Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-57713

Segfault in QtWebEngineCore::WebContentsAdapter::startDragging

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 5.9.0 Beta 2
    • 5.7.1
    • WebEngine
    • None
    • cb83d3059112b6176b9602ec84acb31ad664860b

    Description

      I just got into some weird state dragging a picture where it was dragged despite my mouse button not being clicked.

      When clicking outside the window, I got a segfault here:

      #0  0x00007f03c212df5f in raise () at /usr/lib/libpthread.so.0
      #1  0x00007f03c212e080 in <signal handler called> () at /usr/lib/libpthread.so.0
      #2  0x00007f03ae02c79f in QtWebEngineCore::WebContentsAdapter::startDragging(QObject*, content::DropData const&, QFlags<Qt::DropAction>, QPixmap const&, QPoint const&) (this=<optimized out>, dragSource=<optimized out>, dropData=..., allowedActions=..., pixmap=..., offset=...)
          at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/core/web_contents_adapter.cpp:1101
      #3  0x00007f03ae030631 in QtWebEngineCore::WebContentsViewQt::StartDragging(content::DropData const&, blink::WebDragOperation, gfx::ImageSkia const&, gfx::Vector2d const&, content::DragEventSourceInfo const&) (this=0x10ca6de0, drop_data=..., allowed_ops=<optimized out>, image=..., image_offset=..., event_info=...)
          at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/core/web_contents_view_qt.cpp:230
      #4  0x00007f03aec3d1a5 in content::RenderViewHostImpl::OnStartDragging(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&) (this=this@entry=0x10ca4e40, drop_data=..., drag_operations_mask=blink::WebDragOperationEvery, bitmap=..., bitmap_offset_in_dip=..., event_info=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/content/browser/renderer_host/render_view_host_impl.cc:1151
      #5  0x00007f03aec3d9ce in base::DispatchToMethodImpl<content::RenderViewHostImpl, void (content::RenderViewHostImpl::*)(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&), content::DropData, blink::WebDragOperation, SkBitmap, gfx::Vector2d, content::DragEventSourceInfo, 0ul, 1ul, 2ul, 3ul, 4ul>(content::RenderViewHostImpl*, void (content::RenderViewHostImpl::*)(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&), base::Tuple<content::DropData, blink::WebDragOperation, SkBitmap, gfx::Vector2d, content::DragEventSourceInfo> const&, base::IndexSequence<0ul, 1ul, 2ul, 3ul, 4ul>) (arg=..., method=<optimized out>, obj=0x10ca4e40) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/tuple.h:252
      #6  0x00007f03aec3d9ce in base::DispatchToMethod<content::RenderViewHostImpl, void (content::RenderViewHostImpl::*)(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&), content::DropData, blink::WebDragOperation, SkBitmap, gfx::Vector2d, content::DragEventSourceInfo>(content::RenderViewHostImpl*, void (content::RenderViewHostImpl::*)(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&), base::Tuple<content::DropData, blink::WebDragOperation, SkBitmap, gfx::Vector2d, content::DragEventSourceInfo> const&) (arg=..., method=
          (void (content::RenderViewHostImpl::*)(content::RenderViewHostImpl * const, const content::DropData &, blink::WebDragOperation, const SkBitmap &, const gfx::Vector2d &, const content::DragEventSourceInfo &)) 0x7f03aec3c910 <content::RenderViewHostImpl::OnStartDragging(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&)>, obj=0x10ca4e40) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/tuple.h:259
      #7  0x00007f03aec3d9ce in DragHostMsg_StartDragging::Dispatch<content::RenderViewHostImpl, content::RenderViewHostImpl, void, void (content::RenderViewHostImpl::*)(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&)>(IPC::Message const*, content::RenderViewHostImpl*, content::RenderViewHostImpl*, void*, void (content::RenderViewHostImpl::*)(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&)) (sender=0x10ca4e40, parameter=0x0, func=<optimized out>, obj=0x10ca4e40, msg=0x7f0368475f20) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/content/common/drag_messages.h:56
      #8  0x00007f03aec3d9ce in content::RenderViewHostImpl::OnMessageReceived(IPC::Message const&) (this=0x10ca4e40, msg=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/content/browser/renderer_host/render_view_host_impl.cc:929
      #9  0x00007f03aec4ac2a in content::RenderWidgetHostImpl::OnMessageReceived(IPC::Message const&) (this=0x10ca2580, msg=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/content/browser/renderer_host/render_widget_host_impl.cc:440
      #10 0x00007f03aec30796 in content::RenderProcessHostImpl::OnMessageReceived(IPC::Message const&) (this=0x10ca0560, msg=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/content/browser/renderer_host/render_process_host_impl.cc:1723
      #11 0x00007f03af543424 in IPC::ChannelProxy::Context::OnDispatchMessage(IPC::Message const&) (this=0x10caa4b0, message=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/ipc/ipc_channel_proxy.cc:293
      #12 0x00007f03af90de39 in base::Callback<void ()>::Run() const (this=0x7fffdde39fc8) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/callback.h:394
      #13 0x00007f03af90de39 in base::debug::TaskAnnotator::RunTask(char const*, base::PendingTask const&) (this=this@entry=0x29af848, queue_function=queue_function@entry=0x7f03b178e54d "MessageLoop::PostTask", pending_task=...)
          at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/debug/task_annotator.cc:51
      #14 0x00007f03af8b7208 in base::MessageLoop::RunTask(base::PendingTask const&) (this=this@entry=0x29af6d0, pending_task=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/message_loop/message_loop.cc:486
      #15 0x00007f03af8b7e79 in base::MessageLoop::DeferOrRunPendingTask(base::PendingTask const&) (this=this@entry=0x29af6d0, pending_task=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/message_loop/message_loop.cc:495
      #16 0x00007f03af8b8342 in base::MessageLoop::DoWork() (this=0x29af6d0) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/base/message_loop/message_loop.cc:607
      #17 0x00007f03adfe2d65 in QtWebEngineCore::(anonymous namespace)::MessagePumpForUIQt::handleScheduledWork (this=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/core/content_browser_client_qt.cpp:194
      #18 0x00007f03adfe2d65 in QtWebEngineCore::(anonymous namespace)::MessagePumpForUIQt::customEvent(QEvent*) (this=0x29b0030, ev=<optimized out>) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/core/content_browser_client_qt.cpp:176
      #19 0x00007f03c0254ee3 in QObject::event(QEvent*) (this=0x29b0030, e=<optimized out>) at kernel/qobject.cpp:1285
      #20 0x00007f03b571a35c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x29b0030, e=0x7f0368614c50) at kernel/qapplication.cpp:3799
      #21 0x00007f03b5721ad1 in QApplication::notify(QObject*, QEvent*) (this=0x1f03260, receiver=0x29b0030, e=0x7f0368614c50) at kernel/qapplication.cpp:3556
      #22 0x00007f03b5f9a55c in sipQApplication::notify(QObject*, QEvent*) (this=0x1f03260, a0=0x29b0030, a1=0x7f0368614c50) at sipQtWidgetsQApplication.cpp:352
      #23 0x00007f03c02288e0 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x29b0030, event=event@entry=0x7f0368614c50) at kernel/qcoreapplication.cpp:988
      #24 0x00007f03c022b06d in QCoreApplication::sendEvent(QObject*, QEvent*) (event=0x7f0368614c50, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
      #25 0x00007f03c022b06d in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x1f47040) at kernel/qcoreapplication.cpp:1649
      #26 0x00007f03c022b4d8 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1503
      #27 0x00007f03c027ceb3 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x23f1910) at kernel/qeventdispatcher_glib.cpp:276
      #28 0x00007f03bea94587 in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
      #29 0x00007f03bea947f0 in  () at /usr/lib/libglib-2.0.so.0
      #30 0x00007f03bea9489c in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
      #31 0x00007f03c027d2bf in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x23f1800, flags=...) at kernel/qeventdispatcher_glib.cpp:423
      #32 0x00007f03c0226d3a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7fffdde3a690, flags=..., flags@entry=...) at kernel/qeventloop.cpp:212
      #33 0x00007f03c022f23c in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1261
      [...]
      

