124554 – crashes viewing search results on fudforum

Bug 124554 - crashes viewing search results on fudforum

Summary: crashes viewing search results on fudforum

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml xml (show other bugs)
Version:	3.5
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	125579 (view as bug list)
Depends on:
Blocks:

Reported:	2006-03-30 12:30 UTC by morhekil
Modified:	2006-04-16 20:25 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description morhekil 2006-03-30 12:30:34 UTC

Version:           3.5.2 (using KDE 3.5.2, Gentoo)
Compiler:          gcc version 3.4.5 (Gentoo 3.4.5-r1, ssp-3.4.5-1.0, pie-8.7.9)
OS:                Linux (i686) release 2.6.15-suspend2-r8

Konqueror crashes when I'm trying to view topics from search result on any fudforum-based messages boards.
How to reproduce:
1. Go to any fudforum-based message board, for example:
http://fudforum.org/forum/
http://www.symfony-project.com/forum/index.php
2. Click on "Search", enter some search terms and click on "Search" button.
3. In the search results click on any topic to go directly to this topic's page.
Expected: topic's page with search terms highlighted.
Actual result: konqueror crashes.

You can also go directly by the following URL:
http://fudforum.org/forum/index.php?t=msg&goto=30807&&srch=test#msg_30807
and it will crash konqueror.

Comment 1 Tommi Tervo 2006-03-30 12:53:35 UTC

khtml (tokenizer): Finished loading an external script

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1235024192 (LWP 31525)]
0xb5f84541 in DOM::DocumentImpl::setCSSTarget (this=0x84b62c0, n=0x87304f0)
    at dom_docimpl.cpp:2200
2200            m_cssTarget->setChanged();
(gdb) bt
#0  0xb5f84541 in DOM::DocumentImpl::setCSSTarget (this=0x84b62c0, n=0x87304f0)
    at dom_docimpl.cpp:2200
#1  0xb5f2b0e7 in KHTMLPart::gotoAnchor (this=0x83294b0, name=@0xbfc9aa78)
    at khtml_part.cpp:2523
#2  0xb5f3056c in KHTMLPart::restoreScrollPosition (this=0x83294b0)
    at khtml_part.cpp:7111
#3  0xb5f51d83 in KHTMLPart::qt_invoke (this=0x83294b0, _id=86, _o=0xbfc9ab7c)
    at khtml_part.moc:571
#4  0xb6e36929 in QObject::activate_signal ()
   from /usr/share/qt3/lib/libqt-mt.so.3

Comment 2 Maksim Orlovich 2006-04-08 19:40:15 UTC

SVN commit 527561 by orlovich:

Do not crash if an old target got destroyed.
BUG:124554


 M  +11 -2     dom_docimpl.cpp  


--- branches/KDE/3.5/kdelibs/khtml/xml/dom_docimpl.cpp #527560:527561
@@ -388,6 +388,8 @@
     m_styleSheets->deref();
     if (m_addedStyleSheets)
         m_addedStyleSheets->deref();
+    if (m_cssTarget)
+        m_cssTarget->deref();
     if (m_focusNode)
         m_focusNode->deref();
     if ( m_hoverNode )
@@ -2196,11 +2198,18 @@
 
 void DocumentImpl::setCSSTarget(NodeImpl* n)
 {
-    if (m_cssTarget)
+    if (n == m_cssTarget)
+        return;
+
+    if (m_cssTarget) {
         m_cssTarget->setChanged();
+        m_cssTarget->deref();
+    }
     m_cssTarget = n;
-    if (n)
+    if (n) {
         n->setChanged();
+        n->ref();
+    }
 }
 
 void DocumentImpl::attachNodeIterator(NodeIteratorImpl *ni)

Comment 3 Maksim Orlovich 2006-04-16 20:25:58 UTC

*** Bug 125579 has been marked as a duplicate of this bug. ***