Bug 128128 - (site specific) crash while fiddling with Javascript
Summary: (site specific) crash while fiddling with Javascript
Status: RESOLVED WORKSFORME
Alias: None
Product: konqueror
Classification: Applications
Component: khtml forms (show other bugs)
Version: 3.5
Platform: openSUSE Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-05-27 12:58 UTC by Maciej Pilichowski
Modified: 2009-08-19 08:06 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
test web page (342.94 KB, text/html)
2006-05-28 08:05 UTC, Maciej Pilichowski 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Maciej Pilichowski 2006-05-27 12:58:08 UTC 
Version:            (using KDE KDE 3.5.2)
Installed from:    SuSE RPMs

There is a page with 3 listboxes with Javascript handlers which change the content of those listboxes. Normally it works fine, but yesterday Konqueror crashed.
Since the page is password-protected giving the url doesn't make sense, I can get the source of the page and attach it to the report if it would help?

(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(no debugging symbols found)
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 1096230016 (LWP 9927)]
(no debugging symbols found)
[KCrash handler]
#6  0x091241cc in ?? ()
#7  0x40954d88 in QListBox::setCurrentItem ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#8  0x4094b95d in QListBox::setCurrentItem ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#9  0x409575b9 in QListBox::keyPressEvent ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#10 0x4113d994 in KListBox::keyPressEvent () from /opt/kde3/lib/libkdeui.so.4
#11 0x41c80156 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /opt/kde3/lib/libkhtml.so.4
#12 0x0925cd50 in ?? ()
#13 0x092cd7f8 in ?? ()
#14 0xbfe1aff8 in ?? ()
#15 0x40f48c44 in _int_free () from /lib/tls/libc.so.6
#16 0x41cca5b2 in non-virtual thunk to DOM::HTMLObjectBaseElementImpl::~HTMLObjectBaseElementImpl() () from /opt/kde3/lib/libkhtml.so.4
#17 0x0925cd50 in ?? ()
#18 0x092cd7f8 in ?? ()
#19 0xbfe1b018 in ?? ()
#20 0x40f48c44 in _int_free () from /lib/tls/libc.so.6
#21 0x41c46790 in DOM::checkChild () from /opt/kde3/lib/libkhtml.so.4
#22 0x41c32b47 in DOM::XMLAttributeReader::~XMLAttributeReader ()
   from /opt/kde3/lib/libkhtml.so.4
#23 0x41c32f52 in DOM::XMLAttributeReader::~XMLAttributeReader ()
   from /opt/kde3/lib/libkhtml.so.4
#24 0x41c35faa in DOM::XMLAttributeReader::~XMLAttributeReader ()
   from /opt/kde3/lib/libkhtml.so.4
#25 0x41baf513 in KHTMLView::dispatchKeyEventHelper ()
   from /opt/kde3/lib/libkhtml.so.4
#26 0x41bc1dc9 in KHTMLView::dispatchKeyEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#27 0x41bee506 in KHTMLView::keyPressEvent () from /opt/kde3/lib/libkhtml.so.4
#28 0x41bb621c in KHTMLView::eventFilter () from /opt/kde3/lib/libkhtml.so.4
#29 0x4087866e in QObject::activate_filters ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#30 0x408786eb in QObject::event () from /usr/lib/qt3/lib/libqt-mt.so.3
#31 0x408b2d9c in QWidget::event () from /usr/lib/qt3/lib/libqt-mt.so.3
#32 0x40817f41 in QApplication::internalNotify ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#33 0x40818d92 in QApplication::notify () from /usr/lib/qt3/lib/libqt-mt.so.3
#34 0x405500de in KApplication::notify () from /opt/kde3/lib/libkdecore.so.4
