Bug 46812 - [Qt] Crash if an scene with accelerated compositing layout during the paint event
Summary: [Qt] Crash if an scene with accelerated compositing layout during the paint e...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Critical
Assignee: Benjamin Poulain
URL:
Keywords: Qt, QtTriaged
Depends on:
Blocks:
 
Reported: 2010-09-29 08:18 PDT by Benjamin Poulain
Modified: 2011-04-19 05:15 PDT (History)
5 users (show)

See Also:


Attachments
Clean up QGraphicsWebViewPrivate::overlay (r=ariya) (3.19 KB, patch)
2010-09-29 09:43 PDT, Andreas Kling
no flags Details | Formatted Diff | Diff
Patch (4.15 KB, patch)
2010-09-29 11:49 PDT, Benjamin Poulain
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Benjamin Poulain 2010-09-29 08:18:40 PDT
QGraphicsWebView crashes if a layout modifying the scene graph is done during a paint event. This happens 

The problem is happening as follow:
-QGraphicsScenePrivate::drawItemHelper() render QGraphicsItemOverlay to the cache
-QGraphicsItemOverlay go through the render path of WebKit which cause a layout
-The layout remove the QGraphicsItemOverlay since accelerated compositing is not needed anymore
-QGraphicsScenePrivate::drawItemHelper() continue to render the item, which as been destroyed
-we enjoy a crash ;)

Here is the output from valgrind for such crash: 
==25380== Invalid write of size 1
==25380==    at 0x7D4DE1A: QGraphicsScenePrivate::drawItemHelper(QGraphicsItem*, QPainter*, QStyleOptionGraphicsItem const*, QWidget*, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D518AA: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52D43: QGraphicsScenePrivate::drawItems(QPainter*, QTransform const*, QRegion*, QWidget*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D6C18A: QGraphicsView::paintEvent(QPaintEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x505660F: MWindow::paintEvent(QPaintEvent*) (mwindow.cpp:1009)
==25380==    by 0x7753EC1: QWidget::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7B19895: QFrame::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D6712A: QGraphicsView::viewportEvent(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83990F6: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x76FDB3B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x770559C: QApplication::notify(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83998CB: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x775C94C: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x792A69B: QWidgetPrivate::repaint_sys(QRegion const&) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x774DD83: QWidgetPrivate::syncBackingStore() (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x775458A: QWidget::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x9DE1BC0: QGLWidget::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtOpenGL.so.4.7.0)
==25380==    by 0x76FDB6B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x770559C: QApplication::notify(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83998CB: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x839D75A: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x7D50EB2: QGraphicsScenePrivate::_q_processDirtyItems() (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D513E1: QGraphicsScene::qt_metacall(QMetaObject::Call, int, void**) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x509CFF6: MScene::qt_metacall(QMetaObject::Call, int, void**) (moc_mscene.cpp:64)
==25380==    by 0x83AAF2D: QObject::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x7D4BF3F: QGraphicsScene::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x4F7F8AC: MScene::event(QEvent*) (mscene.cpp:468)
==25380==    by 0x76FDB6B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x770559C: QApplication::notify(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83998CB: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x839D75A: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x83C5E52: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0xB93D8C1: g_main_context_dispatch (in /lib/libglib-2.0.so.0.2400.1)
==25380==    by 0xB941747: ??? (in /lib/libglib-2.0.so.0.2400.1)
==25380==    by 0xB9418FB: g_main_context_iteration (in /lib/libglib-2.0.so.0.2400.1)
==25380==    by 0x83C5992: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x77AF75D: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==  Address 0x11897fb0 is 48 bytes inside a block of size 56 free'd
==25380==    at 0x4C27DCF: operator delete(void*) (vg_replace_malloc.c:387)
==25380==    by 0x7D1179F: QGraphicsItemPrivate::removeExtraItemCache() (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D139DF: QGraphicsItem::~QGraphicsItem() (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x6550EF2: WebCore::QGraphicsItemOverlay::~QGraphicsItemOverlay() (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x65516A2: WebCore::PageClientQGraphicsWidget::createOrDeleteOverlay() (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x6551836: WebCore::PageClientQGraphicsWidget::setRootGraphicsLayer(QGraphicsItem*) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x6478ABB: WebCore::RenderLayerCompositor::detachRootPlatformLayer() (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x647A8DF: WebCore::RenderLayerCompositor::destroyRootPlatformLayer() (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x647B534: WebCore::RenderLayerCompositor::computeCompositingRequirements(WebCore::RenderLayer*, WTF::HashMap<WebCore::RenderLayer*, WebCore::IntRect, WTF::PtrHash<WebCore::RenderLayer*>, WTF::HashTraits<WebCore::RenderLayer*>, WTF::HashTraits<WebCore::IntRect> >*, WebCore::CompositingState&, bool&) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x647BBAE: WebCore::RenderLayerCompositor::updateCompositingLayers(WebCore::CompositingUpdateType, WebCore::RenderLayer*) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x637374C: WebCore::FrameView::layout(bool) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x637414C: WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x655A287: QWebFramePrivate::renderRelativeCoords(WebCore::GraphicsContext*, QWebFrame::RenderLayer, QRegion const&) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x655A9E9: QWebFrame::render(QPainter*, QWebFrame::RenderLayer, QRegion const&) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x6550FCB: WebCore::QGraphicsItemOverlay::paint(QPainter*, QStyleOptionGraphicsItem const*, QWidget*) (in /home/ikipou/dev/webkit/qtwebkit/WebKitBuild/Release/lib/libQtWebKit.so.4.9.0)
==25380==    by 0x7D33BA2: _q_paintItem(QGraphicsItem*, QPainter*, QStyleOptionGraphicsItem const*, QWidget*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D3607B: _q_paintIntoCache(QPixmap*, QGraphicsItem*, QRegion const&, QTransform const&, QFlags<QPainter::RenderHint>, QStyleOptionGraphicsItem const*, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D4DE11: QGraphicsScenePrivate::drawItemHelper(QGraphicsItem*, QPainter*, QStyleOptionGraphicsItem const*, QWidget*, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D518AA: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D5195F: QGraphicsScenePrivate::draw(QGraphicsItem*, QPainter*, QTransform const*, QTransform const*, QRegion*, QWidget*, double, QTransform const*, bool, bool) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52521: QGraphicsScenePrivate::drawSubtreeRecursive(QGraphicsItem*, QPainter*, QTransform const*, QRegion*, QWidget*, double, QTransform const*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D52D43: QGraphicsScenePrivate::drawItems(QPainter*, QTransform const*, QRegion*, QWidget*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D6C18A: QGraphicsView::paintEvent(QPaintEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x505660F: MWindow::paintEvent(QPaintEvent*) (mwindow.cpp:1009)
==25380==    by 0x7753EC1: QWidget::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7B19895: QFrame::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x7D6712A: QGraphicsView::viewportEvent(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83990F6: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x76FDB3B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x770559C: QApplication::notify(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83998CB: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
==25380==    by 0x775C94C: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x792A69B: QWidgetPrivate::repaint_sys(QRegion const&) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x774DD83: QWidgetPrivate::syncBackingStore() (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x775458A: QWidget::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x9DE1BC0: QGLWidget::event(QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtOpenGL.so.4.7.0)
==25380==    by 0x76FDB6B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x770559C: QApplication::notify(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtGui.so.4.7.0)
==25380==    by 0x83998CB: QCoreApplication::notifyInternal(QObject*, QEvent*) (in /home/ikipou/dev/qt-oslo-staging-2_release_64/lib/libQtCore.so.4.7.0)
Comment 1 Andreas Kling 2010-09-29 09:43:25 PDT
Created attachment 69204 [details]
Clean up QGraphicsWebViewPrivate::overlay (r=ariya)

