Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-97472

[REG] Crash/segfault in ozone implementation when calling XkbGetState

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • 6.2.3, 6.3.0 Alpha
    • 6.2.0
    • WebEngine
    • None
    • Debian 11, eglfs, eglfs_kms
    • Linux/Other display system
    • 23cc5bb2588100c6053d9d11b20778724cdbd6e7 (qt/qtwebengine/dev) 52cf91622a628ababfd39514c0e1b465d1a70b89 (qt/qtwebengine/6.2) 05b86a816780002f89913ab195495a043c119288 (qt/qtwebengine/6.2.2)

    Description

      Hi,

      i encounter the following crash on an embedded Linux device (armhf) running Debian 11 as soon as a WebEngineView is about to be shown. The device has only a touchscreen and thus has no keyboard.

      For example by using qmlscene and a minimal example with just a WebEngineView element.

      Callstack:

      #0  0xb54d17dc in XkbUseExtension () at /usr/lib/arm-linux-gnueabihf/libX11.so.6
#1  0xb54cb524 in XkbGetState () at /usr/lib/arm-linux-gnueabihf/libX11.so.6
#2  0xa69558b8 in getCurrentKeyboardLayout () at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/core/ozone/ozone_platform_qt.cpp:164
#3  InitializeUI() () at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/core/ozone/ozone_platform_qt.cpp:206
#4  0xa71d6b0e in ui::OzonePlatform::InitializeForUI(ui::OzonePlatform::InitParams const&) ()
    at ../../../../../../../qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/3rdparty/chromium/ui/ozone/public/ozone_platform.cc:67
#5  0xab8394c8 in aura::Env::Init() () at ./../../../../../../../qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/3rdparty/chromium/ui/aura/env.cc:248
#6  0xab839534 in aura::Env::CreateInstance() () at ./../../../../../../../qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/3rdparty/chromium/ui/aura/env.cc:109
#7  0xaaef54dc in content::BrowserMainLoop::InitializeToolkit() () at ../../../../../../../qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/3rdparty/chromium/content/browser/browser_main_loop.cc:1407
#8  0xaaef6782 in content::BrowserMainRunnerImpl::Initialize(content::MainFunctionParams const&) ()
    at ../../../../../../../qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/3rdparty/chromium/content/browser/browser_main_runner_impl.cc:115
#9  0xa691d424 in QtWebEngineCore::WebEngineContext::WebEngineContext() () at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/core/web_engine_context.cpp:817
#10 0xa691e116 in QtWebEngineCore::WebEngineContext::current() () at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/core/web_engine_context.cpp:519
#11 0xa6909a90 in QtWebEngineCore::WebContentsAdapter::WebContentsAdapter(std::unique_ptr<content::WebContents, std::default_delete<content::WebContents> >) ()
    at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/core/web_contents_adapter.cpp:454
#12 0xa6909ab2 in QtWebEngineCore::WebContentsAdapter::WebContentsAdapter() () at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/core/web_contents_adapter.cpp:458
#13 0xad174f2c in QSharedPointer<QtWebEngineCore::WebContentsAdapter>::create<>() () at /usr/arm-linux-gnueabihf/include/c++/10/new:175
#14 QQuickWebEngineViewPrivate::QQuickWebEngineViewPrivate() (this=0x51c2e0) at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/webenginequick/api/qquickwebengineview.cpp:167
#15 0xad178198 in QQuickWebEngineView::QQuickWebEngineView(QQuickItem*) (this=0x51c168, parent=<optimized out>) at /qtsrc/qt-everywhere-src-6.2.0/qtwebengine/src/webenginequick/api/qquickwebengineview.cpp:797
#16 0xad186d5c in QQmlPrivate::QQmlElement<QQuickWebEngineView>::QQmlElement() (this=0x51c168) at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlprivate.h:128
#17 QQmlPrivate::createInto<QQuickWebEngineView>(void*, void*) (memory=0x51c168) at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlprivate.h:188
#18 0xb668d840 in QQmlType::create(QObject**, void**, unsigned int) const (this=this@entry=0xbefff030, out=out@entry=0xbefff02c, memory=memory@entry=0xbefff034, additionalMemory=additionalMemory@entry=96)
    at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmltype.cpp:501
#19 0xb6660d8e in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=this@entry=0x51acf8, index=1, parent=0x4fead0, isContextObject=<optimized out>)
    at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1207
#20 0xb666346e in QQmlObjectCreator::setPropertyBinding(QQmlPropertyData const*, QV4::CompiledData::Binding const*)
    (this=this@entry=0x51acf8, bindingProperty=bindingProperty@entry=0xad07870c, binding=binding@entry=0xade6f3dc) at /qtsrc/qt-everywhere-src-6.2.0/qtbase/src/corelib/global/qendian.h:273
#21 0xb6663856 in QQmlObjectCreator::setupBindings(bool) (this=this@entry=0x51acf8, applyDeferredBindings=applyDeferredBindings@entry=false)
    at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:775
#22 0xb665fa88 in QQmlObjectCreator::populateInstance(int, QObject*, QObject*, QQmlPropertyData const*) (this=this@entry=0x51acf8, index=-1,
    index@entry=0, instance=0x0, bindingTarget=0x0, valueTypeProperty=valueTypeProperty@entry=0x0) at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1606
#23 0xb6660a3e in QQmlObjectCreator::createInstance(int, QObject*, bool) (this=this@entry=0x51acf8, index=index@entry=0, parent=parent@entry=0x0, isContextObject=isContextObject@entry=true)
    at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:1365
#24 0xb6661882 in QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int) (flags=<optimized out>, interrupt=0x0, parent=0x0, subComponentIndex=<optimized out>, this=<optimized out>)
    at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:217
#25 QQmlObjectCreator::create(int, QObject*, QQmlInstantiationInterrupt*, int)
    (this=<optimized out>, subComponentIndex=<optimized out>, parent=parent@entry=0x0, interrupt=interrupt@entry=0x0, flags=<optimized out>, flags@entry=1)
    at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlobjectcreator.cpp:161
#26 0xb661d83e in QQmlComponentPrivate::beginCreate(QQmlRefPointer<QQmlContextData>) (this=0x43a400, context=...) at /qtsrc/qt-everywhere-src-6.2.0/qtbase/src/corelib/tools/qscopedpointer.h:125
#27 0xb661db82 in QQmlComponent::beginCreate(QQmlContext*) (this=<optimized out>, publicContext=<optimized out>) at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:903
#28 0xb661f338 in QQmlComponent::create(QQmlContext*) (this=0x519a90, context=<optimized out>) at /qtsrc/qt-everywhere-src-6.2.0/qtdeclarative/src/qml/qml/qqmlcomponent.cpp:830

      The source part around this crash in ozone_platform_qt.cpp is:

      static std::string getCurrentKeyboardLayout()
{
    Display *dpy = static_cast<Display *>(GetQtXDisplay());
    if (dpy == nullptr)
        return std::string();    XkbStateRec state;
    if (XkbGetState(dpy, XkbUseCoreKbd, &state) != 0)
        return std::string();
...

      So obviously a Display pointer could be acquired and i don't see any further possibility of failure there.

      I think i also encountered the same crash with Qt 5.15 (but haven't examined the call stack there yet). But its very likely that this issue came up when we moved to Debian 11, since Qt 5.15 wasn't crashing on Debian 10 (with the same build configuration). 
      (Debian 10 has libX11 v1.6.7, Debian 11 has libX11 v1.7.2)

       

      Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

        Activity

          People

            michal Michal Klocek
            raven-worx raven-worx
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Gerrit Reviews

                There are no open Gerrit changes