Bug 187473 - KHTML crashes on popsci website
Summary: KHTML crashes on popsci website
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: SVN
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL: http://www.popsci.com/scitech/article...
Keywords:
Depends on:
Blocks:
 
Reported: 2009-03-18 05:02 UTC by Michael Pyne
Modified: 2009-06-20 18:52 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Pyne 2009-03-18 05:02:23 UTC
KHTML crashes on this page http://www.popsci.com/scitech/article/2004-09/amazing-rusting-aluminum with the following backtrace:

(gdb) bt                                                       
#0  0x00007f1cec1a8725 in KHTMLView::visibleHeight (this=0x14b0020)
    at /home/kde-svn/kde4/kdelibs/khtml/khtmlview.cpp:714
#1  0x00007f1cec341c92 in khtml::RenderCanvas::viewRect (this=0x15ff1b0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_canvas.cpp:806
#2  0x00007f1cec33f4ae in khtml::RenderCanvas::repaintRectangle (this=0x15ff1b0, x=0,
    y=-7500000, w=0, h=0, p=NormalPriority, f=false)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_canvas.cpp:426
#3  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x15ff3a0, x=0, y=-7500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#4  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x15ff518, x=0, y=-7000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#5  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x15ff5e0, x=0, y=-6500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#6  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x1f61bf0, x=0, y=-6000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#7  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x1f61de0, x=0, y=-5500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#8  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x1f7ead0, x=0, y=-5000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#9  0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x202a0a0, x=0, y=-4500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#10 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x202a168, x=0, y=-4000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#11 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037698, x=0, y=-3500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#12 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037860, x=0, y=-3000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#13 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037b18, x=0, y=-2500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#14 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037f80, x=0, y=-2000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#15 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2038048, x=0, y=-1500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#16 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x20385f0, x=0, y=-1000000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#17 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x20384c8, x=0, y=-500000,
    w=0, h=0, p=NormalPriority, f=100)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049
#18 0x00007f1cec3092bf in khtml::RenderBox::repaint (this=0x20384c8, prior=NormalPriority)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1022
#19 0x00007f1cec30b389 in khtml::RenderFlow::repaint (this=0x20384c8, prior=NormalPriority)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_flow.cpp:476
#20 0x00007f1cec300bd8 in khtml::RenderContainer::removeChildNode (this=0x20384c8,
    oldChild=0x2038590) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:158
#21 0x00007f1cec2e6c3a in khtml::RenderBlock::removeChild (this=0x20384c8, oldChild=0x2038590)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_block.cpp:621
#22 0x00007f1cec2f6e4e in khtml::RenderObject::detach (this=0x2038590)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_object.h:847
#23 0x00007f1cec300f94 in khtml::RenderBox::detachRemainingChildren (this=0x20384c8)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:242
#24 0x00007f1cec30b968 in khtml::RenderFlow::detach (this=0x20384c8)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_flow.cpp:326
#25 0x00007f1cec300a13 in khtml::RenderContainer::updatePseudoChild (this=0x2038360,
    type=khtml::RenderStyle::AFTER)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:303
#26 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0,
    newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249
#27 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360,
    type=<value optimized out>)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321
#28 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0,
    newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249
#29 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360,
    type=<value optimized out>)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321
#30 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0,
    newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249
#31 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360,
    type=<value optimized out>)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321
#32 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0,
    newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249
#33 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360,
    type=<value optimized out>)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321
#34 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0,
    newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249
#35 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360,
    type=<value optimized out>)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321
#36 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0,
    newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0)
    at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249

<snip>

The following output was produced, which seems useful:

konqueror(1557) KonqView::openUrl: url= KUrl("http://www.popsci.com/scitech/article/2004-09/amazing-rusting-aluminum") locationBarURL= "http://www.popsci.com/scitech/article/2004-09/amazing-rusting-aluminum"                                                                                 
konqueror(1557)/kio (KRun) KRun::slotTimeout: KonqRun(0x1dfa8c0)  slotTimeout called            
konqueror(1557)/kio (KRun) KRun::abort: KonqRun(0x1dfa8c0) m_showingDialog= false               
QColor::setNamedColor: Unknown color name '-moz-use-text-color'                                 
Segmentation fault
Comment 1 Germain Garand 2009-03-18 06:55:13 UTC
thanks for the report... that comes from r939175

specifically from

         // box.  We can go ahead and pull the content right back up into our
         // box.
-        RenderBlock* anonBlock = static_cast<RenderBlock*>(removeChildNode(prev));
+        RenderBlock* anonBlock = static_cast<RenderBlock*>(prev);


this change, which I did to prevent repaints from being issued to a removed child - thus triggering asserts in ::containingBlock().

Now they go up to the canvas, which seems already destroyed - though I don't understand how that's possible yet.
Comment 2 Germain Garand 2009-03-18 07:08:49 UTC
bah, no, wrong analysis. Will see that when I have slept a bit.
Comment 3 Anselmo L. S. Melo (anselmolsm) 2009-06-20 17:36:02 UTC
I couldn't reproduce the reported crash. Seems fixed.

My settings:
Konqueror Version 4.2.92 (KDE 4.2.92 (KDE 4.3 >= 20090617))
Using KDE 4.2.92 (KDE 4.2.92 (KDE 4.3 >= 20090617)) - svn r984201
qt-copy r978427
Comment 4 Michael Pyne 2009-06-20 18:52:09 UTC
I agree, it seems fixed here now for KDE 4.3.