126887 – Konqueror Krashes after posting to myweb2.search.yahoo.com

Bug 126887 - Konqueror Krashes after posting to myweb2.search.yahoo.com

Summary: Konqueror Krashes after posting to myweb2.search.yahoo.com

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml renderer (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-05-07 10:32 UTC by Scott
Modified:	2006-05-14 13:03 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Collextion of backtraces for various Konqueror Krashes (3.62 KB, application/octet-stream) 2006-05-07 21:20 UTC, Scott	Details
Possible patch. (430 bytes, patch) 2006-05-07 23:43 UTC, Allan Sandfeld	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Scott 2006-05-07 10:32:53 UTC

Version:           3.5.2 (using KDE 3.5.2, Kubuntu Package 4:3.5.2-0ubuntu14 dapper)
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.15-21-686

Yahoo! MyWeb (myweb2.search.yahoo.com) offers a service like http://furl.net and http://del.icio.us.  You can use it to save and tag web pages (like bookmarks).

Whenever you do that on MyWeb (at the site directly, not from a bookmarklet) in Konqueror it will Krash (it works fine in Firefox).

Comment 1 Scott 2006-05-07 10:36:33 UTC

Oh and here is a backtrace.:

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1232365888 (LWP 4086)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#6  0xffffffff in ?? ()
#7  0xb5ea3dc3 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /usr/lib/libkhtml.so.4
#8  0x08d83dd8 in ?? ()
#9  0x08d83cb8 in ?? ()
#10 0x00000001 in ?? ()
#11 0xb602daec in ?? () from /usr/lib/libkhtml.so.4
#12 0x08caf360 in ?? ()
#13 0x08caf360 in ?? ()
#14 0xbfd27208 in ?? ()
#15 0xb5ea0599 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /usr/lib/libkhtml.so.4
#16 0x08caf360 in ?? ()
#17 0x08d83cb8 in ?? ()
#18 0x08caf680 in ?? ()
#19 0xb602daec in ?? () from /usr/lib/libkhtml.so.4
#20 0x08d83cb8 in ?? ()
#21 0x08d83cb8 in ?? ()
#22 0xbfd27228 in ?? ()
#23 0xb5ea0743 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /usr/lib/libkhtml.so.4
#24 0x08d83cb8 in ?? ()
#25 0x085cce38 in ?? ()
#26 0x00000000 in ?? ()

Comment 2 Tommi Tervo 2006-05-07 11:40:17 UTC

No crash for me, konqueror 3.5.3

Comment 3 Scott 2006-05-07 21:09:24 UTC

So I guess that's the end of it then?

Comment 4 Scott 2006-05-07 21:20:17 UTC

Created attachment 15968 [details]
Collextion of backtraces for various Konqueror Krashes

Konqueror is krashing all over the place at random. But that Yahoo! site is a
guaranteed crash every time.

Comment 5 Allan Sandfeld 2006-05-07 21:39:17 UTC

Looks like a miscompilation

Comment 6 Ismail Donmez 2006-05-07 21:50:01 UTC

Crashes here too (r538390), you need to be logged in. Press save. Enter all details. And press save again.

Comment 7 Tommi Tervo 2006-05-07 22:19:46 UTC

#7  0x41eea63e in khtml::RenderBlock::markAllDescendantsWithFloatsForLayout (
    this=0x8dd05b0, floatToRemove=0x8e9aab4) at render_block.cpp:2389
#8  0x41f022b0 in khtml::RenderObject::removeFromObjectLists (this=0x8e9aab4)
    at render_object.cpp:1532
#9  0x41f09862 in khtml::RenderContainer::detach (this=0x8dd05b0)
    at render_container.cpp:57
#10 0x41f0c136 in khtml::RenderBox::detach (this=0x8dd05b0)
    at render_box.cpp:188
#11 0x41e77d54 in DOM::NodeImpl::detach (this=0x871b148)
    at dom_nodeimpl.cpp:853
#12 0x41e796a0 in DOM::NodeBaseImpl::detach (this=0x871b148)
    at dom_nodeimpl.cpp:1397
#13 0x41e82d57 in DOM::ElementImpl::detach (this=0x871b148)
    at dom_elementimpl.cpp:537
#14 0x41e7968b in DOM::NodeBaseImpl::detach (this=0x87a8b68)
    at dom_nodeimpl.cpp:1395
#15 0x41e82d57 in DOM::ElementImpl::detach (this=0x87a8b68)

Comment 8 Scott 2006-05-07 22:24:37 UTC

"you need to be logged in. Press save. Enter all details. And press save again."

Of course you need to be logged in.  I was.  I don't have this problem with any browser other than Konqueror.  

