153711 – konqueror crashed while browsing the web

Bug 153711 - konqueror crashed while browsing the web

Summary: konqueror crashed while browsing the web

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (1):	156351 (view as bug list)
Depends on:
Blocks:

Reported:	2007-12-09 11:42 UTC by Marcin Ślusarz
Modified:	2008-01-22 05:25 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Workaround for NULL-deref (791 bytes, patch) 2007-12-11 11:16 UTC, Rolf Eike Beer	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Marcin Ślusarz 2007-12-09 11:42:16 UTC

Version:           rev 746143 (using KDE Devel)
Installed from:    Compiled sources
OS:                Linux

konqueror crashed with the following backtrace:

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1237199152 (LWP 4086)]
[KCrash handler]
#6  0xb4705e8a in DOM::CSSStyleDeclarationImpl::operator= (this=0x0, 
    o=@0xa0d19f0)
    at /storage/tmp/kde4dev/kdelibs/khtml/css/css_valueimpl.cpp:100
#7  0xb45dec7c in DOM::ElementImpl::finishCloneNode (this=0xa0d1fb0, 
    clone=0x9a8e9c0, deep=true)
    at /storage/tmp/kde4dev/kdelibs/khtml/xml/dom_elementimpl.cpp:465
#8  0xb45dee98 in DOM::ElementImpl::cloneNode (this=0xa0d1fb0, deep=true)
    at /storage/tmp/kde4dev/kdelibs/khtml/xml/dom_elementimpl.cpp:449
#9  0xb475c5a2 in DOMNodeProtoFunc::callAsFunction (this=0xb08fd660, 
    exec=0xbfc88adc, thisObj=0xb0892c60, args=@0xbfc8884c)
    at /storage/tmp/kde4dev/kdelibs/khtml/ecma/kjs_dom.cpp:582
#10 0xb49c85fa in KJS::JSObject::call (this=0xb08fd660, exec=0xbfc88adc, 
    thisObj=0xb0892c60, args=@0xbfc8884c)
    at /storage/tmp/kde4dev/kdelibs/kjs/object.cpp:99
#11 0xb4989d8a in KJS::FunctionCallDotNode::evaluate (this=0x9a45f30, 
    exec=0xbfc88adc) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1123
#12 0xb498c718 in KJS::AssignBracketNode::evaluate (this=0x9a45f50, 
    exec=0xbfc88adc) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1851
#13 0xb4986b6b in KJS::ExprStatementNode::execute (this=0x9a45f70, 
    exec=0xbfc88adc) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2141
#14 0xb49847ba in KJS::SourceElementsNode::execute (this=0x9a34260, 
    exec=0xbfc88adc) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#15 0xb497ff55 in KJS::BlockNode::execute (this=0x9a460a8, exec=0xbfc88adc)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#16 0xb49c0dd7 in KJS::DeclaredFunctionImp::execute (this=0xb08aa000, 
    exec=0xbfc88adc) at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:372
#17 0xb49c3289 in KJS::FunctionImp::callAsFunction (this=0xb08aa000, 
    exec=0xbfc88d2c, thisObj=0xb0900080, args=@0xbfc88bb8)
    at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:160
#18 0xb49c85fa in KJS::JSObject::call (this=0xb08aa000, exec=0xbfc88d2c, 
    thisObj=0xb0900080, args=@0xbfc88bb8)
    at /storage/tmp/kde4dev/kdelibs/kjs/object.cpp:99
#19 0xb498ae54 in KJS::FunctionCallReferenceNode::evaluate (this=0xa0234e0, 
    exec=0xbfc88d2c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1020
#20 0xb4986b6b in KJS::ExprStatementNode::execute (this=0xa0234f8, 
    exec=0xbfc88d2c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2141
#21 0xb49847ba in KJS::SourceElementsNode::execute (this=0xa0188f0, 
    exec=0xbfc88d2c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#22 0xb497ff55 in KJS::BlockNode::execute (this=0xa02d538, exec=0xbfc88d2c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#23 0xb49c0dd7 in KJS::DeclaredFunctionImp::execute (this=0xb08a9d80, 
    exec=0xbfc88d2c) at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:372
#24 0xb49c3289 in KJS::FunctionImp::callAsFunction (this=0xb08a9d80, 
    exec=0xbfc8918c, thisObj=0xb0900080, args=@0xbfc88e08)
    at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:160
#25 0xb49c85fa in KJS::JSObject::call (this=0xb08a9d80, exec=0xbfc8918c, 
    thisObj=0xb0900080, args=@0xbfc88e08)
    at /storage/tmp/kde4dev/kdelibs/kjs/object.cpp:99
#26 0xb498ae54 in KJS::FunctionCallReferenceNode::evaluate (this=0xa074928, 
    exec=0xbfc8918c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1020
#27 0xb4986b6b in KJS::ExprStatementNode::execute (this=0xa074940, 
    exec=0xbfc8918c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2141
#28 0xb4986a61 in KJS::IfNode::execute (this=0xa074958, exec=0xbfc8918c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2166
#29 0xb49847ba in KJS::SourceElementsNode::execute (this=0xa07ab38, 
    exec=0xbfc8918c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#30 0xb497ff55 in KJS::BlockNode::execute (this=0xa074bc8, exec=0xbfc8918c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#31 0xb4985ee4 in KJS::ForNode::execute (this=0xa074be0, exec=0xbfc8918c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2295
#32 0xb49847ba in KJS::SourceElementsNode::execute (this=0xa07a6b0, 
    exec=0xbfc8918c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#33 0xb497ff55 in KJS::BlockNode::execute (this=0xa074c28, exec=0xbfc8918c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#34 0xb4985ee4 in KJS::ForNode::execute (this=0xa074c40, exec=0xbfc8918c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2295
#35 0xb49847ba in KJS::SourceElementsNode::execute (this=0xa071248, 
    exec=0xbfc8918c) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#36 0xb497ff55 in KJS::BlockNode::execute (this=0xa076b50, exec=0xbfc8918c)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#37 0xb49c0dd7 in KJS::DeclaredFunctionImp::execute (this=0xb08a9b40, 
    exec=0xbfc8918c) at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:372
#38 0xb49c3289 in KJS::FunctionImp::callAsFunction (this=0xb08a9b40, 
    exec=0xbfc895ac, thisObj=0xb0900080, args=@0xbfc89268)
    at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:160
#39 0xb49c85fa in KJS::JSObject::call (this=0xb08a9b40, exec=0xbfc895ac, 
    thisObj=0xb0900080, args=@0xbfc89268)
    at /storage/tmp/kde4dev/kdelibs/kjs/object.cpp:99
#40 0xb498ae54 in KJS::FunctionCallReferenceNode::evaluate (this=0x9a34130, 
    exec=0xbfc895ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1020
#41 0xb4986b6b in KJS::ExprStatementNode::execute (this=0x9a34148, 
    exec=0xbfc895ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2141
#42 0xb4984692 in KJS::SourceElementsNode::execute (this=0x9a34160, 
    exec=0xbfc895ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2946
#43 0xb497ff55 in KJS::BlockNode::execute (this=0x9a5b0b0, exec=0xbfc895ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#44 0xb4986a61 in KJS::IfNode::execute (this=0x9a34688, exec=0xbfc895ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2166
#45 0xb49847ba in KJS::SourceElementsNode::execute (this=0x9fe8648, 
    exec=0xbfc895ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#46 0xb497ff55 in KJS::BlockNode::execute (this=0x9a35070, exec=0xbfc895ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#47 0xb4986ac7 in KJS::IfNode::execute (this=0x9a35088, exec=0xbfc895ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2173
#48 0xb4985ee4 in KJS::ForNode::execute (this=0x9a358c8, exec=0xbfc895ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2295
#49 0xb49847ba in KJS::SourceElementsNode::execute (this=0x9a5ab58, 
    exec=0xbfc895ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#50 0xb497ff55 in KJS::BlockNode::execute (this=0x9a35f08, exec=0xbfc895ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#51 0xb49c0dd7 in KJS::DeclaredFunctionImp::execute (this=0xb08aa080, 
    exec=0xbfc895ac) at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:372
#52 0xb49c3289 in KJS::FunctionImp::callAsFunction (this=0xb08aa080, 
    exec=0xbfc898ac, thisObj=0xb0900080, args=@0xbfc89688)
    at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:160
#53 0xb49c85fa in KJS::JSObject::call (this=0xb08aa080, exec=0xbfc898ac, 
    thisObj=0xb0900080, args=@0xbfc89688)
    at /storage/tmp/kde4dev/kdelibs/kjs/object.cpp:99
#54 0xb498ae54 in KJS::FunctionCallReferenceNode::evaluate (this=0xa04e7d8, 
    exec=0xbfc898ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1020
#55 0xb4986b6b in KJS::ExprStatementNode::execute (this=0xa04e7f0, 
    exec=0xbfc898ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2141
#56 0xb49847ba in KJS::SourceElementsNode::execute (this=0xa04e550, 
    exec=0xbfc898ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#57 0xb497ff55 in KJS::BlockNode::execute (this=0xa04e828, exec=0xbfc898ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#58 0xb4986a61 in KJS::IfNode::execute (this=0x99e6df0, exec=0xbfc898ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2166
#59 0xb4984692 in KJS::SourceElementsNode::execute (this=0x99e6e10, 
    exec=0xbfc898ac) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2946
#60 0xb497ff55 in KJS::BlockNode::execute (this=0x99e6e30, exec=0xbfc898ac)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#61 0xb49c0dd7 in KJS::DeclaredFunctionImp::execute (this=0xb08a1800, 
    exec=0xbfc898ac) at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:372
#62 0xb49c3289 in KJS::FunctionImp::callAsFunction (this=0xb08a1800, 
    exec=0xbfc89ad4, thisObj=0xb0900080, args=@0xbfc89988)
    at /storage/tmp/kde4dev/kdelibs/kjs/function.cpp:160
#63 0xb49c85fa in KJS::JSObject::call (this=0xb08a1800, exec=0xbfc89ad4, 
    thisObj=0xb0900080, args=@0xbfc89988)
    at /storage/tmp/kde4dev/kdelibs/kjs/object.cpp:99
#64 0xb498ae54 in KJS::FunctionCallReferenceNode::evaluate (this=0xa057168, 
    exec=0xbfc89ad4) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:1020
#65 0xb4986b6b in KJS::ExprStatementNode::execute (this=0xa057180, 
    exec=0xbfc89ad4) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2141
#66 0xb49847ba in KJS::SourceElementsNode::execute (this=0x9a8e7d8, 
    exec=0xbfc89ad4) at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2952
#67 0xb497ff55 in KJS::BlockNode::execute (this=0xa00e220, exec=0xbfc89ad4)
    at /storage/tmp/kde4dev/kdelibs/kjs/nodes.cpp:2118
#68 0xb49cae70 in KJS::Interpreter::evaluate (this=0x93a1418, 
    sourceURL=@0xbfc89bc8, startingLineNumber=0, code=0x99efdb8, 
    codeLength=7362, thisV=0xb0900080)
    at /storage/tmp/kde4dev/kdelibs/kjs/interpreter.cpp:494
#69 0xb49cafa1 in KJS::Interpreter::evaluate (this=0x93a1418, 
    sourceURL=@0xbfc89bc8, startingLineNumber=0, code=@0xbfc89bc0, 
    thisV=0xb0900080) at /storage/tmp/kde4dev/kdelibs/kjs/interpreter.cpp:442
#70 0xb47ab5e5 in KJS::KJSProxyImpl::evaluate (this=0x99ae868, 
    filename=@0xbfc89c44, baseLine=0, str=@0xbfc89c40, n=@0xbfc89c38, 
    completion=0x0)
    at /storage/tmp/kde4dev/kdelibs/khtml/ecma/kjs_proxy.cpp:161
#71 0xb460e5f5 in DOM::HTMLScriptElementImpl::evaluateScript (this=0x9f956a0, 
    URL=@0xbfc89c88, script=@0xbfc89c80)
    at /storage/tmp/kde4dev/kdelibs/khtml/html/html_headimpl.cpp:419
#72 0xb460e88a in DOM::HTMLScriptElementImpl::notifyFinished (this=0x9f956a0, 
    o=0x9f94990)
    at /storage/tmp/kde4dev/kdelibs/khtml/html/html_headimpl.cpp:406
#73 0xb473d691 in khtml::CachedScript::checkNotify (this=0x9f94990)
    at /storage/tmp/kde4dev/kdelibs/khtml/misc/loader.cpp:372
#74 0xb474420c in khtml::CachedScript::data (this=0x9f94990, 
    buffer=@0x9e5a01c, eof=true)
    at /storage/tmp/kde4dev/kdelibs/khtml/misc/loader.cpp:364
#75 0xb4740586 in khtml::Loader::slotFinished (this=0x8128468, job=0x9f94068)
    at /storage/tmp/kde4dev/kdelibs/khtml/misc/loader.cpp:1296
#76 0xb47408e8 in khtml::Loader::qt_metacall (this=0x8128468, 
    _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfc8a2dc)
    at /storage/tmp/kde4dev/kdelibs-build/khtml/loader.moc:126
#77 0xb7325bc0 in QMetaObject::activate ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#78 0xb7326035 in QMetaObject::activate ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#79 0xb7aea9bc in KJob::result (this=0x9f94068, _t1=0x9f94068)
    at /storage/tmp/kde4dev/kdelibs-build/kdecore/kjob.moc:185
#80 0xb7aeaf3c in KJob::emitResult (this=0x9f94068)
    at /storage/tmp/kde4dev/kdelibs/kdecore/jobs/kjob.cpp:289
#81 0xb7cab9bd in KIO::SimpleJob::slotFinished (this=0x9f94068)
    at /storage/tmp/kde4dev/kdelibs/kio/kio/job.cpp:491
#82 0xb7cabd96 in KIO::TransferJob::slotFinished (this=0x9f94068)
    at /storage/tmp/kde4dev/kdelibs/kio/kio/job.cpp:961
#83 0xb7cb2d19 in KIO::TransferJob::qt_metacall (this=0x9f94068, 
    _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfc8a4dc)
    at /storage/tmp/kde4dev/kdelibs-build/kio/jobclasses.moc:335
#84 0xb7325bc0 in QMetaObject::activate ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#85 0xb7326035 in QMetaObject::activate ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#86 0xb7d5917b in KIO::SlaveInterface::finished (this=0x8c900e0)
    at /storage/tmp/kde4dev/kdelibs-build/kio/slaveinterface.moc:162
#87 0xb7d5af29 in KIO::SlaveInterface::dispatch (this=0x8c900e0, _cmd=104, 
    rawdata=@0xbfc8aaa4)
    at /storage/tmp/kde4dev/kdelibs/kio/kio/slaveinterface.cpp:174
#88 0xb7d5b9b3 in KIO::SlaveInterface::dispatch (this=0x8c900e0)
    at /storage/tmp/kde4dev/kdelibs/kio/kio/slaveinterface.cpp:88
#89 0xb7d4de82 in KIO::Slave::gotInput (this=0x8c900e0)
    at /storage/tmp/kde4dev/kdelibs/kio/kio/slave.cpp:318
#90 0xb7d4f28e in KIO::Slave::qt_metacall (this=0x8c900e0, 
    _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfc8ab9c)
    at /storage/tmp/kde4dev/kdelibs-build/kio/slave.moc:74
#91 0xb7325bc0 in QMetaObject::activate ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#92 0xb7326035 in QMetaObject::activate ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#93 0xb7c8136f in KIO::Connection::readyRead (this=0x8b25598)
    at /storage/tmp/kde4dev/kdelibs-build/kio/connection.moc:83
#94 0xb7c8234f in KIO::ConnectionPrivate::dequeue (this=0x8098c38)
    at /storage/tmp/kde4dev/kdelibs/kio/kio/connection.cpp:82
#95 0xb7c83289 in KIO::Connection::qt_metacall (this=0x8b25598, 
    _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x9feb560)
    at /storage/tmp/kde4dev/kdelibs-build/kio/connection.moc:71
#96 0xb7321588 in QMetaCallEvent::placeMetaCall ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#97 0xb73268ef in QObject::event ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#98 0xb6aedce1 in QApplicationPrivate::notify_helper ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtGui.so.4
#99 0xb6aedfe2 in QApplication::notify ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtGui.so.4
#100 0xb78a78d7 in KApplication::notify (this=0xbfc8b97c, receiver=0x8b25598, 
    event=0x9a8f918)
    at /storage/tmp/kde4dev/kdelibs/kdeui/kernel/kapplication.cpp:319
#101 0xb731441e in QCoreApplication::notifyInternal ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#102 0xb73177ed in QCoreApplication::sendEvent ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#103 0xb73148f5 in QCoreApplicationPrivate::sendPostedEvents ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#104 0xb7314a4b in QCoreApplication::sendPostedEvents ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#105 0xb733de61 in postEventSourceDispatch ()
   from /storage/tmp/kde4dev/qt-unstable/lib/libQtCore.so.4
#106 0xb65c1df2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#107 0xb65c4dcf in ?? () from /usr/lib/libglib-2.0.so.0
#108 0x08060698 in ?? ()
#109 0x00000000 in ?? ()
#0  0xffffe410 in __kernel_vsyscall ()

i had 3 tabs opened somewhere on http://www.wp.pl (sorry, i don't remember where)
I'm using kde4daily revision 746143

Comment 1 Rolf Eike Beer 2007-12-11 11:16:18 UTC

Created attachment 22472 [details]
Workaround for NULL-deref

This patch should solve the NULL deref. It looks like "nonCSSDecls" being NULL.
 But first someone has to decide if that is a valid state or if is always has
to be initialised.

Comment 2 Maksim Orlovich 2008-01-15 21:24:45 UTC

http://lists.kde.org/?l=kde-commits&m=120042833925310&w=2

Comment 3 Maksim Orlovich 2008-01-15 21:30:13 UTC

SVN commit 761983 by orlovich:

Regression test for cloneNode crash
CCBUG:153711


 A             baseline/dom/clone-node-crash.html-dom  
 A             baseline/dom/clone-node-crash.html-render  
 M  +1 -0      baseline/dom/svnignore  
 A             tests/dom/clone-node-crash.html  


WebSVN link: http://websvn.kde.org/?view=rev&revision=761983

Comment 4 Maksim Orlovich 2008-01-22 05:25:20 UTC

*** Bug 156351 has been marked as a duplicate of this bug. ***