Bug 140290 - Konqueror crashes when clicking on an embedded, interactive SVG image
Summary: Konqueror crashes when clicking on an embedded, interactive SVG image
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml svg (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-01-19 13:37 UTC by Arne Schmitz
Modified: 2010-12-29 17:19 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arne Schmitz 2007-01-19 13:37:24 UTC
Version:            (using KDE KDE 3.5.5)
Installed from:    Debian testing/unstable Packages

How to reproduce:

1) Go to http://www.wherearewe.co.nz/worldsvg.html
2) click anywhere on the map
3) Observe a crash:

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 47622882516256 (LWP 28564)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#5  0x00002b500cf6e07b in raise () from /lib/libc.so.6
#6  0x00002b500cf6f84e in abort () from /lib/libc.so.6
#7  0x00002b500cb6d444 in __gnu_cxx::__verbose_terminate_handler ()
   from /usr/lib/libstdc++.so.6
#8  0x00002b500cb6b5c6 in std::set_unexpected () from /usr/lib/libstdc++.so.6
#9  0x00002b500cb6b5f3 in std::terminate () from /usr/lib/libstdc++.so.6
#10 0x00002b500cb6baaf in __cxa_pure_virtual () from /usr/lib/libstdc++.so.6
#11 0x00002b5016cc239e in KSVGBridge<KSVG::SVGDocumentImpl>::get ()
   from /usr/lib/libksvg.so.0
#12 0x00002b50150817db in KJS::Reference::getValue ()
   from /usr/lib/libkjs.so.1
#13 0x00002b5015081ca0 in KJS::Reference::getValue ()
   from /usr/lib/libkjs.so.1
#14 0x00002b501505db2e in KJS::DateObjectFuncImp::implementsCall ()
   from /usr/lib/libkjs.so.1
#15 0x00002b5015082513 in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#16 0x00002b5015082403 in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#17 0x00002b5015097586 in KJS::DeclaredFunctionImp::execute ()
   from /usr/lib/libkjs.so.1
#18 0x00002b501509854c in KJS::Interpreter::evaluate ()
   from /usr/lib/libkjs.so.1
#19 0x00002b501509747e in KJS::DeclaredFunctionImp::execute ()
   from /usr/lib/libkjs.so.1
#20 0x00002b5015096ebb in KJS::DeclaredFunctionImp::execute ()
   from /usr/lib/libkjs.so.1
#21 0x00002b501508211b in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#22 0x00002b5015084dd7 in KJS::Object::call () from /usr/lib/libkjs.so.1
#23 0x00002b501508b86e in KJS::UndefinedImp::toObject ()
   from /usr/lib/libkjs.so.1
#24 0x00002b50150972c0 in KJS::DeclaredFunctionImp::execute ()
   from /usr/lib/libkjs.so.1
#25 0x00002b50150984ad in KJS::Interpreter::evaluate ()
   from /usr/lib/libkjs.so.1
#26 0x00002b501509747e in KJS::DeclaredFunctionImp::execute ()
   from /usr/lib/libkjs.so.1
#27 0x00002b5015096ebb in KJS::DeclaredFunctionImp::execute ()
   from /usr/lib/libkjs.so.1
#28 0x00002b501508211b in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1
#29 0x00002b5015084dd7 in KJS::Object::call () from /usr/lib/libkjs.so.1
#30 0x00002b5016cfec53 in KSVGEcmaEventListener::handleEvent ()
   from /usr/lib/libksvg.so.0
#31 0x00002b5016bd7058 in KSVG::SVGElementImpl::handleLocalEvents ()
   from /usr/lib/libksvg.so.0
#32 0x00002b5016bd799a in KSVG::SVGElementImpl::dispatchEvent ()
   from /usr/lib/libksvg.so.0
#33 0x00002b5016bd7c2a in KSVG::SVGElementImpl::dispatchMouseEvent ()
   from /usr/lib/libksvg.so.0
#34 0x00002b5016be4ab9 in KSVG::SVGSVGElementImpl::prepareMouseEvent ()
   from /usr/lib/libksvg.so.0
#35 0x00002b50168979ed in KSVGWidget::mouseMoveEvent ()
   from /usr/lib/kde3/libksvgplugin.so
#36 0x00002b500de4208c in QWidget::event () from /usr/lib/libqt-mt.so.3
#37 0x00002b500dda9212 in QApplication::internalNotify ()
   from /usr/lib/libqt-mt.so.3
#38 0x00002b500ddab391 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#39 0x00002b500d83f8de in KApplication::notify ()
   from /usr/lib/libkdecore.so.4
#40 0x00002b500dd3c824 in QApplication::sendSpontaneousEvent ()
   from /usr/lib/libqt-mt.so.3
#41 0x00002b500dd3b44f in QETWidget::translateMouseEvent ()
   from /usr/lib/libqt-mt.so.3
#42 0x00002b500dd398af in QApplication::x11ProcessEvent ()
   from /usr/lib/libqt-mt.so.3
#43 0x00002b500dd4f86a in QEventLoop::processEvents ()
   from /usr/lib/libqt-mt.so.3
#44 0x00002b500ddc279e in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#45 0x00002b500ddc25a7 in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#46 0x00002b500ddaacf0 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#47 0x00002b501196fa9e in kdemain () from /usr/lib/libkdeinit_konqueror.so
#48 0x0000000000407566 in ?? ()
#49 0x0000000000407eb2 in ?? ()
#50 0x00000000004082b2 in ?? ()
#51 0x00000000004092b3 in ?? ()
#52 0x00002b500cf5b4ca in __libc_start_main () from /lib/libc.so.6
#53 0x0000000000404baa in ?? ()
#54 0x00007fff9e267a18 in ?? ()
#55 0x0000000000000000 in ?? ()
Comment 1 Kurt Pfeifle 2007-01-20 07:44:49 UTC
I confirm this. SUSE-10.0 RPMS for KDE 3.5.5 here.
Comment 2 Oliver Putz 2008-01-28 03:35:42 UTC
I can reproduce this bug with KDE 3.5.8. (but cannot test on KDE4 as the embedded svgz does not get displayed there...)
Below you can find a GDB backtrace from the crash.

