137678 – konqueror crash when download starts, page is reloaded and then question or file dialogue is closed

Bug 137678 - konqueror crash when download starts, page is reloaded and then question or file dialogue is closed

Summary: konqueror crash when download starts, page is reloaded and then question or f...

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	openSUSE Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	146688 (view as bug list)
Depends on:
Blocks:

Reported:	2006-11-21 18:25 UTC by nine
Modified:	2008-04-29 11:52 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Valgrind log of konqueror (KDE4) crashing on bug 137678 (150.70 KB, text/plain) 2008-01-28 00:01 UTC, Oliver Putz	Details
Valgrind log of konqueror (KDE3.5.8) crashing on bug 137678 (40.56 KB, application/gzip) 2008-01-28 04:15 UTC, Oliver Putz	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description nine 2006-11-21 18:25:12 UTC

Version:            (using KDE KDE 3.5.5)
Installed from:    SuSE RPMs
Compiler:          gcc version 4.1.2 20061101 (prerelease) (SUSE Linux) Target: i586-suse-linux
OS:                Linux

Konqueror crashes reproducable when the page is reloaded by a JavaScript while the download question window is shown. I've prepared a test case available at:

http://organiceit.lanscene.at/~nine/konqueror/crash.html

Steps to reproduce:
* Point konqueror to above URL.
* Click the "crash me" link.
* In the dialogue that asks if the file should be opened, saved or cancel press cancel, or press save and close the new dialogue any way
* Konqueror crashes

Normally one cannot access the main window while "Open [URL]?" dialogue is open, so one cannot go to another page or reload, but an onclick handler on the link allows this. Seems like somewhere in download handling there is the assumption, that the page objects are accessible any time, which they are not leading to the crash.

As it's a really easily reproducable bug, do I need to provide a backtrace? I don't know how to obtain one, as I have  the SUSE packages installed without symbol information.

Comment 1 Tommi Tervo 2006-12-08 14:29:01 UTC

#6  QShared::ref (this=0x19) at qshared.h:49
#7  0xb73f8d95 in QString::operator= () from /usr/share/qt3/lib/libqt-mt.so.3
#8  0xb667f1f3 in KonqView::setTypedURL (this=0x8930e68, u=@0x8a2b0fc)
    at konq_view.h:202
#9  0xb6674060 in KonqMainWindow::openView (this=0x8a08bc8, 
    serviceType=@0xbf95c48c, _url=@0x8a2b040, childView=0x8930e68, 
    req=@0x8a2b0fc) at konq_mainwindow.cc:885
#10 0xb6630ca2 in KonqRun::foundMimeType (this=0x8a2b018, _type=@0xbf95c4e4)
    at konq_run.cc:91
#11 0xb7f3ae7b in KParts::BrowserRun::slotBrowserMimetype (this=0x8a2b018, 
    _job=0x8a47dc8, type=@0x8b05648) at browserrun.cpp:200
#12 0xb7f3c667 in KParts::BrowserRun::qt_invoke (this=0x8a2b018, _id=7, 
    _o=0xbf95c5d0) at browserrun.moc:102
#13 0xb6630b0f in KonqRun::qt_invoke (this=0x8a2b018, _id=7, _o=0xbf95c5d0)
    at konq_run.moc:88
#14 0xb70e1aa9 in QObject::activate_signal ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#15 0xb7d328d3 in KIO::TransferJob::mimetype (this=0x8a47dc8, t0=0x8a47dc8, 
    t1=@0x8a47ed8) at jobclasses.moc:1050
#16 0xb7d32933 in KIO::TransferJob::slotMimetype (this=0x8a47dc8, 
    type=@0x8b05d80) at job.cpp:1085
#17 0xb7d356f7 in KIO::TransferJob::qt_invoke (this=0x8a47dc8, _id=20, 
    _o=0xbf95c728) at jobclasses.moc:1074
#18 0xb70e1aa9 in QObject::activate_signal ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#19 0xb70e1fda in QObject::activate_signal ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#20 0xb7d21f1f in KIO::SlaveInterface::mimeType (this=0x85d9ba0, 
    t0=@0xbf95c90c) at slaveinterface.moc:370
#21 0xb7d23526 in KIO::SlaveInterface::dispatch (this=0x85d9ba0, _cmd=21, 
    rawdata=@0xbf95c950) at slaveinterface.cpp:338
#22 0xb7d2298c in KIO::SlaveInterface::dispatch (this=0x85d9ba0)
    at slaveinterface.cpp:173
#23 0xb7d1ee56 in KIO::Slave::gotInput (this=0x85d9ba0) at slave.cpp:300
#24 0xb7d1f2c9 in KIO::Slave::qt_invoke (this=0x85d9ba0, _id=4, _o=0xbf95ca98)
    at slave.moc:113

Comment 2 Oliver Putz 2008-01-27 23:59:32 UTC

I can reproduce this bug in a current KDE4 SVN build. (kdelibs r766524, kdebase r766781). Below you can find a GDB backtrace and I'll also attach a Valgrind log.

GDB:
Starting program: /usr/kde/svn/bin/konqueror 
[Thread debugging using libthread_db enabled]
[New Thread 0xb6379a10 (LWP 3500)]
[New Thread 0xb2dfab90 (LWP 3518)]
[New Thread 0xb25f9b90 (LWP 3519)]
[New Thread 0xb1df8b90 (LWP 3520)]
[Thread 0xb1df8b90 (LWP 3520) exited]
[Thread 0xb25f9b90 (LWP 3519) exited]
[Thread 0xb2dfab90 (LWP 3518) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb6379a10 (LWP 3500)]
0xb7cab5bc in KRun::setFinished (this=0x824c918, finished=true)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/krun.cpp:1349
1349	/var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/krun.cpp: No such file or directory.
	in /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/krun.cpp
#0  0xb7cab5bc in KRun::setFinished (this=0x824c918, finished=true)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/krun.cpp:1349
#1  0xb7df10e4 in KParts::BrowserRun::handleNonEmbeddable (this=0x824c918, _mimeType=@0xbf9b8e30)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kparts/browserrun.cpp:241
#2  0xb7e78832 in KonqRun::foundMimeType (this=0x824c918, _type=@0xbf9b8eac)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase-9999.4/apps/konqueror/src/konqrun.cpp:112
#3  0xb7df1767 in KParts::BrowserRun::slotBrowserMimetype (this=0x824c918, _job=0x8255850, type=@0xbf9b9a7c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kparts/browserrun.cpp:215
#4  0xb7df19ce in KParts::BrowserRun::qt_metacall (this=0x824c918, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xbf9b9408)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kparts/browserrun.moc:72
#5  0xb7e782aa in KonqRun::qt_metacall (this=0x824c918, _c=QMetaObject::InvokeMetaMethod, _id=11, _a=0xbf9b9408)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase_build/apps/konqueror/src/konqrun.moc:61
#6  0xb728d1f4 in QMetaObject::activate (sender=0x8255850, from_signal_index=44, to_signal_index=44, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#7  0xb728dd94 in QMetaObject::activate (sender=0x8255850, m=0xb7db36d0, local_signal_index=4, argv=0xbf9b9408)
    at kernel/qobject.cpp:3140
#8  0xb7c4109a in KIO::TransferJob::mimetype (this=0x8255850, _t1=0x8255850, _t2=@0xbf9b9a7c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/jobclasses.moc:383
#9  0xb7c42ea7 in KIO::TransferJob::slotMimetype (this=0x8255850, type=@0xbf9b9a7c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/job.cpp:1106
#10 0xb7c4c541 in KIO::TransferJob::qt_metacall (this=0x8255850, _c=QMetaObject::InvokeMetaMethod, _id=50, _a=0xbf9b994c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/jobclasses.moc:338
#11 0xb728d1f4 in QMetaObject::activate (sender=0x83ba380, from_signal_index=23, to_signal_index=23, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#12 0xb728dd94 in QMetaObject::activate (sender=0x83ba380, m=0xb7db6024, local_signal_index=19, argv=0xbf9b994c)
    at kernel/qobject.cpp:3140
#13 0xb7ced304 in KIO::SlaveInterface::mimeType (this=0x83ba380, _t1=@0xbf9b9a7c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/slaveinterface.moc:262
#14 0xb7cef909 in KIO::SlaveInterface::dispatch (this=0x83ba380, _cmd=21, rawdata=@0xbf9b9ae4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/slaveinterface.cpp:285
#15 0xb7cf0006 in KIO::SlaveInterface::dispatch (this=0x83ba380)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/slaveinterface.cpp:90
#16 0xb7ce2677 in KIO::Slave::gotInput (this=0x83ba380)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/slave.cpp:319
#17 0xb7ce3bcd in KIO::Slave::qt_metacall (this=0x83ba380, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbf9ba004)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/slave.moc:74
#18 0xb728d1f4 in QMetaObject::activate (sender=0x83cfff8, from_signal_index=4, to_signal_index=4, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#19 0xb728dd94 in QMetaObject::activate (sender=0x83cfff8, m=0xb7db2f20, local_signal_index=0, argv=0x0)
    at kernel/qobject.cpp:3140
#20 0xb7c1d9a3 in KIO::Connection::readyRead (this=0x83cfff8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/connection.moc:83
#21 0xb7c1e826 in KIO::ConnectionPrivate::dequeue (this=0x827b210)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/connection.cpp:82
#22 0xb7c1f5d5 in KIO::Connection::qt_metacall (this=0x83cfff8, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x8247e90)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/connection.moc:71
#23 0xb72882f9 in QMetaCallEvent::placeMetaCall (this=0x823d5a8, object=0x83cfff8) at kernel/qobject.cpp:536
#24 0xb728b017 in QObject::event (this=0x83cfff8, e=0x844fd20) at kernel/qobject.cpp:1122
#25 0xb691ae8a in QApplicationPrivate::notify_helper (this=0x80587d0, receiver=0x83cfff8, e=0x823d5a8)
    at kernel/qapplication.cpp:3556
#26 0xb691c77a in QApplication::notify (this=0xbf9baa18, receiver=0x83cfff8, e=0x823d5a8) at kernel/qapplication.cpp:3115
#27 0xb7858cb3 in KApplication::notify (this=0xbf9baa18, receiver=0x83cfff8, event=0x823d5a8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/kernel/kapplication.cpp:314
#28 0xb7279d7b in QCoreApplication::notifyInternal (this=0xbf9baa18, receiver=0x83cfff8, event=0x823d5a8)
    at kernel/qcoreapplication.cpp:530
#29 0xb727b21a in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x804ce50)
    at kernel/qcoreapplication.h:200
#30 0xb72a3905 in QEventDispatcherUNIX::processEvents (this=0x8057f50, flags=@0xbf9ba6f8)
    at kernel/qeventdispatcher_unix.cpp:858
#31 0xb69a4cce in QEventDispatcherX11::processEvents (this=0x8057f50, flags=@0xbf9ba724)
    at kernel/qeventdispatcher_x11.cpp:145
#32 0xb7279191 in QEventLoop::processEvents (this=0xbf9ba790, flags=@0xbf9ba758) at kernel/qeventloop.cpp:140
#33 0xb727929a in QEventLoop::exec (this=0xbf9ba790, flags=@0xbf9ba798) at kernel/qeventloop.cpp:186
#34 0xb727b626 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:759
#35 0xb691a487 in QApplication::exec () at kernel/qapplication.cpp:3053
#36 0xb7efb717 in kdemain (argc=1, argv=0xbf9bad94)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase-9999.4/apps/konqueror/src/konqmain.cpp:218
#37 0x080487e2 in main (argc=136461560, argv=0x0)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase_build/apps/konqueror/src/konqueror_dummy.cpp:3
#38 0xb6587fdc in __libc_start_main (main=0x80487c0 <main>, argc=1, ubp_av=0xbf9bad94, init=0x8048810 <__libc_csu_init>, 
    fini=0x8048800 <__libc_csu_fini>, rtld_fini=0xb7f20100 <_dl_fini>, stack_end=0xbf9bad8c) at libc-start.c:229
#39 0x08048731 in _start ()

