Bug 292235

Summary: [testcase] [reproduceable] Clicking Back button from iframe-ed flash page crashes
Product: [Frameworks and Libraries] kwebkitpart Reporter: Gérard Talbot (no longer involved) <browserbugs2>
Component: generalAssignee: webkit-devel
Status: RESOLVED DUPLICATE    
Severity: crash CC: adawit, frank78ac
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:

Description Gérard Talbot (no longer involved) 2012-01-22 22:27:44 UTC 
Version:           4.7.4 (using KDE 4.7.4) 
OS:                Linux

I am using
KDE Platform Version: 4.7.4
Konqueror version: 4.7.4 (with WebKit rendering engine)
Qt Version: 4.7.4
Operating System: Linux 3.0.0-15-generic-pae i686 (32bits)
Distribution: Kubuntu 11.10
here.

Reproducible: Always

Steps to Reproduce:
Load
http://www.gtalbot.org/BrowserBugsSection/Konqueror4Bugs/unhiding-iframe-with-flash-with-object.html
and then click the back button

Nota bene: do not open the link into another tab. Just load unhiding-iframe-with-flash-with-object.html with a left mouse button click.

Actual Results:  
Application crash

Expected Results:  
Normal navigation back to previous URL.

I will paste backtrace signature into next comment.
Comment 1 Gérard Talbot (no longer involved) 2012-01-22 22:32:25 UTC 
Backtrace signature
============


Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb4cf2710 (LWP 24372))]

Thread 9 (Thread 0xb1179b70 (LWP 24389)):
#0  0xb7792424 in __kernel_vsyscall ()
#1  0xb53e1a5c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xb75fccfc in pthread_cond_wait () from /lib/i386-linux-gnu/libc.so.6
#3  0xb23f8883 in WTF::TCMalloc_PageHeap::scavengerThread (this=0xb2b14340) at wtf/FastMalloc.cpp:2495
#4  0xb23f899f in WTF::TCMalloc_PageHeap::runScavengerThread (context=0xb2b14340) at wtf/FastMalloc.cpp:1618
#5  0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#6  0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 8 (Thread 0xb0850b70 (LWP 24390)):
#0  0xb53c5d10 in clock_gettime () from /lib/i386-linux-gnu/librt.so.1
#1  0xb66a47d5 in do_gettime (frac=0xb08500b0, sec=0xb08500a8) at tools/qelapsedtimer_unix.cpp:123
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#3  0xb67774b6 in QTimerInfoList::updateCurrentTime (this=0x94c12a4) at kernel/qeventdispatcher_unix.cpp:339
#4  0xb6777086 in timerSourceCheckHelper (src=0x94c1270) at kernel/qeventdispatcher_glib.cpp:150
#5  timerSourceCheckHelper (src=0x94c1270) at kernel/qeventdispatcher_glib.cpp:144
#6  0xb530bf24 in g_main_context_check () from /lib/i386-linux-gnu/libglib-2.0.so.0
#7  0xb530c8f0 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#8  0xb530cc2a in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#9  0xb6776b37 in QEventDispatcherGlib::processEvents (this=0x94a9920, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#10 0xb67471dd in QEventLoop::processEvents (this=0xb08502e0, flags=...) at kernel/qeventloop.cpp:149
#11 0xb6747421 in QEventLoop::exec (this=0xb08502e0, flags=...) at kernel/qeventloop.cpp:201
#12 0xb664a90b in QThread::exec (this=0x94a5418) at thread/qthread.cpp:498
#13 0xb664a9fb in QThread::run (this=0x94a5418) at thread/qthread.cpp:565
#14 0xb664d7b3 in QThreadPrivate::start (arg=0x94a5418) at thread/qthread_unix.cpp:331
#15 0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#16 0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 7 (Thread 0xaefc8b70 (LWP 24392)):
#0  0xb53c5d10 in clock_gettime () from /lib/i386-linux-gnu/librt.so.1
#1  0xb66a47d5 in do_gettime (frac=0xaefc8020, sec=0xaefc8018) at tools/qelapsedtimer_unix.cpp:123
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#3  0xb67774b6 in QTimerInfoList::updateCurrentTime (this=0x9588674) at kernel/qeventdispatcher_unix.cpp:339
#4  0xb677780a in QTimerInfoList::timerWait (this=0x9588674, tm=...) at kernel/qeventdispatcher_unix.cpp:442
#5  0xb6776053 in timerSourcePrepareHelper (src=<optimized out>, timeout=0xaefc812c) at kernel/qeventdispatcher_glib.cpp:136
#6  0xb67760ed in timerSourcePrepare (source=0x9588640, timeout=<optimized out>) at kernel/qeventdispatcher_glib.cpp:169
#7  0xb530b88c in g_main_context_prepare () from /lib/i386-linux-gnu/libglib-2.0.so.0
#8  0xb530c637 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#9  0xb530cc2a in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#10 0xb6776b37 in QEventDispatcherGlib::processEvents (this=0x93f6fb8, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#11 0xb67471dd in QEventLoop::processEvents (this=0xaefc82b0, flags=...) at kernel/qeventloop.cpp:149
#12 0xb6747421 in QEventLoop::exec (this=0xaefc82b0, flags=...) at kernel/qeventloop.cpp:201
#13 0xb664a90b in QThread::exec (this=0x9582018) at thread/qthread.cpp:498
#14 0xb6727e2d in QInotifyFileSystemWatcherEngine::run (this=0x9582018) at io/qfilesystemwatcher_inotify.cpp:248
#15 0xb664d7b3 in QThreadPrivate::start (arg=0x9582018) at thread/qthread_unix.cpp:331
#16 0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#17 0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 6 (Thread 0xab898b70 (LWP 24409)):
#0  0xb7792424 in __kernel_vsyscall ()
#1  0xb53e1a5c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xb75fccfc in pthread_cond_wait () from /lib/i386-linux-gnu/libc.so.6
#3  0xab8bc5fd in queue_processor(void*) () from /usr/lib/jvm/java-6-openjdk/jre/lib/i386/IcedTeaPlugin.so
#4  0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5  0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 5 (Thread 0xab097b70 (LWP 24410)):
#0  0xb7792424 in __kernel_vsyscall ()
#1  0xb53e1a5c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xb75fccfc in pthread_cond_wait () from /lib/i386-linux-gnu/libc.so.6
#3  0xab8bc5fd in queue_processor(void*) () from /usr/lib/jvm/java-6-openjdk/jre/lib/i386/IcedTeaPlugin.so
#4  0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5  0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 4 (Thread 0xaa896b70 (LWP 24411)):
#0  0xb7792424 in __kernel_vsyscall ()
#1  0xb53e1a5c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xb75fccfc in pthread_cond_wait () from /lib/i386-linux-gnu/libc.so.6
#3  0xab8bc5fd in queue_processor(void*) () from /usr/lib/jvm/java-6-openjdk/jre/lib/i386/IcedTeaPlugin.so
#4  0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5  0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 3 (Thread 0xaa049b70 (LWP 24426)):
#0  0xb7792424 in __kernel_vsyscall ()
#1  0xb53e1a5c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xb75fccfc in pthread_cond_wait () from /lib/i386-linux-gnu/libc.so.6
#3  0xac47b9ff in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#4  0xac5e8dd5 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#5  0xac47bcbc in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#6  0xac47c1d6 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#7  0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#8  0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 2 (Thread 0xa9848b70 (LWP 24427)):
#0  0xb7792424 in __kernel_vsyscall ()
#1  0xb53e1a5c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xb75fccfc in pthread_cond_wait () from /lib/i386-linux-gnu/libc.so.6
#3  0xac47b9ff in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#4  0xac5e8dd5 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#5  0xac47bcbc in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#6  0xac47c1d6 in ?? () from /usr/lib/flashplugin-installer/libflashplayer.so
#7  0xb53ddd31 in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#8  0xb75ef0ce in clone () from /lib/i386-linux-gnu/libc.so.6
Backtrace stopped: Not enough registers or memory available to unwind further

