Version: 3.4.0 (using KDE 3.4.0, Gentoo) Compiler: gcc version 3.3.5-20050130 (Gentoo Linux 3.3.5.20050130-r1, ssp-3.3.5.20050130-1, pie-8.7.7.1) OS: Linux (i686) release 2.6.11-gentoo-r1 I did not get a good backtrace from Dr. Konqi (It even doesn't pop up in most if not all cases), so I ran konqueror from within gdb. Konqueror crashed as soon as it started to load and render www.aspartaam.nl. Will attach a gdb log.
Created attachment 10842 [details] a gdb session log, cut at the end (it endlessly repeated the last lines)
Khtml cvs head from today: #1 0x29c20222 in khtml::CSSStyleSelector::styleForElement (this=0x82cab00, e=0x84f9740) at cssstyleselector.cpp:396 #2 0x29b34979 in DOM::ElementImpl::styleForRenderer (this=0x84f9740) at dom_elementimpl.cpp:473 #3 0x29b2dd53 in DOM::NodeImpl::createRendererIfNeeded (this=0x84f9740) at dom_nodeimpl.cpp:949 #4 0x29b34b27 in DOM::ElementImpl::attach (this=0x84f9740) at dom_elementimpl.cpp:494 #5 0x29b6b4b7 in DOM::HTMLLIElementImpl::attach (this=0x84f9740) at html_listimpl.cpp:135 #6 0x29b4f804 in khtml::KHTMLParser::insertNode (this=0x82f3940, n=0x84f9740, flat=false) at htmlparser.cpp:321 #7 0x29b514d8 in khtml::KHTMLParser::insertNode (this=0x82f3940, n=0x847e680, flat=false) at htmlparser.cpp:655 #8 0x29b51826 in khtml::KHTMLParser::insertNode (this=0x82f3940, n=0x847e680, flat=false) at htmlparser.cpp:725 #9 0x29b51826 in khtml::KHTMLParser::insertNode (this=0x82f3940, n=0x847e680, flat=false) at htmlparser.cpp:725 #10 0x29b51826 in khtml::KHTMLParser::insertNode (this=0x82f3940, n=0x847e680, flat=false) at htmlparser.cpp:725 #11 0x29b51826 in khtml::KHTMLParser::insertNode (this=0x82f3940, n=0x847e680, flat=false) at htmlparser.cpp:725
still there in 3.4.1 strangely enough does Konqueror not always crash on this site when run from within gdb.
Funky. Parser gets confused, but what's up with the non-determinism !?
OK, the bug is as follows: 1. Document tries to insert <tr> into <ul> 2. The parser goes "hmm, I am inserting something into <tr> that doesn't fit, better insert a <li>, and try again". 3. The parser tries to insert a <tr> into a <li>, fails, and goes to generic fallback: if inserting something into an inline doesn't work, get rid of the inline. This step is a bit non-deterministic, and that precludes obvious testcases from working. The issue is whether something is inline-level or not is partly determined by CSS resolution, which depends on renderer attaching, etc. That sucks! 4. With the ul removed, the parser tries to insert <tr> into <ul> again, and goes: "hmm, I am inserting something into <tr> that doesn't fit, better insert a <li>, and try again". You get the picture
Can reproduce this crash on svn trunk r795406 but NOT in 3.5.9.
Has the page changed or the bug fixed? Here using: Qt: 4.5.1 (qt-copy 960517) KDE: 4.2.71 (KDE 4.2.71 (KDE 4.3 >= 20090428)) kdelibs svn rev. 963904 / kdebase svn rev. 963904 on ArchLinux i686 - Kernel 2.6.29.1 I can't reproduce the crash when loading "www.aspartaam.nl" and even after playing with the page a bit. Thanks
I couldn't reproduce the crash in trunk either. However, the page doesn't seem to have any <tr> inside <ul>.
As the page changed and there is no extracted/archived version of it, the bug report lacks of a testcase. In this case we should close the report as INVALID Thanks
Let's use the Internet!: Still-valid testcase URL: http://web.archive.org/web/20050507125332/http://www.aspartaam.nl/
I can confirm that the page is still crashing for me here using: Qt: 4.5.2 (KDE-Qt git commit f9802f2bbbd23137acb5f80d1f131fa6b1a85752 Date: Fri Jun 12 15:06:29 2009 +0200) KDE: 4.3.62 (KDE 4.3.62 (KDE 4.4 >= 20090728)) kdelibs svn rev. 1005722 / kdebase svn rev. 1005722 on ArchLinux i686 - Kernel 2.6.30.1 However I can't get a backtrace right now
doesn't crash for me in kde 4.4
I've just tested the link from comment 10 on trunk (svn rev 1082224) and it crashed, but DrKonqi didn't show up.
Mh, true, I'm only getting a "Segmentation fault" message on shell, and no DrKonqi at all, noew using: Qt: 4.6.1 (kde-qt master commit 5ccbae0c2d9254efe67599137afec763d4fec0f6 Date: Tue Jan 19 20:42:24 2010 +0100) KDE Development Platform: 4.4.61 (KDE 4.4.61 (KDE 4.5 >= 20100127)) kdelibs svn rev. 1082077 / kdebase svn rev. 1082077 on ArchLinux i686 - Kernel 2.6.32.3
Confirming a Segmentation fault using kde 4.9 RC. This is what i get in konsole before the crash: .... .... konqueror(2658)/khtml (tokenizer) khtml::HTMLTokenizer::notifyFinished: Processing an external script konqueror(2658)/khtml (tokenizer) khtml::HTMLTokenizer::notifyFinished: Processing an external script Pattern: ^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$ was rewritten to: ^[^<]*(<[\w\W]*([\w\W])>)[^>]*$|^#([\w-]+)$ Segmentation fault
I can still reproduce the crash in KDE 4.9.0 with the test case provided in comment #10. Unfortunately, DrKonqi doesn't launch after Konqueror crashes. So this is the backtrace I could get out of gdb: Starting program: /usr/bin/konqueror [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". [New Thread 0x7fffd865a700 (LWP 6398)] [New Thread 0x7fffd7898700 (LWP 6399)] Program received signal SIGSEGV, Segmentation fault. find (key=@0x7ffffdfff8b0: 0x6264ea0, this=0x2739388) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kjs/wtf/HashMap.h:162 162 /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kjs/wtf/HashMap.h: No such file or directory. #0 find (key=@0x7ffffdfff8b0: 0x6264ea0, this=0x2739388) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/kjs/wtf/HashMap.h:162 #1 getElements (array=..., element=0x6264ea0, this=0x2739388) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/xml/dom_restyler.h:178 #2 khtml::DynamicDomRestyler::resetDependencies (this=<optimized out>, subject=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/xml/dom_restyler.cpp:49 #3 0x00007fffdea75570 in khtml::CSSStyleSelector::styleForElement (this=0xb5da20, e=0x6264ea0, fallbackParentStyle=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/css/cssstyleselector.cpp:629 #4 0x00007fffde9367b0 in DOM::NodeImpl::createRendererIfNeeded (this=0x6264ea0) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/xml/dom_nodeimpl.cpp:1012 #5 0x00007fffde940909 in DOM::ElementImpl::attach (this=0x6264ea0) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/xml/dom_elementimpl.cpp:904 #6 0x00007fffde99d170 in DOM::HTMLLIElementImpl::attach (this=0x6264ea0) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/html/html_listimpl.cpp:134 #7 0x00007fffde974207 in khtml::KHTMLParser::insertNode (this=0xba3f20, n=0x6264ea0, flat=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/html/htmlparser.cpp:428 #8 0x00007fffde974974 in khtml::KHTMLParser::insertNode (this=0xba3f20, n=0x1150960, flat=false) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/html/htmlparser.cpp:810 #9 0x00007fffde974354 in khtml::KHTMLParser::insertNode (this=0xba3f20, n=0x1150960, flat=false) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/html/htmlparser.cpp:658 #10 0x00007fffde974354 in khtml::KHTMLParser::insertNode (this=0xba3f20, n=0x1150960, flat=false) at /var/tmp/portage/kde-base/kdelibs-4.9.0/work/kdelibs-4.9.0/khtml/html/htmlparser.cpp:658 Some parts look a little similar to the backtrace posted in comment #6 of Bug 292924, so they might be loosely connected, but I doubt it's really the same crash (not completely sure, though).
Thank you for the crash reports. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!