I was able to reproduce the issue on N10, but what crashes is the QtWebProcess executable, not webapp-container. So the crash file attached to this bug report is useless. I’ve retraced the crash I’m seeing here, and here’s the backtrace I’m getting:
#0 HB_ThaiAssignAttributes (string=<optimized out>, len=3, attributes=0x12cfac1)
at ../3rdparty/harfbuzz/src/harfbuzz-thai.c:420
#1 0xb571a2c6 in HB_GetTailoredCharAttributes (string=0xa7a53534, stringLength=<optimized out>,
items=<optimized out>, numItems=2, attributes=0x12cfac0) at ../3rdparty/harfbuzz/src/harfbuzz-shaper.cpp:496
#2 0xb56e4b30 in QUnicodeTools::initCharAttributes (string=0xa7a53534, length=5, items=0xbed62280, numItems=3,
attributes=0x12cfac0, options=...) at tools/qunicodetools.cpp:634
#3 0xb51c3702 in QTextEngine::attributes (this=0x12cf9c0) at text/qtextengine.cpp:1231
#4 0xb51c784c in QTextEngine::attributes (this=<optimized out>) at text/qtextengine.cpp:1236
#5 0xb51d04be in QTextLine::layout_helper (this=this@entry=0xbed62c48, maxGlyphs=maxGlyphs@entry=2147483647)
at text/qtextlayout.cpp:1773
#6 0xb51d1592 in QTextLine::setLineWidth (this=this@entry=0xbed62c48, width=<optimized out>, width@entry=8388607)
at text/qtextlayout.cpp:1572
#7 0xb620ebe4 in WebCore::setupLayout (layout=layout@entry=0xbed62c3c, style=...)
at platform/graphics/qt/FontQt.cpp:68
#8 0xb620f864 in WebCore::Font::floatWidthForComplexText (this=this@entry=0xa7a5e970, run=...)
at platform/graphics/qt/FontQt.cpp:210
#9 0xb61fcc56 in WebCore::Font::width (this=<optimized out>, run=..., fallbackFonts=fallbackFonts@entry=0x0,
glyphOverflow=<optimized out>, glyphOverflow@entry=0x0) at platform/graphics/Font.cpp:209
#10 0xb68cc88e in WebCore::RenderMenuList::updateOptionsWidth (this=0xa7d04154) at rendering/RenderMenuList.cpp:183
#11 0xb68f085c in WebCore::RenderMenuList::updateFromElement (this=0xa7d04154) at rendering/RenderMenuList.cpp:198
#12 0xb68185b0 in WebCore::HTMLFormControlElement::attach (this=0x11e2278) at html/HTMLFormControlElement.cpp:217
#13 0xb695bed4 in attachChildren (this=<optimized out>) at dom/ContainerNode.h:209
#14 attach (this=<optimized out>) at dom/ContainerNode.cpp:774
#15 WebCore::Element::attach (this=0x11e1a30) at dom/Element.cpp:1172
#16 0xb695bed4 in attachChildren (this=<optimized out>) at dom/ContainerNode.h:209
#17 attach (this=<optimized out>) at dom/ContainerNode.cpp:774
#18 WebCore::Element::attach (this=0x11e16c0) at dom/Element.cpp:1172
#19 0xb6964454 in reattach (this=0x11e16c0) at dom/Node.h:878
#20 WebCore::Element::recalcStyle (this=this@entry=0x11e16c0, change=change@entry=WebCore::Node::NoChange)
at dom/Element.cpp:1281
#21 0xb696427c in WebCore::Element::recalcStyle (this=this@entry=0x11e14a0,
change=change@entry=WebCore::Node::NoChange) at dom/Element.cpp:1344
#22 0xb696427c in WebCore::Element::recalcStyle (this=this@entry=0x11e1428,
change=change@entry=WebCore::Node::NoChange) at dom/Element.cpp:1344
#23 0xb696427c in WebCore::Element::recalcStyle (this=this@entry=0x11d8340,
change=change@entry=WebCore::Node::NoChange) at dom/Element.cpp:1344
#24 0xb696427c in WebCore::Element::recalcStyle (this=this@entry=0x11d8118,
change=change@entry=WebCore::Node::NoChange) at dom/Element.cpp:1344
#25 0xb696427c in WebCore::Element::recalcStyle (this=0x11d78d8, change=WebCore::Node::NoChange)
at dom/Element.cpp:1344
#26 0xb696705e in WebCore::Document::recalcStyle (this=0xa97ba000, change=<optimized out>) at dom/Document.cpp:1847
#27 0xb69671f2 in WebCore::Document::updateStyleIfNeeded (this=0xa97ba000) at dom/Document.cpp:1891
#28 0xb6967480 in WebCore::Document::updateLayout (this=this@entry=0xa97ba000) at dom/Document.cpp:1914
#29 0xb696889e in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0xa97ba000) at dom/Document.cpp:1952
#30 0xb6968f6a in WebCore::Element::clientWidth (this=0x1207fc0) at dom/Element.cpp:481
#31 0xb640cb46 in WebCore::jsElementClientWidth (exec=<optimized out>, slotBase=...) at generated/JSElement.cpp:367
#32 0xb6a71268 in JSC::PropertySlot::getValue (this=0xbed63050, exec=0xaab00218, propertyName=...)
