Crash when calling oxide::WebPopupMenu::Close() twice in a row

Bug #1450243 reported by Allan LeSage on 2015-04-29
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Canonical System Image
Olivier Tilloy
Olivier Tilloy

Bug Description

(Having established Ubuntu One creds, etc.)
1. Go to Apps scope and search for a paid app from store e.g. Riddling. Make sure app is not previously purchased against same U1 account and not already installed.
2. Tap on price tag to initiate a purchase.
3. Verify that purchase confirmation or U1 sign in dialogue appears and correct price is shown on top right
4. Tap on 'View wallet' link to opent he payments detail page, verify that only payment method shown is Paypal
5. Tap on Add debit/credit card link
6. Verify that "Add Payment" page loads.
5. Tap "CARD TYPE".
6. A selection list appears.
7. Select "Visa" or other.

Selection list disappears, correct selection appears in original entry-box.

UI freeze, requires reboot.

This is on arale build 29, happens also when selecting a country for a direct purchase, happens reliably, will attach a screenie.

In the first instance of this I witnessed a qmlscene crash which may be logged here , this hasn't happened again.

Related branches

Allan LeSage (allanlesage) wrote :
Allan LeSage (allanlesage) wrote :
Allan LeSage (allanlesage) wrote :
description: updated
John McAleely (john.mcaleely) wrote :

Also happens on ubuntu-touch/devel-proposed/krillin.en #67

Olivier Tilloy (osomon) wrote :

This is indeed a crash in oxide, which wasn’t present in 1.6.

I’m able to reproduce with this simple standalone QML scene:

import QtQuick 2.0
import Ubuntu.Web 0.2
WebView {
    url: ""

Changed in oxide:
status: New → Confirmed
importance: Undecided → Critical
Olivier Tilloy (osomon) wrote :

stack trace:

#0 0x00007fffc8232268 in base::DeleteHelper<oxide::WebPopupMenu>::DoDelete (object=0x1801900)
    at ../../../../third_party/chromium/src/base/sequenced_task_runner_helpers.h:40
#1 0x00007fffc82589a9 in Run (this=0x7fffffffd3e8) at ../../../../third_party/chromium/src/base/callback.h:396
#2 base::debug::TaskAnnotator::RunTask (this=this@entry=0x107cf00,
    queue_function=queue_function@entry=0x7fffcb080def "MessageLoop::PostTask",
    run_function=run_function@entry=0x7fffcb080e0e "MessageLoop::RunTask", pending_task=...)
    at ../../../../third_party/chromium/src/base/debug/
#3 0x00007fffc827a364 in base::MessageLoop::RunTask (this=this@entry=0x107cdb0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/
#4 0x00007fffc827a641 in base::MessageLoop::DeferOrRunPendingTask (this=this@entry=0x107cdb0, pending_task=...)
    at ../../../../third_party/chromium/src/base/message_loop/
#5 0x00007fffc827ab3b in base::MessageLoop::DoWork (this=0x107cdb0)
    at ../../../../third_party/chromium/src/base/message_loop/
#6 0x00007fffc81f2baa in oxide::qt::MessagePump::customEvent (this=0x107ae50, event=<optimized out>)
    at ../../../../qt/core/browser/
#7 0x00007ffff67956f3 in QObject::event (this=0x107ae50, e=<optimized out>) at kernel/qobject.cpp:1267
#8 0x00007ffff706db2c in QApplicationPrivate::notify_helper (this=0x416370, receiver=0x107ae50, e=0x3182270)
    at kernel/qapplication.cpp:3720
#9 0x00007ffff7073000 in QApplication::notify (this=0x7fffffffdc20, receiver=0x107ae50, e=0x3182270)
    at kernel/qapplication.cpp:3503
#10 0x00007ffff6763c2b in QCoreApplication::notifyInternal (this=0x7fffffffdc20, receiver=0x107ae50,
    event=event@entry=0x3182270) at kernel/qcoreapplication.cpp:935
#11 0x00007ffff6765c9b in sendEvent (event=0x3182270, receiver=<optimized out>)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:228
#12 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0,
    data=0x4164e0) at kernel/qcoreapplication.cpp:1552
#13 0x00007ffff6766298 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0,
    event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1410
#14 0x00007ffff67bc843 in postEventSourceDispatch (s=0x4f5450) at kernel/qeventdispatcher_glib.cpp:271
#15 0x00007ffff515ac3d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/
#16 0x00007ffff515af20 in ?? () from /lib/x86_64-linux-gnu/
#17 0x00007ffff515afcc in g_main_context_iteration () from /lib/x86_64-linux-gnu/
#18 0x00007ffff67bcc57 in QEventDispatcherGlib::processEvents (this=0x5253f0, flags=...)
    at kernel/qeventdispatcher_glib.cpp:418
#19 0x00007ffff67613e2 in QEventLoop::exec (this=this@entry=0x7fffffffda50, flags=..., flags@entry=...)
    at kernel/qeventloop.cpp:204
#20 0x00007ffff676902c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1188
#21 0x0000000000404098 in main (argc=2, argv=0x7fffffffd2c0) at main.cpp:531

Olivier Tilloy (osomon) wrote :

It appears oxide::WebPopupMenu::Close() is being called twice, thus scheduling deletion for the same object twice.

Olivier Tilloy (osomon) on 2015-04-30
Changed in oxide:
assignee: nobody → Olivier Tilloy (osomon)
status: Confirmed → In Progress
Olivier Tilloy (osomon) on 2015-04-30
summary: - Stuck on select element during app store purchase
+ Crash when calling oxide::WebPopupMenu::Close() twice in a row
Olivier Tilloy (osomon) on 2015-04-30
Changed in oxide:
status: In Progress → Fix Released
Changed in oxide:
milestone: none → branch-1.8
Changed in canonical-devices-system-image:
status: New → Fix Released
importance: Undecided → Critical
milestone: none → ww22-2015
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers