2.0.0 Segmentation fault loading http://www.mikulski.senate.gov/contact

[DrMeers]

Binary downloaded from https://github.com/Pyppe/phantomjs2.0-ubuntu14.04x64 running on 14.10

gdb returns:

Program received signal SIGSEGV, Segmentation fault.
0x0000000001c3b548 in QFontconfigDatabase::fontEngine(QByteArray const&, double, QFont::HintingPreference) ()

[yali25]

I also could reproduce the crash.
When checking the QFontEngine *QFontconfigDatabase::fontEngine(const QByteArray &fontData, qreal pixelSize, QFont::HintingPreference hintingPreference) function in the file src/qt/qtbase/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp

I found that the function call to QBasicFontDatabase::fontEngine(fontData, pixelSize, hintingPreference) inside the static_cast at the top of the function returns 0 but in the next line QFontDef fontDef = engine->fontDef; a function is called on a NULL pointer, that seems to cause the crash.

I modified the function as follows:

    QFontEngine *e = QBasicFontDatabase::fontEngine(fontData, pixelSize, hintingPreference); // function may return NULL (0)
    if(e == 0)return 0;
    QFontEngineFT *engine = static_cast<QFontEngineFT*>(e);

The crash disappeared but I do think it is the correct way to cope with this crash because the Webkit browser example inside the QT-Creator does not crash on this website. So there must be another way to solve this. (But calling a function on a null pointer is still wrong, maybe this is a bug in QT?)

EDIT: I think these are related #13003

[DrMeers]

Reproduced from source (latest commit on branch 2.0 -- 26ed336) on 3.16.0-29-generic #39-Ubuntu SMP Mon Dec 15 22:27:29 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

~$ cat phantom_test.js
var url = 'http://www.mikulski.senate.gov/contact'

var page = require('webpage').create();

page.onResourceError = function(resourceError) {
    page.reason = resourceError.errorString;
    page.reason_url = resourceError.url;
};

page.open(
    url,
    function (status) {
        if ( status !== 'success' ) {
            console.log(
                "Error opening url \"" + page.reason_url
                + "\": " + page.reason
            );
            phantom.exit( 1 );
        } else {
            console.log( "Successful page open!" );
            phantom.exit( 0 );
        }
    }
);

(gdb) run phantom_test.js
Starting program: /home/simon/phantomjs.git/bin/phantomjs phantom_test.js
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff34da700 (LWP 6033)]
[New Thread 0x7fffb2cd7700 (LWP 6034)]
[New Thread 0x7fffb24d6700 (LWP 6035)]
[New Thread 0x7fffb1412700 (LWP 6036)]
[New Thread 0x7fffb0c11700 (LWP 6037)]
[New Thread 0x7fffa3bed700 (LWP 6038)]
[New Thread 0x7fffa2075700 (LWP 6039)]

