Bug 182907 - Crash in khtml::RenderTableCell::section due to null parent
Summary: Crash in khtml::RenderTableCell::section due to null parent
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 181502 181911 189493 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-02-02 19:19 UTC by Daniel Richard G.
Modified: 2009-04-21 18:44 UTC (History)
5 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Richard G. 2009-02-02 19:19:49 UTC 
Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

Encountered this while typing into YouTube's search box (the one with the fancy dropdown showing a dynamic list of possible searches). I can't reproduce this, but have saved a corefile in case anyone wants telemetry.

The problem appears to be a table cell object with a null parent, and the code not anticipating this scenario.

BT:

Thread 1 (Thread 0x7f4e1c94f6f0 (LWP 25218)):
[KCrash Handler]
#5  0x00007f4e0aee989c in khtml::RenderObject::parent (this=0x0) at /home/kdesvn/kdelibs/khtml/rendering/render_object.h:151
#6  0x00007f4e0b09e2cf in khtml::RenderTableCell::section (this=0xcb155b8) at /home/kdesvn/kdelibs/khtml/rendering/render_table.h:403
#7  0x00007f4e0b09606a in khtml::RenderTableCell::collapsedTopBorder (this=0xa47d0f8) at /home/kdesvn/kdelibs/khtml/rendering/render_table.cpp:2666
#8  0x00007f4e0b096f66 in khtml::RenderTableCell::borderTop (this=0xa47d0f8) at /home/kdesvn/kdelibs/khtml/rendering/render_table.cpp:2809
#9  0x00007f4e0b06fefa in khtml::RenderBox::overflowClipRect (this=0xa47d0f8, tx=640, ty=80) at /home/kdesvn/kdelibs/khtml/rendering/render_box.cpp:841
#10 0x00007f4e0b08469f in khtml::RenderLayer::calculateRects (this=0xa47d1d0, rootLayer=0xddc7300, paintDirtyRect=@0x7fff249723e0, layerBounds=@0x7fff249723d0, backgroundRect=@0x7fff249723c0, 
    foregroundRect=@0x7fff249723b0) at /home/kdesvn/kdelibs/khtml/rendering/render_layer.cpp:1304
#11 0x00007f4e0b08494c in khtml::RenderLayer::repaint (this=0xa47d1d0, p=HighPriority, markForRepaint=false) at /home/kdesvn/kdelibs/khtml/rendering/render_layer.cpp:225
#12 0x00007f4e0b08488b in khtml::RenderLayer::repaint (this=0xa47cd48, p=HighPriority, markForRepaint=false) at /home/kdesvn/kdelibs/khtml/rendering/render_layer.cpp:223
#13 0x00007f4e0b05f0fb in khtml::RenderObject::setStyle (this=0xc32d0f0, style=0x1c49ec0) at /home/kdesvn/kdelibs/khtml/rendering/render_object.cpp:2113
#14 0x00007f4e0b06ce02 in khtml::RenderContainer::setStyle (this=0xc32d0f0, _style=0x1c49ec0) at /home/kdesvn/kdelibs/khtml/rendering/render_container.cpp:232
#15 0x00007f4e0b06da0a in khtml::RenderBox::setStyle (this=0xc32d0f0, _style=0x1c49ec0) at /home/kdesvn/kdelibs/khtml/rendering/render_box.cpp:153
#16 0x00007f4e0b038055 in khtml::RenderBlock::setStyle (this=0xc32d0f0, _style=0x1c49ec0) at /home/kdesvn/kdelibs/khtml/rendering/render_block.cpp:123
#17 0x00007f4e0b09ccc2 in khtml::RenderTable::setStyle (this=0xc32d0f0, _style=0x1c49ec0) at /home/kdesvn/kdelibs/khtml/rendering/render_table.cpp:89
#18 0x00007f4e0af953db in DOM::ElementImpl::recalcStyle (this=0xba17c90, change=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/xml/dom_elementimpl.cpp:947
#19 0x00007f4e0afe560b in DOM::HTMLElementImpl::recalcStyle (this=0xba17c90, ch=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/html/html_elementimpl.cpp:269
#20 0x00007f4e0af9548d in DOM::ElementImpl::recalcStyle (this=0x32cd540, change=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#21 0x00007f4e0afe560b in DOM::HTMLElementImpl::recalcStyle (this=0x32cd540, ch=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/html/html_elementimpl.cpp:269
#22 0x00007f4e0af9548d in DOM::ElementImpl::recalcStyle (this=0x3ab8120, change=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/xml/dom_elementimpl.cpp:967
#23 0x00007f4e0afe560b in DOM::HTMLElementImpl::recalcStyle (this=0x3ab8120, ch=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/html/html_elementimpl.cpp:269
#24 0x00007f4e0af72149 in DOM::DocumentImpl::recalcStyle (this=0x7622f30, change=DOM::NodeImpl::NoChange) at /home/kdesvn/kdelibs/khtml/xml/dom_docimpl.cpp:1447
#25 0x00007f4e0af666f6 in DOM::DocumentImpl::updateRendering (this=0x7622f30) at /home/kdesvn/kdelibs/khtml/xml/dom_docimpl.cpp:1476
#26 0x00007f4e0af74ec5 in DOM::DocumentImpl::updateLayout (this=0x7622f30) at /home/kdesvn/kdelibs/khtml/xml/dom_docimpl.cpp:1505
#27 0x00007f4e0b18bdae in KJS::DOMNode::getValueProperty (this=0x7f4e082a7f00, exec=0x7fff24975310, token=54) at /home/kdesvn/kdelibs/khtml/ecma/kjs_dom.cpp:356
#28 0x00007f4e0b191a36 in KJS::staticValueGetter<KJS::DOMNode> (exec=0x7fff24975310, slot=@0x7fff24972c50) at /home/kdesvn/kdelibs/kjs/lookup.h:147
#29 0x00007f4e0a65526f in KJS::PropertySlot::getValue (this=0x7fff24972c50, exec=0x7fff24975310, originalObject=0x7f4e082a7f00, propertyName=@0x7fff24973090)
    at /home/kdesvn/kdelibs/kjs/property_slot.h:46
#30 0x00007f4e0a653c50 in KJS::JSObject::get (this=0x7f4e082a7f00, exec=0x7fff24975310, propertyName=@0x7fff24973090) at /home/kdesvn/kdelibs/kjs/object.cpp:166
#31 0x00007f4e0a67109e in KJS::Machine::runBlock (exec=0x7fff24975310, codeBlock=@0xba2c890, parentExec=0x7fff24977bf0) at codes.def:715
#32 0x00007f4e0a64fa3a in KJS::FunctionImp::callAsFunction (this=0x7f4e082aa040, exec=0x7fff24977bf0, thisObj=0x7f4e075d2300, args=@0x7fff24975880)
    at /home/kdesvn/kdelibs/kjs/function.cpp:144
#33 0x00007f4e0a6549ca in KJS::JSObject::call (this=0x7f4e082aa040, exec=0x7fff24977bf0, thisObj=0x7f4e075d2300, args=@0x7fff24975880)
    at /home/kdesvn/kdelibs/kjs/object.cpp:99
#34 0x00007f4e0a67a801 in KJS::Machine::runBlock (exec=0x7fff24977bf0, codeBlock=@0x50ec100, parentExec=0x7fff2497a4d0) at codes.def:1192
#35 0x00007f4e0a64fa3a in KJS::FunctionImp::callAsFunction (this=0x7f4e082af0c0, exec=0x7fff2497a4d0, thisObj=0x7f4e075d2300, args=@0x7fff24978160)
    at /home/kdesvn/kdelibs/kjs/function.cpp:144
#36 0x00007f4e0a6549ca in KJS::JSObject::call (this=0x7f4e082af0c0, exec=0x7fff2497a4d0, thisObj=0x7f4e075d2300, args=@0x7fff24978160)
    at /home/kdesvn/kdelibs/kjs/object.cpp:99
#37 0x00007f4e0a67a801 in KJS::Machine::runBlock (exec=0x7fff2497a4d0, codeBlock=@0xd1aa380, parentExec=0x7fff2497cdb0) at codes.def:1192
#38 0x00007f4e0a64fa3a in KJS::FunctionImp::callAsFunction (this=0x7f4e082aafc0, exec=0x7fff2497cdb0, thisObj=0x7f4e075d2300, args=@0x7fff2497aa40)
    at /home/kdesvn/kdelibs/kjs/function.cpp:144
#39 0x00007f4e0a6549ca in KJS::JSObject::call (this=0x7f4e082aafc0, exec=0x7fff2497cdb0, thisObj=0x7f4e075d2300, args=@0x7fff2497aa40)
    at /home/kdesvn/kdelibs/kjs/object.cpp:99
#40 0x00007f4e0a67a801 in KJS::Machine::runBlock (exec=0x7fff2497cdb0, codeBlock=@0x4165180, parentExec=0x7fff2497f800) at codes.def:1192
#41 0x00007f4e0a64fa3a in KJS::FunctionImp::callAsFunction (this=0x7f4e082aa740, exec=0x7fff2497f800, thisObj=0x7f4e075d2300, args=@0x7fff2497d040)
    at /home/kdesvn/kdelibs/kjs/function.cpp:144
#42 0x00007f4e0a6549ca in KJS::JSObject::call (this=0x7f4e082aa740, exec=0x7fff2497f800, thisObj=0x7f4e075d2300, args=@0x7fff2497d040)
    at /home/kdesvn/kdelibs/kjs/object.cpp:99
#43 0x00007f4e0a630a1e in KJS::FunctionProtoFunc::callAsFunction (this=0x7f4e075c8ac0, exec=0x7fff2497f800, thisObj=0x7f4e082aa740, args=@0x7fff2497d490)
    at /home/kdesvn/kdelibs/kjs/function_object.cpp:123
#44 0x00007f4e0a6549ca in KJS::JSObject::call (this=0x7f4e075c8ac0, exec=0x7fff2497f800, thisObj=0x7f4e082aa740, args=@0x7fff2497d490)
    at /home/kdesvn/kdelibs/kjs/object.cpp:99
#45 0x00007f4e0a67a801 in KJS::Machine::runBlock (exec=0x7fff2497f800, codeBlock=@0x848f410, parentExec=0x7fff24982200) at codes.def:1192
#46 0x00007f4e0a64fa3a in KJS::FunctionImp::callAsFunction (this=0x7f4e082aa680, exec=0x7fff24982200, thisObj=0x7f4e082a89c0, args=@0x7fff2497fd70)
    at /home/kdesvn/kdelibs/kjs/function.cpp:144
#47 0x00007f4e0a6549ca in KJS::JSObject::call (this=0x7f4e082aa680, exec=0x7fff24982200, thisObj=0x7f4e082a89c0, args=@0x7fff2497fd70)
    at /home/kdesvn/kdelibs/kjs/object.cpp:99
#48 0x00007f4e0a67a801 in KJS::Machine::runBlock (exec=0x7fff24982200, codeBlock=@0x29cd8c0, parentExec=0x0) at codes.def:1192
#49 0x00007f4e0a615ebb in KJS::FunctionBodyNode::execute (this=0x29cd830, exec=0x7fff24982200) at /home/kdesvn/kdelibs/kjs/nodes.cpp:927
#50 0x00007f4e0a65a47b in KJS::Interpreter::evaluate (this=0x652fa40, sourceURL=@0x7fff249825c0, startingLineNumber=0, code=0x3819390, codeLength=69, thisV=0x7f4e075d2300)
    at /home/kdesvn/kdelibs/kjs/interpreter.cpp:550
#51 0x00007f4e0a65a6d4 in KJS::Interpreter::evaluate (this=0x652fa40, sourceURL=@0x7fff249825c0, startingLineNumber=0, code=@0x7fff249825b0, thisV=0x7f4e075d2300)
    at /home/kdesvn/kdelibs/kjs/interpreter.cpp:493
#52 0x00007f4e0b1d1b76 in KJS::KJSProxyImpl::evaluate (this=0xda46cd0, filename=@0x7fff249826c0, baseLine=0, str=@0x7fff249826b0, n=@0x7fff249826a0, completion=0x0)
    at /home/kdesvn/kdelibs/khtml/ecma/kjs_proxy.cpp:158
#53 0x00007f4e0afe0b35 in DOM::HTMLScriptElementImpl::evaluateScript (this=0x3182060, URL=@0x7fff24982730, script=@0x7fff24982720)
    at /home/kdesvn/kdelibs/khtml/html/html_headimpl.cpp:479
#54 0x00007f4e0afe0c9a in DOM::HTMLScriptElementImpl::notifyFinished (this=0x3182060, o=0xadbe0d0) at /home/kdesvn/kdelibs/khtml/html/html_headimpl.cpp:463
#55 0x00007f4e0b13b7e5 in khtml::CachedScript::checkNotify (this=0xadbe0d0) at /home/kdesvn/kdelibs/khtml/misc/loader.cpp:387
#56 0x00007f4e0b13ba42 in khtml::CachedScript::data (this=0xadbe0d0, buffer=@0xb01d1f8, eof=true) at /home/kdesvn/kdelibs/khtml/misc/loader.cpp:379
#57 0x00007f4e0b139f5f in khtml::Loader::slotFinished (this=0x1e7b1b0, job=0xde2eed0) at /home/kdesvn/kdelibs/khtml/misc/loader.cpp:1402
#58 0x00007f4e0b13a986 in khtml::Loader::qt_metacall (this=0x1e7b1b0, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7fff24982b00) at /tmp/kdesvn-build/kdelibs/khtml/loader.moc:129
#59 0x00007f4e19a67c3f in QMetaObject::activate (sender=0xde2eed0, from_signal_index=7, to_signal_index=7, argv=0x7fff24982b00)
    at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3028
#60 0x00007f4e19a67f29 in QMetaObject::activate (sender=0xde2eed0, m=0x7f4e1a5bd760, local_signal_index=3, argv=0x7fff24982b00)
    at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3101
#61 0x00007f4e1a1b27ef in KJob::result (this=0xde2eed0, _t1=0xde2eed0) at /tmp/kdesvn-build/kdelibs/kdecore/kjob.moc:186
#62 0x00007f4e1a1b29cb in KJob::emitResult (this=0xde2eed0) at /home/kdesvn/kdelibs/kdecore/jobs/kjob.cpp:294
#63 0x00007f4e1b695a9a in KIO::SimpleJob::slotFinished (this=0xde2eed0) at /home/kdesvn/kdelibs/kio/kio/job.cpp:489
#64 0x00007f4e1b69f2ff in KIO::TransferJob::slotFinished (this=0xde2eed0) at /home/kdesvn/kdelibs/kio/kio/job.cpp:966
#65 0x00007f4e1b69ddba in KIO::TransferJob::qt_metacall (this=0xde2eed0, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0x7fff24982ee0) at /tmp/kdesvn-build/kdelibs/kio/jobclasses.moc:336
#66 0x00007f4e19a67c3f in QMetaObject::activate (sender=0xa8e2220, from_signal_index=8, to_signal_index=8, argv=0x0) at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3028
#67 0x00007f4e19a67f29 in QMetaObject::activate (sender=0xa8e2220, m=0x7f4e1ba7f960, local_signal_index=4, argv=0x0) at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3101
#68 0x00007f4e1b740608 in KIO::SlaveInterface::finished (this=0xa8e2220) at /tmp/kdesvn-build/kdelibs/kio/slaveinterface.moc:163
#69 0x00007f4e1b741c1b in KIO::SlaveInterface::dispatch (this=0xa8e2220, _cmd=104, rawdata=@0x7fff24983240) at /home/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:175
#70 0x00007f4e1b73fbd6 in KIO::SlaveInterface::dispatch (this=0xa8e2220) at /home/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:91
#71 0x00007f4e1b7353bf in KIO::Slave::gotInput (this=0xa8e2220) at /home/kdesvn/kdelibs/kio/kio/slave.cpp:322
#72 0x00007f4e1b735911 in KIO::Slave::qt_metacall (this=0xa8e2220, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fff249833a0) at /tmp/kdesvn-build/kdelibs/kio/slave.moc:75
#73 0x00007f4e19a67c3f in QMetaObject::activate (sender=0x599c030, from_signal_index=4, to_signal_index=4, argv=0x0) at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3028
#74 0x00007f4e19a67f29 in QMetaObject::activate (sender=0x599c030, m=0x7f4e1ba7f180, local_signal_index=0, argv=0x0) at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3101
#75 0x00007f4e1b66cd48 in KIO::Connection::readyRead (this=0x599c030) at /tmp/kdesvn-build/kdelibs/kio/connection.moc:84
#76 0x00007f4e1b66e64e in KIO::ConnectionPrivate::dequeue (this=0x8b859e0) at /home/kdesvn/kdelibs/kio/kio/connection.cpp:82
#77 0x00007f4e1b66e6d0 in KIO::Connection::qt_metacall (this=0x599c030, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x2fb90c0) at /tmp/kdesvn-build/kdelibs/kio/connection.moc:72
#78 0x00007f4e19a64dcf in QMetaCallEvent::placeMetaCall (this=0xd78fd00, object=0x599c030) at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:529
#79 0x00007f4e19a6c1a8 in QObject::event (this=0x599c030, e=0xd78fd00) at /home/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:1152
#80 0x00007f4e18e6abef in QApplicationPrivate::notify_helper (this=0x17fe780, receiver=0x599c030, e=0xd78fd00) at /home/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3803
#81 0x00007f4e18e6af11 in QApplication::notify (this=0x7fff24984210, receiver=0x599c030, e=0xd78fd00) at /home/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3393
#82 0x00007f4e1ab4300a in KApplication::notify (this=0x7fff24984210, receiver=0x599c030, event=0xd78fd00) at /home/kdesvn/kdelibs/kdeui/kernel/kapplication.cpp:307
#83 0x00007f4e19a545d4 in QCoreApplication::notifyInternal (this=0x7fff24984210, receiver=0x599c030, event=0xd78fd00)
    at /home/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:583
#84 0x00007f4e19a58915 in QCoreApplication::sendEvent (receiver=0x599c030, event=0xd78fd00) at /home/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.h:209
#85 0x00007f4e19a577ad in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x17de220)
    at /home/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1195
#86 0x00007f4e19a57976 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1091
#87 0x00007f4e19a84947 in QCoreApplication::sendPostedEvents () at /home/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.h:214
#88 0x00007f4e19a83175 in postEventSourceDispatch (s=0x1801c10) at /home/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:205
#89 0x00007f4e15cc8d3b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#90 0x00007f4e15ccc50d in ?? () from /usr/lib/libglib-2.0.so.0
#91 0x00007f4e15ccc6cb in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#92 0x00007f4e19a83c54 in QEventDispatcherGlib::processEvents (this=0x17fdf30, flags=@0x7fff24984000) at /home/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:319
#93 0x00007f4e18f0a57f in QGuiEventDispatcherGlib::processEvents (this=0x17fdf30, flags=@0x7fff24984060) at /home/kdesvn/qt-copy/src/gui/kernel/qguieventdispatcher_glib.cpp:198
#94 0x00007f4e19a53438 in QEventLoop::processEvents (this=0x7fff24984110, flags=@0x7fff249840c0) at /home/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:143
#95 0x00007f4e19a53633 in QEventLoop::exec (this=0x7fff24984110, flags=@0x7fff24984120) at /home/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:190
#96 0x00007f4e19a57a82 in QCoreApplication::exec () at /home/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:845
#97 0x00007f4e18e69f90 in QApplication::exec () at /home/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3331
#98 0x00007f4e1c51d817 in kdemain (argc=2, argv=0x7fff24984e88) at /home/kdesvn/kdebase/apps/konqueror/src/konqmain.cpp:257
#99 0x00000000004008a1 in main (argc=2, argv=0x7fff24984e88) at /tmp/kdesvn-build/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3
Comment 1 Maksim Orlovich 2009-02-02 19:49:23 UTC 
*** Bug 181911 has been marked as a duplicate of this bug. ***
Comment 2 Maksim Orlovich 2009-02-02 19:51:17 UTC 
It's more of a "should never happen" scenario than a matter of it not being anticipated, I think.
Comment 3 Harri Porten 2009-03-29 14:06:29 UTC 
FWIW, got this crash through the YouTube search box, too.
Comment 4 Tommi Tervo 2009-03-30 15:10:03 UTC 
*** Bug 181502 has been marked as a duplicate of this bug. ***
Comment 5 Viacheslav Tokarev 2009-03-30 18:45:36 UTC 
vg report
==6815== Invalid read of size 4
==6815==    at 0xB2836DD: khtml::RenderTableCell::collapsedTopBorder() const (render_style.h:257)
==6815==    by 0xB2839D6: khtml::RenderTableCell::borderTop() const (render_table.cpp:2681)
==6815==    by 0xB25F25E: khtml::RenderBox::overflowClipRect(int, int) (render_box.cpp:861)
==6815==    by 0xB27724E: khtml::RenderLayer::calculateRects(khtml::RenderLayer const*, QRect const&, QRect&, QRect&, QRect&) (render_layer.cpp:1306)
==6815==    by 0xB2779C0: khtml::RenderLayer::repaint(Priority, bool) (render_layer.cpp:225)
==6815==    by 0xB277902: khtml::RenderLayer::repaint(Priority, bool) (render_layer.cpp:223)
==6815==    by 0xB25ABA9: khtml::RenderObject::setStyle(khtml::RenderStyle*) (render_object.cpp:2170)
==6815==    by 0xB25BB05: khtml::RenderContainer::setStyle(khtml::RenderStyle*) (render_container.cpp:236)
==6815==    by 0xB260137: khtml::RenderBox::setStyle(khtml::RenderStyle*) (render_box.cpp:153)
==6815==    by 0xB2374AB: khtml::RenderBlock::setStyle(khtml::RenderStyle*) (render_block.cpp:128)
==6815==    by 0xB282B22: khtml::RenderTable::setStyle(khtml::RenderStyle*) (render_table.cpp:89)
==6815==    by 0xB1873BF: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:942)
==6815==    by 0xB1E8B68: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:269)
==6815==    by 0xB18740E: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:962)
==6815==    by 0xB1E8B68: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:269)
==6815==    by 0xB18740E: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:962)
==6815==    by 0xB1E8B68: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:269)
==6815==    by 0xB173211: DOM::DocumentImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_docimpl.cpp:1445)
==6815==    by 0xB15EDE7: DOM::DocumentImpl::updateRendering() (dom_docimpl.cpp:1474)
==6815==    by 0xB16BE82: DOM::DocumentImpl::updateLayout() (dom_docimpl.cpp:1503)
==6815==    by 0xB35A44F: KJS::DOMNode::getValueProperty(KJS::ExecState*, int) const (kjs_dom.cpp:365)
==6815==    by 0xB3698E0: KJS::JSValue* KJS::staticValueGetter<KJS::DOMNode>(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) (lookup.h:147)
==6815==    by 0xB7D6543: KJS::JSObject::get(KJS::ExecState*, KJS::Identifier const&) const (property_slot.h:46)
==6815==    by 0xB7EFBEF: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:715)
==6815==    by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7A6504: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927)
==6815==    by 0xB7D9A69: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553)
==6815==    by 0xB7D9BF6: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493)
==6815==    by 0xB3B3548: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158)
==6815==    by 0xB1E3FB9: DOM::HTMLScriptElementImpl::evaluateScript(QString const&, DOM::DOMString const&) (html_headimpl.cpp:479)
==6815==    by 0xB1E4265: DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*) (html_headimpl.cpp:463)
==6815==    by 0xB317DAC: khtml::CachedScript::checkNotify() (loader.cpp:391)
==6815==    by 0xB31B35B: khtml::CachedScript::data(QBuffer&, bool) (loader.cpp:383)
==6815==    by 0xB31AF81: khtml::Loader::slotFinished(KJob*) (loader.cpp:1409)
==6815==    by 0xB3225E6: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:131)
==6815==    by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815==    by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815==    by 0x4AEDF32: KJob::result(KJob*) (kjob.moc:188)
==6815==    by 0x4AEE3D8: KJob::emitResult() (kjob.cpp:294)
==6815==  Address 0xda49a0c is 36 bytes inside a block of size 64 free'd
==6815==    at 0x40249DA: operator delete(void*) (vg_replace_malloc.c:342)
==6815==    by 0xB24F5E7: khtml::RenderObject::~RenderObject() (shared.h:41)
==6815==    by 0xB25FE77: khtml::RenderBox::~RenderBox() (render_container.h:39)
==6815==    by 0xB2385E9: khtml::RenderBlock::~RenderBlock() (render_flow.h:44)
==6815==    by 0xB289C0C: khtml::RenderTableCell::~RenderTableCell() (render_table.h:324)
==6815==    by 0xB24E3B7: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void*) (render_object.cpp:2444)
==6815==    by 0xB252804: khtml::RenderObject::detach() (render_object.cpp:2435)
==6815==    by 0xB25FDAA: khtml::RenderBox::detach() (render_box.cpp:224)
==6815==    by 0xB269B8F: khtml::RenderFlow::detach() (render_flow.cpp:366)
==6815==    by 0xB27E468: khtml::RenderTableCell::detach() (render_table.cpp:2178)
==6815==    by 0xB1789CB: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:1018)
==6815==    by 0xB17914B: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1738)
==6815==    by 0xB1875AA: DOM::ElementImpl::detach() (dom_elementimpl.cpp:857)
==6815==    by 0xB17913F: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1736)
==6815==    by 0xB1875AA: DOM::ElementImpl::detach() (dom_elementimpl.cpp:857)
==6815==    by 0xB17DE2A: DOM::NodeBaseImpl::removeChild(DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1521)
==6815==    by 0xB218CC3: DOM::HTMLTableSectionElementImpl::deleteRow(long, int&) (html_tableimpl.cpp:752)
==6815==    by 0xB21A8D6: DOM::HTMLTableElementImpl::deleteRow(long, int&) (html_tableimpl.cpp:293)
==6815==    by 0xB37A287: KJS::HTMLElementFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_html.cpp:2221)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815==    by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6815==    by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815==    by 0xB7A6504: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927)
==6815==    by 0xB7D9A69: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553)
==6815==    by 0xB7D9BF6: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493)
==6815==    by 0xB3B3548: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158)
==6815==    by 0xB1E3FB9: DOM::HTMLScriptElementImpl::evaluateScript(QString const&, DOM::DOMString const&) (html_headimpl.cpp:479)
==6815==    by 0xB1E4265: DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*) (html_headimpl.cpp:463)
==6815==    by 0xB317DAC: khtml::CachedScript::checkNotify() (loader.cpp:391)
==6815==    by 0xB31B35B: khtml::CachedScript::data(QBuffer&, bool) (loader.cpp:383)
==6815==    by 0xB31AF81: khtml::Loader::slotFinished(KJob*) (loader.cpp:1409)
==6815==    by 0xB3225E6: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:131)
==6815==    by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815==    by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815==    by 0x4AEDF32: KJob::result(KJob*) (kjob.moc:188)
==6815==    by 0x4AEE3D8: KJob::emitResult() (kjob.cpp:294)
==6815==    by 0x42E9A44: KIO::SimpleJob::slotFinished() (job.cpp:485)
==6815==    by 0x42EACB2: KIO::TransferJob::slotFinished() (job.cpp:962)
==6815==    by 0x42EBDA2: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:343)
==6815==    by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815==    by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815==    by 0x43B1776: KIO::SlaveInterface::finished() (slaveinterface.moc:165)
==6815==    by 0x43B54B6: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:175)
==6815==    by 0x43B1C56: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91)
==6815==    by 0x43A204C: KIO::Slave::gotInput() (slave.cpp:322)
Comment 6 Viacheslav Tokarev 2009-04-02 18:25:02 UTC 
SVN commit 948248 by vtokarev:

recalculate dirty table grid if needed before using it in adjacent cell accessors(change from WC)
thanks to spart for noticing it
BUG: 182907

 M  +24 -6     render_table.cpp  
 M  +6 -6      render_table.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=948248
Comment 7 Jonathan Thomas 2009-04-21 18:44:52 UTC 
*** Bug 189493 has been marked as a duplicate of this bug. ***