Summary: | Crash in khtml::RenderTableCell::section due to null parent | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Daniel Richard G. <skunk> |
Component: | khtml | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | cyberang3l, mrgrim, porten, rudolf, tsjoker |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Compiled Sources | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Daniel Richard G.
2009-02-02 19:19:49 UTC
*** Bug 181911 has been marked as a duplicate of this bug. *** It's more of a "should never happen" scenario than a matter of it not being anticipated, I think. FWIW, got this crash through the YouTube search box, too. *** Bug 181502 has been marked as a duplicate of this bug. *** vg report ==6815== Invalid read of size 4 ==6815== at 0xB2836DD: khtml::RenderTableCell::collapsedTopBorder() const (render_style.h:257) ==6815== by 0xB2839D6: khtml::RenderTableCell::borderTop() const (render_table.cpp:2681) ==6815== by 0xB25F25E: khtml::RenderBox::overflowClipRect(int, int) (render_box.cpp:861) ==6815== by 0xB27724E: khtml::RenderLayer::calculateRects(khtml::RenderLayer const*, QRect const&, QRect&, QRect&, QRect&) (render_layer.cpp:1306) ==6815== by 0xB2779C0: khtml::RenderLayer::repaint(Priority, bool) (render_layer.cpp:225) ==6815== by 0xB277902: khtml::RenderLayer::repaint(Priority, bool) (render_layer.cpp:223) ==6815== by 0xB25ABA9: khtml::RenderObject::setStyle(khtml::RenderStyle*) (render_object.cpp:2170) ==6815== by 0xB25BB05: khtml::RenderContainer::setStyle(khtml::RenderStyle*) (render_container.cpp:236) ==6815== by 0xB260137: khtml::RenderBox::setStyle(khtml::RenderStyle*) (render_box.cpp:153) ==6815== by 0xB2374AB: khtml::RenderBlock::setStyle(khtml::RenderStyle*) (render_block.cpp:128) ==6815== by 0xB282B22: khtml::RenderTable::setStyle(khtml::RenderStyle*) (render_table.cpp:89) ==6815== by 0xB1873BF: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:942) ==6815== by 0xB1E8B68: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:269) ==6815== by 0xB18740E: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:962) ==6815== by 0xB1E8B68: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:269) ==6815== by 0xB18740E: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:962) ==6815== by 0xB1E8B68: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:269) ==6815== by 0xB173211: DOM::DocumentImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_docimpl.cpp:1445) ==6815== by 0xB15EDE7: DOM::DocumentImpl::updateRendering() (dom_docimpl.cpp:1474) ==6815== by 0xB16BE82: DOM::DocumentImpl::updateLayout() (dom_docimpl.cpp:1503) ==6815== by 0xB35A44F: KJS::DOMNode::getValueProperty(KJS::ExecState*, int) const (kjs_dom.cpp:365) ==6815== by 0xB3698E0: KJS::JSValue* KJS::staticValueGetter<KJS::DOMNode>(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) (lookup.h:147) ==6815== by 0xB7D6543: KJS::JSObject::get(KJS::ExecState*, KJS::Identifier const&) const (property_slot.h:46) ==6815== by 0xB7EFBEF: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:715) ==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7A6504: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927) ==6815== by 0xB7D9A69: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553) ==6815== by 0xB7D9BF6: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493) ==6815== by 0xB3B3548: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158) ==6815== by 0xB1E3FB9: DOM::HTMLScriptElementImpl::evaluateScript(QString const&, DOM::DOMString const&) (html_headimpl.cpp:479) ==6815== by 0xB1E4265: DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*) (html_headimpl.cpp:463) ==6815== by 0xB317DAC: khtml::CachedScript::checkNotify() (loader.cpp:391) ==6815== by 0xB31B35B: khtml::CachedScript::data(QBuffer&, bool) (loader.cpp:383) ==6815== by 0xB31AF81: khtml::Loader::slotFinished(KJob*) (loader.cpp:1409) ==6815== by 0xB3225E6: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:131) ==6815== by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0) ==6815== by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0) ==6815== by 