Program received signal SIGSEGV, Segmentation fault.
0x0000000001d49d59 in QFontconfigDatabase::fontEngine(QByteArray const&, double, QFont::HintingPreference) ()
(gdb) bt
#0  0x0000000001d49d59 in QFontconfigDatabase::fontEngine(QByteArray const&, double, QFont::HintingPreference) ()
#1  0x0000000001efa97c in QRawFontPrivate::platformLoadFromData(QByteArray const&, double, QFont::HintingPreference) ()
#2  0x00000000008c14a4 in WebCore::createFontCustomPlatformData(WebCore::SharedBuffer*) ()
#3  0x000000000062fa56 in WebCore::CachedFont::ensureCustomFontData() ()
#4  0x0000000001477c1e in WebCore::CSSFontFaceSource::getFontData(WebCore::FontDescription const&, bool, bool, WebCore::CSSFontSelector*) ()
#5  0x000000000147804e in WebCore::CSSFontFace::getFontData(WebCore::FontDescription const&, bool, bool) ()
#6  0x000000000147db38 in WebCore::CSSSegmentedFontFace::getFontData(WebCore::FontDescription const&) ()
#7  0x00000000014a75c1 in WebCore::CSSFontSelector::getFontData(WebCore::FontDescription const&, WTF::AtomicString const&) ()
#8  0x000000000075ed8b in WebCore::FontCache::getFontData(WebCore::FontDescription const&, int&, WebCore::FontSelector*) ()
#9  0x0000000000744b0b in WebCore::FontGlyphs::realizeFontDataAt(WebCore::FontDescription const&, unsigned int) const ()
#10 0x0000000000744c00 in WebCore::FontGlyphs::determinePitch(WebCore::FontDescription const&) const ()
#11 0x00000000013c38cd in WebCore::RenderBlock::LineBreaker::nextSegmentBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) ()
#12 0x00000000013c68f2 in WebCore::RenderBlock::LineBreaker::nextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::LineInfo&, WebCore::RenderBlock::RenderTextInfo&, WebCore::RenderBlock::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow>&) ()
#13 0x00000000013c8ef6 in WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) ()
#14 0x00000000013cb548 in WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) ()
#15 0x00000000013cc107 in WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#16 0x00000000013de695 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#17 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#18 0x0000000001380473 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#19 0x00000000013bfa63 in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#20 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#21 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#22 0x00000000013cc0d8 in WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#23 0x00000000013de695 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#24 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#25 0x0000000001380473 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#26 0x00000000013bfa63 in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#27 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#28 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#29 0x0000000001369cbc in WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox*) ()
#30 0x00000000013bfa0b in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#31 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#32 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#33 0x0000000001380473 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#34 0x00000000013bfa63 in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#35 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#36 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#37 0x0000000001380473 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#38 0x00000000013bfa63 in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#39 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#40 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#41 0x0000000001380473 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#42 0x00000000013bfa63 in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#43 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#44 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#45 0x0000000001380473 in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::LayoutUnit&, WebCore::LayoutUnit&) ()
#46 0x00000000013bfa63 in WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::LayoutUnit&) ()
#47 0x00000000013de9f8 in WebCore::RenderBlock::layoutBlock(bool, WebCore::LayoutUnit) ()
#48 0x00000000012c1fe5 in WebCore::RenderBlock::layout() ()
#49 0x0000000001309179 in WebCore::RenderView::layoutContent(WebCore::LayoutState const&) ()
#50 0x000000000135e498 in WebCore::RenderView::layout() ()
#51 0x000000000070bcbb in WebCore::FrameView::layout(bool) ()
#52 0x00000000007fd991 in WebCore::ThreadTimers::sharedTimerFiredInternal() [clone .part.6] ()
#53 0x00000000022c7e83 in QObject::event(QEvent*) ()
#54 0x00000000019dc03c in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    ()
#55 0x00000000019e10c0 in QApplication::notify(QObject*, QEvent*) ()
#56 0x00000000022a2d4b in QCoreApplication::notifyInternal(QObject*, QEvent*)
    ()
#57 0x00000000022e7665 in QTimerInfoList::activateTimers() ()
#58 0x00000000022e5955 in QEventDispatcherUNIX::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#59 0x0000000001d4b8dd in QUnixEventDispatcherQPA::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
#60 0x00000000022a0369 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) ()
#61 0x00000000022a859b in QCoreApplication::exec() ()
#62 0x000000000042a40d in main ()

[JustinVenus]

I can confirm that the fix proposed by yali25 solves this issue for me.

          --- src/qt/qtbase/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp.orig     2015-09-17 00:31:14.393696407 +0000
          +++ src/qt/qtbase/src/platformsupport/fontdatabases/fontconfig/qfontconfigdatabase.cpp  2015-09-17 00:35:13.952947623 +0000
          @@ -659,7 +659,9 @@

           QFontEngine *QFontconfigDatabase::fontEngine(const QByteArray &fontData, qreal pixelSize, QFont::HintingPreference hintingPreference)
           {
          -    QFontEngineFT *engine = static_cast<QFontEngineFT*>(QBasicFontDatabase::fontEngine(fontData, pixelSize, hintingPreference));
          +    QFontEngine *e = QBasicFontDatabase::fontEngine(fontData, pixelSize, hintingPreference); // function may return NULL (0)
          +    if(e == 0)return 0;
          +    QFontEngineFT *engine = static_cast<QFontEngineFT*>(e);
               QFontDef fontDef = engine->fontDef;

               QFontEngineFT::GlyphFormat format;

[Vanuan]

Looks like it is fixed in Qt 5.4.1. Master currently uses Qt 5.5.1

[stale]

Due to our very limited maintenance capacity, we need to prioritize our development focus on other tasks. Therefore, this issue will be automatically closed (see #15395 for more details). In the future, if we see the need to attend to this issue again, then it will be reopened. Thank you for your contribution!