Segmentation fault when using a blank QWidget as startup page

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Go to Preferences.
2. Set startup behaviour to "Show a blank page".
3. Restart the browser.

What is the expected output? What do you see instead?
It should just kick off, display blank QWidget in first tab and keep on
running. Currently, it crashes with segfault after running for few seconds.

What version of the product are you using? On what operating system?
Confirmed with:
- openSUSE GNU/Linux 11.1
- Qt 4.4.3 and Qt 4.5b1 as well.
- KDE 4.1 and KDE 4.2.

Please provide any additional information below.
I'm under the impression that it'd been working at some point in the
past... so it looks like it's a problem with some latest commits.

Original issue reported on code.google.com by faw...@gmail.com on 28 Jan 2009 at 10:44

[GoogleCodeExporter]

Hmmm, can't get it to crash, can you post the back trace?

Original comment by ice...@gmail.com on 29 Jan 2009 at 6:18

[GoogleCodeExporter]

Sure, here it is:

#0  QNetworkAccessCache::requestEntryNow (this=0x840f20c, key=@0x8391a60) at
../../src/corelib/thread/qbasicatomic.h:64
#1  0xb63f55e9 in QNetworkAccessHttpBackend::open (this=0x8391a48) at
access/qnetworkaccesshttpbackend.cpp:599
#2  0xb6406289 in QNetworkReplyImplPrivate::_q_startOperation (this=0x8411a10) 
at
access/qnetworkreplyimpl.cpp:67
#3  0xb640653b in QNetworkReplyImpl::qt_metacall (this=0x83afc18,
_c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x83b18c0) at
.moc/release-shared/moc_qnetworkreplyimpl_p.cpp:80
#4  0xb62b3bfb in QMetaCallEvent::placeMetaCall (this=0x8391930, 
object=0x83afc18) at
kernel/qobject.cpp:484
#5  0xb62b5690 in QObject::event (this=0x83afc18, e=0x8391930) at 
kernel/qobject.cpp:1113
#6  0xb6403a4c in QNetworkReplyImpl::event (this=0x83afc18, e=0x8391930) at
access/qnetworkreplyimpl.cpp:586
#7  0xb6842acc in QApplicationPrivate::notify_helper (this=0x8104320,
receiver=0x83afc18, e=0x8391930) at kernel/qapplication.cpp:4047
#8  0xb684ad7e in QApplication::notify (this=0xbfffefd4, receiver=0x83afc18,
e=0x8391930) at kernel/qapplication.cpp:3594
#9  0xb62a4dbb in QCoreApplication::notifyInternal (this=0xbfffefd4,
receiver=0x83afc18, event=0x8391930) at kernel/qcoreapplication.cpp:594
#10 0xb62a5955 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0,
event_type=0, data=0x8104600) at kernel/qcoreapplication.h:208
#11 0xb62a5b4d in QCoreApplication::sendPostedEvents (receiver=0x0, 
event_type=0) at
kernel/qcoreapplication.cpp:1124
#12 0xb68e268f in QEventDispatcherX11::processEvents (this=0x8107ca0, flags={i =
-1073746168}) at ../../src/corelib/kernel/qcoreapplication.h:213
#13 0xb62a33da in QEventLoop::processEvents (this=0xbfffef80, flags={i =
-1073746104}) at kernel/qeventloop.cpp:144
#14 0xb62a381a in QEventLoop::exec (this=0xbfffef80, flags={i = -1073746040}) at
kernel/qeventloop.cpp:195
#15 0xb62a5c19 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:872
#16 0xb6842947 in QApplication::exec () at kernel/qapplication.cpp:3522
#17 0x080cb154 in main ()

Original comment by faw...@gmail.com on 29 Jan 2009 at 2:30

[GoogleCodeExporter]

I can reproduce it.

Original comment by lew2...@gmail.com on 29 Jan 2009 at 2:42

[GoogleCodeExporter]

Original comment by faw...@gmail.com on 24 Apr 2009 at 5:29

• Changed state: Cannot

[GoogleCodeExporter]

I think this may be a problem with custom stylesheet and blank page as a start 
page.