#35 0x407ab238 in QETWidget::translateKeyEvent ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#36 0x407b0de7 in QApplication::x11ProcessEvent ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#37 0x407c531a in QEventLoop::processEvents ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#38 0x4082eff2 in QEventLoop::enterLoop () from /usr/lib/qt3/lib/libqt-mt.so.3
#39 0x4082eed6 in QEventLoop::exec () from /usr/lib/qt3/lib/libqt-mt.so.3
#40 0x4081788f in QApplication::exec () from /usr/lib/qt3/lib/libqt-mt.so.3
#41 0x41705e9c in kdemain () from /opt/kde3/lib/libkdeinit_konqueror.so
#42 0x40034544 in kdeinitmain () from /opt/kde3/lib/kde3/konqueror.so
#43 0x0804e170 in ?? ()
#44 0x00000002 in ?? ()
#45 0x08074340 in ?? ()
#46 0x00000001 in ?? ()
#47 0x00000000 in ?? ()
#48 0x00000000 in ?? ()
#49 0x00000000 in ?? ()
#50 0x00000006 in ?? ()
#51 0xbfe1c104 in ?? ()
#52 0xbfe1c0f0 in ?? ()
#53 0xbfe1c0fc in ?? ()
#54 0xbfe1c0f8 in ?? ()
#55 0xbfe1c100 in ?? ()
#56 0x00000000 in ?? ()
#57 0x00000000 in ?? ()
#58 0x00000000 in ?? ()
#59 0x00000000 in ?? ()
#60 0x00000000 in ?? ()
#61 0x0807651f in ?? ()
#62 0x0807650c in ?? ()
#63 0x00000002 in ?? ()
#64 0x00000000 in ?? ()
#65 0x00000000 in ?? ()
#66 0x00000000 in ?? ()
#67 0x00000000 in ?? ()
#68 0x00000000 in ?? ()
#69 0x00000000 in ?? ()
#70 0x00000000 in ?? ()
#71 0x00000000 in ?? ()
#72 0x00000000 in ?? ()
#73 0x00000000 in ?? ()
#74 0x40f49241 in _int_malloc () from /lib/tls/libc.so.6
#75 0x0804e7ea in ?? ()
#76 0x00000000 in ?? ()
#77 0x00000001 in ?? ()
#78 0x08076530 in ?? ()
#79 0x00000000 in ?? ()
#80 0x00000000 in ?? ()
#81 0x00000000 in ?? ()
#82 0x08076534 in ?? ()
#83 0x00000000 in ?? ()
#84 0x00000000 in ?? ()
#85 0x00000001 in ?? ()
#86 0x00000002 in ?? ()
#87 0x00000008 in ?? ()
#88 0x08076508 in ?? ()
#89 0x0807650c in ?? ()
#90 0x08076516 in ?? ()
#91 0x00000000 in ?? ()
#92 0x00000001 in ?? ()
#93 0x08076523 in ?? ()
#94 0x00000000 in ?? ()
#95 0x00000000 in ?? ()
#96 0x08076534 in ?? ()
#97 0x00000000 in ?? ()
#98 0x08076523 in ?? ()
#99 0x00000000 in ?? ()
#100 0x00000000 in ?? ()
#101 0x08052660 in vtable for QCString ()
#102 0x0805b4d0 in ?? ()
#103 0x08052660 in vtable for QCString ()
#104 0x0805b4c0 in ?? ()
#105 0x00000004 in ?? ()
#106 0x00000004 in ?? ()
#107 0x0000000a in ?? ()
#108 0x00000059 in ?? ()
#109 0x00000000 in ?? ()
#110 0xbfe1c32c in ?? ()
#111 0x00000000 in ?? ()
#112 0x0000179f in ?? ()
#113 0x00000000 in ?? ()
#114 0xbfe1c438 in ?? ()
#115 0x0804edb7 in ?? ()
#116 0x0000000a in ?? ()
#117 0xbfe1c32c in ?? ()
#118 0xbfe1c2ac in ?? ()
#119 0xbfe1c22c in ?? ()
#120 0x00000000 in ?? ()
#121 0x410018a0 in mp_ () from /lib/tls/libc.so.6
#122 0x080745c0 in ?? ()
#123 0x08076308 in ?? ()
#124 0x410018a0 in mp_ () from /lib/tls/libc.so.6
#125 0x410018a0 in mp_ () from /lib/tls/libc.so.6
#126 0x0000000a in ?? ()
#127 0x00000000 in ?? ()
#128 0x00000000 in ?? ()
#129 0x00000000 in ?? ()
#130 0x00000000 in ?? ()
#131 0x00000000 in ?? ()
#132 0x00000000 in ?? ()
#133 0x00000000 in ?? ()
#134 0x00000000 in ?? ()
#135 0x00000000 in ?? ()
#136 0x00000000 in ?? ()
#137 0x00000000 in ?? ()
#138 0x00000000 in ?? ()
#139 0x00000000 in ?? ()
#140 0x00000000 in ?? ()
#141 0x00000000 in ?? ()
#142 0x00000000 in ?? ()
#143 0x00000000 in ?? ()
#144 0x00000000 in ?? ()
#145 0x00000000 in ?? ()
#146 0x00000000 in ?? ()
#147 0x00000000 in ?? ()