Comment 3 Oliver Putz 2008-01-28 00:01:02 UTC

Created attachment 23319 [details]
Valgrind log of konqueror (KDE4) crashing on bug 137678

Comment 4 Oliver Putz 2008-01-28 04:09:08 UTC

I can also reproduce this bug in KDE 3.5.8. The GDB log here is:

Starting program: /usr/kde/3.5/bin/konqueror 
[Thread debugging using libthread_db enabled]
[New Thread 0xb67f4af0 (LWP 7475)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb67f4af0 (LWP 7475)]
0xb6ee53a4 in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3
#0  0xb6ee53a4 in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3
#1  0xb6ee5fd9 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#2  0xb7546d62 in KApplication::notify (this=0xbfdb7ee4, receiver=0x83922e0, event=0xbfdb7c00)
    at kapplication.cpp:550
#3  0xb6eda33c in QEventLoop::activateTimers () from /usr/qt/3/lib/libqt-mt.so.3
#4  0xb6e9496c in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3
#5  0xb6efa2e1 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#6  0xb6efa166 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#7  0xb6ee4e2f in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#8  0xb7efeb69 in kdemain (argc=1, argv=0xbfdb83a4) at konq_main.cc:206
#9  0x0804871f in main (argc=67371008, argv=0x0) at konqueror.la.cc:2
#10 0xb680cfdc in __libc_start_main (main=0x8048704 <main>, argc=1, ubp_av=0xbfdb83a4, 
    init=0x8048740 <__libc_csu_init>, fini=0x8048730 <__libc_csu_fini>, 
    rtld_fini=0xb7f8b100 <_dl_fini>, stack_end=0xbfdb839c) at libc-start.c:229
#11 0x08048681 in _start ()

Comment 5 Oliver Putz 2008-01-28 04:15:02 UTC

Created attachment 23324 [details]
Valgrind log of konqueror (KDE3.5.8) crashing on bug 137678

Comment 6 David Faure 2008-02-01 22:49:04 UTC

SVN commit 769716 by dfaure:

Fix crash in K*Run due to nested event loops (modal dialogs) deleting the KRun instance from a timer (e.g. the redirection timer in KHTML, #137678)
Revert Aurélien's KHTMLRun fix for netvibes.com: the KRun fix covers this case, and that KHTMLRun change introduced #156447.
BUGS: 137678, 156447


 M  +4 -15     khtml/khtml_run.cpp  
 M  +55 -33    kio/kio/krun.cpp  
 M  +23 -12    kio/kio/krun.h  
 M  +5 -5      kparts/browserrun.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=769716

Comment 7 A. Spehr 2008-04-29 11:52:13 UTC

*** Bug 146688 has been marked as a duplicate of this bug. ***