Bug 87892 - MutationEvents crash Konqueror (DOMSubtreeModified, DOMNodeInserted, etc.)

Bug 87892 - MutationEvents crash Konqueror (DOMSubtreeModified, DOMNodeInserted, etc.)


Summary:	MutationEvents crash Konqueror (DOMSubtreeModified, DOMNodeInserted, etc.)

Product:	konqueror
Component:	khtml
Status:	RESOLVED
Resolution:	FIXED
Target:	---

Version:	unspecified
Priority:	NOR
Severity:	crash

Votes:

Version Fixed In:

Description From devesh42 yahoo com 2004-08-24 03:07:44

Version:            (using KDE KDE 3.3.0)
Installed from:    Unlisted Binary Package
OS:                Linux

Reproducing the crash:

http://www10.brinkster.com/doctorunclear/HTMLJavascriptCSS/DOM2MutationEvents.html

To reproduce this crash, go to the above web page and try the "DOMCharacterDataModified," "DOMNodeInserted and DOMNodeInsertedIntoDocument," and "DOMNodeRemoved, DOMNodeRemovedFromDocument and DOMSubtreeModified" tests. The "DOMAttrModified" test fails but does not cause a crash.


Here is the backtrace:

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -150327168 (LWP 7016)]
[KCrash handler]
#4  0x033ce626 in DOM::Event::~Event () from /usr/lib/libkhtml.so.4
#5  0x0324f27c in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter
    () from /usr/lib/libkhtml.so.4
#6  0x0324e81a in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter
    () from /usr/lib/libkhtml.so.4
#7  0x0324e6d2 in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter
    () from /usr/lib/libkhtml.so.4
#8  0x03250ad8 in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter
    () from /usr/lib/libkhtml.so.4
#9  0x03250181 in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter
    () from /usr/lib/libkhtml.so.4
#10 0x033a5b74 in DOM::Node::appendChild () from /usr/lib/libkhtml.so.4
#11 0x033201e7 in DOM::EventException::~EventException ()
   from /usr/lib/libkhtml.so.4
#12 0x0331bd97 in findAttr () from /usr/lib/libkhtml.so.4
#13 0x004b3880 in KJS::Object::call () from /usr/lib/libkjs.so.1
#14 0x00480e83 in KJS::NumberImp::type () from /usr/lib/libkjs.so.1
#15 0xfef418c0 in ?? ()
#16 0xfef41c30 in ?? ()
#17 0xfef41880 in ?? ()
#18 0xfef418e0 in ?? ()
#19 0x00000000 in ?? ()

------- Comment #1 From Hans-Peter Schadler 2004-08-27 23:45:10 -------

Confirmed with HEAD (2004-08-05)

------- Comment #2 From Andrew Coles 2004-10-26 14:54:31 -------

CVS commit by coles: 



Corrected ref-counting error leading to segfault/invalid memory usage.

Events were being created and passed without ref() being called before and deref() after.

CCMAIL: 87892-done@bugs.kde.org

Refer to bug 87892 - MutationEvents crash Konqueror (DOMSubtreeModified, DOMNodeInserted, etc.)


  M +36 -25    dom_nodeimpl.cpp   1.243
  M +4 -2      dom_textimpl.cpp   1.103

Platform:	unspecified
OS:	Linux
Keywords:
URL:

People

Reporter:	devesh42 yahoo com
Assigned To:	Konqueror Developers

Related actions

View Bug Activity

Format For Printing

Clone This Bug

Search for Duplicates

Note

You need to log in before you can comment on or make changes to this bug.

Attachments
Add an attachment (proposed patch, testcase, etc.)

Depends on:
Blocks:
	Show dependency tree - Show dependency graph

Actions

Reports

My Account