| Trolltech Home | Qt4-preview-feedback Home | Recent Threads | All Threads | Author | Date | |
| All threads index page 2 | |
Pointing the QtWebKit demo browser at the attached file (if the file is on the local filesystem; getting the same file through http works) causes it to crash. Seen with Qt 4.4 snapshot 20080308 on Linux/X11.
<?xml version="1.0" encoding="UTF-8"?>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<title>test</title>
</head>
<body>
<p id="p1">test test test</p>
<script type="text/javascript">
var p=document.getElementById('p1');
var r=document.createRange();
r.setStart(p.firstChild, 5);
r.setEnd(p.firstChild, 9);
var span=document.createElement('span');
span.style.backgroundColor='red';
span.id='span1';
r.surroundContents(span);
alert(1);
var img=document.createElement('img');
//img.src='file:///somewhere/some.png';
img.id='img1';
alert(2);
span.appendChild(img);
alert(3);
</script>
</body>
</html>
Bernhard Rosenkränzer wrote: >Pointing the QtWebKit demo browser at the attached file (if the file is > on the local filesystem; getting the same file through http works) > causes it to crash. > >Seen with Qt 4.4 snapshot 20080308 on Linux/X11. I can confirm it with today's code. The valgrind trace makes no sense, though: ==3740== Invalid read of size 4 ==3740== at 0x4AF6C11: QNetworkAccessBackend::nextDownstreamBlockSize() const (qnetworkaccessbackend.cpp:163) ==3740== by 0x4AFB784: QNetworkAccessFileBackend::readMoreFromFile() (qnetworkaccessfilebackend.cpp:210) ==3740== by 0x4AFBB65: QNetworkAccessFileBackend::downstreamReadyWrite() (qnetworkaccessfilebackend.cpp:185) ==3740== by 0x4B0E8EC: QNetworkReplyImplPrivate::handleNotifications() (qnetworkreplyimpl.cpp:183) ==3740== by 0x4B0EE85: QNetworkReplyImplPrivate::_q_startOperation() (qnetworkreplyimpl.cpp:55) ==3740== by 0x4B0EF0D: QNetworkReplyImpl::qt_metacall(QMetaObject::Call, int, void**) (moc_qnetworkreplyimpl_p.cpp:79) ==3740== by 0x5A2E371: QMetaCallEvent::placeMetaCall(QObject*) (qobject.cpp:505) ==3740== by 0x5A33243: QObject::event(QEvent*) (qobject.cpp:1101) ==3740== by 0x4B0EA3D: QNetworkReplyImpl::event(QEvent*) (qnetworkreplyimpl.cpp:483) ==3740== by 0x4D59F2A: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:3738) ==3740== by 0x4D5A23F: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3330) ==3740== by 0x5A1D102: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:557) ==3740== Address 0x6600ca4 is 12 bytes inside a block of size 160 free'd ==3740== at 0x40218FE: realloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==3740== by 0x590287B: qRealloc(void*, unsigned) (qmalloc.cpp:37) ==3740== by 0x4E37ED7: QVector<QPointF>::realloc(int, int) (qvector.h:432) ==3740== by 0x4EB24AB: QVector<QPointF>::operator+=(QVector<QPointF> const&) (qvector.h:594) ==3740== by 0x4EAEA2A: QPainterPath::toFillPolygons(QTransform const&) const (qpainterpath.cpp:1596) ==3740== by 0x4EAEC5C: QPainterPath::toFillPolygons(QMatrix const&) const (qpainterpath.cpp:1614) ==3740== by 0x4F46B69: QX11PaintEnginePrivate::fillPath(QPainterPath const&, QX11PaintEnginePrivate::GCMode, bool) (qpaintengine_x11.cpp:1585) ==3740== by 0x4F472AB: QX11PaintEngine::drawPath(QPainterPath const&) (qpaintengine_x11.cpp:1634) ==3740== by 0x4F42992: QX11PaintEngine::drawEllipse(QRect const&) (qpaintengine_x11.cpp:1294) ==3740== by 0x4E9F421: QPainter::drawEllipse(QRect const&) (qpainter.cpp:3626) ==3740== by 0x8084959: ChaseWidget::paintEvent(QPaintEvent*) (chasewidget.cpp:80) ==3740== by 0x4DC622B: QWidget::event(QEvent*) (qwidget.cpp:7028) -- [ signature omitted ]
Attachment:
signature.asc
Description: This is a digitally signed message part.