Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-56661

Data URLs may cause render process crash on Windows

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P2: Important
    • 5.8.0 RC
    • 5.8.0 Alpha
    • WebEngine
    • None
    • Windows 7 (MSVC 2015 64bit)
      Linux (Gentoo x64)
    • c15c0f5620a15996f4d178e628f5bd401ab34279

    Description

      Examples to reproduces:

      • Load URL: data:text/html,foo
      • Use Quick API: webEngineView.loadHtml("load failed", "http://www.somesitethatdoesnotexist.abc/")

      This is the main reason why the test_urlProperty QML test case is flaky on Windows: https://bugreports.qt.io/browse/QTBUG-56180 The examples above are part of this test.

      It seems the issue is Windows specific since I couldn't reproduce it on Linux and neither the Linux CI fails on the test. The failure doesn't happen all the time (flaky) and there is no exact way to reproduce.

      In debug build the an assert is triggered sometimes and produces the following backtrace:

      [41060:48204:1020/181712:FATAL:render_frame_impl.cc(2352)] Check failed: frame_.
      Backtrace:
              base::debug::StackTrace::StackTrace [0x0000000180BA03D6+54]
              logging::LogMessage::~LogMessage [0x0000000180A996A9+89]
              content::RenderFrameImpl::GetWebFrame [0x000000018054A8A5+261]
              QtWebEngineCore::WebChannelIPCTransport::RunScriptsAtDocumentStart [0x000000018023FFF3+51]
              QtWebEngineCore::ContentRendererClientQt::RunScriptsAtDocumentStart [0x000000018022A917+87]
              content::RenderFrameImpl::runScriptsAtDocumentElementAvailable [0x000000018057A2FE+462]
              blink::FrameLoaderClientImpl::runScriptsAtDocumentElementAvailable [0x0000000183AC2619+169]
              blink::FrameLoader::runScriptsAtDocumentElementAvailable [0x0000000186D2E2D0+64]
              blink::HTMLHtmlElement::insertedByParser [0x0000000186B16029+201]
              blink::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML [0x0000000186B887E5+245]
              blink::HTMLTreeBuilder::defaultForBeforeHTML [0x0000000186B908DC+124]
              blink::HTMLTreeBuilder::processEndOfFile [0x0000000186B942F8+312]
              blink::HTMLTreeBuilder::processToken [0x0000000186B9CE35+277]
              blink::HTMLTreeBuilder::constructTree [0x0000000186B90499+89]
              blink::HTMLDocumentParser::constructTreeFromHTMLToken [0x0000000186AE9D4D+141]
              blink::HTMLDocumentParser::pumpTokenizer [0x0000000186AF18D1+1233]
              blink::HTMLDocumentParser::pumpTokenizerIfPossible [0x0000000186AF1CEC+76]
              blink::HTMLDocumentParser::prepareToStopParsing [0x0000000186AF00E3+195]
              blink::HTMLDocumentParser::attemptToEnd [0x0000000186AE9667+71]
              blink::HTMLDocumentParser::finish [0x0000000186AED955+453]
              blink::DocumentWriter::end [0x00000001872041F7+359]
              blink::DocumentLoader::endWriting [0x0000000186DBEA9C+124]
              blink::DocumentLoader::finishedLoading [0x0000000186DBFE34+692]
              blink::DocumentLoader::maybeLoadEmpty [0x0000000186DC0E62+546]
              blink::DocumentLoader::startLoadingMainResource [0x0000000186DC36A4+212]
              blink::FrameLoader::init [0x0000000186D2AF6C+348]
              blink::LocalFrame::init [0x0000000183A26AD1+49]
              blink::WebLocalFrameImpl::createProvisional [0x0000000183A1FFDE+606]
              blink::WebLocalFrame::createProvisional [0x0000000183A1FD4C+60]
              content::RenderFrameImpl::CreateFrame [0x00000001805476F3+819]
              content::RenderThreadImpl::OnCreateNewFrame [0x00000001805D7A5B+187]
              ??$DispatchToMethodImpl@PEAVRenderThreadImpl@content@@P812@EAAXUFrameMsg_NewFrame_Params@@@ZU3@$$Z$0A@@base@@YAXAEBQEAVRenderThreadImpl@content@@P812@EAAXUFrameMsg_NewFrame_Params@@@ZAEBV?$tuple@UFrameMsg_NewFrame_Params@@@std@@U?$IndexSequence@$0A@@0@@Z [0x00000001805C4B50+176]