Thread 1 (Thread 0xb4cf2710 (LWP 24372)):
[KCrash Handler]
#7  operator-> (this=0x10) at ../../include/QtCore/../../src/corelib/tools/qscopedpointer.h:113
#8  QHostAddress::isNull (this=0x10) at kernel/qhostaddress.cpp:858
#9  0xb2b6d343 in WebSslInfo::isValid() const () from /usr/lib/libkwebkit.so.1
#10 0xb2b5cd2e in KWebKitPartPrivate::slotSaveFrameState(QWebFrame*, QWebHistoryItem*) () from /usr/lib/libkwebkit.so.1
#11 0xb2b5f081 in KWebKitPartPrivate::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkwebkit.so.1
#12 0xb674eb7d in metacall (argv=0xbfcab594, idx=12, cl=QMetaObject::InvokeMetaMethod, object=0x983ea08) at kernel/qmetaobject.cpp:237
#13 QMetaObject::metacall (object=0x983ea08, cl=QMetaObject::InvokeMetaMethod, idx=12, argv=0xbfcab594) at kernel/qmetaobject.cpp:232
#14 0xb675da6a in QMetaObject::activate (sender=0x99ab640, m=0xb2a985a8, local_signal_index=22, argv=0xbfcab594) at kernel/qobject.cpp:3278
#15 0xb1a8bc0d in QWebPage::saveFrameStateRequested (this=0x99ab640, _t1=0x997e9a0, _t2=0xbfcab5cc) at ./moc_qwebpage.cpp:512
#16 0xb1ac1659 in WebCore::FrameLoaderClientQt::saveViewStateToItem (this=0x997e8a8, item=0xb094d840) at WebCoreSupport/FrameLoaderClientQt.cpp:879
#17 0xb1e67b1f in saveScrollPositionAndViewStateToItem (item=0xb094d840, this=0xb088534c) at loader/HistoryController.cpp:91
#18 WebCore::HistoryController::saveScrollPositionAndViewStateToItem (this=0xb088534c, item=0xb094d840) at loader/HistoryController.cpp:78
#19 0xb1e5cd44 in WebCore::FrameLoader::detachFromParent (this=0xb0885244) at loader/FrameLoader.cpp:2699
#20 0xb1a941fd in QWebPage::~QWebPage (this=0x99ab640, __in_chrg=<optimized out>) at Api/qwebpage.cpp:1988
#21 0xb2b38e43 in KWebPage::~KWebPage (this=0x99ab640, __in_chrg=<optimized out>) at ../../kdewebkit/kwebpage.cpp:249
#22 0xb2b68825 in WebPage::~WebPage() () from /usr/lib/libkwebkit.so.1
#23 0xb2b6885f in WebPage::~WebPage() () from /usr/lib/libkwebkit.so.1
#24 0xb1a9b910 in QWebViewPrivate::detachCurrentPage (this=0x99a6300) at Api/qwebview.cpp:364
#25 0xb1a9b96a in ~QWebViewPrivate (this=0x99a6300, __in_chrg=<optimized out>) at Api/qwebview.cpp:60
#26 QWebViewPrivate::~QWebViewPrivate (this=0x99a6300, __in_chrg=<optimized out>) at Api/qwebview.cpp:61
#27 0xb1a9b58c in QWebView::~QWebView (this=0x9981e98, __in_chrg=<optimized out>) at Api/qwebview.cpp:327
#28 0xb2b3cfc2 in KWebView::~KWebView (this=0x9981e98, __in_chrg=<optimized out>) at ../../kdewebkit/kwebview.cpp:41
#29 0xb2b641f5 in WebView::~WebView() () from /usr/lib/libkwebkit.so.1
#30 0xb2b64237 in WebView::~WebView() () from /usr/lib/libkwebkit.so.1
#31 0xb675c841 in QObjectPrivate::deleteChildren (this=0x99ab760) at kernel/qobject.cpp:1955
#32 0xb5c4efbe in QWidget::~QWidget (this=0x9838878, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1651
#33 0xb5c4f292 in QWidget::~QWidget (this=0x9838878, __in_chrg=<optimized out>) at kernel/qwidget.cpp:1671
#34 0xb675b5f3 in qDeleteInEventHandler (o=0x9838878) at kernel/qobject.cpp:3986
#35 0xb6760b80 in QObject::event (this=0x9838878, e=0x92efbe8) at kernel/qobject.cpp:1200
#36 0xb5c53c92 in QWidget::event (this=0x9838878, event=0x92efbe8) at kernel/qwidget.cpp:8754
#37 0xb5bf9d84 in notify_helper (e=0x92efbe8, receiver=0x9838878, this=0x91b4298) at kernel/qapplication.cpp:4486
#38 QApplicationPrivate::notify_helper (this=0x91b4298, receiver=0x9838878, e=0x92efbe8) at kernel/qapplication.cpp:4458
#39 0xb5bff1d8 in QApplication::notify (this=0x91b4298, receiver=0x9838878, e=0x92efbe8) at kernel/qapplication.cpp:4451
#40 0xb6d34971 in KApplication::notify (this=0xbfcac16c, receiver=0x9838878, event=0x92efbe8) at ../../kdeui/kernel/kapplication.cpp:311
#41 0xb674819e in QCoreApplication::notifyInternal (this=0xbfcac16c, receiver=0x9838878, event=0x92efbe8) at kernel/qcoreapplication.cpp:787
#42 0xb674bf93 in sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#43 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x918b520) at kernel/qcoreapplication.cpp:1428
#44 0xb674c0ec in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1321
#45 0xb67766a4 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#46 postEventSourceDispatch (s=0x91abeb8) at kernel/qeventdispatcher_glib.cpp:277
#47 0xb530c25f in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#48 0xb530c990 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#49 0xb530cc2a in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#50 0xb6776ada in QEventDispatcherGlib::processEvents (this=0x918c278, flags=...) at kernel/qeventdispatcher_glib.cpp:422
#51 0xb5cb1e7a in QGuiEventDispatcherGlib::processEvents (this=0x918c278, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#52 0xb67471dd in QEventLoop::processEvents (this=0xbfcabff4, flags=...) at kernel/qeventloop.cpp:149
#53 0xb6747421 in QEventLoop::exec (this=0xbfcabff4, flags=...) at kernel/qeventloop.cpp:201
#54 0xb674c19d in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1064
#55 0xb5bf7924 in QApplication::exec () at kernel/qapplication.cpp:3760
#56 0xb7761bd5 in kdemain (argc=2, argv=0xbfcac4c4) at ../../../konqueror/src/konqmain.cpp:242
#57 0x0804850b in main (argc=2, argv=0xbfcac4c4) at konqueror_dummy.cpp:3
Comment 2 Gérard Talbot (no longer involved) 2012-01-22 22:48:30 UTC 
I am using Adobe Flash player plugin version: 11.1.102.55
Comment 3 Frank Reininghaus 2012-01-23 18:57:19 UTC 
Looks like it might be related to Webkit -> reassigning.
Comment 4 Gérard Talbot (no longer involved) 2012-01-23 21:15:53 UTC 
Frank, 

