Bug 121652 - site "www.killercoke.org" crashes konqueror
Summary: site "www.killercoke.org" crashes konqueror
Status: RESOLVED NOT A BUG
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-02-09 16:22 UTC by Christian D.
Modified: 2006-02-28 21:05 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Reproducably crashes konqueror (3.45 KB, text/html)
2006-02-10 15:55 UTC, Christian D. 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Christian D. 2006-02-09 16:23:58 UTC 
Version:           3.5.1 (using KDE 3.5.1, Kubuntu Package 4:3.5.1-0ubuntu2 dapper)
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.15-14-686

Global Plugins disabled
-
Load site killercoke.org in konqueror
Don't crash :-)
Comment 1 Tommi Tervo 2006-02-09 16:28:30 UTC 
Cannot reproduce (svn r507k). Could you paste backtrace?
Comment 2 Stephan Kulow 2006-02-09 16:34:00 UTC 
can't crash either
Comment 3 Christian D. 2006-02-09 16:42:08 UTC 
The KDE crash window does not appear (??)

here is some gdb output:

Core was generated by `konqueror --nocrashhandler killercoke.org'.
Program terminated with signal 11, Segmentation fault.
#0  0xb703ffce in ?? ()
Comment 4 Christian D. 2006-02-09 16:48:32 UTC 
Whole GDB session:

(gdb) file /usr/bin/konqueror
Reading symbols from /usr/bin/konqueror...(no debugging symbols found)...done.
(gdb) start /usr/bin/konqueror --nocrashhandler www.killercoke.org
Function "main" not defined.
Make breakpoint pending on future shared library load? (y or [n]) n

Starting program: /usr/bin/konqueror /usr/bin/konqueror --nocrashhandler www.killercoke.org
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1220166816 (LWP 16796)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
Qt: gdb: -nograb added to command-line options.
         Use the -dograb option to enforce grabbing.
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
QMultiInputContext::changeInputMethod(): index=0, slave=xim
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
QMultiInputContext::changeInputMethod(): index=0, slave=xim
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
QMultiInputContext::changeInputMethod(): index=0, slave=xim
QMultiInputContext::changeInputMethod(): index=0, slave=xim
(no debugging symbols found)
(no debugging symbols found)
ASSERT: "newView" in /build/buildd/kdebase-3.5.1/./konqueror/konq_mainwindow.cc (2685)
QMultiInputContext::changeInputMethod(): index=0, slave=xim
QMultiInputContext::changeInputMethod(): index=0, slave=xim
QMultiInputContext::changeInputMethod(): index=0, slave=xim
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
QMultiInputContext::changeInputMethod(): index=0, slave=xim

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1220166816 (LWP 16796)]
0xb7058fce in EmbedLiveConnect::toString () from /usr/lib/libkhtml.so.4
Comment 5 Christian D. 2006-02-10 15:55:24 UTC 
Created attachment 14628 [details]
Reproducably crashes konqueror

I've isolated the part of www.killerkoke.org that crashes konqueror.
Comment 6 Maksim Orlovich 2006-02-10 16:02:53 UTC 
Do you have the JavaScript debugger enabled?
Comment 7 Christian D. 2006-02-10 16:17:20 UTC 
no it was disabled. if i check "activate debugger" and "report errors" in konqueror "java&javascript" config it crashes too (SIG 11). no further errors are reported.
Comment 8 Maksim Orlovich 2006-02-10 16:27:41 UTC 
SVN commit 508029 by orlovich:

Make sure when we overflow the stack we temporarily roll back some more
when calling the debugger, as it may examine objects, making more JS calls.
Fixes crash on #121652, though I am not sure why we still keep getting 
warnings again -- might say something about our .onload impl or something
CCBUG:121652