#148 0x00000000 in ?? ()
#149 0x00000000 in ?? ()
#150 0x00000000 in ?? ()
#151 0x00000000 in ?? ()
#152 0x00000000 in ?? ()
#153 0x00000000 in ?? ()
#154 0x00000000 in ?? ()
#155 0x00000000 in ?? ()
#156 0x00000000 in ?? ()
#157 0x00000000 in ?? ()
#158 0x00000000 in ?? ()
#159 0x00000000 in ?? ()
#160 0x00000000 in ?? ()
#161 0x00000000 in ?? ()
#162 0x00000000 in ?? ()
#163 0x00000000 in ?? ()
#164 0x00000000 in ?? ()
#165 0x00000000 in ?? ()
#166 0x00000000 in ?? ()
#167 0x00000000 in ?? ()
#168 0x00000000 in ?? ()
#169 0x00000000 in ?? ()
#170 0x00000000 in ?? ()
#171 0x00000000 in ?? ()
#172 0x00000000 in ?? ()
#173 0x00000000 in ?? ()
#174 0x00000000 in ?? ()
#175 0x00000000 in ?? ()
#176 0x00000000 in ?? ()
#177 0x00000000 in ?? ()
#178 0x00000000 in ?? ()
#179 0x00000000 in ?? ()
#180 0x00000000 in ?? ()
#181 0x00000000 in ?? ()
#182 0x00000000 in ?? ()
#183 0x00000000 in ?? ()
#184 0x00000000 in ?? ()
#185 0x00000000 in ?? ()
#186 0x00000000 in ?? ()
#187 0x00000000 in ?? ()
#188 0x00000000 in ?? ()
#189 0x00000000 in ?? ()
#190 0x00000000 in ?? ()
#191 0x00000100 in ?? ()
#192 0x00000000 in ?? ()
#193 0x00000000 in ?? ()
#194 0x00000000 in ?? ()
#195 0x00000000 in ?? ()
#196 0x00000000 in ?? ()
#197 0x00000000 in ?? ()
#198 0x00000000 in ?? ()
#199 0x00000000 in ?? ()
#200 0x00000000 in ?? ()
#201 0x00000000 in ?? ()
#202 0x00000000 in ?? ()
#203 0x00000000 in ?? ()
#204 0x00000000 in ?? ()
#205 0x00000000 in ?? ()
#206 0x00000000 in ?? ()
#207 0x00000000 in ?? ()
#208 0x00000000 in ?? ()
#209 0x00000000 in ?? ()
#210 0x00000000 in ?? ()
#211 0x00000000 in ?? ()
#212 0x00000000 in ?? ()
#213 0x00000000 in ?? ()
#214 0x00000000 in ?? ()
#215 0x00000000 in ?? ()
#216 0x00000000 in ?? ()
#217 0x00000000 in ?? ()
#218 0x00000000 in ?? ()
#219 0x00000000 in ?? ()
#220 0x00000000 in ?? ()
#221 0x00000000 in ?? ()
#222 0x00000000 in ?? ()
#223 0x000026ae in ?? ()
#224 0x00000000 in ?? ()
#225 0x00000001 in ?? ()
#226 0x0805fcf8 in ?? ()
#227 0x00a00001 in ?? ()
#228 0x000001f8 in ?? ()
#229 0x00000020 in ?? ()
#230 0x00000000 in ?? ()
#231 0x00000000 in ?? ()
#232 0x00000000 in ?? ()
#233 0x00000000 in ?? ()
#234 0x00000000 in ?? ()
#235 0x00001000 in ?? ()
#236 0x00000008 in ?? ()
#237 0x00000000 in ?? ()
#238 0x44366795 in ?? ()
#239 0x00000000 in ?? ()
#240 0x44366795 in ?? ()
#241 0x00000000 in ?? ()
#242 0x4440bfc6 in ?? ()
#243 0x00000000 in ?? ()
#244 0x000175ab in ?? ()
#245 0x00000000 in ?? ()
#246 0x6c2e7469 in ?? ()
#247 0x40df159c in ?? () from /usr/X11R6/lib/libX11.so.6
#248 0x40fffff4 in ?? () from /lib/tls/libc.so.6
#249 0x410018a0 in mp_ () from /lib/tls/libc.so.6
#250 0x0805b4c0 in ?? ()
#251 0x00000003 in ?? ()
#252 0x00000008 in ?? ()
#253 0x00000002 in ?? ()
#254 0x00e1c5d8 in ?? ()
#255 0x00000001 in ?? ()
#256 0x0805b4c0 in ?? ()
#257 0x00000000 in ?? ()
#258 0xbfe1c5d8 in ?? ()
#259 0x0804fdcc in ?? ()
#260 0x00000004 in ?? ()
#261 0xbfe1c5cb in ?? ()
#262 0x00000001 in ?? ()
#263 0x00000000 in ?? ()
#264 0x00000000 in ?? ()
#265 0x00000000 in ?? ()
#266 0x08050992 in vtable for QPtrList<char> ()
#267 0x00000000 in ?? ()
#268 0x00000000 in ?? ()
#269 0x00000020 in ?? ()
#270 0x40f49241 in _int_malloc () from /lib/tls/libc.so.6
Comment 1 Stefan Borggraefe 2006-05-27 23:22:34 UTC 
The backtrace in bug 101196 looks similar. So maybe this is a duplicate.