Thank you for fixing my bug report with correct Product and correct Component.

Yes, it may be related to Webkit. 

Chrome 16.0.912.75 also has problems with the test page. It pops up a 

"KPart selection: Select the KPart to be used for the mime type: KHTML, WebKit, Advanced Built-in text editor" 

modal dialog window. The iframe is also replaced with some sort of treeview selector to select the application for such unsupported MimeType. Really weird!

If such modal window does not get focus, and because of this, if the user does not select a rendering engine and then if the user clicks the Back button, then the application stops responding and a "Hung application" window pops up.

Gérard
Comment 5 Gérard Talbot (no longer involved) 2012-01-23 21:34:47 UTC 
When I try the steps to reproduce with

http://www.gtalbot.org/BrowserBugsSection/Konqueror4Bugs/unhiding-iframe-with-flash.html

then I get expected results with Chrome 16.0.912.75 and with Konqueror 4.7.4 (using WebKit rendering engine): no hung application.

So, this bug is really and about 

http://www.gtalbot.org/BrowserBugsSection/Konqueror4Bugs/unhiding-iframe-with-flash-with-object.html

and apparently on how it handles type="application/x-shockwave-flash"
from this chunk of code:

  <div>
    <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="450" height="200">
    <param name="movie" value="passed.swf">
      <object data="passed.swf" width="450" height="200" type="application/x-shockwave-flash"><p>Flash plugin support must be enabled.</p></object>
    </object>
  </div>

Gérard
Comment 6 Dawit Alemayehu 2012-01-24 07:20:53 UTC 

*** This bug has been marked as a duplicate of bug 260734 ***