Bug 163098 - [patch] w + backspace crashes Konqueror if automatic text completion is enabled
Summary: [patch] w + backspace crashes Konqueror if automatic text completion is enabled
Status: RESOLVED FIXED
Alias: None
Product: kdelibs
Classification: Unmaintained
Component: general (show other bugs)
Version: 4.0
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: kdelibs bugs
URL:
Keywords:
: 157167 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-06-02 23:35 UTC by Yngve Levinsen
Modified: 2008-10-03 13:08 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Suggested patch (773 bytes, patch)
2008-08-21 01:25 UTC, Frank Reininghaus
Details
Improved patch (910 bytes, patch)
2008-09-25 21:05 UTC, Frank Reininghaus
Details
Extended patch (trying to reduce the code complexity) (1.67 KB, patch)
2008-09-25 21:07 UTC, Frank Reininghaus
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Yngve Levinsen 2008-06-02 23:35:58 UTC
Version:           4.0.3 (KDE 4.0.3) (using 4.0.3 (KDE 4.0.3), Kubuntu packages)
Compiler:          gcc
OS:                Linux (x86_64) release 2.6.24-17-generic

I haven't found this bug anywere else, sorry if this is a double! When I hit "w" and then hit backspace, konqueror crashes. This is 100% repeatable, so please ask me if you need more information. I use the short automatic text completion, that might have something to do with it. When I hit "w" it then suggest the most visited webpage.

Have a nice day, and keep up all the good work!

Cheers
Yngve


(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0x7f02829087a0 (LWP 9372)]
(no debugging symbols found)

(no debugging symbols found)
[KCrash handler]
#5  0x00007f0282105095 in raise () from /lib/libc.so.6
#6  0x00007f0282106af0 in abort () from /lib/libc.so.6
#7  0x00007f02820fe2df in __assert_fail () from /lib/libc.so.6
#8  0x00007f0273dd3f09 in KHTMLGlobal::finalCheck ()
   from /usr/lib/kde4/lib/libkhtml.so.5
#9  0x00007f02743584ba in ?? () from /usr/lib/kde4/lib/kde4/libkhtmlpart.so
#10 0x00007f028199ffa1 in QObjectCleanupHandler::clear ()
   from /usr/lib/libQtCore.so.4
#11 0x00007f02819a0004 in QObjectCleanupHandler::~QObjectCleanupHandler ()
   from /usr/lib/libQtCore.so.4
#12 0x00007f0282108110 in exit () from /lib/libc.so.6
#13 0x00007f028189ed6a in qt_message_output () from /usr/lib/libQtCore.so.4
#14 0x00007f028189eebd in qFatal () from /usr/lib/libQtCore.so.4
#15 0x00007f0280b6bb10 in ?? () from /usr/lib/kde4/lib/libkio.so.5
#16 0x00007f0280b6ad81 in ?? () from /usr/lib/kde4/lib/libkio.so.5
#17 0x00007f0280b6b0c4 in KUrlCompletion::makeCompletion ()
   from /usr/lib/kde4/lib/libkio.so.5
#18 0x00007f02824b38ab in KonqMainWindow::slotMakeCompletion ()
   from /usr/lib/kde4/lib/libkdeinit4_konqueror.so
#19 0x00007f02824c759a in KonqMainWindow::qt_metacall ()
   from /usr/lib/kde4/lib/libkdeinit4_konqueror.so
#20 0x00007f028199c286 in QMetaObject::activate ()
   from /usr/lib/libQtCore.so.4
#21 0x00007f02810ddea5 in KComboBox::completion ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#22 0x00007f02810deae2 in KComboBox::qt_metacall ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#23 0x00007f02810ee3e5 in KHistoryComboBox::qt_metacall ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#24 0x00007f02824a8495 in ?? ()
   from /usr/lib/kde4/lib/libkdeinit4_konqueror.so
#25 0x00007f028199c286 in QMetaObject::activate ()
   from /usr/lib/libQtCore.so.4
#26 0x00007f02810f3495 in KLineEdit::completion ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#27 0x00007f02810f7565 in KLineEdit::keyPressEvent ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#28 0x00007f027f494561 in QWidget::event () from /usr/lib/libQtGui.so.4
#29 0x00007f027f7a750b in QLineEdit::event () from /usr/lib/libQtGui.so.4
#30 0x00007f02810f4a0d in KLineEdit::event ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#31 0x00007f027f768e6f in QComboBox::keyPressEvent ()
   from /usr/lib/libQtGui.so.4
#32 0x00007f02810edc5d in KHistoryComboBox::keyPressEvent ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#33 0x00007f02824a8798 in ?? ()
   from /usr/lib/kde4/lib/libkdeinit4_konqueror.so
#34 0x00007f027f494561 in QWidget::event () from /usr/lib/libQtGui.so.4
#35 0x00007f027f76621d in QComboBox::event () from /usr/lib/libQtGui.so.4
#36 0x00007f027f44654f in QApplicationPrivate::notify_helper ()
   from /usr/lib/libQtGui.so.4
#37 0x00007f027f44b892 in QApplication::notify () from /usr/lib/libQtGui.so.4
#38 0x00007f0281066761 in KApplication::notify ()
   from /usr/lib/kde4/lib/libkdeui.so.5
#39 0x00007f0281988109 in QCoreApplication::notifyInternal ()
   from /usr/lib/libQtCore.so.4
#40 0x00007f027f49cc3c in ?? () from /usr/lib/libQtGui.so.4
#41 0x00007f027f4cc2e4 in ?? () from /usr/lib/libQtGui.so.4
#42 0x00007f027f4ce4d0 in ?? () from /usr/lib/libQtGui.so.4
#43 0x00007f027f4a92c8 in QApplication::x11ProcessEvent ()
   from /usr/lib/libQtGui.so.4
#44 0x00007f027f4cf8f3 in ?? () from /usr/lib/libQtGui.so.4
#45 0x00007f027e445262 in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
#46 0x00007f027e448516 in ?? () from /usr/lib/libglib-2.0.so.0
#47 0x00007f027e4489af in g_main_context_iteration ()
   from /usr/lib/libglib-2.0.so.0
#48 0x00007f02819b13af in QEventDispatcherGlib::processEvents ()
   from /usr/lib/libQtCore.so.4
#49 0x00007f027f4cf72f in ?? () from /usr/lib/libQtGui.so.4
#50 0x00007f0281987585 in QEventLoop::processEvents ()
   from /usr/lib/libQtCore.so.4
#51 0x00007f02819876db in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#52 0x00007f0281989729 in QCoreApplication::exec ()
   from /usr/lib/libQtCore.so.4
#53 0x00007f02824e42f1 in kdemain ()
   from /usr/lib/kde4/lib/libkdeinit4_konqueror.so
#54 0x00007f02820f11c4 in __libc_start_main () from /lib/libc.so.6
#55 0x0000000000400649 in _start ()
#0  0x00007f0282170b81 in nanosleep () from /lib/libc.so.6
Comment 1 FiNeX 2008-06-27 16:52:12 UTC
you hit "w" and then "backspace"... ok, but where? on the address bar?

If so, I cannot reproduce the crash using current trunk.

Could you try a more recent version like 4.1-beta2?

Thanks a lot Yngve!
Comment 2 Yngve Levinsen 2008-07-01 09:22:08 UTC
Yes, in the address bar. I suppose if you don't manage to reproduce the bug, then it is probably fixed. I will check with a more recent version as soon as I have the time (suppose I should always check more recent versions before I report a bug, sorry about that)
Comment 3 FiNeX 2008-07-01 09:42:55 UTC
Don't worry, I'll let this report open. Please do your tests and tell us if you can still reproduce the crash.

Thanks a lot Yngve! :-)
Comment 4 Yngve Levinsen 2008-07-07 14:28:54 UTC
I have now tried again with KDE 4.0.83 (konqueror 4.00.83) and I am still reproducing the bug. This is a more or less clean install (I reinstalled kubuntu about a week ago). The bug also occurs when I hit "/". Any other output/information that could be useful for you?

Step by step (remember to use automatic text completion, it seems the problem lies here as far as I can see):
Open konqueror (focus is then in the address bar)
Hit "w" or "/"
Hit backspace
*bang* :)

Error message:

A Fatal Error Occurred
The application Konqueror (konqueror) crashed and caused the signal 6 (SIGABRT).
Please help us improve...
Comment 5 Frank Reininghaus 2008-07-16 00:46:16 UTC
Confirmed on SVN trunk rev. 832974: Open Konqueror, right click on location bar, select "Text Completion/Automatic", then press w or /. A suggested completion appears in grey, and if I press backspace, I get a crash.

I'll paste my backtrace which is more verbose than the one from the original report below. It's strange though that some functions from the origninal backtrace do not appear in mine.

Application: Konqueror (konqueror), signal SIGABRT

Thread 1 (Thread 0xb5e07720 (LWP 8159)):
[KCrash Handler]
#6  0xb7fa9410 in __kernel_vsyscall ()
#7  0xb6161085 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb6162a01 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb727d1d8 in qt_message_output (msgType=QtFatalMsg, buf=0xbfc17dd0 "ASSERT: \"i >= 0 && i < size()\" in file /home/kde-devel/qt-copy/include/QtCore/qstring.h, line 650")
    at global/qglobal.cpp:2058
#10 0xb727d25d in qFatal (msg=0xb73fafa4 "ASSERT: \"%s\" in file %s, line %d") at global/qglobal.cpp:2260
#11 0xb727d6d9 in qt_assert (assertion=0xb7e25971 "i >= 0 && i < size()", file=0xb7e25940 "/home/kde-devel/qt-copy/include/QtCore/qstring.h", line=650) at global/qglobal.cpp:1828
#12 0xb7d4068e in QString::at (this=0xbfc19e60, i=0) at /home/kde-devel/qt-copy/include/QtCore/qstring.h:650
#13 0xb7d3f4d4 in KUrlCompletionPrivate::MyURL::init (this=0xbfc19ed4, _url=@0xbfc1a388, cwd=@0x8167048) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/kurlcompletion.cpp:486
#14 0xb7d3f755 in MyURL (this=0xbfc19ed4, _url=@0xbfc1a388, cwd=@0x8167048) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/kurlcompletion.cpp:444
#15 0xb7d3f912 in KUrlCompletion::makeCompletion (this=0x8178fe8, text=@0xbfc1a388) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/kurlcompletion.cpp:621
#16 0xb7f4683c in KonqMainWindow::slotMakeCompletion (this=0x810d7c0, text=@0xbfc1a388) at /home/kde-devel/kde/src/KDE/kdebase/apps/konqueror/src/konqmainwindow.cpp:3045
#17 0xb7f5f66b in KonqMainWindow::qt_metacall (this=0x810d7c0, _c=QMetaObject::InvokeMetaMethod, _id=105, _a=0xbfc1a0ec)
    at /home/kde-devel/kde/build/KDE/kdebase/apps/konqueror/src/konqmainwindow.moc:434
#18 0xb73af051 in QMetaObject::activate (sender=0x81483a8, from_signal_index=53, to_signal_index=53, argv=0xbfc1a0ec) at kernel/qobject.cpp:3010
#19 0xb73af5db in QMetaObject::activate (sender=0x81483a8, m=0xb7bf8e5c, local_signal_index=2, argv=0xbfc1a0ec) at kernel/qobject.cpp:3080
#20 0xb7b14566 in KComboBox::completion (this=0x81483a8, _t1=@0xbfc1a388) at /home/kde-devel/kde/build/KDE/kdelibs/kdeui/kcombobox.moc:174
#21 0xb7b15459 in KComboBox::qt_metacall (this=0x81483a8, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfc1a27c) at /home/kde-devel/kde/build/KDE/kdelibs/kdeui/kcombobox.moc:106
#22 0xb7b2a8d6 in KHistoryComboBox::qt_metacall (this=0x81483a8, _c=QMetaObject::InvokeMetaMethod, _id=53, _a=0xbfc1a27c) at /home/kde-devel/kde/build/KDE/kdelibs/kdeui/khistorycombobox.moc:76
#23 0xb7f38f6a in KonqCombo::qt_metacall (this=0x81483a8, _c=QMetaObject::InvokeMetaMethod, _id=53, _a=0xbfc1a27c) at /home/kde-devel/kde/build/KDE/kdebase/apps/konqueror/src/konqcombo.moc:68
#24 0xb73af051 in QMetaObject::activate (sender=0x817c010, from_signal_index=48, to_signal_index=48, argv=0xbfc1a27c) at kernel/qobject.cpp:3010
#25 0xb73af5db in QMetaObject::activate (sender=0x817c010, m=0xb7bfa480, local_signal_index=2, argv=0xbfc1a27c) at kernel/qobject.cpp:3080
#26 0xb7b316dc in KLineEdit::completion (this=0x817c010, _t1=@0xbfc1a388) at /home/kde-devel/kde/build/KDE/kdelibs/kdeui/klineedit.moc:219
#27 0xb7b31880 in KLineEditPrivate::doCompletion (this=0x8142a00, txt=@0xbfc1a388) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/widgets/klineedit.cpp:1698
#28 0xb7b363df in KLineEdit::keyPressEvent (this=0x817c010, e=0xbfc1ad14) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/widgets/klineedit.cpp:833
#29 0xb658d286 in QWidget::event (this=0x817c010, event=0xbfc1ad14) at kernel/qwidget.cpp:6962
#30 0xb6974872 in QLineEdit::event (this=0x817c010, e=0xbfc1ad14) at widgets/qlineedit.cpp:1602
#31 0xb7b33931 in KLineEdit::event (this=0x817c010, ev=0xbfc1ad14) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/widgets/klineedit.cpp:1296
#32 0xb6921606 in QComboBox::keyPressEvent (this=0x81483a8, e=0xbfc1ad14) at widgets/qcombobox.cpp:2797
#33 0xb7b29f0f in KHistoryComboBox::keyPressEvent (this=0x81483a8, e=0xbfc1ad14) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/widgets/khistorycombobox.cpp:345
#34 0xb7f39327 in KonqCombo::keyPressEvent (this=0x81483a8, e=0xbfc1ad14) at /home/kde-devel/kde/src/KDE/kdebase/apps/konqueror/src/konqcombo.cpp:429
#35 0xb658d286 in QWidget::event (this=0x81483a8, event=0xbfc1ad14) at kernel/qwidget.cpp:6962
#36 0xb6924316 in QComboBox::event (this=0x81483a8, event=0xbfc1ad14) at widgets/qcombobox.cpp:2614
#37 0xb6523f55 in QApplicationPrivate::notify_helper (this=0x805d2b8, receiver=0x81483a8, e=0xbfc1ad14) at kernel/qapplication.cpp:3772
#38 0xb6524555 in QApplication::notify (this=0xbfc1b7e0, receiver=0x81483a8, e=0xbfc1ad14) at kernel/qapplication.cpp:3420
#39 0xb7a797dd in KApplication::notify (this=0xbfc1b7e0, receiver=0x81483a8, event=0xbfc1ad14) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#40 0xb739724d in QCoreApplication::notifyInternal (this=0xbfc1b7e0, receiver=0x81483a8, event=0xbfc1ad14) at kernel/qcoreapplication.cpp:587
#41 0xb65318db in QCoreApplication::sendSpontaneousEvent (receiver=0x81483a8, event=0xbfc1ad14) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#42 0xb659c51a in qt_sendSpontaneousEvent (receiver=0x81483a8, event=0xbfc1ad14) at kernel/qapplication_x11.cpp:4680
#43 0xb65dc8d1 in QKeyMapper::sendKeyEvent (keyWidget=0x81483a8, grab=false, type=QEvent::KeyPress, code=16777219, modifiers=@0xbfc1ae78, text=@0xbfc1aeac, autorepeat=false, count=1, 
    nativeScanCode=22, nativeVirtualKey=65288, nativeModifiers=16) at kernel/qkeymapper_x11.cpp:1656
#44 0xb65ddd7f in QKeyMapperPrivate::translateKeyEvent (this=0x80809b0, keyWidget=0x81483a8, event=0xbfc1b43c, grab=false) at kernel/qkeymapper_x11.cpp:1627
#45 0xb65b0960 in QApplication::x11ProcessEvent (this=0xbfc1b7e0, event=0xbfc1b43c) at kernel/qapplication_x11.cpp:3148
#46 0xb65e06e1 in x11EventSourceDispatch (s=0x8060238, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148
#47 0xb5fe1bf8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#48 0xb5fe4e5e in ?? () from /usr/lib/libglib-2.0.so.0
#49 0xb5fe53ac in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#50 0xb73cc78c in QEventDispatcherGlib::processEvents (this=0x805ac58, flags=@0xbfc1b5d4) at kernel/qeventdispatcher_glib.cpp:325
#51 0xb65dfdb0 in QGuiEventDispatcherGlib::processEvents (this=0x805ac58, flags=@0xbfc1b604) at kernel/qguieventdispatcher_glib.cpp:204
#52 0xb7393aca in QEventLoop::processEvents (this=0xbfc1b68c, flags=@0xbfc1b644) at kernel/qeventloop.cpp:149
#53 0xb7393d09 in QEventLoop::exec (this=0xbfc1b68c, flags=@0xbfc1b694) at kernel/qeventloop.cpp:200
#54 0xb7397b84 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845
#55 0xb6523c6e in QApplication::exec () at kernel/qapplication.cpp:3304
#56 0xb7f8f4b6 in kdemain (argc=1, argv=0xbfc1baf4) at /home/kde-devel/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:227
#57 0x080487a6 in main (argc=) at /home/kde-devel/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3