Can you attach a page which crashes reproducible and give steps how to reproduce the crash?
Comment 2 Maciej Pilichowski 2006-05-28 08:03:35 UTC 
It appears it is easier to reproduce than I thought. Open the attached page. There 3 listboxes. Click on the first of them and from now use only keyboard. Press and hold arrow-down for a while, than arrow-up. Don't "click" up-up-up-up, just hold it. Do it several times (down and up). Stop at the item when the list in the 2nd listbox is quite long. Press tab. Repeat everything but in the 2nd listbox.
Press tab. Start repeating it in the 3rd listbox (move to the end, bottom of the listbox). Konqueror should crash.
Comment 3 Maciej Pilichowski 2006-05-28 08:05:11 UTC 
Created attachment 16303 [details]
test web page
Comment 4 Stefan Borggraefe 2006-05-31 12:18:04 UTC 
Confirming with Konqueror 3.5.3 (Debian Sid packages).

Simplified steps to reproduce:
1. load attached page
2. select first element in the leftmost listbox
3. press and hold cursor-down so auto-repeat kicks in
4. pres Tab
5. press and hold cursor-down so auto-repeat kicks in
6. pres Tab
7. press and hold cursor-down -> crash
Comment 5 Nic Gould 2008-04-20 20:39:14 UTC 
Tested in 4.0.3 - was unable to reproduce bug. One change is that in 4.0.3 pressing tab when in list 1 just moves the selection to the next value in the list, it doesn't go to the next list as in 3.5.x - not sure if this is desirable or not.
Also tested in 3.5.7 and was again unable to reproduce the crash. Although tab behaviour did allow me to follow the exact steps here.
Comment 6 James Spahlinger 2008-04-21 09:58:39 UTC 
Can't reproduce here either in 4.0.3 or 3.5.9. Closing.
Comment 7 Maciej Pilichowski 2008-04-21 12:47:00 UTC 
In KDE 3.5.9 Konqueror does not crash so easily as before but it took me less than one minute to crash it. 
What I did -- I was scrolling up and down every listbox (using arrow keys) and pressing tab. So be patient :) Konqueror will crash.

Nic, tab should of jump to next listbox not to next item (it is a bug on its own).

Reopening, since it seems in KDE4 the bug is simply hidden (tab key issue) and in 3.5.9 bug is still there.
Comment 8 Maciej Pilichowski 2008-04-21 12:48:51 UTC 
Crash log, no XML references this time:

System configuration startup check disabled.