I've tested it on the latest Firefox, Galeon and Epiphany and they all work fine. No crashes and you only need to press "edit" once.


Actually, I stated the problem incorrectly from the start.  This happens when you EDIT and existing bookmark on Yahoo myweb.  When finished, click "Edit" and Konqueror will crash.

I just gave it a try again and....

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1232365888 (LWP 29602)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#6  0xffff0010 in ?? ()
#7  0xb5ea3dd9 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /usr/lib/libkhtml.so.4
#8  0x08b9aa54 in ?? ()
#9  0x08be1400 in ?? ()
#10 0x00000001 in ?? ()
#11 0xb602daec in ?? () from /usr/lib/libkhtml.so.4
#12 0x08be1380 in ?? ()
#13 0x08be1380 in ?? ()
#14 0xbfd27208 in ?? ()
#15 0xb5ea0599 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /usr/lib/libkhtml.so.4
#16 0x08be1380 in ?? ()
#17 0x08be1400 in ?? ()
#18 0x08b9ab64 in ?? ()
#19 0xb602daec in ?? () from /usr/lib/libkhtml.so.4
#20 0x08be1400 in ?? ()
#21 0x08be1400 in ?? ()
#22 0xbfd27228 in ?? ()
#23 0xb5ea0743 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /usr/lib/libkhtml.so.4
#24 0x08be1400 in ?? ()
#25 0x08841240 in ?? ()
#26 0x00000000 in ?? ()

Comment 9 Ismail Donmez 2006-05-07 22:26:38 UTC

Scott your backtraces are useless because they got no debug info, comment #7 has the needed info. No need paste the same thing again. Thanks.

Comment 10 Allan Sandfeld 2006-05-07 23:43:39 UTC

Created attachment 15975 [details]
Possible patch.

Please try this. I have no yahoo account.

Comment 11 Maksim Orlovich 2006-05-08 01:29:29 UTC

Can't see how it does anything useful, as m_next is set to 0 the next code line...

Comment 12 Allan Sandfeld 2006-05-08 09:27:45 UTC

SVN commit 538479 by carewolf:

Fix various ways to crash in detach()
BUG: 126887


 M  +11 -5     render_container.cpp  
 M  +4 -0      render_object.cpp  


--- branches/KDE/3.5/kdelibs/khtml/rendering/render_container.cpp #538478:538479
@@ -52,9 +52,17 @@
     if (continuation())
         continuation()->detach();
 
+    // We simulate removeNode calls for all our children
+    // and set parent to 0 to avoid removeNode from being called.
+    // First call removeLayers and removeFromObjectLists since they assume
+    // a valid render-tree
+    for(RenderObject* n = m_first; n; n = n->nextSibling() ) {
+        n->removeLayers(enclosingLayer());
+        n->removeFromObjectLists();
+    }
+
     RenderObject* next;
     for(RenderObject* n = m_first; n; n = next ) {
-	n->removeFromObjectLists();
         n->setParent(0);
         next = n->nextSibling();
         n->detach();
@@ -159,6 +167,8 @@
 
         // Keep our layer hierarchy updated.
         oldChild->removeLayers(enclosingLayer());
+        // remove the child from any special layout lists
+        oldChild->removeFromObjectLists();
 
         // if oldChild is the start or end of the selection, then clear
         // the selection to avoid problems of invalid pointers
@@ -180,10 +190,6 @@
         }
     }
 
-    // remove the child from any special layout lists
-    if ( oldChild->isFloating() || oldChild->isPositioned() )
-        oldChild->removeFromObjectLists();
-
     // remove the child from the render-tree
     if (oldChild->previousSibling())
         oldChild->previousSibling()->setNextSibling(oldChild->nextSibling());
--- branches/KDE/3.5/kdelibs/khtml/rendering/render_object.cpp #538478:538479
@@ -1553,6 +1553,10 @@
     deleteInlineBoxes();
     remove();
 
+    // make sure our DOM-node don't think we exist
+    if ( node() && node()->renderer() == this)
+        node()->setRenderer(0);
+
     // by default no refcounting
     arenaDelete(renderArena(), this);
 }

Comment 13 Scott 2006-05-09 15:27:17 UTC

This bug is marked "resolved fixed", but I don't see any documentation to back that up.

Comment 14 Allan Sandfeld 2006-05-09 15:56:15 UTC

The documentation is the SVN commit in the previous post. It fixes 3 issues that was causing crashes.

Comment 15 Thiago Macieira 2006-05-14 13:03:09 UTC

This is the documentation: http://bugs.kde.org/show_bug.cgi?id=126887#c12