              base::DispatchToMethod<content::RenderThreadImpl * __ptr64,void (__cdecl content::RenderThreadImpl::*)(FrameMsg_NewFrame_Params) __ptr64,FrameMsg_NewFrame_Params> [0x00000001805C4657+87]
              IPC::DispatchToMethod<content::RenderThreadImpl,void (__cdecl content::RenderThreadImpl::*)(FrameMsg_NewFrame_Params) __ptr64,void,std::tuple<FrameMsg_NewFrame_Params> > [0x00000001805C4836+86]
              IPC::MessageT<FrameMsg_NewFrame_Meta,std::tuple<FrameMsg_NewFrame_Params>,void>::Dispatch<content::RenderThreadImpl,content::RenderThreadImpl,void,void (__cdecl content::RenderThreadImpl::*)(FrameMsg_NewFrame_Params) __ptr64> [0x00000001805C4158+360]
              content::RenderThreadImpl::OnControlMessageReceived [0x00000001805D73C8+744]
              content::ChildThreadImpl::OnMessageReceived [0x00000001858C3EB4+1828]
              IPC::ChannelProxy::Context::OnDispatchMessage [0x00000001832696F7+167]
              base::internal::RunnableAdapter<void (__cdecl content::WebFileWriterImpl::WriterBridge::*)(base::Callback<void __cdecl(enum base::File::Error),1> const & __ptr64) __ptr64>::Run<scoped_refptr<content::WebFileWriterImpl::WriterBridge> const & __ptr64,base:: [0x00000001852F256F+95]
              base::internal::InvokeHelper<0,void>::MakeItSo<base::internal::RunnableAdapter<void (__cdecl content::WebFileWriterImpl::WriterBridge::*)(base::Callback<void __cdecl(enum base::File::Error),1> const & __ptr64) __ptr64> const & __ptr64,scoped_refptr<conten [0x0000000180A001F8+104]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl content::WebSocketMessageFilter::*)(IPC::Message const & __ptr64) __ptr64>,content::WebSocketMessageFilter * __ptr64 const,IPC::Message const & __ptr64>,void _ [0x000000018590D888+136]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl content::WebSocketMessageFilter::*)(IPC::Message const & __ptr64) __ptr64>,content::WebSocketMessageFilter * __ptr64 const,IPC::Message const & __ptr64>,void _ [0x000000018590DFB8+72]
              base::Callback<bool __cdecl(void),1>::Run [0x000000018329AF0D+61]
              base::debug::TaskAnnotator::RunTask [0x0000000180BE4885+549]
              scheduler::TaskQueueManager::ProcessTaskFromWorkQueue [0x00000001852E582F+1503]
              scheduler::TaskQueueManager::DoWork [0x00000001852E4028+920]
              base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64>::Run<base::WeakPtr<scheduler::TaskQueueManager> const & __ptr64,base::TimeTicks const & __ptr64,bool const & __ptr64> [0x000000018093F05D+109]
              base::internal::InvokeHelper<1,void>::MakeItSo<base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64> const & __ptr64,base::WeakPtr<scheduler::TaskQueueManager> const & __ptr64,base::TimeTicks const &  [0x000000018093EFE7+151]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64>,base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks,bool>,void __cdecl(void)>::RunImpl<ba [0x000000018093F29F+175]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64>,base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks,bool>,void __cdecl(void)>::Run [0x00000001809424F8+72]
              base::Callback<bool __cdecl(void),1>::Run [0x000000018329AF0D+61]
              base::debug::TaskAnnotator::RunTask [0x0000000180BE4885+549]
              base::MessageLoop::RunTask [0x0000000180AFE07C+1004]
              base::MessageLoop::DeferOrRunPendingTask [0x0000000180AFBC41+81]
              base::MessageLoop::DoWork [0x0000000180AFC274+340]
              base::MessagePumpDefault::Run [0x0000000180BEB549+313]
              base::MessageLoop::RunHandler [0x0000000180AFDC73+291]
              base::RunLoop::Run [0x0000000180B2A9DB+91]
              base::MessageLoop::Run [0x0000000180AFDB25+293]
              content::RendererMain [0x00000001860F8778+1032]
              content::RunNamedProcessTypeMain [0x00000001835D1195+245]
              content::ContentMainRunnerImpl::Run [0x00000001835D1045+725]
      
      Backtrace:
              base::debug::BreakDebugger [0x0000000180BA027C+44]
              logging::LogMessage::~LogMessage [0x0000000180A999F3+931]
              content::RenderFrameImpl::GetWebFrame [0x000000018054A8A5+261]
              QtWebEngineCore::WebChannelIPCTransport::RunScriptsAtDocumentStart [0x000000018023FFF3+51]
              QtWebEngineCore::ContentRendererClientQt::RunScriptsAtDocumentStart [0x000000018022A917+87]
              content::RenderFrameImpl::runScriptsAtDocumentElementAvailable [0x000000018057A2FE+462]
              blink::FrameLoaderClientImpl::runScriptsAtDocumentElementAvailable [0x0000000183AC2619+169]
              blink::FrameLoader::runScriptsAtDocumentElementAvailable [0x0000000186D2E2D0+64]
              blink::HTMLHtmlElement::insertedByParser [0x0000000186B16029+201]
              blink::HTMLConstructionSite::insertHTMLHtmlStartTagBeforeHTML [0x0000000186B887E5+245]
              blink::HTMLTreeBuilder::defaultForBeforeHTML [0x0000000186B908DC+124]
              blink::HTMLTreeBuilder::processEndOfFile [0x0000000186B942F8+312]
              blink::HTMLTreeBuilder::processToken [0x0000000186B9CE35+277]
              blink::HTMLTreeBuilder::constructTree [0x0000000186B90499+89]
              blink::HTMLDocumentParser::constructTreeFromHTMLToken [0x0000000186AE9D4D+141]
              blink::HTMLDocumentParser::pumpTokenizer [0x0000000186AF18D1+1233]
              blink::HTMLDocumentParser::pumpTokenizerIfPossible [0x0000000186AF1CEC+76]
              blink::HTMLDocumentParser::prepareToStopParsing [0x0000000186AF00E3+195]
              blink::HTMLDocumentParser::attemptToEnd [0x0000000186AE9667+71]
              blink::HTMLDocumentParser::finish [0x0000000186AED955+453]
              blink::DocumentWriter::end [0x00000001872041F7+359]
              blink::DocumentLoader::endWriting [0x0000000186DBEA9C+124]
              blink::DocumentLoader::finishedLoading [0x0000000186DBFE34+692]
              blink::DocumentLoader::maybeLoadEmpty [0x0000000186DC0E62+546]
              blink::DocumentLoader::startLoadingMainResource [0x0000000186DC36A4+212]
              blink::FrameLoader::init [0x0000000186D2AF6C+348]
              blink::LocalFrame::init [0x0000000183A26AD1+49]
              blink::WebLocalFrameImpl::createProvisional [0x0000000183A1FFDE+606]
              blink::WebLocalFrame::createProvisional [0x0000000183A1FD4C+60]
              content::RenderFrameImpl::CreateFrame [0x00000001805476F3+819]
              content::RenderThreadImpl::OnCreateNewFrame [0x00000001805D7A5B+187]
              ??$DispatchToMethodImpl@PEAVRenderThreadImpl@content@@P812@EAAXUFrameMsg_NewFrame_Params@@@ZU3@$$Z$0A@@base@@YAXAEBQEAVRenderThreadImpl@content@@P812@EAAXUFrameMsg_NewFrame_Params@@@ZAEBV?$tuple@UFrameMsg_NewFrame_Params@@@std@@U?$IndexSequence@$0A@@0@@Z [0x00000001805C4B50+176]
              base::DispatchToMethod<content::RenderThreadImpl * __ptr64,void (__cdecl content::RenderThreadImpl::*)(FrameMsg_NewFrame_Params) __ptr64,FrameMsg_NewFrame_Params> [0x00000001805C4657+87]
              IPC::DispatchToMethod<content::RenderThreadImpl,void (__cdecl content::RenderThreadImpl::*)(FrameMsg_NewFrame_Params) __ptr64,void,std::tuple<FrameMsg_NewFrame_Params> > [0x00000001805C4836+86]
              IPC::MessageT<FrameMsg_NewFrame_Meta,std::tuple<FrameMsg_NewFrame_Params>,void>::Dispatch<content::RenderThreadImpl,content::RenderThreadImpl,void,void (__cdecl content::RenderThreadImpl::*)(FrameMsg_NewFrame_Params) __ptr64> [0x00000001805C4158+360]
              content::RenderThreadImpl::OnControlMessageReceived [0x00000001805D73C8+744]
              content::ChildThreadImpl::OnMessageReceived [0x00000001858C3EB4+1828]
              IPC::ChannelProxy::Context::OnDispatchMessage [0x00000001832696F7+167]
              base::internal::RunnableAdapter<void (__cdecl content::WebFileWriterImpl::WriterBridge::*)(base::Callback<void __cdecl(enum base::File::Error),1> const & __ptr64) __ptr64>::Run<scoped_refptr<content::WebFileWriterImpl::WriterBridge> const & __ptr64,base:: [0x00000001852F256F+95]
              base::internal::InvokeHelper<0,void>::MakeItSo<base::internal::RunnableAdapter<void (__cdecl content::WebFileWriterImpl::WriterBridge::*)(base::Callback<void __cdecl(enum base::File::Error),1> const & __ptr64) __ptr64> const & __ptr64,scoped_refptr<conten [0x0000000180A001F8+104]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl content::WebSocketMessageFilter::*)(IPC::Message const & __ptr64) __ptr64>,content::WebSocketMessageFilter * __ptr64 const,IPC::Message const & __ptr64>,void _ [0x000000018590D888+136]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl content::WebSocketMessageFilter::*)(IPC::Message const & __ptr64) __ptr64>,content::WebSocketMessageFilter * __ptr64 const,IPC::Message const & __ptr64>,void _ [0x000000018590DFB8+72]
              base::Callback<bool __cdecl(void),1>::Run [0x000000018329AF0D+61]
              base::debug::TaskAnnotator::RunTask [0x0000000180BE4885+549]
              scheduler::TaskQueueManager::ProcessTaskFromWorkQueue [0x00000001852E582F+1503]
              scheduler::TaskQueueManager::DoWork [0x00000001852E4028+920]
              base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64>::Run<base::WeakPtr<scheduler::TaskQueueManager> const & __ptr64,base::TimeTicks const & __ptr64,bool const & __ptr64> [0x000000018093F05D+109]
              base::internal::InvokeHelper<1,void>::MakeItSo<base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64> const & __ptr64,base::WeakPtr<scheduler::TaskQueueManager> const & __ptr64,base::TimeTicks const &  [0x000000018093EFE7+151]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64>,base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks,bool>,void __cdecl(void)>::RunImpl<ba [0x000000018093F29F+175]
              base::internal::Invoker<base::internal::BindState<base::internal::RunnableAdapter<void (__cdecl scheduler::TaskQueueManager::*)(base::TimeTicks,bool) __ptr64>,base::WeakPtr<scheduler::TaskQueueManager>,base::TimeTicks,bool>,void __cdecl(void)>::Run [0x00000001809424F8+72]
              base::Callback<bool __cdecl(void),1>::Run [0x000000018329AF0D+61]
              base::debug::TaskAnnotator::RunTask [0x0000000180BE4885+549]
              base::MessageLoop::RunTask [0x0000000180AFE07C+1004]
              base::MessageLoop::DeferOrRunPendingTask [0x0000000180AFBC41+81]
              base::MessageLoop::DoWork [0x0000000180AFC274+340]
              base::MessagePumpDefault::Run [0x0000000180BEB549+313]
              base::MessageLoop::RunHandler [0x0000000180AFDC73+291]
              base::RunLoop::Run [0x0000000180B2A9DB+91]
              base::MessageLoop::Run [0x0000000180AFDB25+293]
              content::RendererMain [0x00000001860F8778+1032]
              content::RunNamedProcessTypeMain [0x00000001835D1195+245]
              content::ContentMainRunnerImpl::Run [0x00000001835D1045+725]
      

      Attachments

        Issue Links

          For Gerrit Dashboard: QTBUG-56661
          # Subject Branch Project Status CR V

          Activity

            People

              pvarga Peter Varga
              pvarga Peter Varga
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes