Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-85802

QtWebEngine crashes when scrolling while WebEngineView is resizing

    XMLWordPrintable

    Details

    • Platform/s:
      Linux/X11
    • Commits:
      82eae6c457c85c9f51d08d5430d58e8359449576 (qt/qtwebengine/5.12)

      Description

      When scrolling the content of a WebEngineView while it resizes, it is possible to cause the embedding application to crash in the render thread. The stack trace when this occurs is seemingly different based on the website that is being viewed...

      This issue can be reproduced with the following QML file. Load this file via qmlscene or your favorite `main.cpp` (I used the one that was created with a default QMake project in Qt Creator), wait for the WebView to load, then scroll up and down vigorously using the scroll bar (the mouse wheel does not trigger a crash):

      (Epilepsy warning: depending on the content of the website, this could cause annoying or dangerous flashing as the WebView reflows constantly)

      import QtQuick 2.9
      import QtQuick.Controls 2.2
      import QtWebEngine 1.7
      ApplicationWindow {
          id: root
          width: 1024
          height: 750
          visible: true    WebEngineView {
              id: webview
              anchors.top: parent.top
              anchors.bottom: root.bottom
              anchors.left: parent.left
              anchors.right: parent.right
              height: 600
              url: "https://about.gitlab.com"
              profile: webViewProfile
          }    property bool up: false    property var myTimer: Timer {
              id: myTimer
              interval: 30
              running: true
              repeat: true
              onTriggered: {
                  if (root.up) {
                      webview.height = webview.height + 50;
                  } else {
                      webview.height = webview.height - 50;
                  }
                  root.up = !root.up
              }
          }
      }
      

      Again, the observed stack trace changes based on the site that is being viewed at the time of the crash. For example, when https://github.com is open:

      1  ??                                                                                                                                    0x555555bab210 
      2  QSGOpaqueTextureMaterialShader::updateState(QSGMaterialShader::RenderState const&, QSGMaterial *, QSGMaterial *)                      0x7fffe83720a6 
      3  QSGBatchRenderer::Renderer::renderMergedBatch(QSGBatchRenderer::Batch const *)                                                        0x7fffe836180a 
      4  QSGBatchRenderer::Renderer::renderBatches()                                                                                           0x7fffe83623b5 
      5  QSGBatchRenderer::Renderer::render()                                                                                                  0x7fffe8367873 
      6  QSGRenderer::renderScene(QSGBindable const&)                                                                                          0x7fffe83583a3 
      7  QSGRenderer::renderScene(unsigned int)                                                                                                0x7fffe835886b 
      8  QSGDefaultRenderContext::renderNextFrame(QSGRenderer *, unsigned int)                                                                 0x7fffe839571e 
      9  QQuickWindowPrivate::renderSceneGraph(QSize const&)                                                                                   0x7fffe83f2194 
      10 QSGRenderThread::syncAndRender()                                                                                                      0x7fffe83a124e 
      11 QSGRenderThread::run()                                                                                                                0x7fffe83a488c 
      12 QThreadPrivate::start(void *)                                                                                                         0x7ffff69e20b3 
      13 start_thread                                                                                                     pthread_create.c 477 0x7ffff6516609 
      14 clone                                                                                                            clone.S          95  0x7ffff6654103 
      
      

      But when https://secure.endless.horse is open:

      1  ??                                                                      0x7fffc9544432 
      2  ??                                                                      0x7fffc95481de 
      3  ??                                                                      0x7fffc954d764 
      4  ??                                                                      0x7fffc9537574 
      5  QQuickWindowPrivate::updateDirtyNode(QQuickItem *)                      0x7fffe83f1340 
      6  QQuickWindowPrivate::updateDirtyNodes()                                 0x7fffe83f197d 
      7  QQuickWindowPrivate::syncSceneGraph()                                   0x7fffe83f2b22 
      8  QSGRenderThread::sync(bool)                                             0x7fffe83a033c 
      9  QSGRenderThread::syncAndRender()                                        0x7fffe83a16d0 
      10 QSGRenderThread::run()                                                  0x7fffe83a488c 
      11 QThreadPrivate::start(void *)                                           0x7ffff69e20b3 
      12 start_thread                                       pthread_create.c 477 0x7ffff6516609 
      13 clone                                              clone.S          95  0x7ffff6654103 
      

      On some sites, it is very difficult to trigger the bug. But with enough attempts, you can most likely get it to occur.

      I've triggered this issue with QWE 5.14.2 on top of QtBase 5.9.5 on Ubuntu 16.04, QWE 5.12.8 on Qt 5.12.8 on Ubuntu 20.04, and QWE 5.12.9 on Qt 5.12.9 downloaded with Qt Creator on Ubuntu 20.04. It's been triggered on x86_64 and arm64 platforms.

      I've been unable to trigger this issue on any of the following Qt versions, all downloaded from Qt Creator:

      • 5.15.0 on Ubuntu 20.04
      • 5.14.2 on Ubuntu 20.04
      • 5.15.0, 5.14.2, 5.12.9 on macOS Catalina

       

      This is potentially related to https://bugreports.qt.io/browse/QTBUG-76181, at least I have been able to trigger it under a disturbingly similar yet seemingly unrelated scenario: https://github.com/ubports/qtwebengine-opensource-src-packaging/issues/38

        Attachments

          Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            Activity

              People

              Assignee:
              kiburtse Kirill Burtsev
              Reporter:
              universalsuperbox Dalton Durst
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Gerrit Reviews

                  There are no open Gerrit changes