Steps to reproduce:
1. compile current arora from master
2. set "On startup: Show a blank page"
3. set custom stylesheet (this causes segfault too after closing preferences 
dialog, so just run another arora)
4. open a new tab - crash

The problem is that when a new tab is opened, new WebPage tries to load the 
custom stylesheet. It creates a network request which is scheduled 
to run at some point later with QNetworkAccessManager created in 
"QNetworkAccessManager *QWebPage::networkAccessManager() const". This network 
access manager (at this point used by created WebPage) is immediately destroyed 
and replaced by new manager in "void 
QWebPage::setNetworkAccessManager(QNetworkAccessManager *manager)" called in 
"WebPage::WebPage(QObject *parent)". Later the request is run and 
tries to use already deleted data:

==30495== Invalid read of size 8
==30495==    at 0x7950F48: QHash<QByteArray, 
QNetworkAccessCache::Node>::detach_helper() (qhash.h:571)
==30495==    by 0x7950FC9: QHash<QByteArray, 
QNetworkAccessCache::Node>::detach() (qhash.h:289)
==30495==    by 0x7951626: QHash<QByteArray, 
QNetworkAccessCache::Node>::find(QByteArray const&) (qhash.h:850)
==30495==    by 0x794FF80: QNetworkAccessCache::requestEntryNow(QByteArray 
const&) (qnetworkaccesscache.cpp:301)
==30495==    by 0x7961A9D: QNetworkAccessHttpBackend::open() 
(qnetworkaccesshttpbackend.cpp:595)
==30495==    by 0x79716F5: QNetworkReplyImplPrivate::_q_startOperation() 
(qnetworkreplyimpl.cpp:85)
==30495==    by 0x79717CB: QNetworkReplyImpl::qt_metacall(QMetaObject::Call, 
int, void**) (moc_qnetworkreplyimpl_p.cpp:84)
==30495==    by 0x7E1315A: QMetaObject::metacall(QObject*, QMetaObject::Call, 
int, void**) (qmetaobject.cpp:237)
==30495==    by 0x7E20C52: QMetaCallEvent::placeMetaCall(QObject*) 
(qobject.cpp:564)
==30495==    by 0x7E22C6B: QObject::event(QEvent*) (qobject.cpp:1241)
==30495==    by 0x7971320: QNetworkReplyImpl::event(QEvent*) 
(qnetworkreplyimpl.cpp:705)
==30495==    by 0x6B802CA: QApplicationPrivate::notify_helper(QObject*, 
QEvent*) (qapplication.cpp:4152)
==30495==  Address 0xcb2f988 is 216 bytes inside a block of size 248 free'd
==30495==    at 0x4C234DD: operator delete(void*) (in 
/usr/lib64/valgrind/amd64-linux/vgpreload_memcheck.so)
==30495==    by 0x794F0F1: 
QNetworkAccessManagerPrivate::~QNetworkAccessManagerPrivate() 
(qnetworkaccessmanager_p.h:70)
==30495==    by 0x7DC99A7: 
QScopedPointerDeleter<QObjectData>::cleanup(QObjectData*) (qscopedpointer.h:62)
==30495==    by 0x7E2BBCD: QScopedPointer<QObjectData, 
QScopedPointerDeleter<QObjectData> >::~QScopedPointer() (qscopedpointer.h:100)
==30495==    by 0x7E2A0FA: QObject::~QObject() (qobject.cpp:992)
==30495==    by 0x794B910: QNetworkAccessManager::~QNetworkAccessManager() 
(qnetworkaccessmanager.cpp:360)
==30495==    by 0x588760C: 
QWebPage::setNetworkAccessManager(QNetworkAccessManager*) (in 
/home/davidb/qt/lib/libQtWebKit.so.4.6.0)
==30495==    by 0x494D34: WebPage::WebPage(QObject*) (webpage.cpp:97)
==30495==    by 0x49DF65: WebView::WebView(QWidget*) (webview.cpp:100)
==30495==    by 0x487604: TabWidget::makeNewTab(bool) (tabwidget.cpp:442)
==30495==    by 0x487BF5: TabWidget::newTab() (tabwidget.cpp:395)
==30495==    by 0x50737B: TabWidget::qt_metacall(QMetaObject::Call, int, 
void**) (moc_tabwidget.cpp:169)

Current master arora with current qt-4.6.

Original comment by liha...@gmail.com on 25 Aug 2009 at 12:54

[GoogleCodeExporter]

Original comment by faw...@gmail.com on 28 Aug 2009 at 9:53

• Changed state: New
• Added labels: Qt