 [?1034hUsing host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb69b29a0 (LWP 6100)]
[KCrash handler]
#6  0x09e19f21 in ?? ()
#7  0xb7622bfd in QListBox::setCurrentItem ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#8  0xb7617f6d in QListBox::setCurrentItem ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#9  0xb762217c in QListBox::keyPressEvent ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#10 0xb6d9c884 in KListBox::keyPressEvent () from /opt/kde3/lib/libkdeui.so.4
#11 0xb5fa5f29 in khtml::RenderWidget::EventPropagator::sendEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#12 0xb5fee3c4 in khtml::RenderWidget::handleEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#13 0xb5f6b3f2 in DOM::HTMLGenericFormElementImpl::defaultEventHandler ()
   from /opt/kde3/lib/libkhtml.so.4
#14 0xb5f44157 in DOM::NodeImpl::dispatchGenericEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#15 0xb5f4432f in DOM::NodeImpl::dispatchEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#16 0xb5f49e2f in DOM::NodeImpl::dispatchKeyEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#17 0xb5ed31e1 in KHTMLView::dispatchKeyEventHelper ()
   from /opt/kde3/lib/libkhtml.so.4
#18 0xb5f00736 in KHTMLView::dispatchKeyEvent ()
   from /opt/kde3/lib/libkhtml.so.4
#19 0xb5f263c2 in KHTMLView::keyPressEvent () from /opt/kde3/lib/libkhtml.so.4
#20 0xb5eebf5c in KHTMLView::eventFilter () from /opt/kde3/lib/libkhtml.so.4
#21 0xb754a16c in QObject::activate_filters ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#22 0xb754a1db in QObject::event () from /usr/lib/qt3/lib/libqt-mt.so.3
#23 0xb758366c in QWidget::event () from /usr/lib/qt3/lib/libqt-mt.so.3
#24 0xb74ec14c in QApplication::internalNotify ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#25 0xb74ed1b0 in QApplication::notify () from /usr/lib/qt3/lib/libqt-mt.so.3
#26 0xb7b63392 in KApplication::notify () from /opt/kde3/lib/libkdecore.so.4
#27 0xb7489194 in QETWidget::translateKeyEvent ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#28 0xb748a37c in QApplication::x11ProcessEvent ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#29 0xb749b240 in QEventLoop::processEvents ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#30 0xb7502cd0 in QEventLoop::enterLoop () from /usr/lib/qt3/lib/libqt-mt.so.3
#31 0xb7502b66 in QEventLoop::exec () from /usr/lib/qt3/lib/libqt-mt.so.3
#32 0xb74ebcbf in QApplication::exec () from /usr/lib/qt3/lib/libqt-mt.so.3
#33 0xb68f82ba in kdemain () from /opt/kde3/lib/libkdeinit_konqueror.so
#34 0xb72a3464 in kdeinitmain () from /opt/kde3/lib/kde3/konqueror.so
#35 0x0804ecf0 in launch ()
#36 0x0804f411 in handle_launcher_request ()
#37 0x0804fa31 in handle_requests ()
#38 0x080503b4 in main ()
Comment 9 James Spahlinger 2008-04-22 00:49:41 UTC 
Still cannot reproduce this. Could you tell me your setup? Do you have any plugins or similar installed. I sat scrolling the listboxes for a good 3 minutes and no crash :( I'm doing exactly as you specified. Select the leftmost, move up and down tab over, select the next one, move up and down repeatedly, tab to the final one, repeat up and down actions. Then I'd go back and select the first one and repeat the actions trying to get a crash. No luck.

I'm using vanilla 3.5.9 on gentoo linux compiled with GCC 4.3.0. No plugins, nothing. Details on what you are doing and your setup would be very appreciated :D. Thanks.
Comment 10 Maciej Pilichowski 2008-04-22 13:00:48 UTC 
Just to ensure myself I did this again, and crash again -- this time I spent a lot of time scrolling first listbox, then it took only skip to the second,  to the third, and when scrolling the third, when the forth (*) was about to appear --> crash.

Plugins: crashes monitor, kget, user agent, web archiver, adblock, konq feed icon.

(*) maybe it is the key to crash?
Comment 11 theron 2008-05-17 03:51:12 UTC 
Cannot reproduce using KDe4.0.3 wth Konq 4.0.3.
Comment 12 FiNeX 2009-08-19 01:37:58 UTC 
@Maciej; it looks like is not reproducible on KDE 4. Do you confirm it?
Comment 13 Maciej Pilichowski 2009-08-19 08:06:15 UTC 
Seems OK :-)