      Relevant parts of a bt full:

      #2  0x00007f03ae02c79f in QtWebEngineCore::WebContentsAdapter::startDragging(QObject*, content::DropData const&, QFlags<Qt::DropAction>, QPixmap const&, QPoint const&) (this=<optimized out>, dragSource=<optimized out>, dropData=..., allowedActions=..., pixmap=..., offset=...)
          at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/core/web_contents_adapter.cpp:1101
              fixedDropData = 
                {did_originate_from_renderer = false, url = {spec_ = "https://pbs.twimg.com/media/C0B1Mx7W8AAHop4.jpg", is_valid_ = true, parsed_ = {scheme = {begin = 0, len = 5}, username = {begin = 0, len = -1}, password = {begin = 0, len = -1}, host = {begin = 8, len = 13}, port = {begin = 0, len = -1}, path = {begin = 21, len = 26}, query = {begin = 0, len = -1}, ref = {begin = 0, len = -1}, inner_parsed_ = 0x0}, inner_url_ = {impl_ = {data_ = {<std::default_delete<GURL>> = {<No data fields>}, ptr = 0x0}}}}, url_title = "", download_metadata = "", referrer_policy = blink::WebReferrerPolicyDefault, filenames = std::vector of length 0, capacity 0, filesystem_id = "", file_system_files = std::vector of length 0, capacity 0, text = {string_ = "", is_null_ = true}, html = {string_ = "<\000i\000m\000g\000 \000d\000a\000t\000a\000-\000a\000r\000i\000a\000-\000l\000a\000b\000e\000l\000-\000p\000a\000r\000t\000=\000\"\000\"\000 \000s\000r\000c\000=\000\"\000h\000t\000t\000p\000s\000:\000/\000/\000p\000b\000s\000.\000t\000w\000i\000m\000g\000.\000c\000o\000m\000/\000m\000e\000d\000i\000a\000/\000C\000\060\000B\000\061\000M\000x\000\067\000W\000\070\000A\000A\000H\000o\000p\000\064\000.\000j\000p\000g\000\"\000 \000a\000l\000t\000=\000\"\000\"\000 \000s\000t\000y\000l\000e\000=\000\"\000w\000i\000d\000"..., is_null_ = false}, html_base_url = {spec_ = "about:blank", is_valid_ = true, parsed_ = {scheme = {begin = 0, len = 5}, username = {begin = 0, len = -1}, password = {begin = 0, len = -1}, host = {begin = 0, len = -1}, port = {begin = 0, len = -1}, path = {begin = 6, len = 5}, query = {begin = 0, len = -1}, ref = {begin = 0, len = -1}, inner_parsed_ = 0x0}, inner_url_ = {impl_ = {data_ = {<std::default_delete<GURL>> = {<No data fields>}, ptr = 0x0}}}}, file_description_filename = "", file_contents = "", custom_data = std::map with 0 elements}
              drag = 0x10b5d900
              rvh = <optimized out>
      #3  0x00007f03ae030631 in QtWebEngineCore::WebContentsViewQt::StartDragging(content::DropData const&, blink::WebDragOperation, gfx::ImageSkia const&, gfx::Vector2d const&, content::DragEventSourceInfo const&) (this=0x10ca6de0, drop_data=..., allowed_ops=<optimized out>, image=..., image_offset=..., event_info=...)
          at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/core/web_contents_view_qt.cpp:230
              pixmap = {<QPaintDevice> = {_vptr.QPaintDevice = 0x7f03b55b2ad8 <vtable for QPixmap+16>, painters = 0, reserved = 0x0}, data = {d = 0xab20f60}}
              hotspot = {xp = 142, yp = 33}
      #4  0x00007f03aec3d1a5 in content::RenderViewHostImpl::OnStartDragging(content::DropData const&, blink::WebDragOperation, SkBitmap const&, gfx::Vector2d const&, content::DragEventSourceInfo const&) (this=this@entry=0x10ca4e40, drop_data=..., drag_operations_mask=blink::WebDragOperationEvery, bitmap=..., bitmap_offset_in_dip=..., event_info=...) at /tmp/makepkg/qt5-webengine-debug/src/qtwebengine-opensource-src-5.7.1/src/3rdparty/chromium/content/browser/renderer_host/render_view_host_impl.cc:1151