GDB:
Starting program: /usr/kde/3.5/bin/konqueror 
[Thread debugging using libthread_db enabled]
[New Thread 0xb6808af0 (LWP 6763)]

Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb6808af0 (LWP 6763)]
0xffffe410 in __kernel_vsyscall ()
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb68341f1 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb68359b8 in *__GI_abort () at abort.c:88
#3  0xb6a255f4 in __gnu_cxx::__verbose_terminate_handler ()
   from /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/libstdc++.so.6
#4  0xb6a22fd5 in ?? () from /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/libstdc++.so.6
#5  0xb6a23012 in std::terminate () from /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/libstdc++.so.6
#6  0xb6a23726 in __cxa_pure_virtual () from /usr/lib/gcc/i686-pc-linux-gnu/4.1.2/libstdc++.so.6
#7  0xb62174c8 in KJS::ValueImp::dispatchType (this=0x6) at value.cpp:174
#8  0xb5aa0a12 in KJS::Value::type () from /usr/kde/3.5/lib/libksvg.so.0
#9  0xb5b638fc in KSVGBridge<KSVG::SVGDocumentImpl>::get () from /usr/kde/3.5/lib/libksvg.so.0
#10 0xb6220b30 in KJS::Reference::getValue (this=0xbfe86528, exec=0xbfe86824) at reference.cpp:143
#11 0xb61e0089 in KJS::Node::evaluate (this=0x90477e8, exec=0xbfe86824) at nodes.cpp:130
#12 0xb61dfa43 in KJS::AssignExprNode::evaluate (this=0x8bdd6a8, exec=0xbfe86824)
    at nodes.cpp:1760
#13 0xb61e45c1 in KJS::VarDeclNode::evaluate (this=0x84898d8, exec=0xbfe86824) at nodes.cpp:1791
#14 0xb61e449f in KJS::VarDeclListNode::evaluate (this=0x906c820, exec=0xbfe86824)
    at nodes.cpp:1863
#15 0xb61e9980 in KJS::VarStatementNode::execute (this=0x90c23c0, exec=0xbfe86824)
    at nodes.cpp:1896
#16 0xb61e82c8 in KJS::SourceElementsNode::execute (this=0x90ae000, exec=0xbfe86824)
    at nodes.cpp:3114
#17 0xb61e9869 in KJS::BlockNode::execute (this=0x8fb25c8, exec=0xbfe86824) at nodes.cpp:1942
#18 0xb6214226 in KJS::DeclaredFunctionImp::execute (this=0x90e2d78, exec=0xbfe86824)
    at function.cpp:613
#19 0xb62145f4 in KJS::FunctionImp::call (this=0x90e2d78, exec=0xbfe86b44, thisObj=@0xbfe86900, 
    args=@0xbfe868f4) at function.cpp:373
#20 0xb621a32e in KJS::Object::call (this=0xbfe86908, exec=0xbfe86b44, thisObj=@0xbfe86900, 
    args=@0xbfe868f4) at object.cpp:73
#21 0xb61e7432 in KJS::FunctionCallNode::evaluate (this=0x8468388, exec=0xbfe86b44)
    at nodes.cpp:870
#22 0xb61e963e in KJS::ExprStatementNode::execute (this=0x82d0198, exec=0xbfe86b44)
    at nodes.cpp:1980
#23 0xb61e8228 in KJS::SourceElementsNode::execute (this=0x82d01f8, exec=0xbfe86b44)
    at nodes.cpp:3108
#24 0xb61e9869 in KJS::BlockNode::execute (this=0x82db6d8, exec=0xbfe86b44) at nodes.cpp:1942
#25 0xb6214226 in KJS::DeclaredFunctionImp::execute (this=0x82db708, exec=0xbfe86b44)
    at function.cpp:613
#26 0xb62145f4 in KJS::FunctionImp::call (this=0x82db708, exec=0x848dd58, thisObj=@0xbfe86c20, 
    args=@0xbfe86c08) at function.cpp:373
#27 0xb621a32e in KJS::Object::call (this=0x82db794, exec=0x848dd58, thisObj=@0xbfe86c20, 
    args=@0xbfe86c08) at object.cpp:73
#28 0xb5b90b3f in KSVGEcmaEventListener::handleEvent () from /usr/kde/3.5/lib/libksvg.so.0
#29 0xb5abe463 in KSVG::SVGElementImpl::handleLocalEvents () from /usr/kde/3.5/lib/libksvg.so.0
#30 0xb5abfd2c in KSVG::SVGElementImpl::dispatchEvent () from /usr/kde/3.5/lib/libksvg.so.0
#31 0xb5abff40 in KSVG::SVGElementImpl::dispatchMouseEvent () from /usr/kde/3.5/lib/libksvg.so.0
#32 0xb5aca9d3 in KSVG::SVGSVGElementImpl::prepareMouseEvent () from /usr/kde/3.5/lib/libksvg.so.0
#33 0xb5c5c29c in KSVGWidget::mouseMoveEvent () from /usr/kde/3.5/lib/kde3/libksvgplugin.so
#34 0xb6f9188b in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3
#35 0xb6ef93a7 in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3
#36 0xb6efa1f2 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#37 0xb755ad62 in KApplication::notify (this=0xbfe877b4, receiver=0x849dbb8, event=0xbfe8724c)
    at kapplication.cpp:550
#38 0xb6e98e19 in QETWidget::translateMouseEvent () from /usr/qt/3/lib/libqt-mt.so.3
#39 0xb6e98561 in QApplication::x11ProcessEvent () from /usr/qt/3/lib/libqt-mt.so.3
#40 0xb6ea8671 in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3
#41 0xb6f0e2e1 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#42 0xb6f0e166 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#43 0xb6ef8e2f in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#44 0xb7f12b69 in kdemain (argc=1, argv=0xbfe87c74) at konq_main.cc:206
#45 0x0804871f in main (argc=Cannot access memory at address 0x1a6b
) at konqueror.la.cc:2
#46 0xb6820fdc in __libc_start_main (main=0x8048704 <main>, argc=1, ubp_av=0xbfe87c74, 
    init=0x8048740 <__libc_csu_init>, fini=0x8048730 <__libc_csu_fini>, 
    rtld_fini=0xb7f9f100 <_dl_fini>, stack_end=0xbfe87c6c) at libc-start.c:229
#47 0x08048681 in _start ()
Comment 3 Jaime Torres 2008-05-04 01:11:34 UTC
I can not test this in kde4 trunk 20080430 because the embeeded svg does not get displayed, and it says in the console:

Cannot read file 'xxxxxxxx/konquerorB28482.svgz', because: It has been found content incorrectly formed (se ha encontrado contenido incorrectamente codificado).
Comment 4 FiNeX 2008-06-01 23:27:07 UTC
Crash confirmed in 3.5.9 too.

Cannot reproduce on KDE 4 because the svg doesn't work at all :(
Comment 5 FiNeX 2009-09-20 14:35:37 UTC
The page doesn't exist anymore :/
Comment 6 thp069 2009-11-17 23:31:02 UTC
A possibly similar SVG also hanging the konqueror (3.5.9 in my case on KDE3.5.10) can be found at 

http://paste-it.net/public/e2b9e37/

(This svg stems from rendering a graphviz example of an undirected graph.)

I would be very much interested if these types of bugs are resolved in KDE 4.1.X or higher. (and thus a system upgrade but be worthwhile)

Can someone with having a newer KDE already running give it a try? (Thanks for reporting)
Comment 7 thp069 2009-11-17 23:39:22 UTC
Previous example in "clickable" format also to be found at

http://www.sigproc.de/svg_crash.html

(until ~2012)
Comment 8 Samuel Brack 2010-12-29 13:15:25 UTC
I can't confirm this bug under Konqueror 4.5.4 (KDE 4.5.4 in Arch Linux); clicking on the svg doesn't crash the browser. Can be closed, I think.
Comment 9 Samuel Brack 2010-12-29 17:19:01 UTC
Closed because this couldn't be reproduced and there seems to be no activity since about a year. Feel free to reopen when you can reproduce.