Let's clean up the QGraphicsWebViewPrivate::overlay pointer before anything else.
Comment 2 Andreas Kling 2010-09-29 09:46:33 PDT
Comment on attachment 69204 [details]
Clean up QGraphicsWebViewPrivate::overlay (r=ariya)

Clearing flags on attachment: 69204

Committed r68653: <http://trac.webkit.org/changeset/68653>
Comment 3 Benjamin Poulain 2010-09-29 11:49:39 PDT
Created attachment 69237 [details]
Patch

We have two options:
-keep the overlay around but hide it
-delete the overlay with deleteLater.

I prefer deleting the overlay because:
1) hiding it will not solve the problem that the current frame is gonna be rendered incorrectly
2) QGraphicsItem::setVisible() does not define explicitely what happen to the cached data. A clever algorithm might decide to keep the cached pixmap around and keep track of the updates.
3) accelerated compositing might not be used ever after this page, not point at keeping the memory around

I leave the commit queue blank for now. I hope No'am will have time to look at this patch.
Comment 4 Alexis Menard (darktears) 2010-09-29 12:28:37 PDT
(In reply to comment #3)
> Created an attachment (id=69237) [details]
> Patch
> 
> We have two options:
> -keep the overlay around but hide it
> -delete the overlay with deleteLater.
> 
> I prefer deleting the overlay because:

Me too.

> 1) hiding it will not solve the problem that the current frame is gonna be rendered incorrectly
> 2) QGraphicsItem::setVisible() does not define explicitely what happen to the cached data. A clever algorithm might decide to keep the cached pixmap around and keep track of the updates.

Really complex to do since all call to update are discarded if the item is not visible...Too much complication for little result. setVisible(true) will trigger a full redraw...

> 3) accelerated compositing might not be used ever after this page, not point at keeping the memory around
> 

Good point.

> I leave the commit queue blank for now. I hope No'am will have time to look at this patch.
Comment 5 Andreas Kling 2010-09-29 12:33:01 PDT
Comment on attachment 69237 [details]
Patch

r=me, thanks Alexis for comments.
Comment 6 Noam Rosenthal 2010-09-29 12:51:58 PDT
LGTM
Comment 7 WebKit Commit Bot 2010-09-30 00:23:06 PDT
Comment on attachment 69237 [details]
Patch

Clearing flags on attachment: 69237

Committed r68761: <http://trac.webkit.org/changeset/68761>
Comment 8 WebKit Commit Bot 2010-09-30 00:23:12 PDT
All reviewed patches have been landed.  Closing bug.
Comment 9 Benjamin Poulain 2010-10-01 02:15:29 PDT
Move the bug as critical for 2.1 now that we know the scope.
Comment 10 Ademar Reis 2010-10-01 06:11:02 PDT
Revision r68653 cherry-picked into qtwebkit-2.1 with commit 13e454d <http://gitorious.org/webkit/qtwebkit/commit/13e454d>
Revision r68761 cherry-picked into qtwebkit-2.1 with commit 35e5a3e <http://gitorious.org/webkit/qtwebkit/commit/35e5a3e>