Bug 206639 - Konqueror DOM Viewer crash on http://lists.gnu.org/archive/html/bug-coreutils/2009-08/msg00048.html (QTreeModel/Widget, DOMTreeView::showRecursive, DOMTreeView::slotShowTree, DOMTreeView::connectToDocument)
Summary: Konqueror DOM Viewer crash on http://lists.gnu.org/archive/html/bug-coreutils...
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Unlisted Binaries Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 212969 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-09-07 16:51 UTC by Andreas Schwab
Modified: 2010-11-22 01:29 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.6


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schwab 2009-09-07 16:51:05 UTC
Application that crashed: konqueror
Version of the application: 4.3.00 (KDE 4.3.0)
KDE Version: 4.3.00 (KDE 4.3.0)
Qt Version: 4.5.2
Operating System: Linux 2.6.30.5-43.fc11.x86_64 x86_64
Distribution: "Fedora release 11 (Leonidas)"

What I was doing when the application crashed:
The domviewer causes konqueror to crash when viewing <http://lists.gnu.org/archive/html/bug-coreutils/2009-08/msg00048.html>

 -- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0x2af639d590b0 (LWP 23495))]

Thread 2 (Thread 0x2af650945910 (LWP 23502)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:220
#1  0x0000003f38a5ad62 in QWaitConditionPrivate::wait (time=<value optimized out>, this=<value optimized out>) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (time=<value optimized out>, this=<value optimized out>) at thread/qwaitcondition_unix.cpp:159
#3  0x0000003f38a50e3a in QThreadPoolThread::run (this=<value optimized out>) at concurrent/qthreadpool.cpp:140
#4  0x0000003f38a59d45 in QThreadPrivate::start (arg=0x2523ad0) at thread/qthread_unix.cpp:188
#5  0x0000003fd960686a in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x0000003fd8ade39d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x2af639d590b0 (LWP 23495)):
[KCrash Handler]
#5  0x0000003f3a2d46af in QListData::size (this=<value optimized out>) at ../../src/corelib/tools/qlist.h:87
#6  QList<QTreeWidgetItem*>::count (this=<value optimized out>) at ../../src/corelib/tools/qlist.h:250
#7  QTreeModel::index (this=<value optimized out>) at itemviews/qtreewidget.cpp:241
#8  0x0000003f3a2d7a0d in QTreeWidgetPrivate::index (column=<value optimized out>, item=<value optimized out>, this=<value optimized out>) at ../../src/gui/itemviews/qtreewidget_p.h:225
#9  QTreeWidget::setItemExpanded (column=<value optimized out>, item=<value optimized out>, this=<value optimized out>) at itemviews/qtreewidget.cpp:3120
#10 0x00002af646ab257b in ?? () from /usr/lib64/kde4/domtreeviewerplugin.so
#11 0x00002af646ab2b9a in ?? () from /usr/lib64/kde4/domtreeviewerplugin.so
#12 0x00002af646ab321d in ?? () from /usr/lib64/kde4/domtreeviewerplugin.so
#13 0x00002af646ab3b49 in ?? () from /usr/lib64/kde4/domtreeviewerplugin.so
#14 0x00002af646ab3ba9 in ?? () from /usr/lib64/kde4/domtreeviewerplugin.so
#15 0x00002af646ab3f3e in ?? () from /usr/lib64/kde4/domtreeviewerplugin.so
#16 0x0000003f38b547dc in QMetaObject::activate (sender=0x26ac2b0, from_signal_index=<value optimized out>, to_signal_index=<value optimized out>, argv=0x0) at kernel/qobject.cpp:3113
#17 0x0000003f38b597bf in QSingleShotTimer::timerEvent (this=0x26ac2b0) at kernel/qtimer.cpp:298
#18 0x0000003f38b4e7de in QObject::event (this=0x26ac2b0, e=0x0) at kernel/qobject.cpp:1075
#19 0x0000003f39d8f69c in QApplicationPrivate::notify_helper (this=0x1dd1380, receiver=0x26ac2b0, e=0x7fffe06d29c0) at kernel/qapplication.cpp:4056
#20 0x0000003f39d968fe in QApplication::notify (this=0x7fffe06d2e60, receiver=0x26ac2b0, e=0x7fffe06d29c0) at kernel/qapplication.cpp:4021
#21 0x0000003f3b011296 in KApplication::notify (this=0x7fffe06d2e60, receiver=0x26ac2b0, event=0x7fffe06d29c0) at /usr/src/debug/kdelibs-4.3.0/kdeui/kernel/kapplication.cpp:302
#22 0x0000003f38b3f59c in QCoreApplication::notifyInternal (this=0x7fffe06d2e60, receiver=0x26ac2b0, event=0x7fffe06d29c0) at kernel/qcoreapplication.cpp:610
#23 0x0000003f38b69fc2 in QCoreApplication::sendEvent (event=<value optimized out>, receiver=<value optimized out>) at kernel/qcoreapplication.h:213
#24 QTimerInfoList::activateTimers (event=<value optimized out>, receiver=<value optimized out>) at kernel/qeventdispatcher_unix.cpp:572
#25 0x0000003f38b679ed in timerSourceDispatch (source=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:165
#26 0x0000003fdb237abe in g_main_dispatch (context=<value optimized out>) at gmain.c:1824
#27 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2377
#28 0x0000003fdb23b278 in g_main_context_iterate (context=0x1dd3620, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2455
#29 0x0000003fdb23b3a0 in IA__g_main_context_iteration (context=0x1dd3620, may_block=1) at gmain.c:2518
#30 0x0000003f38b67936 in QEventDispatcherGlib::processEvents (this=0x1db3ba0, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#31 0x0000003f39e21f8e in QGuiEventDispatcherGlib::processEvents (this=0x7fffe06d1e60, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#32 0x0000003f38b3ded2 in QEventLoop::processEvents (this=<value optimized out>, flags={i = 36}) at kernel/qeventloop.cpp:149
#33 0x0000003f38b3e2a4 in QEventLoop::exec (this=0x7fffe06d2c60, flags={i = 0}) at kernel/qeventloop.cpp:201
#34 0x0000003f38b40439 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#35 0x0000003f3c8ce3bb in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#36 0x0000003fd8a1ea2d in __libc_start_main (main=<value optimized out>, argc=<value optimized out>, ubp_av=<value optimized out>, init=<value optimized out>, fini=<value optimized out>, 
    rtld_fini=<value optimized out>, stack_end=0x7fffe06d3878) at libc-start.c:220
#37 0x0000000000400759 in _start ()