              view = 0x10ca6de8
              filtered_data = 
                {did_originate_from_renderer = false, url = {spec_ = "https://pbs.twimg.com/media/C0B1Mx7W8AAHop4.jpg", is_valid_ = true, parsed_ = {scheme = {begin = 0, len = 5}, username = {begin = 0, len = -1}, password = {begin = 0, len = -1}, host = {begin = 8, len = 13}, port = {begin = 0, len = -1}, path = {begin = 21, len = 26}, query = {begin = 0, len = -1}, ref = {begin = 0, len = -1}, inner_parsed_ = 0x0}, inner_url_ = {impl_ = {data_ = {<std::default_delete<GURL>> = {<No data fields>}, ptr = 0x0}}}}, url_title = "", download_metadata = "", referrer_policy = blink::WebReferrerPolicyDefault, filenames = std::vector of length 0, capacity 0, filesystem_id = "", file_system_files = std::vector of length 0, capacity 0, text = {string_ = "", is_null_ = true}, html = {string_ = "<\000i\000m\000g\000 \000d\000a\000t\000a\000-\000a\000r\000i\000a\000-\000l\000a\000b\000e\000l\000-\000p\000a\000r\000t\000=\000\"\000\"\000 \000s\000r\000c\000=\000\"\000h\000t\000t\000p\000s\000:\000/\000/\000p\000b\000s\000.\000t\000w\000i\000m\000g\000.\000c\000o\000m\000/\000m\000e\000d\000i\000a\000/\000C\000\060\000B\000\061\000M\000x\000\067\000W\000\070\000A\000A\000H\000o\000p\000\064\000.\000j\000p\000g\000\"\000 \000a\000l\000t\000=\000\"\000\"\000 \000s\000t\000y\000l\000e\000=\000\"\000w\000i\000d\000"..., is_null_ = false}, html_base_url = {spec_ = "about:blank", is_valid_ = true, parsed_ = {scheme = {begin = 0, len = 5}, username = {begin = 0, len = -1}, password = {begin = 0, len = -1}, host = {begin = 0, len = -1}, port = {begin = 0, len = -1}, path = {begin = 6, len = 5}, query = {begin = 0, len = -1}, ref = {begin = 0, len = -1}, inner_parsed_ = 0x0}, inner_url_ = {impl_ = {data_ = {<std::default_delete<GURL>> = {<No data fields>}, ptr = 0x0}}}}, file_description_filename = "C\000\060\000B\000\061\000M\000x\000\067\000W\000\070\000A\000A\000H\000o\000p\000\064\000.\000j\000p\000g\000", file_contents = "\377\330\377\340\000\020JFIF\000\001\001\000\000H\000H\000\000\377\333\000C\000\004\004\004\004\004\004\a\004\004\a\n\a\a\a\n\r\n\n\n\n\r\020\r\r\r\r\r\020\024\020\020\020\020\020\020\024\024\024\024\024\024\024\024\030\030\030\030\030\030\034\034\034\034\034\037\037\037\037\037\037\037\037\037\037\377\333\000C\001\005\005\005\b\a\b\016\a\a\016 \026\022\026", ' ' <repeats 50 times>, "\377\302\000\021\b\003\204\004\260\003\001\"\000\002\021\001\003\021\001\377\304\000\034\000\000\001\005\001\001\001\000\000\000\000\000\000\000\000\000\000\002\001"..., custom_data = std::map with 0 elements}
              process = <optimized out>
              policy = 0x2d6b2f0
              file_system_context = 0x2d69910
              scale = <optimized out>
              image = {storage_ = {ptr_ = 0xbb65920}}
      

      Attachments

        For Gerrit Dashboard: QTBUG-57713
        # Subject Branch Project Status CR V

        Activity

          People

            viengelm Viktor Engelmann
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes