KHTML crashes on this page http://www.popsci.com/scitech/article/2004-09/amazing-rusting-aluminum with the following backtrace: (gdb) bt #0 0x00007f1cec1a8725 in KHTMLView::visibleHeight (this=0x14b0020) at /home/kde-svn/kde4/kdelibs/khtml/khtmlview.cpp:714 #1 0x00007f1cec341c92 in khtml::RenderCanvas::viewRect (this=0x15ff1b0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_canvas.cpp:806 #2 0x00007f1cec33f4ae in khtml::RenderCanvas::repaintRectangle (this=0x15ff1b0, x=0, y=-7500000, w=0, h=0, p=NormalPriority, f=false) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_canvas.cpp:426 #3 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x15ff3a0, x=0, y=-7500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #4 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x15ff518, x=0, y=-7000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #5 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x15ff5e0, x=0, y=-6500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #6 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x1f61bf0, x=0, y=-6000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #7 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x1f61de0, x=0, y=-5500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #8 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x1f7ead0, x=0, y=-5000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #9 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x202a0a0, x=0, y=-4500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #10 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x202a168, x=0, y=-4000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #11 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037698, x=0, y=-3500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #12 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037860, x=0, y=-3000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #13 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037b18, x=0, y=-2500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #14 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2037f80, x=0, y=-2000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #15 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x2038048, x=0, y=-1500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #16 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x20385f0, x=0, y=-1000000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #17 0x00007f1cec305b70 in khtml::RenderBox::repaintRectangle (this=0x20384c8, x=0, y=-500000, w=0, h=0, p=NormalPriority, f=100) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1049 #18 0x00007f1cec3092bf in khtml::RenderBox::repaint (this=0x20384c8, prior=NormalPriority) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:1022 #19 0x00007f1cec30b389 in khtml::RenderFlow::repaint (this=0x20384c8, prior=NormalPriority) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_flow.cpp:476 #20 0x00007f1cec300bd8 in khtml::RenderContainer::removeChildNode (this=0x20384c8, oldChild=0x2038590) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:158 #21 0x00007f1cec2e6c3a in khtml::RenderBlock::removeChild (this=0x20384c8, oldChild=0x2038590) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_block.cpp:621 #22 0x00007f1cec2f6e4e in khtml::RenderObject::detach (this=0x2038590) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_object.h:847 #23 0x00007f1cec300f94 in khtml::RenderBox::detachRemainingChildren (this=0x20384c8) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_box.cpp:242 #24 0x00007f1cec30b968 in khtml::RenderFlow::detach (this=0x20384c8) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_flow.cpp:326 #25 0x00007f1cec300a13 in khtml::RenderContainer::updatePseudoChild (this=0x2038360, type=khtml::RenderStyle::AFTER) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:303 #26 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0, newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249 #27 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360, type=<value optimized out>) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321 #28 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0, newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249 #29 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360, type=<value optimized out>) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321 #30 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0, newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249 #31 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360, type=<value optimized out>) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321 #32 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0, newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249 #33 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360, type=<value optimized out>) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321 #34 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0, newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249 #35 0x00007f1cec300a68 in khtml::RenderContainer::updatePseudoChild (this=0x2038360, type=<value optimized out>) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_container.cpp:321 #36 0x00007f1cec2ea019 in khtml::RenderInline::splitFlow (this=0x2038360, beforeChild=0x0, newBlockBox=0x20385f0, newChild=0x20384c8, oldCont=0x0) at /home/kde-svn/kde4/kdelibs/khtml/rendering/render_inline.cpp:249 <snip> The following output was produced, which seems useful: konqueror(1557) KonqView::openUrl: url= KUrl("http://www.popsci.com/scitech/article/2004-09/amazing-rusting-aluminum") locationBarURL= "http://www.popsci.com/scitech/article/2004-09/amazing-rusting-aluminum" konqueror(1557)/kio (KRun) KRun::slotTimeout: KonqRun(0x1dfa8c0) slotTimeout called konqueror(1557)/kio (KRun) KRun::abort: KonqRun(0x1dfa8c0) m_showingDialog= false QColor::setNamedColor: Unknown color name '-moz-use-text-color' Segmentation fault
thanks for the report... that comes from r939175 specifically from // box. We can go ahead and pull the content right back up into our // box. - RenderBlock* anonBlock = static_cast<RenderBlock*>(removeChildNode(prev)); + RenderBlock* anonBlock = static_cast<RenderBlock*>(prev); this change, which I did to prevent repaints from being issued to a removed child - thus triggering asserts in ::containingBlock(). Now they go up to the canvas, which seems already destroyed - though I don't understand how that's possible yet.
bah, no, wrong analysis. Will see that when I have slept a bit.
I couldn't reproduce the reported crash. Seems fixed. My settings: Konqueror Version 4.2.92 (KDE 4.2.92 (KDE 4.3 >= 20090617)) Using KDE 4.2.92 (KDE 4.2.92 (KDE 4.3 >= 20090617)) - svn r984201 qt-copy r978427
I agree, it seems fixed here now for KDE 4.3.