109891 – entering a large amount of '/' in the location bar kills the konqueror

Bug 109891 - entering a large amount of '/' in the location bar kills the konqueror

Summary: entering a large amount of '/' in the location bar kills the konqueror

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-07-30 15:07 UTC by Erik Wasser
Modified:	2005-09-30 13:17 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Wasser 2005-07-30 15:07:13 UTC

Version:            (using KDE KDE 3.4.1)
Installed from:    Gentoo Packages
Compiler:          gcc version 3.3.5-20050130 (Gentoo Linux 3.3.5.20050130-r1, ssp-3.3.5.20050130-1, pie-8.7.7.1) 
OS:                Linux

* fire up a konqueror on the shell

* the konqueror windows opens with the about(?) section

* click in the location bar (the cursor appears)

* enter a lot of '/' in the bar (I tried here ~120, cut and paste doesn't not show 'work' here)

* press 'home' (cursor goes to the first '/')

* press and hold 'delete' to delete the '/' -> crash (sooner or later):

% konqueror
Killed
%

Comment 1 Thiago Macieira 2005-07-30 20:23:49 UTC

I can't reproduce: trunk 437796

Comment 2 Matt Rogers 2005-09-22 06:05:10 UTC

I couldn't reproduce with KDE 3.4.2 either. If you're using excessive CFLAGS (-O3 -ffast-math -fomit-frame-pointer), change it to "-O2" and see if it keeps crashing.

Comment 3 Erik Wasser 2005-09-24 12:02:24 UTC

I've done the following things:

changed the CXXFLAGS from '-march=athlon-xp -O3 -pipe -fomit-frame-pointer' to '-march=athlon-xp -O2 -pipe'

I recompiled the following packets: kdebase, kdelibs, qt and glibc, but the bug remains.

Here's the output of gdb:
[...]
[Thread 3391491 (LWP 13702) exited]
[Thread 3407874 (LWP 13703) exited]
[New Thread 3424259 (LWP 13704)]
[New Thread 3440642 (LWP 13705)]
[Thread 3424259 (LWP 13704) exited]
[Thread 3440642 (LWP 13705) exited]
[New Thread 3457027 (LWP 13706)]
[New Thread 3473410 (LWP 13707)]
[Thread 3457027 (LWP 13706) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 32769 (LWP 13483)]
0xb765c3f7 in fREe (mem=0x87005a0) at malloc.c:3057
3057    malloc.c: No such file or directory.
        in malloc.c
Current language:  auto; currently c
(gdb) thread apply all bt

Thread 214 (Thread 3473410 (LWP 13707)):
#0  0xb66c3664 in sched_setscheduler () from /lib/libc.so.6
#1  0xb68440e5 in pthread_start_thread () from /lib/libpthread.so.0
#2  0xb6844334 in pthread_start_thread_event () from /lib/libpthread.so.0
#3  0xb66d8aaa in clone () from /lib/libc.so.6

Thread 2 (Thread 32769 (LWP 13483)):
#0  0xb765c3f7 in fREe (mem=0x87005a0) at malloc.c:3057
#1  0xb765ba7c in free (m=0xb6737a4c) at malloc.c:5535
#2  0xb7fa5f1b in _dl_deallocate_tls () from /lib/ld-linux.so.2
#3  0xb6844ae6 in pthread_free () from /lib/libpthread.so.0
#4  0xb6844c22 in pthread_exited () from /lib/libpthread.so.0
#5  0xb6844c93 in pthread_reap_children () from /lib/libpthread.so.0
#6  0xb6843e15 in __pthread_manager () from /lib/libpthread.so.0
#7  0xb6843f79 in __pthread_manager_event () from /lib/libpthread.so.0
#8  0xb66d8aaa in clone () from /lib/libc.so.6

Thread 1 (Thread 16384 (LWP 13470)):
#0  0xb684ab56 in nanosleep () from /lib/libpthread.so.0
#1  0x00000001 in ?? ()
#2  0xb6847036 in __pthread_timedsuspend_new () from /lib/libpthread.so.0
#3  0xb68431c9 in pthread_cond_timedwait_relative () from /lib/libpthread.so.0
#4  0xbfba7bf8 in ?? ()
#5  0x086e495c in ?? ()
#6  0xb6842e80 in pthread_cond_destroy@GLIBC_2.0 () from /lib/libpthread.so.0
Previous frame inner to this frame (corrupt stack?)
0xb765c3f7      3057    in malloc.c

Does this help? B-)

Comment 4 Tommi Tervo 2005-09-24 12:12:19 UTC

No, backtrace is useless. u

Comment 5 Erik Wasser 2005-09-24 13:03:35 UTC

What else can I do to locate the bug?

Comment 6 Thiago Macieira 2005-09-24 19:50:15 UTC

Try -O0 -g

Comment 7 Erik Wasser 2005-09-30 09:53:10 UTC

Well, I recompiled kdebase, kdelibs, qt and glibc with '-O0 -g' but the bug remains and it's getting worse. B-)

The crashes now occurs during the writing of the '/' not at the deletion of them.

[...]
[New Thread 1654786 (LWP 12790)]
[New Thread 1671171 (LWP 12791)]
[Thread 1654786 (LWP 12790) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 32769 (LWP 12683)]
0xb75e902e in fREe (mem=0x8677320) at malloc.c:3057
3057    malloc.c: No such file or directory.
        in malloc.c
Current language:  auto; currently c
(gdb) bt
#0  0xb75e902e in fREe (mem=0x8677320) at malloc.c:3057
#1  0xb75e8332 in free (m=0x8677320) at malloc.c:5535
#2  0xb7f5e47a in *__GI__dl_deallocate_tls (tcb=0x8677320, dealloc_tcb=true) at dl-tls.c:486
#3  0xb67c19a6 in pthread_free (th=0x86779a0) at manager.c:913
#4  0xb67c1aee in pthread_exited (pid=-1218136572) at manager.c:956
#5  0xb67c1b6c in pthread_reap_children () at manager.c:975
#6  0xb67c0e00 in __pthread_manager (arg=0xffffffff) at manager.c:162
#7  0xb67c0f53 in __pthread_manager_event (arg=0x804c160) at manager.c:249
#8  0xb6655a6a in clone () from /lib/libc.so.6

What kind of problem is *that*? B-)

Comment 8 Tommi Tervo 2005-09-30 12:43:43 UTC

Maybe you could find help from gentoo forums. Your system looks more or less br0ken, and fault is not in KDE.

Comment 9 Thiago Macieira 2005-09-30 13:17:04 UTC

I agree. The crash happened after a thread exited and your backtrace contains only glibc frames.