 M  +4 -1      object.cpp  


--- branches/KDE/3.5/kdelibs/kjs/object.cpp #508028:508029
@@ -59,10 +59,13 @@
 #ifndef NDEBUG
     fprintf(stderr, "Exceeded maximum function call depth\n");
 #endif
-    --depth;
+    int saveDepth = depth - 1;
     Object err = Error::create(exec, RangeError,
                                "Exceeded maximum function call depth.");
+    depth = depth - 10; //Give some room for the debugger to operate,
+                        //so if it tries to examine things we don't get here again
     exec->setException(err);
+    depth         = saveDepth;
     return err;
   }
 #endif
Comment 9 Maksim Orlovich 2006-02-10 16:36:02 UTC 
I can't confirm it with those off (and I fixed it with them on). Could you please do the gdb thing again, only now type "bt" when it crashes?
Comment 10 Christian D. 2006-02-10 16:45:57 UTC 
i just created a virgin account and tested with it. it does crash in the default config on ubuntu dapper drake. it crashes too, when "js debug" and "report errors" is disabled. no crash when js is completely disabled

gdb bt coming soon...
Comment 11 Christian D. 2006-02-10 16:55:44 UTC 
---Type <return> to continue, or q <return> to quit---
#1404 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1405 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1406 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1407 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1408 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1409 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1410 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1411 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1412 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1413 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1414 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1415 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1416 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1417 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1418 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1419 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1420 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1421 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1422 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1423 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1424 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1425 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1426 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1427 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1428 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1429 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1430 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1431 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1432 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1433 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1434 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1435 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1436 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1437 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1438 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1439 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
---Type <return> to continue, or q <return> to quit---
#1440 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1441 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1442 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1443 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1444 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1445 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1446 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1447 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1448 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1449 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1450 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1451 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1452 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1453 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1454 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1455 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1456 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1457 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1458 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1459 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1460 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1461 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1462 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1463 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1464 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1465 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1466 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1467 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1468 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1469 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1470 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1471 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1472 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1473 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1474 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1475 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
---Type <return> to continue, or q <return> to quit---
#1476 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1477 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1478 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1479 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1480 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1481 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1482 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1483 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1484 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1485 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1486 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1487 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1488 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1489 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1490 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1491 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1492 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1493 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1494 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1495 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1496 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1497 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1498 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1499 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1500 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1501 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1502 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1503 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1504 0x36054e1b in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1505 0x360505b0 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1506 0x36055ea1 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1
#1507 0x3603ce7d in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#1508 0x36040318 in KJS::Object::call () from /usr/lib/libkjs.so.1
#1509 0x3604e614 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1510 0x36050728 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
#1511 0x360509fa in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1
---Type <return> to continue, or q <return> to quit--- 

it goes on forever printing this
Comment 12 Christian D. 2006-02-10 16:58:04 UTC 
(gdb) step
Single stepping until exit from function _ZNK3KJS11PropertyMap3getERKNS_10IdentifierE,
which has no line number information.

Program received signal SIGSEGV, Segmentation fault.
0x3601ec27 in KJS::PropertyMap::get () from /usr/lib/libkjs.so.1
Comment 13 Maksim Orlovich 2006-02-28 20:09:29 UTC 
As on another one --- crash is due to artificially low stack size limit
Comment 14 Christian D. 2006-02-28 21:05:05 UTC 
Yes, I can confirm it does not crash anymore with the defaults on ubuntu!

ulimit -S -a
core file size          (blocks, -c) 0
data seg size           (kbytes, -d) unlimited
file size               (blocks, -f) unlimited
pending signals                 (-i) unlimited
max locked memory       (kbytes, -l) unlimited
max memory size         (kbytes, -m) unlimited
open files                      (-n) 1024
pipe size            (512 bytes, -p) 8
POSIX message queues     (bytes, -q) unlimited
stack size              (kbytes, -s) 8192
cpu time               (seconds, -t) unlimited
max user processes              (-u) unlimited
virtual memory          (kbytes, -v) unlimited
file locks                      (-x) unlimited