Bug 146667 - [test case] [patch] Konqueror crash with 2 script elements
Summary: [test case] [patch] Konqueror crash with 2 script elements
Status: RESOLVED WORKSFORME
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: Unlisted Binaries Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 151436 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-06-11 15:16 UTC by Rodrigo Fernandes
Modified: 2009-08-29 17:28 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
htmltokenizer.cpp.patch.diff (701 bytes, patch)
2007-07-28 04:53 UTC, patch_linams 		Details
/htmltokenizer.cpp.patch.diff (701 bytes, patch)
2007-07-28 05:05 UTC, patch_linams 		Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Rodrigo Fernandes 2007-06-11 15:16:33 UTC 
Version:            (using KDE KDE 3.5.7)
Installed from:    Unspecified Linux
OS:                Linux

Simple test case, Konqueror crashes on open.
I'm using KDE 3.5.7 on Archlinux

Note that it doesn't matter whether or not the src value points to an actual file. Tested with both an empty js and a one liner document.write('');, both crash)

---TEST CASE---

<html>
<head>
<title>Crash Testcase</title>
</head>
<body>

<script type="text/javascript" src=""/>
<script type="text/javascript" src=""/>

</body>
</html>
Comment 1 Rodrigo Fernandes 2007-06-11 15:52:06 UTC 
Forgot to attach relevant part of BT

[KCrash handler]
#9  0xb606939d in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde/lib/libkhtml.so.4
#10 0xb606bcae in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde/lib/libkhtml.so.4
#11 0xb606d723 in khtml::HTMLTokenizer::write ()
   from /opt/kde/lib/libkhtml.so.4
#12 0xb6068a87 in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde/lib/libkhtml.so.4
#13 0xb6119954 in khtml::CachedScript::checkNotify ()
   from /opt/kde/lib/libkhtml.so.4
#14 0xb61225c1 in khtml::CachedScript::data () from /opt/kde/lib/libkhtml.so.4
#15 0xb612115e in khtml::Loader::slotFinished ()
   from /opt/kde/lib/libkhtml.so.4
#16 0xb612190a in khtml::Loader::qt_invoke () from /opt/kde/lib/libkhtml.so.4
#17 0xb7194b59 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3
#18 0xb7c9908e in KIO::Job::result () from /opt/kde/lib/libkio.so.4
#19 0xb7ce6f9d in KIO::Job::emitResult () from /opt/kde/lib/libkio.so.4
#20 0xb7cec2ee in KIO::SimpleJob::slotFinished () from /opt/kde/lib/libkio.so.4
#21 0xb7cec9fd in KIO::TransferJob::slotFinished ()
   from /opt/kde/lib/libkio.so.4
#22 0xb7ce6bca in KIO::TransferJob::qt_invoke () from /opt/kde/lib/libkio.so.4
#23 0xb7194b59 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3
#24 0xb719576d in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3
#25 0xb7c9462c in KIO::SlaveInterface::finished ()
   from /opt/kde/lib/libkio.so.4
#26 0xb7d09f90 in KIO::SlaveInterface::dispatch ()
   from /opt/kde/lib/libkio.so.4
#27 0xb7cf959a in KIO::SlaveInterface::dispatch ()
   from /opt/kde/lib/libkio.so.4
#28 0xb7caa31c in KIO::Slave::gotInput () from /opt/kde/lib/libkio.so.4
#29 0xb7cfb280 in KIO::Slave::qt_invoke () from /opt/kde/lib/libkio.so.4
#30 0xb7194b59 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3
#31 0xb7195662 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3
#32 0xb74c02f0 in QSocketNotifier::activated () from /opt/qt/lib/libqt-mt.so.3
#33 0xb71b29e0 in QSocketNotifier::event () from /opt/qt/lib/libqt-mt.so.3
#34 0xb7136407 in QApplication::internalNotify ()
   from /opt/qt/lib/libqt-mt.so.3
#35 0xb71371bf in QApplication::notify () from /opt/qt/lib/libqt-mt.so.3
#36 0xb7848112 in KApplication::notify () from /opt/kde/lib/libkdecore.so.4
#37 0xb712b3a1 in QEventLoop::activateSocketNotifiers ()
   from /opt/qt/lib/libqt-mt.so.3
#38 0xb70e571e in QEventLoop::processEvents () from /opt/qt/lib/libqt-mt.so.3
#39 0xb714ccd1 in QEventLoop::enterLoop () from /opt/qt/lib/libqt-mt.so.3
#40 0xb714cb76 in QEventLoop::exec () from /opt/qt/lib/libqt-mt.so.3
#41 0xb713606f in QApplication::exec () from /opt/qt/lib/libqt-mt.so.3
#42 0xb66e7215 in kdemain () from /opt/kde/lib/libkdeinit_konqueror.so
#43 0xb76966c4 in kdeinitmain () from /opt/kde/lib/kde3/konqueror.so
#44 0x0804dd2f in ?? ()
#45 0x00000002 in ?? ()
#46 0x08092128 in ?? ()
#47 0x00000001 in ?? ()
#48 0x00000000 in ?? ()
Comment 2 patch_linams 2007-07-28 04:53:27 UTC 
Created attachment 21267 [details]
htmltokenizer.cpp.patch.diff

According to W3C specifications an end tag is required for a script start tag.
The patch fixes the issue with the provided test case.
Comment 3 patch_linams 2007-07-28 05:05:17 UTC 
Created attachment 21268 [details]
/htmltokenizer.cpp.patch.diff

In the patch orig and new khtml dirs are in correct order now
Comment 4 Tommi Tervo 2007-10-29 17:14:49 UTC 
*** Bug 151436 has been marked as a duplicate of this bug. ***
Comment 5 A. Spehr 2008-04-24 11:02:13 UTC 
konqueror(13522)/khtml (tokenizer) khtml::HTMLTokenizer::notifyFinished: Finished loading an external script
konqueror(13522)/khtml (jscript) KJS::KJSProxyImpl::evaluate: WARNING: Script threw exception:  "SyntaxError: Parse error"
konqueror(13522)/khtml (tokenizer) khtml::HTMLTokenizer::notifyFinished: Finished loading an external script
konqueror(13522)/khtml (jscript) KJS::KJSProxyImpl::evaluate: WARNING: Script threw exception:  "SyntaxError: Parse error"
KCrash: crashing... crashRecursionCounter = 2

Um, yeah, this still crashes. SVN branch 4.0 r793993
Comment 6 patch_linams 2008-05-11 13:46:41 UTC 
Have you applied the patch from #3?
Comment 7 FiNeX 2009-08-29 17:28:13 UTC 
It doesn't crash anymore using current trunk :-)