0x4AEDF32: KJob::result(KJob*) (kjob.moc:188) ==6815== by 0x4AEE3D8: KJob::emitResult() (kjob.cpp:294) ==6815== Address 0xda49a0c is 36 bytes inside a block of size 64 free'd ==6815== at 0x40249DA: operator delete(void*) (vg_replace_malloc.c:342) ==6815== by 0xB24F5E7: khtml::RenderObject::~RenderObject() (shared.h:41) ==6815== by 0xB25FE77: khtml::RenderBox::~RenderBox() (render_container.h:39) ==6815== by 0xB2385E9: khtml::RenderBlock::~RenderBlock() (render_flow.h:44) ==6815== by 0xB289C0C: khtml::RenderTableCell::~RenderTableCell() (render_table.h:324) ==6815== by 0xB24E3B7: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void*) (render_object.cpp:2444) ==6815== by 0xB252804: khtml::RenderObject::detach() (render_object.cpp:2435) ==6815== by 0xB25FDAA: khtml::RenderBox::detach() (render_box.cpp:224) ==6815== by 0xB269B8F: khtml::RenderFlow::detach() (render_flow.cpp:366) ==6815== by 0xB27E468: khtml::RenderTableCell::detach() (render_table.cpp:2178) ==6815== by 0xB1789CB: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:1018) ==6815== by 0xB17914B: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1738) ==6815== by 0xB1875AA: DOM::ElementImpl::detach() (dom_elementimpl.cpp:857) ==6815== by 0xB17913F: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1736) ==6815== by 0xB1875AA: DOM::ElementImpl::detach() (dom_elementimpl.cpp:857) ==6815== by 0xB17DE2A: DOM::NodeBaseImpl::removeChild(DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1521) ==6815== by 0xB218CC3: DOM::HTMLTableSectionElementImpl::deleteRow(long, int&) (html_tableimpl.cpp:752) ==6815== by 0xB21A8D6: DOM::HTMLTableElementImpl::deleteRow(long, int&) (html_tableimpl.cpp:293) ==6815== by 0xB37A287: KJS::HTMLElementFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_html.cpp:2221) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144) ==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6815== by 0xB7A6504: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927) ==6815== by 0xB7D9A69: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553) ==6815== by 0xB7D9BF6: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493) ==6815== by 0xB3B3548: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158) ==6815== by 0xB1E3FB9: DOM::HTMLScriptElementImpl::evaluateScript(QString const&, DOM::DOMString const&) (html_headimpl.cpp:479) ==6815== by 0xB1E4265: DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*) (html_headimpl.cpp:463) ==6815== by 0xB317DAC: khtml::CachedScript::checkNotify() (loader.cpp:391) ==6815== by 0xB31B35B: khtml::CachedScript::data(QBuffer&, bool) (loader.cpp:383) ==6815== by 0xB31AF81: khtml::Loader::slotFinished(KJob*) (loader.cpp:1409) ==6815== by 0xB3225E6: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:131) ==6815== by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0) ==6815== by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0) ==6815== by 0x4AEDF32: KJob::result(KJob*) (kjob.moc:188) ==6815== by 0x4AEE3D8: KJob::emitResult() (kjob.cpp:294) ==6815== by 0x42E9A44: KIO::SimpleJob::slotFinished() (job.cpp:485) ==6815== by 0x42EACB2: KIO::TransferJob::slotFinished() (job.cpp:962) ==6815== by 0x42EBDA2: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:343) ==6815== by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0) ==6815== by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0) ==6815== by 0x43B1776: KIO::SlaveInterface::finished() (slaveinterface.moc:165) ==6815== by 0x43B54B6: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:175) ==6815== by 0x43B1C56: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91) ==6815== by 0x43A204C: KIO::Slave::gotInput() (slave.cpp:322) SVN commit 948248 by vtokarev: recalculate dirty table grid if needed before using it in adjacent cell accessors(change from WC) thanks to spart for noticing it BUG: 182907 M +24 -6 render_table.cpp M +6 -6 render_table.h WebSVN link: http://websvn.kde.org/?view=rev&revision=948248 *** Bug 189493 has been marked as a duplicate of this bug. *** |