Version: (using KDE 4.3.0) OS: Linux Installed from: Debian testing/unstable Packages I see there are a number of 'konq freezes when loading this page ...' bugs out there, but this one seems weirder. I'm developing my own site, so this is a custom page. I know it doesn't validate 100% with w3c, but a) it's pretty close, b) konq shouldn't take itself out from a parse problem, and c) konq seems to render it just fine once or twice and then dies during a refresh or font-size change. It's a *tad* intermittent, though I seem to be able to consistently break konq by doing two, perhaps three, font-size changes - using either the html toolbar icons, or by the view | shrink/enlarge font. I've tested this war file on a test account on my machine, with the same results, using this web-archive. On my primary account I'm serving this page from local apache/php - so it doesn't appear to care about the origin of the file, just something whacky with the contents. (I'll chuck in the attachment as the first comment to this post.)
Created attachment 36497 [details] Web-archive of page-view that can knock konq out when you font-resize it Apologies about color and content - it's very much some dodgy test data for a forum I'm building - but ignore that, and focus on the way konq takes out an entire core as it tries to resize the page contents!
Confirmed on KDE 4.3.2, Debian Squeeze/Sid on AMD64. The aforementioned methods for changing font size and Ctrl++ and Ctrl+- make Konqueror freeze after several font size changes (not more than 6).
I tried to reproduce it here in trunk but it didn't crash. Can you try it with 4.3.3 or trunk?
I'm running konqueror 4.3.2 on KDE 4.3.2 from the Debian unstable distro, so can't conveniently test it against anything more recent. I believe that the Debian package maintainers next release target is the 4.3.4 version - presumably around 3-4 weeks away?
Okay - re-tested on 4.3.4 (as part of Debian unstable) and I'm seeing the same problem - it hangs the konq (and related konq) instances and ties up one core (25% CPU solid, on this box). Will re-try again when 4.4.0 comes out for Debian unstable in a week or so. Manolete - are you running 4.3.4 on your AMD still? If so, would you be so kind as to re-try this, just in case? Thanks!
I think I can confirm it. More colspan=0 problems: at /home/maksim/kde42/src/qt-copy/include/QtCore/../../src/corelib/tools/qmap.h:226 #3 0xb4512239 in khtml::RenderTableSection::addCell (this=0x8adc0b8, cell=0x8adfb28, row=0x8adc260) at /home/maksim/kde42/src/kdelibs/khtml/rendering/render_table.cpp:1242 #4 0xb4512b6a in khtml::RenderTableSection::recalcCells (this=0x8adc0b8) at /home/maksim/kde42/src/kdelibs/khtml/rendering/render_table.cpp:1976 #5 0xb4512cf6 in khtml::RenderTableCell::calcMinMaxWidth (this=0x8addff8) at /home/maksim/kde42/src/kdelibs/khtml/rendering/render_table.cpp:2493 #6 0xb44dbec8 in khtml::RenderObject::recalcMinMaxWidths (this=0x8addff8) addCell doesn't seem to return.
Tested on Debian pre-experimental packages of KDE 4.4.1 The problem still manifests.
(In reply to comment #6) > > addCell doesn't seem to return. Thanks Maksim for the hint. (line 1218 in render_table.cpp) "int lowestCol = cellsWithColSpanZero.lowerBound( 0 ).key();" returns undefined values when cellsWithColSpanZero is an empty QMap. Sometimes it happens that lowestCol assumes negative values, triggering a never ending loop (see line 1226 "while( lowestCol < nCols ) {" ). "cellsWithColSpanZero" (as well as "cellsWithRowSpanZero") is emptied in recalcCells() and it needs to reset bool "containsSpansZero" too. Will attach a patch.
Created attachment 61934 [details] patch fixing the issue
Created attachment 61944 [details] additional online testcase (rowspan=0 problem) If i load this testcase konqueror freezes
Created attachment 61945 [details] online reduced tescase (colspan=0 problem) Online reduced testcase for the problem (colspan=0) the bug was originally reported. Must load the testcase and change font-size of the page to trigger konq freeze
Created attachment 61946 [details] proposed patch fixing both the issues (rowspan=0 and colspan=0 problems)
Git commit 543c2751da42c1664171685e25fbce594024d9cd by Andrea Iacovitti. Committed on 23/07/2011 at 10:52. Pushed by aiacovitti into branch 'master'. Fix infinite loop that can happen in some cases where colspan=0 or rowspan=0 because accessing empty structures. Tracking for not empty qmap by using additional flag is redundant and buggy in this case. BUG: 205348 M +6 -6 khtml/rendering/render_table.cpp M +0 -2 khtml/rendering/render_table.h http://commits.kde.org/kdelibs/543c2751da42c1664171685e25fbce594024d9cd
Thank you everyone - this is excellent to have fixed.
Git commit 037937acfafde34ebc7cbcdb0d0abcdde6c863cd by Andrea Iacovitti. Committed on 04/08/2011 at 00:28. Pushed by aiacovitti into branch 'KDE/4.7'. Fix infinite loop that can happen in some cases where colspan=0 or rowspan=0 because accessing empty structures. Tracking for not empty qmap by using additional flag is redundant and buggy in this case. BUG: 205348 (cherry picked from commit 543c2751da42c1664171685e25fbce594024d9cd) M +6 -6 khtml/rendering/render_table.cpp M +0 -2 khtml/rendering/render_table.h http://commits.kde.org/kdelibs/037937acfafde34ebc7cbcdb0d0abcdde6c863cd
Git commit 1a32ccc4759d47d48ddf8aab596d1b2178943406 by Andrea Iacovitti. Committed on 23/07/2011 at 10:52. Pushed by aiacovitti into branch 'KDE/4.6'. Fix infinite loop that can happen in some cases where colspan=0 or rowspan=0 because accessing empty structures. Tracking for not empty qmap by using additional flag is redundant and buggy in this case. BUG: 205348 (cherry picked from commit 543c2751da42c1664171685e25fbce594024d9cd) M +6 -6 khtml/rendering/render_table.cpp M +0 -2 khtml/rendering/render_table.h http://commits.kde.org/kdelibs/1a32ccc4759d47d48ddf8aab596d1b2178943406