Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-85863

Renderer process crash in blink::CSSMathExpressionNode::ParseClamp on whats.new

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • None
    • 5.15.0
    • WebEngine
    • None
    • 05942008bf7a5ca403b2e33901905dba6e78acc9 (qt/qtwebengine-chromium/80-based)

    Description

      When visiting https://whats.new there is a renderer process crash. Backtrace with --single-process:

      Thread 22 "Chrome_InProcRe" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8e7fc700 (LWP 33060)]
0x00007ffff6b6bd23 in blink::CSSMathExpressionNode::ParseClamp(blink::CSSParserTokenRange const&) () from /usr/lib/libQt5WebEngineCore.so.5
(gdb) bt
#0  0x00007ffff6b6bd23 in blink::CSSMathExpressionNode::ParseClamp(blink::CSSParserTokenRange const&) () at /usr/lib/libQt5WebEngineCore.so.5
#1  0x00007ffff6bea22a in blink::css_property_parser_helpers::MathFunctionParser::MathFunctionParser(blink::CSSParserTokenRange&, blink::ValueRange) () at /usr/lib/libQt5WebEngineCore.so.5
#2  0x00007ffff6beacff in blink::css_property_parser_helpers::ConsumeLengthOrPercent(blink::CSSParserTokenRange&, blink::CSSParserMode, blink::ValueRange, blink::css_property_parser_helpers::UnitlessQuirk) () at /usr/lib/libQt5WebEngineCore.so.5
#3  0x00007ffff6bed379 in blink::css_property_parser_helpers::ParseLonghand(blink::CSSPropertyID, blink::CSSPropertyID, blink::CSSParserContext const&, blink::CSSParserTokenRange&) () at /usr/lib/libQt5WebEngineCore.so.5
#4  0x00007ffff6bf5455 in blink::CSSPropertyParser::ParseValueStart(blink::CSSPropertyID, bool) () at /usr/lib/libQt5WebEngineCore.so.5
#5  0x00007ffff6bf5677 in blink::CSSPropertyParser::ParseValue(blink::CSSPropertyID, bool, blink::CSSParserTokenRange const&, blink::CSSParserContext const*, blink::HeapVector<blink::CSSPropertyValue, 256u>&, blink::StyleRuleBase::RuleType) ()
    at /usr/lib/libQt5WebEngineCore.so.5
#6  0x00007ffff6bf5a88 in blink::CSSParserImpl::ConsumeDeclaration(blink::CSSParserTokenRange, blink::CSSParserImpl::RangeOffset const&, blink::StyleRuleBase::RuleType) () at /usr/lib/libQt5WebEngineCore.so.5
#7  0x00007ffff6bfa53d in blink::CSSParserImpl::ConsumeDeclarationList(blink::CSSParserTokenStream&, blink::StyleRuleBase::RuleType) () at /usr/lib/libQt5WebEngineCore.so.5
#8  0x00007ffff6bfb0bb in blink::CSSParserImpl::ParseDeclarationListForLazyStyle(WTF::String const&, unsigned int, blink::CSSParserContext const*) () at /usr/lib/libQt5WebEngineCore.so.5
#9  0x00007ffff6ca2df6 in blink::StyleRule::Properties() const () at /usr/lib/libQt5WebEngineCore.so.5
#10 0x0000000000000001 in  ()
#11 0x00007fff8e7fa130 in  ()
#12 0x00007fff8e7f9d30 in  ()
#13 0x00007ffff6bc3eea in blink::ElementRuleCollector::SortAndTransferMatchedRules() () at /usr/lib/libQt5WebEngineCore.so.5
#14 0x00002489b9eea590 in  ()
#15 0x00002e000000000a in  ()
#16 0x0000000000000000 in  ()

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            qt_webengine_team Qt WebEngine Team
            the compiler Florian Bruhin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes