145612 – [patch] [testcase] konqueror 3.5.6 crashed by clicking a combobox on www.alltours.de

Bug 145612 - [patch] [testcase] konqueror 3.5.6 crashed by clicking a combobox on www.alltours.de

Summary: [patch] [testcase] konqueror 3.5.6 crashed by clicking a combobox on www.allt...

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	149157 (view as bug list)
Depends on:
Blocks:

Reported:	2007-05-18 09:18 UTC by klaus
Modified:	2010-01-06 18:16 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
konqueror_combobox_crash.jpeg (9.42 KB, image/jpeg) 2007-05-19 18:01 UTC, klaus	Details
dom_elementimpl.cpp.patch.diff (358 bytes, patch) 2007-07-28 12:48 UTC, patch_linams	Details
Test case from bug #149157 (627 bytes, text/html) 2007-08-24 09:07 UTC, Tommi Tervo	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description klaus 2007-05-18 09:18:41 UTC

Version:            (using KDE KDE 3.5.6)
Installed from:    Gentoo Packages
Compiler:          gcc (GCC) 4.1.2 (Gentoo 4.1.2) 
OS:                Linux

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 47870180284032 (LWP 22535)]
[KCrash handler]
#5  0x00002b89a5d8ce92 in DOM::ElementMappingCache::remove ()
   from /usr/kde/3.5/lib64/libkhtml.so.4
#6  0x00002b89a5da132e in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#7  0x00002b89a5da37f2 in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#8  0x00002b89a5f37d0f in DOM::Attr::setValue ()
   from /usr/kde/3.5/lib64/libkhtml.so.4
#9  0x00002b89a5e9b393 in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#10 0x00002b89a5e974d7 in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#11 0x00002b89a61a51f3 in KJS::Reference::putValue ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#12 0x00002b89a6175d41 in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#13 0x00002b89a61770c0 in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#14 0x00002b89a61773ec in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#15 0x00002b89a617727e in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#16 0x00002b89a617a1cb in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#17 0x00002b89a61773ec in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#18 0x00002b89a617727e in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#19 0x00002b89a619b2eb in KJS::DeclaredFunctionImp::execute ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#20 0x00002b89a619b0cd in KJS::FunctionImp::call ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#21 0x00002b89a61a0247 in KJS::Object::call ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#22 0x00002b89a6175b2e in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#23 0x00002b89a61770c0 in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#24 0x00002b89a617734d in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#25 0x00002b89a617727e in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#26 0x00002b89a6176f7a in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#27 0x00002b89a61773ec in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#28 0x00002b89a617727e in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#29 0x00002b89a6176f7a in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#30 0x00002b89a61773ec in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#31 0x00002b89a617727e in ?? () from /usr/kde/3.5/lib64/libkjs.so.1
#32 0x00002b89a619b2eb in KJS::DeclaredFunctionImp::execute ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#33 0x00002b89a619b0cd in KJS::FunctionImp::call ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#34 0x00002b89a61a0247 in KJS::Object::call ()
   from /usr/kde/3.5/lib64/libkjs.so.1
#35 0x00002b89a5f0901f in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#36 0x00002b89a5f1b253 in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#37 0x00002b89a5f1b422 in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#38 0x00002b89a5f1f3be in ?? () from /usr/kde/3.5/lib64/libkhtml.so.4
#39 0x00002b89a2a7f24c in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#40 0x00002b89a128effc in KIO::Job::result ()
   from /usr/kde/3.5/lib64/libkio.so.4
#41 0x00002b89a12923bf in KIO::Job::emitResult ()
   from /usr/kde/3.5/lib64/libkio.so.4
#42 0x00002b89a1292526 in KIO::SimpleJob::slotFinished ()
   from /usr/kde/3.5/lib64/libkio.so.4
#43 0x00002b89a1299bda in KIO::TransferJob::slotFinished ()
   from /usr/kde/3.5/lib64/libkio.so.4
#44 0x00002b89a1290938 in KIO::TransferJob::qt_invoke ()
   from /usr/kde/3.5/lib64/libkio.so.4
#45 0x00002b89a2a7f24c in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#46 0x00002b89a2a7fef3 in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#47 0x00002b89a1281d6d in KIO::SlaveInterface::dispatch ()
   from /usr/kde/3.5/lib64/libkio.so.4
#48 0x00002b89a128077d in KIO::SlaveInterface::dispatch ()
   from /usr/kde/3.5/lib64/libkio.so.4
#49 0x00002b89a127da4a in KIO::Slave::gotInput ()
   from /usr/kde/3.5/lib64/libkio.so.4
#50 0x00002b89a127dbd8 in KIO::Slave::qt_invoke ()
   from /usr/kde/3.5/lib64/libkio.so.4
#51 0x00002b89a2a7f24c in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#52 0x00002b89a2a7fe25 in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#53 0x00002b89a2a9995b in QSocketNotifier::event ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#54 0x00002b89a2a28cb5 in QApplication::internalNotify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#55 0x00002b89a2a298b7 in QApplication::notify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#56 0x00002b89a1d9cb7e in KApplication::notify ()
   from /usr/kde/3.5/lib64/libkdecore.so.4
#57 0x00002b89a2a1ee9b in QEventLoop::activateSocketNotifiers ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#58 0x00002b89a29dfbd3 in QEventLoop::processEvents ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#59 0x00002b89a2a3d402 in QEventLoop::enterLoop ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#60 0x00002b89a2a3d2b2 in QEventLoop::exec ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#61 0x00002b89a0adecbe in kdemain ()
   from /usr/kde/3.5/lib64/libkdeinit_konqueror.so
#62 0x00002b89a4f53374 in __libc_start_main () from /lib/libc.so.6
#63 0x0000000000400789 in ?? ()
#64 0x00007fff0a152de8 in ?? ()
#65 0x0000000000000000 in ?? ()

Comment 1 Bram Schoenmakers 2007-05-18 19:14:22 UTC

Can not reproduce. Could you be a bit more specific please?

You may also want to improve the backtrace:

http://www.gentoo.org/proj/en/qa/backtraces.xml

Comment 2 klaus 2007-05-19 11:59:33 UTC

Am Freitag, 18. Mai 2007 schrieb Bram Schoenmakers:
[bugs.kde.org quoted mail]


Ok, here the backtace with CFLAG -ggdb and FEATURE splitdebug.

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47497733027456 (LWP 27236)]
[KCrash handler]
#5  DOM::ElementMappingCache::remove (this=0x14f1230, id=@0x7fffc1ab38c0, 
    nd=0x14eaab0) at dom_docimpl.cpp:263
#6  0x00002b32ee43f32e in DOM::ElementImpl::updateId (this=0x14eaab0, 
    oldId=<value optimized out>, newId=0x137ef50) at dom_elementimpl.cpp:722
#7  0x00002b32ee4417f2 in DOM::AttrImpl::setValue (this=0x14eab60, 
    v=@0x7fffc1ab3960, exceptioncode=<value optimized out>)
    at dom_elementimpl.cpp:172
#8  0x00002b32ee5d5d0f in DOM::Attr::setValue (this=<value optimized out>, 
    newValue=@0x137f15a) at dom_element.cpp:98
#9  0x00002b32ee539393 in KJS::DOMAttr::putValueProperty (
    this=<value optimized out>, exec=<value optimized out>, 
    token=<value optimized out>, value=<value optimized out>)
    at kjs_dom.cpp:846
#10 0x00002b32ee5354d7 in KJS::DOMObject::put (this=0x5, exec=0x137f15a, 
    propertyName=@0x63, value=@0x355684, attr=5) at kjs_binding.cpp:72
#11 0x00002b32ee8431f3 in KJS::Reference::putValue (this=0x7fffc1ab3b20, 
    exec=0x7fffc1ab4240, w=@0x7fffc1ab3b60) at reference.cpp:165
#12 0x00002b32ee813d41 in KJS::AssignNode::evaluate (this=0x1229000, 
    exec=0x7fffc1ab4240) at nodes.cpp:1624
#13 0x00002b32ee8150c0 in KJS::ExprStatementNode::execute (this=0x1229030, 
    exec=0x7fffc1ab4240) at nodes.cpp:1980
#14 0x00002b32ee8153ec in KJS::SourceElementsNode::execute (this=0xd7e9e0, 
    exec=0x7fffc1ab4240) at nodes.cpp:3097
#15 0x00002b32ee81527e in KJS::BlockNode::execute (this=0x1149e10, 
    exec=0x7fffc1ab4240) at nodes.cpp:1942
#16 0x00002b32ee8181cb in KJS::ForNode::execute (this=0x1149e60, 
    exec=0x7fffc1ab4240) at nodes.cpp:2199
#17 0x00002b32ee8153ec in KJS::SourceElementsNode::execute (this=0x1, 
    exec=0x7fffc1ab4240) at nodes.cpp:3097
#18 0x00002b32ee81527e in KJS::BlockNode::execute (this=0x127bdf0, 
    exec=0x7fffc1ab4240) at nodes.cpp:1942
#19 0x00002b32ee8392eb in KJS::DeclaredFunctionImp::execute (
    this=<value optimized out>, exec=0x63) at function.cpp:613
#20 0x00002b32ee8390cd in KJS::FunctionImp::call (this=0x12f7af0, 
    exec=0x7fffc1ab4af0, thisObj=@0x7fffc1ab43d0, args=@0x7fffc1ab43b0)
    at function.cpp:373
#21 0x00002b32ee83e247 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fffc1ab4af0, thisObj=@0x355684, args=@0x5) at object.cpp:73
#22 0x00002b32ee813b2e in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fffc1ab4af0) at nodes.cpp:870
#23 0x00002b32ee8150c0 in KJS::ExprStatementNode::execute (this=0x134dc60, 
    exec=0x7fffc1ab4af0) at nodes.cpp:1980
#24 0x00002b32ee81534d in KJS::SourceElementsNode::execute (this=0x134dcb0, 
    exec=0x7fffc1ab4af0) at nodes.cpp:3091
#25 0x00002b32ee81527e in KJS::BlockNode::execute (this=0x134dd00, 
    exec=0x7fffc1ab4af0) at nodes.cpp:1942
#26 0x00002b32ee814f7a in KJS::IfNode::execute (this=0x134ddc0, 
    exec=0x7fffc1ab4af0) at nodes.cpp:2021
#27 0x00002b32ee8153ec in KJS::SourceElementsNode::execute (this=0x0, 
    exec=0x7fffc1ab4af0) at nodes.cpp:3097
#28 0x00002b32ee81527e in KJS::BlockNode::execute (this=0x134df80, 
    exec=0x7fffc1ab4af0) at nodes.cpp:1942
#29 0x00002b32ee814f7a in KJS::IfNode::execute (this=0x134dfd0, 
    exec=0x7fffc1ab4af0) at nodes.cpp:2021
#30 0x00002b32ee8153ec in KJS::SourceElementsNode::execute (this=0x134c360, 
    exec=0x7fffc1ab4af0) at nodes.cpp:3097
#31 0x00002b32ee81527e in KJS::BlockNode::execute (this=0x134e080, 
    exec=0x7fffc1ab4af0) at nodes.cpp:1942
#32 0x00002b32ee8392eb in KJS::DeclaredFunctionImp::execute (
    this=<value optimized out>, exec=0x63) at function.cpp:613
#33 0x00002b32ee8390cd in KJS::FunctionImp::call (this=0x1222b80, 
    exec=0xd14530, thisObj=@0x7fffc1ab4cb0, args=@0x7fffc1ab4c60)
    at function.cpp:373
#34 0x00002b32ee83e247 in KJS::Object::call (this=<value optimized out>, 
    exec=0xd14530, thisObj=@0x355684, args=@0x5) at object.cpp:73
#35 0x00002b32ee5a701f in KJS::JSEventListener::handleEvent (this=0x130bde0, 
    evt=@0x7fffc1ab4d20) at kjs_events.cpp:96
#36 0x00002b32ee5b9253 in KJS::XMLHttpRequest::changeState (this=0x14e3f80, 
    newState=<value optimized out>) at xmlhttprequest.cpp:267
#37 0x00002b32ee5b9422 in KJS::XMLHttpRequest::slotFinished (this=0x14e3f80)
    at xmlhttprequest.cpp:601
#38 0x00002b32ee5bd3be in KJS::XMLHttpRequestQObject::qt_invoke (
    this=0x14e40c0, _id=3, _o=0x7fffc1ab4e60) at xmlhttprequest.moc:98
#39 0x00002b32eb11e24c in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#40 0x00002b32e992dffc in KIO::Job::result (this=<value optimized out>, 
    t0=0x14e4810) at jobclasses.moc:162
#41 0x00002b32e99313bf in KIO::Job::emitResult (this=0x14e4810) at 
job.cpp:235
#42 0x00002b32e9931526 in KIO::SimpleJob::slotFinished (this=0x14e4810)
    at job.cpp:601
#43 0x00002b32e9938bda in KIO::TransferJob::slotFinished (this=0x14e4810)
    at job.cpp:971
#44 0x00002b32e992f938 in KIO::TransferJob::qt_invoke (this=0x14e4810, 
    _id=17, _o=0x7fffc1ab5330) at jobclasses.moc:1071
#45 0x00002b32eb11e24c in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#46 0x00002b32eb11eef3 in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#47 0x00002b32e9920d6d in KIO::SlaveInterface::dispatch (this=0x125f700, 
    _cmd=104, rawdata=@0x7fffc1ab5610) at slaveinterface.cpp:243
#48 0x00002b32e991f77d in KIO::SlaveInterface::dispatch (this=0x125f700)
    at slaveinterface.cpp:173
#49 0x00002b32e991ca4a in KIO::Slave::gotInput (this=0x5) at slave.cpp:300
#50 0x00002b32e991cbd8 in KIO::Slave::qt_invoke (this=0x125f700, _id=4, 
    _o=0x7fffc1ab5750) at slave.moc:113
#51 0x00002b32eb11e24c in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#52 0x00002b32eb11ee25 in QObject::activate_signal ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#53 0x00002b32eb13895b in QSocketNotifier::event ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#54 0x00002b32eb0c7cb5 in QApplication::internalNotify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#55 0x00002b32eb0c88b7 in QApplication::notify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#56 0x00002b32ea43bb7e in KApplication::notify (this=0x7fffc1ab5d60, 
    receiver=0x11f5cb0, event=0x7fffc1ab5a50) at kapplication.cpp:550
#57 0x00002b32eb0bde9b in QEventLoop::activateSocketNotifiers ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#58 0x00002b32eb07ebd3 in QEventLoop::processEvents ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#59 0x00002b32eb0dc402 in QEventLoop::enterLoop ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#60 0x00002b32eb0dc2b2 in QEventLoop::exec ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#61 0x00002b32e917dcbe in kdemain (argc=<value optimized out>, 
    argv=<value optimized out>) at konq_main.cc:206
#62 0x00002b32ed5f1374 in __libc_start_main () from /lib/libc.so.6
#63 0x0000000000400789 in _start ()

###########################################################################
Here the Output from gdb.
###########################################################################

(gdb) run
Starting program: /usr/kde/3.5/bin/konqueror
[Thread debugging using libthread_db enabled]
[New Thread 47219515594368 (LWP 27932)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47219515594368 (LWP 27932)]
DOM::ElementMappingCache::remove (this=0x5a6490, id=@0x7fff88b83970, 
nd=0x14f74c0)
    at dom_docimpl.cpp:263
263     dom_docimpl.cpp: No such file or directory.
        in dom_docimpl.cpp
(gdb) bt
#0  DOM::ElementMappingCache::remove (this=0x5a6490, id=@0x7fff88b83970, 
nd=0x14f74c0)
    at dom_docimpl.cpp:263
#1  0x00002af22736d32e in DOM::ElementImpl::updateId (this=0x14f74c0,
    oldId=<value optimized out>, newId=0x1142af0) at dom_elementimpl.cpp:722
#2  0x00002af22736f7f2 in DOM::AttrImpl::setValue (this=0x5a6a70, 
v=@0x7fff88b83a10,
    exceptioncode=<value optimized out>) at dom_elementimpl.cpp:172
#3  0x00002af227503d0f in DOM::Attr::setValue (this=<value optimized out>,
    newValue=@0x114227a) at dom_element.cpp:98
#4  0x00002af227467393 in KJS::DOMAttr::putValueProperty (this=<value 
optimized out>,
    exec=<value optimized out>, token=<value optimized out>, value=<value 
optimized out>)
    at kjs_dom.cpp:846
#5  0x00002af2274634d7 in KJS::DOMObject::put (this=0x5, exec=0x114227a,
    propertyName=@0x63, value=@0x355684, attr=5) at kjs_binding.cpp:72
#6  0x00002af2277711f3 in KJS::Reference::putValue (this=0x7fff88b83bd0,
    exec=0x7fff88b842f0, w=@0x7fff88b83c10) at reference.cpp:165
#7  0x00002af227741d41 in KJS::AssignNode::evaluate (this=0x1153ff0, 
exec=0x7fff88b842f0)
    at nodes.cpp:1624
#8  0x00002af2277430c0 in KJS::ExprStatementNode::execute (this=0x1154020,
    exec=0x7fff88b842f0) at nodes.cpp:1980
#9  0x00002af2277433ec in KJS::SourceElementsNode::execute (this=0xd7e3a0,
    exec=0x7fff88b842f0) at nodes.cpp:3097
#10 0x00002af22774327e in KJS::BlockNode::execute (this=0x11e87d0, 
exec=0x7fff88b842f0)
---Type <return> to continue, or q <return> to quit---
    at nodes.cpp:1942
#11 0x00002af2277461cb in KJS::ForNode::execute (this=0x11e8820, 
exec=0x7fff88b842f0)
    at nodes.cpp:2199
#12 0x00002af2277433ec in KJS::SourceElementsNode::execute (this=0x1, 
exec=0x7fff88b842f0)
    at nodes.cpp:3097
#13 0x00002af22774327e in KJS::BlockNode::execute (this=0x132eef0, 
exec=0x7fff88b842f0)
    at nodes.cpp:1942
#14 0x00002af2277672eb in KJS::DeclaredFunctionImp::execute (this=<value 
optimized out>,
    exec=0x63) at function.cpp:613
#15 0x00002af2277670cd in KJS::FunctionImp::call (this=0x12fab60, 
exec=0x7fff88b84ba0,
    thisObj=@0x7fff88b84480, args=@0x7fff88b84460) at function.cpp:373
#16 0x00002af22776c247 in KJS::Object::call (this=<value optimized out>,
    exec=0x7fff88b84ba0, thisObj=@0x355684, args=@0x5) at object.cpp:73
#17 0x00002af227741b2e in KJS::FunctionCallNode::evaluate (this=<value 
optimized out>,
    exec=0x7fff88b84ba0) at nodes.cpp:870
#18 0x00002af2277430c0 in KJS::ExprStatementNode::execute (this=0x1368c70,
    exec=0x7fff88b84ba0) at nodes.cpp:1980
#19 0x00002af22774334d in KJS::SourceElementsNode::execute (this=0x1368cc0,
    exec=0x7fff88b84ba0) at nodes.cpp:3091
#20 0x00002af22774327e in KJS::BlockNode::execute (this=0x1368d10, 
exec=0x7fff88b84ba0)
    at nodes.cpp:1942
#21 0x00002af227742f7a in KJS::IfNode::execute (this=0x1368dd0, 
exec=0x7fff88b84ba0)
---Type <return> to continue, or q <return> to quit---
    at nodes.cpp:2021
#22 0x00002af2277433ec in KJS::SourceElementsNode::execute (this=0x0, 
exec=0x7fff88b84ba0)
    at nodes.cpp:3097
#23 0x00002af22774327e in KJS::BlockNode::execute (this=0x1368f90, 
exec=0x7fff88b84ba0)
    at nodes.cpp:1942
#24 0x00002af227742f7a in KJS::IfNode::execute (this=0x1368fe0, 
exec=0x7fff88b84ba0)
    at nodes.cpp:2021
#25 0x00002af2277433ec in KJS::SourceElementsNode::execute (this=0x1367370,
    exec=0x7fff88b84ba0) at nodes.cpp:3097
#26 0x00002af22774327e in KJS::BlockNode::execute (this=0x1369090, 
exec=0x7fff88b84ba0)
    at nodes.cpp:1942
#27 0x00002af2277672eb in KJS::DeclaredFunctionImp::execute (this=<value 
optimized out>,
    exec=0x63) at function.cpp:613
#28 0x00002af2277670cd in KJS::FunctionImp::call (this=0x14ea240, 
exec=0xd13cb0,
    thisObj=@0x7fff88b84d60, args=@0x7fff88b84d10) at function.cpp:373
#29 0x00002af22776c247 in KJS::Object::call (this=<value optimized out>, 
exec=0xd13cb0,
    thisObj=@0x355684, args=@0x5) at object.cpp:73
#30 0x00002af2274d501f in KJS::JSEventListener::handleEvent (this=0x1449130,
    evt=@0x7fff88b84dd0) at kjs_events.cpp:96
#31 0x00002af2274e7253 in KJS::XMLHttpRequest::changeState (this=0x14f4170,
    newState=<value optimized out>) at xmlhttprequest.cpp:267
#32 0x00002af2274e7422 in KJS::XMLHttpRequest::slotFinished (this=0x14f4170)
---Type <return> to continue, or q <return> to quit---
    at xmlhttprequest.cpp:601
#33 0x00002af2274eb3be in KJS::XMLHttpRequestQObject::qt_invoke 
(this=0x14f42b0, _id=3,
    _o=0x7fff88b84f10) at xmlhttprequest.moc:98
#34 0x00002af22404c24c in QObject::activate_signal () 
from /usr/qt/3/lib64/libqt-mt.so.3
#35 0x00002af22285bffc in KIO::Job::result (this=<value optimized out>, 
t0=0x14f4990)
    at jobclasses.moc:162
#36 0x00002af22285f3bf in KIO::Job::emitResult (this=0x14f4990) at 
job.cpp:235
#37 0x00002af22285f526 in KIO::SimpleJob::slotFinished (this=0x14f4990) at 
job.cpp:601
#38 0x00002af222866bda in KIO::TransferJob::slotFinished (this=0x14f4990) at 
job.cpp:971
#39 0x00002af22285d938 in KIO::TransferJob::qt_invoke (this=0x14f4990, 
_id=17,
    _o=0x7fff88b853e0) at jobclasses.moc:1071
#40 0x00002af22404c24c in QObject::activate_signal () 
from /usr/qt/3/lib64/libqt-mt.so.3
#41 0x00002af22404cef3 in QObject::activate_signal () 
from /usr/qt/3/lib64/libqt-mt.so.3
#42 0x00002af22284ed6d in KIO::SlaveInterface::dispatch (this=0xd9f0f0, 
_cmd=104,
    rawdata=@0x7fff88b856c0) at slaveinterface.cpp:243
#43 0x00002af22284d77d in KIO::SlaveInterface::dispatch (this=0xd9f0f0)
    at slaveinterface.cpp:173
#44 0x00002af22284aa4a in KIO::Slave::gotInput (this=0x5) at slave.cpp:300
#45 0x00002af22284abd8 in KIO::Slave::qt_invoke (this=0xd9f0f0, _id=4, 
_o=0x7fff88b85800)
    at slave.moc:113
#46 0x00002af22404c24c in QObject::activate_signal () 
from /usr/qt/3/lib64/libqt-mt.so.3
#47 0x00002af22404ce25 in QObject::activate_signal () 
from /usr/qt/3/lib64/libqt-mt.so.3
---Type <return> to continue, or q <return> to quit---
#48 0x00002af22406695b in QSocketNotifier::event () 
from /usr/qt/3/lib64/libqt-mt.so.3
#49 0x00002af223ff5cb5 in QApplication::internalNotify ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#50 0x00002af223ff68b7 in QApplication::notify () 
from /usr/qt/3/lib64/libqt-mt.so.3
#51 0x00002af223369b7e in KApplication::notify (this=0x7fff88b85e10, 
receiver=0xdea500,
    event=0x7fff88b85b00) at kapplication.cpp:550
#52 0x00002af223febe9b in QEventLoop::activateSocketNotifiers ()
   from /usr/qt/3/lib64/libqt-mt.so.3
#53 0x00002af223facbd3 in QEventLoop::processEvents () 
from /usr/qt/3/lib64/libqt-mt.so.3
#54 0x00002af22400a402 in QEventLoop::enterLoop () 
from /usr/qt/3/lib64/libqt-mt.so.3
#55 0x00002af22400a2b2 in QEventLoop::exec () 
from /usr/qt/3/lib64/libqt-mt.so.3
#56 0x00002af2220abcbe in kdemain (argc=<value optimized out>, argv=<value 
optimized out>)
    at konq_main.cc:206
#57 0x00002af22651f374 in __libc_start_main () from /lib/libc.so.6
#58 0x0000000000400789 in _start ()

Comment 3 Maksim Orlovich 2007-05-19 17:28:03 UTC

Thanks for the backtrace and the report; but could you please tell us what steps to take to get the crash?

Comment 4 klaus 2007-05-19 18:01:44 UTC

Am Samstag, 19. Mai 2007 schrieb Maksim Orlovich:
[bugs.kde.org quoted mail]

hmm, that it is very strange. 
Konqueror crashed only if i chose an Entry from the combobox called "Jun 
2007" or  "Mallorca". The other ones works pretty well.

Please take a look in the Attachment for the right Combobox i mean.
Thanks for all,


Created an attachment (id=20633)
konqueror_combobox_crash.jpeg

Comment 5 Maksim Orlovich 2007-05-19 18:31:09 UTC

Thanks, can see... Seems like  we forget to add an item into getElementById cache when Attr nodes are used...

Comment 6 klaus 2007-05-19 19:39:00 UTC

Am Samstag, 19. Mai 2007 schrieb Maksim Orlovich:
[bugs.kde.org quoted mail]
fine if i can help the open-source and kde first.
thx

Comment 7 patch_linams 2007-07-28 12:48:19 UTC

Created attachment 21275 [details]
dom_elementimpl.cpp.patch.diff

Fix: if a new attribute is initialized dynamically its id will be registered.

Comment 8 Maksim Orlovich 2007-07-28 16:59:07 UTC

Great catch, thanks!

Comment 9 Maksim Orlovich 2007-07-28 17:41:56 UTC

Hmm, it's probably not right though, since most AttrImpl creation via createAttr just replaces the inline info, and hence shouldn't register the ID again... The only place I see AttrImpl's created is cloneNode, and those are parentless...

Any chance you distilled a testcase while making this patch?

Man, I wish I could think of a better way of doing this...

Comment 10 patch_linams 2007-07-28 21:34:44 UTC

Well, the website in the report title (www.alltours.de) is such a testcase. 

When the site is loaded all ids are gathered and added to the id cache. But e.g. when you choose another travel destination (not the preselected "Mallorca") new ids are created on the fly by the script in the page. Those ids are _not_ added to the cache although the corresponding AttrImpls are created. But when another travel destination is chosen it's recognized that some ids (which are not in the id cache) have to be updated (e.g. removed from the cache) -> application crashes.

Therefore caching ids of newly created attributes is the logical solution. Of course, we can just check whether an id was found in the cache and if not we won't remove anything ("if(info)" in ElementMappingCache::remove in dom_docimpl.cpp). But that would be just a dirty stop-gap fix.

Comment 11 patch_linams 2007-07-28 22:03:24 UTC

Btw one of the easiest ways to reproduce the crash is to click on the down-pointing arrow to the right of "Mallorca" on www.alltours.de, to release it and then to press down the down arrow key of your keyboard. By the time you reach "Paphos" Konqueror will be in nirvana ;-)

Comment 12 patch_linams 2007-07-28 22:09:34 UTC

and by click and release I meant double click so that the drop-down menu is opened and closed again...

Comment 13 Tommi Tervo 2007-08-24 09:05:35 UTC

*** Bug 149157 has been marked as a duplicate of this bug. ***

Comment 14 Tommi Tervo 2007-08-24 09:07:26 UTC

Created attachment 21470 [details]
Test case from bug #149157

Comment 15 FiNeX 2008-04-21 12:32:21 UTC

The testcase on #14 doesn't make konqueror 4 crash.
Selecting a month from www.alltours.de website make konqueror 4 crash!!!

Comment 16 patch_linams 2008-05-11 13:44:35 UTC

Have you applied the patch from #7?

Comment 17 Oliver Putz 2008-11-16 21:27:52 UTC

Confirming that the bug is still valid in KDE-4.1.73 (*not* applied the mentioned patch) and that the testcase does not crash konqueror here either

Comment 18 Oliver Putz 2009-05-31 15:07:08 UTC

Still valid in KDE-4.2.3

Program received signal SIGABRT, Aborted.
[Switching to Thread 0x7f7d70092750 (LWP 21519)]
0x00007f7d6aefa235 in raise () from /lib/libc.so.6
#0  0x00007f7d6aefa235 in raise () from /lib/libc.so.6
#1  0x00007f7d6aefb753 in abort () from /lib/libc.so.6
#2  0x00007f7d6aef30e9 in __assert_fail () from /lib/libc.so.6
#3  0x00007f7d62030ca2 in DOM::ElementMappingCache::remove (this=0x15a6110, id=@0x7fff780cfd30, nd=0x15f5f20) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/xml/dom_docimpl.cpp:353
#4  0x00007f7d6203a77e in DOM::ElementImpl::updateId (this=0x15f5f20, oldId=<value optimized out>, newId=0x15a5a20)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/xml/dom_elementimpl.cpp:1122
#5  0x00007f7d6203f612 in DOM::AttrImpl::childrenChanged (this=0xcd7480) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/xml/dom_elementimpl.cpp:185
#6  0x00007f7d62037350 in DOM::NodeImpl::dispatchSubtreeModifiedEvent (this=0x540f) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/xml/dom_nodeimpl.cpp:668
#7  0x00007f7d620375fc in DOM::NodeBaseImpl::appendChild (this=0xcd7480, newChild=0x1424ed0, exceptioncode=@0x7fff780cfeb4)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/xml/dom_nodeimpl.cpp:1637
#8  0x00007f7d6203e1db in DOM::AttrImpl::setValue (this=0xcd7480, v=@0x7fff780cff00, exceptioncode=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/xml/dom_elementimpl.cpp:216
#9  0x00007f7d6215f7ef in KJS::DOMAttr::putValueProperty (this=0x7f7d5f620c80, exec=<value optimized out>, token=2, value=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/ecma/kjs_dom.cpp:878
#10 0x00007f7d61bab567 in KJS::Machine::runBlock (exec=0x7fff780d04b0, codeBlock=<value optimized out>, parentExec=0x7fff780d0bf0) at codes.def:660
#11 0x00007f7d61b993f6 in KJS::FunctionImp::callAsFunction (this=0x7f7d5f6b4200, exec=0x7fff780d0bf0, thisObj=<value optimized out>, args=@0x7fff780d0b70)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kjs/function.cpp:144
#12 0x00007f7d61b9bdc7 in KJS::JSObject::call (this=0x7f7d5f6b4200, exec=0x7fff780d0bf0, thisObj=0x7f7d658e0000, args=@0x7fff780d0b70)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kjs/object.cpp:69
#13 0x00007f7d61bafd52 in KJS::Machine::runBlock (exec=0x7fff780d0bf0, codeBlock=<value optimized out>, parentExec=0xe40240) at codes.def:1192
#14 0x00007f7d61b993f6 in KJS::FunctionImp::callAsFunction (this=0x7f7d5f6ba980, exec=0xe40240, thisObj=<value optimized out>, args=@0x7fff780d0e30)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kjs/function.cpp:144
#15 0x00007f7d61b9bdc7 in KJS::JSObject::call (this=0x7f7d5f6ba980, exec=0xe40240, thisObj=0x7f7d658e0000, args=@0x7fff780d0e30)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kjs/object.cpp:69
#16 0x00007f7d6219b835 in KJS::JSEventListener::handleEvent (this=0x159f190, evt=@0x7fff780d0eb0) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/ecma/kjs_events.cpp:106
#17 0x00007f7d621a2c8e in KJS::XMLHttpRequest::changeState (this=0x7f7d658e0180, newState=<value optimized out>)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/ecma/xmlhttprequest.cpp:349
#18 0x00007f7d621a32e2 in KJS::XMLHttpRequest::slotFinished (this=0x7f7d658e0180) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/ecma/xmlhttprequest.cpp:719
#19 0x00007f7d621a33f9 in KJS::XMLHttpRequestQObject::qt_metacall (this=0x15b58a0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff780d1050)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/khtml/ecma/xmlhttprequest.cpp:93
#20 0x00007f7d6d929900 in QMetaObject::activate (sender=0x159f110, from_signal_index=<value optimized out>, to_signal_index=7, argv=0xffffffffffffffff) at kernel/qobject.cpp:3025
#21 0x00007f7d6df0c9d6 in KJob::result (this=0x1020180, _t1=0x159f110) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3_build/kdecore/kjob.moc:186
#22 0x00007f7d6df0cd2f in KJob::emitResult (this=0x159f110) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kdecore/jobs/kjob.cpp:294
#23 0x00007f7d6efd0a48 in KIO::SimpleJob::slotFinished (this=0x159f110) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kio/kio/job.cpp:489
#24 0x00007f7d6efd0d21 in KIO::TransferJob::slotFinished (this=0x159f110) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kio/kio/job.cpp:966
#25 0x00007f7d6efd5953 in KIO::TransferJob::qt_metacall (this=0x159f110, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff780d1400)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3_build/kio/jobclasses.moc:336
#26 0x00007f7d6d929900 in QMetaObject::activate (sender=0xc707d0, from_signal_index=<value optimized out>, to_signal_index=8, argv=0xffffffffffffffff) at kernel/qobject.cpp:3025
#27 0x00007f7d6f043bdb in KIO::SlaveInterface::dispatch (this=0xc707d0, _cmd=104, rawdata=@0x7fff780d16b0) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kio/kio/slaveinterface.cpp:175
#28 0x00007f7d6f0445a6 in KIO::SlaveInterface::dispatch (this=0xc707d0) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kio/kio/slaveinterface.cpp:91
#29 0x00007f7d6f039adc in KIO::Slave::gotInput (this=0xc707d0) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kio/kio/slave.cpp:322
#30 0x00007f7d6f03adf1 in KIO::Slave::qt_metacall (this=0xc707d0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fff780d1810)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3_build/kio/slave.moc:75
#31 0x00007f7d6d929900 in QMetaObject::activate (sender=0xbb63a0, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xffffffffffffffff) at kernel/qobject.cpp:3025
#32 0x00007f7d6efb2859 in KIO::ConnectionPrivate::dequeue (this=0xaf8c40) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kio/kio/connection.cpp:82
#33 0x00007f7d6efb34bf in KIO::Connection::qt_metacall (this=0xbb63a0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x15e9970)
    at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3_build/kio/connection.moc:72
#34 0x00007f7d6d92373e in QObject::event (this=0xbb63a0, e=0xcb4a60) at kernel/qobject.cpp:1149
#35 0x00007f7d6ccd0a2d in QApplicationPrivate::notify_helper (this=0x619210, receiver=0xbb63a0, e=0xcb4a60) at kernel/qapplication.cpp:3809
#36 0x00007f7d6ccd7d8e in QApplication::notify (this=0x7fff780d2320, receiver=0xbb63a0, e=0xcb4a60) at kernel/qapplication.cpp:3774
#37 0x00007f7d6e63ef84 in KApplication::notify (this=0x7fff780d2320, receiver=0xbb63a0, event=0xcb4a60) at /var/tmp/portage/kde-base/kdelibs-4.2.3/work/kdelibs-4.2.3/kdeui/kernel/kapplication.cpp:307
#38 0x00007f7d6d914be0 in QCoreApplication::notifyInternal (this=0x7fff780d2320, receiver=0xbb63a0, event=0xcb4a60) at kernel/qcoreapplication.cpp:589
#39 0x00007f7d6d918493 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x604d80) at kernel/qcoreapplication.h:215
#40 0x00007f7d6d93bde3 in postEventSourceDispatch (s=<value optimized out>) at kernel/qcoreapplication.h:220
#41 0x00007f7d696ff614 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#42 0x00007f7d697014d7 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#43 0x00007f7d697015bd in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#44 0x00007f7d6d93bb1f in QEventDispatcherGlib::processEvents (this=0x6193f0, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:325
#45 0x00007f7d6cd56e1f in QGuiEventDispatcherGlib::processEvents (this=0x540f, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#46 0x00007f7d6d913812 in QEventLoop::processEvents (this=<value optimized out>, flags={i = 2014126368}) at kernel/qeventloop.cpp:149
#47 0x00007f7d6d9139a5 in QEventLoop::exec (this=0x7fff780d2160, flags={i = 2014126448}) at kernel/qeventloop.cpp:196
#48 0x00007f7d6d918747 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:851
#49 0x00007f7d6fc8bd4d in kdemain (argc=<value optimized out>, argv=<value optimized out>) at /var/tmp/portage/kde-base/konqueror-4.2.3/work/konqueror-4.2.3/konqueror/src/konqmain.cpp:257
#50 0x00007f7d6aee6486 in __libc_start_main () from /lib/libc.so.6
#51 0x00000000004008f9 in _start ()

Comment 19 Maksim Orlovich 2010-01-06 18:12:16 UTC

SVN commit 1070748 by orlovich:

Properly set hasID bit on XML elements, too, so that the ID cache doesn't 
get out of sync.

(Makes me wonder about the classname bit, too, though)

BUG: 145612
BUG: 214127


 M  +17 -9     dom_elementimpl.cpp  
 M  +10 -8     dom_elementimpl.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1070748

Comment 20 Maksim Orlovich 2010-01-06 18:16:33 UTC

SVN commit 1070751 by orlovich:

Regression test for #145612/#214127

CCBUG:214127
CCBUG:145612


 A             baseline/xml/id-crash.xml-dom  
 M  +2 -0      baseline/xml/svnignore  
 A             tests/xml/id-crash.xml  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1070751