118104 – Crash javascript on URL change webring script (ASSERTION - reproduceable).

Bug 118104 - Crash javascript on URL change webring script (ASSERTION - reproduceable).

Summary: Crash javascript on URL change webring script (ASSERTION - reproduceable).

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-12-11 11:44 UTC by Nick Warne
Modified:	2009-08-23 11:46 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Nick Warne 2005-12-11 11:44:58 UTC

Version:            (using KDE KDE 3.5.0)
Installed from:    Compiled From Sources
Compiler:          gcc version 3.3.4 -march=athlon-tbird -Os & -O2
OS:                Linux

This is hard to explain how to reproduce, but easy _to_ reproduce.

Go to http://paul.merton.ox.ac.uk/science/ and at the bottom are the links to the 'webring' stuff.  Select 'next' and hope that you go here: http://www.geocities.com/RainForest/Andes/1555/comedy.html (going to that page 'clean' doesn't produce the crash).

When you do the above, and the next webring page loads, there will be 2 pop-up windows saying 'This page is radioactive!'.  Click 'Cancel' -> crash.

Here is GDB output and full backtrace:


...
...
khtml (part):  was still parsing... calling end
khtml (part):  was still parsing... calling end
kio (Scheduler): Scheduler: killing slave 2587
kio (Slave): killing slave pid=2587 (http://geocities.com)
kio (KIOJob): Job::kill this=0x85e1528 KIO::TransferJob m_progressId=0 quietly=true
kio (Scheduler): Scheduler: killing slave 2598
kio (Slave): killing slave pid=2598 (http://themis.geocities.yahoo.com)
kio (KIOJob): Job::kill this=0x866a5b0 KIO::TransferJob m_progressId=0 quietly=true
khtml: closeChildDialogs: closing dialog [KDialogBase pointer (0x85ce2e8) to widget warningYesNoList, geometry=258x105+373+292]
khtml (part): saveState this=0x8353718 '' saving URL http://www.geocities.com/RainForest/Andes/1555/comedy.html
khtml (part):     saveState this=0x84e1c28 'm1134297078112' saving URL http://www.geocities.com/RainForest/Andes/1555/comedy.html?200511
khtml (part):     saveState this=0x84cc1f8 't1134297078112' saving URL http://www.geocities.com/js_source/tab04.html
khtml (part):     saveState this=0x8524b08 's1134297078112' saving URL http://www.geocities.com/js_source/adframe06.html
konqueror: KonqMainWindow::setLocationBarURL: url = http://paul.merton.ox.ac.uk/science/
konqueror: changeViewMode: serviceType is text/html serviceName is khtml current service name is khtml
khtml: closeChildDialogs: closing dialog [KDialogBase pointer (0x85ce2e8) to widget warningYesNoList, geometry=258x105+373+292]
konqueror: htmltokenizer.cpp:159: void khtml::HTMLTokenizer::reset(): Assertion `m_executingScript == 0' failed.

Program received signal SIGABRT, Aborted.
0x415bf1b1 in kill () from /lib/libc.so.6
(gdb) bt
#0  0x415bf1b1 in kill () from /lib/libc.so.6
#1  0x414529c1 in pthread_kill () from /lib/libpthread.so.0
#2  0x41452ccb in raise () from /lib/libpthread.so.0
#3  0x415bedf4 in raise () from /lib/libc.so.6
#4  0x415c05a8 in abort () from /lib/libc.so.6
#5  0x415b856c in __assert_fail () from /lib/libc.so.6
#6  0x416beee0 in _IO_2_1_stdout_ () from /lib/libc.so.6
#7  0xbfcb56b7 in ?? ()
#8  0x416b7fe6 in in6addr_loopback () from /lib/libc.so.6
#9  0x424ccd0b in typeinfo name for KStaticDeleter<QPtrList<DOM::DocumentImpl> > ()
   from /home/nick/kde3.5/lib/libkhtml.so.4
#10 0x0000009f in ?? ()
#11 0x424cf1c0 in typeinfo name for KStaticDeleter<QPtrList<DOM::DocumentImpl> > ()
   from /home/nick/kde3.5/lib/libkhtml.so.4
#12 0x416b7fe6 in in6addr_loopback () from /lib/libc.so.6
#13 0x424ccd2d in typeinfo name for KStaticDeleter<QPtrList<DOM::DocumentImpl> > ()
   from /home/nick/kde3.5/lib/libkhtml.so.4
#14 0x4000a490 in _dl_map_object_deps () from /lib/ld-linux.so.2
Previous frame inner to this frame (corrupt stack?)



Thanks,

Nick

Comment 1 Tommi Tervo 2005-12-11 11:53:01 UTC

#7  0x413b6925 in __assert_fail () from /lib/tls/libc.so.6
#8  0x41d203ad in khtml::HTMLTokenizer::reset (this=0x854c3e8)
    at htmltokenizer.cpp:159
#9  0x41d2090b in ~HTMLTokenizer (this=0x854c3e8) at htmltokenizer.cpp:1681
#10 0x41ceefed in DOM::DocumentImpl::detach (this=0x82250b0)
    at dom_docimpl.cpp:1187
#11 0x41caca1c in KHTMLPart::clear (this=0x81db578) at khtml_part.cpp:1407
#12 0x41cb3fa1 in KHTMLPart::restoreState (this=0x81db578, stream=@0xbfd25d24)
    at khtml_part.cpp:5534
#13 0x41cd1ac6 in KHTMLPartBrowserExtension::restoreState (this=0x81ec0f0, 
    stream=@0xbfd25d24) at khtml_ext.cpp:104
#14 0x419384a5 in KonqView::restoreHistory (this=0x83ce618) at konq_view.cc:848
#15 0x41938a14 in KonqView::go (this=0x83ce618, steps=-1) at konq_view.cc:818
#16 0x41938bb3 in KonqMainWindow::slotGoHistoryDelayed (this=0x81333b0)
    at konq_mainwindow.cc:3110
#17 0x4193c367 in KonqMainWindow::qt_invoke (this=0x81333b0, _id=184, 
    _o=0xbfd25f24) at konq_mainwindow.moc:702

Comment 2 Tommi Tervo 2005-12-11 12:10:04 UTC

http://bugs.kde.org/show_bug.cgi?id=116156
Backtrace looks similar but I have svn r487251 and it still crashes.

Comment 3 Nick Warne 2005-12-11 12:36:00 UTC

http://bugs.kde.org/show_bug.cgi?id=116156

I get the same crash as described the the instructions to reproduce in that crash report.

Nick

Comment 4 Nick Warne 2005-12-19 21:56:56 UTC

I rebuilt KDE 3.5 this weekend, and added the fix supplied in bug 116156.

I can still get the same crash in that reported bug and my one here.

Nick

Comment 5 FiNeX 2008-04-07 01:39:10 UTC

I've got no crash with 4.0.3

Comment 6 FiNeX 2009-08-23 11:46:07 UTC

The initial page doesn't exist. Anyway It wasn't reproducible one year ago with KDE 4.0.3.