at runtime/PropertySlot.h:76
#33 0xb6a719ee in JSC::JSValue::get (this=<optimized out>, exec=0xaab00218, propertyName=..., slot=...)
at runtime/JSObject.h:1461
#34 0xb6afa09c in get (propertyName=..., exec=0xbed630b0, this=0xbed63048) at runtime/JSObject.h:1452
#35 JSC::LLInt::getByVal (exec=exec@entry=0xaab00218, baseValue=..., subscript=...) at llint/LLIntSlowPaths.cpp:1079
#36 0xb6af5f40 in JSC::LLInt::llint_slow_path_get_by_val (exec=0xaab00218, pc=0xa7d8a654)
at llint/LLIntSlowPaths.cpp:1085
#37 0xb6afc6a6 in llint_op_get_by_val () from /usr/lib/arm-linux-gnueabihf/libQt5WebKit.so.5
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
I was able to reproduce the issue on N10, but what crashes is the QtWebProcess executable, not webapp-container. So the crash file attached to this bug report is useless. I’ve retraced the crash I’m seeing here, and here’s the backtrace I’m getting:
#0 HB_ThaiAssignAt tributes (string=<optimized out>, len=3, attributes= 0x12cfac1) harfbuzz/ src/harfbuzz- thai.c: 420 harAttributes (string=0xa7a53534, stringLength= <optimized out>, <optimized out>, numItems=2, attributes= 0x12cfac0) at ../3rdparty/ harfbuzz/ src/harfbuzz- shaper. cpp:496 :initCharAttrib utes (string=0xa7a53534, length=5, items=0xbed62280, numItems=3, 0x12cfac0, options=...) at tools/qunicodet ools.cpp: 634 :attributes (this=0x12cf9c0) at text/qtextengin e.cpp:1231 :attributes (this=<optimized out>) at text/qtextengin e.cpp:1236 :layout_ helper (this=this@ entry=0xbed62c4 8, maxGlyphs= maxGlyphs@ entry=214748364 7) t.cpp:1773 :setLineWidth (this=this@ entry=0xbed62c4 8, width=<optimized out>, width@entry= 8388607) t.cpp:1572 :setupLayout (layout= layout@ entry=0xbed62c3 c, style=...) graphics/ qt/FontQt. cpp:68 :Font:: floatWidthForCo mplexText (this=this@ entry=0xa7a5e97 0, run=...) graphics/ qt/FontQt. cpp:210 :Font:: width (this=<optimized out>, run=..., fallbackFonts= fallbackFonts@ entry=0x0, ow=<optimized out>, glyphOverflow@ entry=0x0) at platform/ graphics/ Font.cpp: 209 :RenderMenuList ::updateOptions Width (this=0xa7d04154) at rendering/ RenderMenuList. cpp:183 :RenderMenuList ::updateFromEle ment (this=0xa7d04154) at rendering/ RenderMenuList. cpp:198 :HTMLFormContro lElement: :attach (this=0x11e2278) at html/HTMLFormCo ntrolElement. cpp:217 de.h:209 de.cpp: 774 :Element: :attach (this=0x11e1a30) at dom/Element. cpp:1172 de.h:209 de.cpp: 774 :Element: :attach (this=0x11e16c0) at dom/Element. cpp:1172 :Element: :recalcStyle (this=this@ entry=0x11e16c0 , change= change@ entry=WebCore: :Node:: NoChange) cpp:1281 :Element: :recalcStyle (this=this@ entry=0x11e14a0 , change@ entry=WebCore: :Node:: NoChange) at dom/Element. cpp:1344 :Element: :recalcStyle (this=this@ entry=0x11e1428 , change@ entry=WebCore: :Node:: NoChange) at dom/Element. cpp:1344 :Element: :recalcStyle (this=this@ entry=0x11d8340 , change@ entry=WebCore: :Node:: NoChange) at dom/Element. cpp:1344 :Element: :recalcStyle (this=this@ entry=0x11d8118 , change@ entry=WebCore: :Node:: NoChange) at dom/Element. cpp:1344 :Element: :recalcStyle (this=0x11d78d8, change= WebCore: :Node:: NoChange) cpp:1344 :Document: :recalcStyle (this=0xa97ba000, change=<optimized out>) at dom/Document. cpp:1847 :Document: :updateStyleIfN eeded (this=0xa97ba000) at dom/Document. cpp:1891 :Document: :updateLayout (this=this@ entry=0xa97ba00 0) at dom/Document. cpp:1914 :Document: :updateLayoutIg norePendingStyl esheets (this=0xa97ba000) at dom/Document. cpp:1952 :Element: :clientWidth (this=0x1207fc0) at dom/Element.cpp:481 :jsElementClien tWidth (exec=<optimized out>, slotBase=...) at generated/ JSElement. cpp:367 ot::getValue (this=0xbed63050, exec=0xaab00218, propertyName=...) PropertySlot. h:76 JSObject. h:1461 JSObject. h:1452 :getByVal (exec=exec@ entry=0xaab0021 8, baseValue=..., subscript=...) at llint/LLIntSlow Paths.cpp: 1079 :llint_ slow_path_ get_by_ val (exec=0xaab00218, pc=0xa7d8a654) Paths.cpp: 1085 arm-linux- gnueabihf/ libQt5WebKit. so.5
at ../3rdparty/
#1 0xb571a2c6 in HB_GetTailoredC
items=
#2 0xb56e4b30 in QUnicodeTools:
attributes=
#3 0xb51c3702 in QTextEngine:
#4 0xb51c784c in QTextEngine:
#5 0xb51d04be in QTextLine:
at text/qtextlayou
#6 0xb51d1592 in QTextLine:
at text/qtextlayou
#7 0xb620ebe4 in WebCore:
at platform/
#8 0xb620f864 in WebCore:
at platform/
#9 0xb61fcc56 in WebCore:
glyphOverfl
#10 0xb68cc88e in WebCore:
#11 0xb68f085c in WebCore:
#12 0xb68185b0 in WebCore:
#13 0xb695bed4 in attachChildren (this=<optimized out>) at dom/ContainerNo
#14 attach (this=<optimized out>) at dom/ContainerNo
#15 WebCore:
#16 0xb695bed4 in attachChildren (this=<optimized out>) at dom/ContainerNo
#17 attach (this=<optimized out>) at dom/ContainerNo
#18 WebCore:
#19 0xb6964454 in reattach (this=0x11e16c0) at dom/Node.h:878
#20 WebCore:
at dom/Element.
#21 0xb696427c in WebCore:
change=
#22 0xb696427c in WebCore:
change=
#23 0xb696427c in WebCore:
change=
#24 0xb696427c in WebCore:
change=
#25 0xb696427c in WebCore:
at dom/Element.
#26 0xb696705e in WebCore:
#27 0xb69671f2 in WebCore:
#28 0xb6967480 in WebCore:
#29 0xb696889e in WebCore:
#30 0xb6968f6a in WebCore:
#31 0xb640cb46 in WebCore:
#32 0xb6a71268 in JSC::PropertySl
at runtime/
#33 0xb6a719ee in JSC::JSValue::get (this=<optimized out>, exec=0xaab00218, propertyName=..., slot=...)
at runtime/
#34 0xb6afa09c in get (propertyName=..., exec=0xbed630b0, this=0xbed63048) at runtime/
#35 JSC::LLInt:
#36 0xb6af5f40 in JSC::LLInt:
at llint/LLIntSlow
#37 0xb6afc6a6 in llint_op_get_by_val () from /usr/lib/
Backtrace stopped: previous frame identical to this frame (corrupt stack?)