigationRequest (this=<optimized out>, url=..., type=<optimized out>, isMainFrame=<optimized out>)
        at webview.cpp:313
        #5 0x00007ffff7fd7bfb in QWebEnginePagePrivate::navigationRequested (this=<optimized out>, navigationType=<optimized out>, url=...,
        navigationRequestAction=@0x7fffffffd30c: 0, isMainFrame=<optimized out>) at api/qwebenginepage.cpp:1166
        #6 0x00007ffff323b887 in QtWebEngineCore::NetworkDelegateQt::NotifyNavigationRequestedOnUIThread(net::URLRequest*, QtWebEngineCore::NetworkDelegateQt::RequestParams, base::Callback<void (int)> const&) (this=0x7fff9c013c30, request=0x7fff9c0c8540, params=..., callback=...)

        Show
        Allan Sandfeld Jensen added a comment - Backtrace on linux below. Note that it crashes a bit earlier. Thread 1 (Thread 0x7ffff7e0f900 (LWP 3495)): #0 QtWebEngineCore::WebContentsAdapter::webContents (this=0xeb0870) at /src/qt5/qtwebengine/src/core/web_contents_adapter.cpp:1023 #1 0x00007ffff3257c8a in QtWebEngineCore::UserResourceControllerHost::clearAllScripts (this=0x996df0, adapter=<optimized out>) at /src/qt5/qtwebengine/src/core/user_resource_controller_host.cpp:189 #2 0x00007ffff7fe2c4f in QWebEngineScriptCollectionPrivate::clear (this=<optimized out>) at api/qwebenginescriptcollection.cpp:219 #3 QWebEngineScriptCollection::clear (this=<optimized out>) at api/qwebenginescriptcollection.cpp:158 #4 0x0000000000463791 in WebPage::acceptNavigationRequest (this=<optimized out>, url=..., type=<optimized out>, isMainFrame=<optimized out>) at webview.cpp:313 #5 0x00007ffff7fd7bfb in QWebEnginePagePrivate::navigationRequested (this=<optimized out>, navigationType=<optimized out>, url=..., navigationRequestAction=@0x7fffffffd30c: 0, isMainFrame=<optimized out>) at api/qwebenginepage.cpp:1166 #6 0x00007ffff323b887 in QtWebEngineCore::NetworkDelegateQt::NotifyNavigationRequestedOnUIThread(net::URLRequest*, QtWebEngineCore::NetworkDelegateQt::RequestParams, base::Callback<void (int)> const&) (this=0x7fff9c013c30, request=0x7fff9c0c8540, params=..., callback=...)
        Hide
        Torgashin Konstantin added a comment -

        Created clean room experiment - simple widgets app with QWebEngineView, edit and one button. Untouched global webProfile with default parameters, no cache in home dir, and customized QWebEnginePage with overrided createWindow.

        Also created loadFinished handler with timer:

        connect(ui->webEngineView,&QWebEngineView::loadFinished,[this](){
        QTimer::singleShot(15000,[this]()

        { qDebug() << "clearing: " << ui->webEngineView->url(); ui->webEngineView->page()->scripts().clear(); }

        );
        });

        Crash happens on same pages, after 15+ seconds with fully loaded page (also with untouched page after load, and with somehow modified - scrolled, buttons pressed, pictures clicked...), but now inside QtWebEngineCore::WebContentsAdapter::webContents method.

        Show
        Torgashin Konstantin added a comment - Created clean room experiment - simple widgets app with QWebEngineView, edit and one button. Untouched global webProfile with default parameters, no cache in home dir, and customized QWebEnginePage with overrided createWindow. Also created loadFinished handler with timer: connect(ui->webEngineView,&QWebEngineView::loadFinished, [this] (){ QTimer::singleShot(15000, [this] () { qDebug() << "clearing: " << ui->webEngineView->url(); ui->webEngineView->page()->scripts().clear(); } ); }); Crash happens on same pages, after 15+ seconds with fully loaded page (also with untouched page after load, and with somehow modified - scrolled, buttons pressed, pictures clicked...), but now inside QtWebEngineCore::WebContentsAdapter::webContents method.
        Hide
        Torgashin Konstantin added a comment - - edited

        Two very simple htmls on localhost's apache without https, a.html with only <a href="b.html" target="_blank"> and b.html, containing just one string. Crashes on clearing scripts collection in loadFinished handler with b.html.

        Segfaulting on modifying scripts() collection in any popup windows, created from QWebEnginePage::createWindow handler.

        Show
        Torgashin Konstantin added a comment - - edited Two very simple htmls on localhost's apache without https, a.html with only <a href="b.html" target="_blank"> and b.html, containing just one string. Crashes on clearing scripts collection in loadFinished handler with b.html. Segfaulting on modifying scripts() collection in any popup windows, created from QWebEnginePage::createWindow handler.
        Hide
        Torgashin Konstantin added a comment - - edited

        Big thanks! I have applied patch to release version of Qt WebEngine 5.7.0 and compiled it without debug info for 32bit cpu. All works ok, userscripts running. Accessing scripts() in popup windows / tabs from acceptNavigationRequest and from loadFinished no more produces this crash.

        Show
        Torgashin Konstantin added a comment - - edited Big thanks! I have applied patch to release version of Qt WebEngine 5.7.0 and compiled it without debug info for 32bit cpu. All works ok, userscripts running. Accessing scripts() in popup windows / tabs from acceptNavigationRequest and from loadFinished no more produces this crash.
        Hide
        Florian Bruhin added a comment -

        Just a small heads-up, I also added this patch to my (unofficial) qt5-webengine-debug package for Archlinux.

        Show
        Florian Bruhin added a comment - Just a small heads-up, I also added this patch to my (unofficial) qt5-webengine-debug package for Archlinux.

          People

          • Assignee:
            Allan Sandfeld Jensen
            Reporter:
            Torgashin Konstantin
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Gerrit Reviews

              There are no open Gerrit changes