Summary: | konqueror crashes instantly when accessing http://www.bostonstandard.co.uk with javascript switched on. OK with javascript switched off | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Paul Dodgshun <Paul.Dodgshun> |
Component: | general | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | andresbajotierra, kde |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Mandriva RPMs | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Paul Dodgshun
2009-03-25 10:25:48 UTC
Here using: Qt: 4.5.0 + qt-copy-patches-936035 KDE: 4.2.67 (KDE 4.2.67 (KDE 4.3 >= 20090318)) kdelibs svn rev. 944099 / kdebase svn rev. 944099 on ArchLinux i686 - Kernel 2.6.28.7 I can reproduce the crash with the following backtrace: Application: Konqueror (konqueror), signal SIGSEGV [Current thread is 0 (LWP 3139)] Thread 3 (Thread 0xb2694b90 (LWP 3144)): #0 0xb803e424 in __kernel_vsyscall () #1 0xb728ff82 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #2 0xb72ee71c in QWaitCondition::wait (this=0x90db278, mutex=0x90db274, time=30000) at thread/qwaitcondition_unix.cpp:85 #3 0xb72e3da6 in QThreadPoolThread::run (this=0x90db3c8) at concurrent/qthreadpool.cpp:140 #4 0xb72edb60 in QThreadPrivate::start (arg=0x90db3c8) at thread/qthread_unix.cpp:189 #5 0xb728c155 in start_thread () from /lib/libpthread.so.0 #6 0xb66cca5e in clone () from /lib/libc.so.6 Thread 2 (Thread 0xb1c9eb90 (LWP 3151)): #0 0xb803e424 in __kernel_vsyscall () #1 0xb66c5ab1 in select () from /lib/libc.so.6 #2 0xb73bdb07 in QProcessManager::run (this=0x8b37280) at io/qprocess_unix.cpp:305 #3 0xb72edb60 in QThreadPrivate::start (arg=0x8b37280) at thread/qthread_unix.cpp:189 #4 0xb728c155 in start_thread () from /lib/libpthread.so.0 #5 0xb66cca5e in clone () from /lib/libc.so.6 Thread 1 (Thread 0xb5f4d700 (LWP 3139)): [KCrash Handler] #6 DOM::AttributeImpl::rewriteValue (this=0xbfe57910, newValue=@0xbfe5789c) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/misc/shared.h:39 #7 0xb3fc28f7 in DOM::HTMLTableElementImpl::parseAttribute (this=0x94c0e18, attr=0xbfe57910) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/html/html_tableimpl.cpp:469 #8 0xb3f4cc27 in DOM::NamedAttrMapImpl::removeNamedItem (this=0x94c0cd0, id=65658, prefix=@0xbfe57968, nsAware=<value optimized out>, exceptioncode=@0xbfe57ae8) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_elementimpl.h:271 #9 0xb3f4887f in DOM::ElementImpl::removeAttribute (this=0x94c0e18, name=@0xbfe57abc, exceptioncode=@0xbfe57ae8) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_elementimpl.cpp:636 #10 0xb40ecf5a in DOMElementProtoFunc::callAsFunction (this=0xb272a860, exec=0xbfe58254, thisObj=0xb272a7e0, args=@0xbfe581a4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_dom.cpp:1316 #11 0xb3d6cbed in KJS::JSObject::call (this=0x29, exec=0xbfe58254, thisObj=0xb272a7e0, args=@0xbfe581a4) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/object.cpp:69 #12 0xb3d8925b in KJS::Machine::runBlock (exec=0xbfe58254, codeBlock=@0xbfe5789c, parentExec=0x0) at codes.def:1192 #13 0xb3d3cb00 in KJS::FunctionBodyNode::execute (this=0x940ea38, exec=0xbfe58254) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/nodes.cpp:927 #14 0xb3d6f84a in KJS::Interpreter::evaluate (this=0x8eab548, sourceURL=@0xbfe58404, startingLineNumber=0, code=0x940dfe0, codeLength=1075, thisV=0xb2700000) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/interpreter.cpp:553 #15 0xb3d6f9d7 in KJS::Interpreter::evaluate (this=0x8eab548, sourceURL=@0xbfe58404, startingLineNumber=0, code=@0xbfe58408, thisV=0xb2700000) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/interpreter.cpp:493 #16 0xb413a619 in KJS::KJSProxyImpl::evaluate (this=0x8e97c40, filename= {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 13467}, alloc = 0, size = 0, data = 0xb7490b5a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 170}, alloc = 0, size = 0, data = 0xb7490b6e, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0xbfe58498, static codecForCStrings = 0x0}, baseLine=0, str=@0xbfe586c4, n=@0xbfe584fc, completion=0xbfe58470) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_proxy.cpp:158 #17 0xb3ee380e in KHTMLPart::executeScript (this=0x8f910c8, filename=@0xbfe58518, baseLine=0, n=@0xbfe584fc, script=@0xbfe586c4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1320 #18 0xb3f7bb39 in khtml::HTMLTokenizer::scriptExecution (this=0x8f22720, str=@0xbfe586c4, scriptURL=@0xbfe586c8, baseLine=0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:501 #19 0xb3f7fd83 in khtml::HTMLTokenizer::notifyFinished (this=0x8f22720) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:2123 #20 0xb40a886d in khtml::CachedScript::checkNotify (this=0x94d5678) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:391 #21 0xb40abfcc in khtml::CachedScript::data (this=0x94d5678, buffer=@0x94ce8e4, eof=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:383 #22 0xb40abbf2 in khtml::Loader::slotFinished (this=0x8e35980, job=0x9460658) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:1408 #23 0xb40b1e37 in khtml::Loader::qt_metacall (this=0x8e35980, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfe588dc) at /home/kde-devel/kde/build/KDE/kdelibs/khtml/loader.moc:131 #24 0xb73f34c1 in QMetaObject::activate (sender=0x9460658, from_signal_index=<value optimized out>, to_signal_index=7, argv=0xbfe588dc) at kernel/qobject.cpp:3066 #25 0xb73f3ad2 in QMetaObject::activate (sender=0x9460658, m=0xb7718128, local_signal_index=3, argv=0xbfe588dc) at kernel/qobject.cpp:3143 #26 0xb75c3733 in KJob::result (this=0x9460658, _t1=0x9460658) at /home/kde-devel/kde/build/KDE/kdelibs/kdecore/kjob.moc:188 #27 0xb75c3bd9 in KJob::emitResult (this=0x9460658) at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/jobs/kjob.cpp:294 #28 0xb7ce4d35 in KIO::SimpleJob::slotFinished (this=0x9460658) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/job.cpp:485 #29 0xb7ce5fa3 in KIO::TransferJob::slotFinished (this=0x9460658) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/job.cpp:962 #30 0xb7ce708b in KIO::TransferJob::qt_metacall (this=0x9460658, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfe58b18) at /home/kde-devel/kde/build/KDE/kdelibs/kio/jobclasses.moc:343 #31 0xb73f34c1 in QMetaObject::activate (sender=0x8e6e018, from_signal_index=<value optimized out>, to_signal_index=8, argv=0x0) at kernel/qobject.cpp:3066 #32 0xb73f3ad2 in QMetaObject::activate (sender=0x8e6e018, m=0xb7e9aca4, local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3143 #33 0xb7dada87 in KIO::SlaveInterface::finished (this=0x8e6e018) at /home/kde-devel/kde/build/KDE/kdelibs/kio/slaveinterface.moc:165 #34 0xb7db17c7 in KIO::SlaveInterface::dispatch (this=0x8e6e018, _cmd=104, rawdata=@0xbfe58ce4) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:175 #35 0xb7dadf67 in KIO::SlaveInterface::dispatch (this=0x8e6e018) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:91 #36 0xb7d9e3dd in KIO::Slave::gotInput (this=0x8e6e018) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/slave.cpp:322 #37 0xb7da0873 in KIO::Slave::qt_metacall (this=0x8e6e018, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfe58df8) at /home/kde-devel/kde/build/KDE/kdelibs/kio/slave.moc:76 #38 0xb73f34c1 in QMetaObject::activate (sender=0x924ccf0, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3066 #39 0xb73f3ad2 in QMetaObject::activate (sender=0x924ccf0, m=0xb7e97640, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3143 #40 0xb7cab497 in KIO::Connection::readyRead (this=0x924ccf0) at /home/kde-devel/kde/build/KDE/kdelibs/kio/connection.moc:86 #41 0xb7cacdf3 in KIO::ConnectionPrivate::dequeue (this=0x92b2150) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/connection.cpp:82 #42 0xb7cad1d6 in KIO::Connection::qt_metacall (this=0x924ccf0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x942b420) at /home/kde-devel/kde/build/KDE/kdelibs/kio/connection.moc:73 #43 0xb73ebe6b in QMetaCallEvent::placeMetaCall (this=0x939d2d8, object=0x924ccf0) at kernel/qobject.cpp:489 #44 0xb73ee0c0 in QObject::event (this=0x924ccf0, e=0x939d2d8) at kernel/qobject.cpp:1115 #45 0xb6b0a00c in QApplicationPrivate::notify_helper (this=0x8b339a0, receiver=0x924ccf0, e=0x939d2d8) at kernel/qapplication.cpp:4084 #46 0xb6b12bbf in QApplication::notify (this=0xbfe59748, receiver=0x924ccf0, e=0x939d2d8) at kernel/qapplication.cpp:3631 #47 0xb7933b0d in KApplication::notify (this=0xbfe59748, receiver=0x924ccf0, event=0x939d2d8) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:307 #48 0xb73dd11b in QCoreApplication::notifyInternal (this=0xbfe59748, receiver=0x924ccf0, event=0x939d2d8) at kernel/qcoreapplication.cpp:598 #49 0xb73e0ad3 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x8b01c60) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #50 0xb73e0cdd in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1132 #51 0xb7407d6f in postEventSourceDispatch (s=0x8b35d18) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218 #52 0xb6287311 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #53 0xb628a9a3 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #54 0xb628ab61 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #55 0xb7407a58 in QEventDispatcherGlib::processEvents (this=0x8b33980, flags={i = -1075473272}) at kernel/qeventdispatcher_glib.cpp:323 #56 0xb6ba2535 in QGuiEventDispatcherGlib::processEvents (this=0x8b33980, flags={i = -1075473224}) at kernel/qguieventdispatcher_glib.cpp:202 #57 0xb73dbb5a in QEventLoop::processEvents (this=0xbfe59520, flags={i = -1075473160}) at kernel/qeventloop.cpp:149 #58 0xb73dbd1a in QEventLoop::exec (this=0xbfe59520, flags={i = -1075473112}) at kernel/qeventloop.cpp:196 #59 0xb73e0da1 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:880 #60 0xb6b09d37 in QApplication::exec () at kernel/qapplication.cpp:3553 #61 0xb802551f in kdemain (argc=2, argv=0xbfe59ac4) at /home/kde-devel/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257 #62 0x08048732 in main (argc=) at /home/kde-devel/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3 I mean using: Qt: 4.5.0 + qt-copy-patches-936035 KDE: 4.2.67 (KDE 4.2.67 (KDE 4.3 >= 20090318)) kdelibs svn rev. 944348 / kdebase svn rev. 944348 on ArchLinux i686 - Kernel 2.6.28.7 Looks simple enough: ==6124== Invalid read of size 4 ==6124== at 0xA2BFB80: DOM::AttributeImpl::rewriteValue(DOM::DOMString const&) (shared.h:39) ==6124== by 0xA33F246: DOM::HTMLTableElementImpl::parseAttribute(DOM::AttributeImpl*) (html_tableimpl.cpp:469) ==6124== by 0xA2C8B29: DOM::ElementImpl::parseNullAttribute(unsigned int, khtml::IDString<khtml::PrefixFactory>) (dom_elementimpl.h:271) ==6124== by 0xA2C32D9: DOM::NamedAttrMapImpl::removeNamedItem(unsigned int, khtml::IDString<khtml::PrefixFactory> const&, bool, int&) (dom_elementimpl.cpp:1419) ==6124== by 0xA2C039E: DOM::ElementImpl::removeAttribute(DOM::DOMString const&, int&) (dom_elementimpl.cpp:636) ==6124== by 0xA48C45F: DOMElementProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:1316) ==6124== by 0x7F18EBC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69) ==6124== by 0x7F34EF0: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192) ==6124== by 0x7EE85D4: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927) ==6124== by 0x7F1BB79: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553) ==6124== by 0x7F1BD06: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493) ==6124== by 0xA4E2D08: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158) ==6124== Address 0x0 is not stack'd, malloc'd or (recently) free'd *** Bug 189662 has been marked as a duplicate of this bug. *** SVN commit 955821 by orlovich: Don't crash when attempting attribute value normalization during removeAttribute BUG: 188061 M +6 -0 dom_elementimpl.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=955821 SVN commit 955823 by orlovich: automatically merged revision 955821: Don't crash when attempting attribute value normalization during removeAttribute BUG: 188061 M +6 -0 dom_elementimpl.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=955823 SVN commit 955837 by orlovich: Regression test for #188061 CCBUG:188061 M +2 -0 baseline/dom/svnignore A baseline/dom/table-remove-border-normalize-crash.html-dom A tests/dom/table-remove-border-normalize-crash.html WebSVN link: http://websvn.kde.org/?view=rev&revision=955837 |