130971 – konqueror segfault accessing http://tvnz.co.nz

Bug 130971 - konqueror segfault accessing http://tvnz.co.nz

Summary: konqueror segfault accessing http://tvnz.co.nz

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml renderer (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-07-17 13:41 UTC by Dale Ogilvie
Modified:	2007-02-15 12:11 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
A minimal testcase for this bug (435 bytes, text/html) 2007-01-13 00:44 UTC, Modestas Vainius	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dale Ogilvie 2006-07-17 13:41:21 UTC

Version:            (using KDE KDE 3.5.3)
Installed from:    Compiled From Sources
Compiler:          gcc 4.0.3 
OS:                Linux

Browsing to http://tvnz.co.nz crashes konqueror every time. Running from the console it dies with segfault. This site is full of flash and javascript - very nasty.

Another user <qupada> on #kde duplicated the problem on his system, I didn't ask what his setup was.

My system is home-built LinuxFromScratch

dale@gordon:~$ uname -a
Linux gordon 2.6.17.4 #1 PREEMPT Fri Jul 14 20:45:38 NZST 2006 i686 athlon-4 i386 GNU/Linux

Comment 1 Maksim Orlovich 2006-07-17 19:00:15 UTC

Infinite recursion/stack overflow:

#3  0xb7282a15 in QConstString (this=0x14, unicode=0x86e0ee8, length=0) at tools/qstring.cpp:6874
#4  0xb6147732 in khtml::Font::width (this=0x86e09b8, chs=0x86e0ee8, pos=0, len=0, start=0, end=0, toAdd=0)
    at /code/KDE/kde3/kdelibs/khtml/rendering/font.cpp:290
#5  0xb611232d in khtml::RenderText::width (this=0x86d6e60, from=0, len=0, f=0x86e09b8)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_text.cpp:1263
#6  0xb60e57c7 in khtml::RenderBlock::findNextLineBreak (this=0x86d6cac, start=@0xbf029390, bidi=@0xbf029324)
    at /code/KDE/kde3/kdelibs/khtml/rendering/bidi.cpp:1909
#7  0xb60e6ac4 in khtml::RenderBlock::layoutInlineChildren (this=0x86d6cac, relayoutChildren=true, breakBeforeLine=0)
    at /code/KDE/kde3/kdelibs/khtml/rendering/bidi.cpp:1477
#8  0xb60f01dd in khtml::RenderBlock::layoutBlock (this=0x86d6cac, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:704
#9  0xb60f06ee in khtml::RenderBlock::layout (this=0x86d6cac)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:598
#10 0xb6034660 in khtml::RenderObject::layoutIfNeeded (this=0x86d6cac)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_object.h:420
#11 0xb60efa9c in khtml::RenderBlock::layoutBlockChildren (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:1418
#12 0xb60f01ee in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:706
#13 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_layer.cpp:754
#14 0xb60f0658 in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:792
#15 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_layer.cpp:754
#16 0xb60f0658 in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:792
#17 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_layer.cpp:754
#18 0xb60f0658 in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:792
#19 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)

Comment 2 Sune Vuorela 2007-01-12 15:44:41 UTC

I see this in kde3.5.5 in debian.

on the page: http://blog.zugschlus.de/archives/468-Hetzner-DS-3000.html

(reported as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392547)

/Sune

Comment 3 Modestas Vainius 2007-01-13 00:44:58 UTC

Created attachment 19262 [details]
A minimal testcase for this bug

I attach a minimal testcase to reproduce this bug. The most important parts are
combination of "overflow:auto" and "float:right" styles. The text inside <div>
does not matter as long as it is long enough (so scrollbar appears when
konqueror window made small enough)

Comment 4 Modestas Vainius 2007-01-13 13:19:33 UTC

Fixed in KDE 3.5.6 . Please close this bug

Comment 5 Tommi Tervo 2007-01-13 14:00:55 UTC

Confirmed, pre 3.5.6 won't crash

Comment 6 Dale Ogilvie 2007-02-15 10:33:49 UTC

I'm the original reporter of this bug. As of today, konqueror still crashes when browsing to http://tvnz.co.nz.

I am using KDE 3.5.6 from the ArchLinux packages. I will check on my LFS system to see if the same crash results, or whether this is Arch specific.

Comment 7 Dale Ogilvie 2007-02-15 11:05:58 UTC

Oh great. Browsing http://tvnz.co.nz works fine on my self-compiled LFS system.

Perhaps this is ArchLinux specific -- was this bug fixed late in the 3.5.6 cycle? Arch patches clobber the fix??

Comment 8 Dale Ogilvie 2007-02-15 12:11:53 UTC

Never mind. Arch have just released a new kdelibs3.5.6-4 which seems to have fixed the issue.