Comment 6 Frank Reininghaus 2008-07-16 01:02:53 UTC
Note that this looks like a duplicate of bug #157167. The strange thing is that this bug has been closed with "WORKSFORME".

The difference in the backtraces I was surprised about in my last comment might be due to different Qt compilation options. The only real difference seems to be that qt_message_output () calls abort () and not exit () in my case.
Comment 7 Frank Reininghaus 2008-07-18 01:29:24 UTC
Note that the same issue occurs in Dolphin from SVN trunk: If you set the text completion method in the location bar to "Automatic", enter "/" in the location bar, wait for a suggested completion to appear and press backspace, you get a crash (the backtrace looks a bit different). Maybe this bug should be reassigned to "kdelibs/kdeui"?
Comment 8 Frank Reininghaus 2008-08-21 01:21:21 UTC
I've looked at the code and got the impression that the problem is in the method KUrlCompletionPrivate::MyURL::init in the file
kdelibs/kio/kio/kurlcompletion.cpp. In lines 487 and 488, the method at() of the QString url_copy is called to get the first character of url_copy without checking if the string is empty.

When reproducing this bug, url_copy is indeed empty after hitting backspace, and this causes the crash. I'm reassigning this report to kdelibs.
Comment 9 Frank Reininghaus 2008-08-21 01:25:49 UTC
Created attachment 26953 [details]
Suggested patch

This patch checks if the string is empty before url_copy.at(0) is called. Fixes the problem for me in trunk.
Comment 10 Frank Reininghaus 2008-09-25 21:05:30 UTC
Created attachment 27573 [details]
Improved patch

I've improved my patch a bit:

1. My last patch solved only one half of the problem, I still left one dangerous url_copy::at (0) without emptiness check in the code.
2. Now I've just replaced 'url_copy::at (0) == ...' by 'url_copy::startsWith (...)', I think this is both shorter and easier to read than my previous approach.
Comment 11 Frank Reininghaus 2008-09-25 21:07:10 UTC
Created attachment 27574 [details]
Extended patch (trying to reduce the code complexity)

This extended patch simplifies the code a bit by a reordering of the if-statements. The result looks equivalent to me, but it is a few lines shorter and easier to read (at least for me). Note that I sent the patch to the kfm-devel list a while ago, some additional information can be found there:
http://lists.kde.org/?t=121936400900001&r=1&w=2
Comment 12 Frank Reininghaus 2008-09-25 21:12:33 UTC
*** Bug 157167 has been marked as a duplicate of this bug. ***
Comment 13 David Faure 2008-09-26 23:02:41 UTC
Looks good, the only thing missing is an addition to the unit test kurlcompletiontest.cpp :-)
Comment 14 David Faure 2008-10-03 13:08:50 UTC
Frank sent me an updated patch. Committed (trunk r867376, 4.1-branch r867378).
Thanks!