Reported using DrKonqi
Comment 1 Michael Leupold 2009-09-07 17:31:57 UTC
Reproducable on trunk r1020489 - no idea where this bug actually belongs, the dom plugin doesn't seem to have its own component:

Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f434af037a0 (LWP 25532))]

Thread 2 (Thread 0x7f43329c9950 (LWP 25539)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:217
#1  0x00007f43482a0d13 in QWaitConditionPrivate::wait (this=0x115ad80, time=30000) at /home/lemma/kde/trunk/source/qt/src/corelib/thread/qwaitcondition_unix.cpp:85
#2  0x00007f43482a0886 in QWaitCondition::wait (this=0xb6b6e8, mutex=0xb6b6e0, time=30000) at /home/lemma/kde/trunk/source/qt/src/corelib/thread/qwaitcondition_unix.cpp:159
#3  0x00007f4348291219 in QThreadPoolThread::run (this=0xb6b730) at /home/lemma/kde/trunk/source/qt/src/corelib/concurrent/qthreadpool.cpp:140
#4  0x00007f43482a0374 in QThreadPrivate::start (arg=0xb6b730) at /home/lemma/kde/trunk/source/qt/src/corelib/thread/qthread_unix.cpp:188
#5  0x00007f4348013faa in start_thread (arg=<value optimized out>) at pthread_create.c:297
#6  0x00007f43459a231d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f434af037a0 (LWP 25532)):
[KCrash Handler]
#4  0x00007f4347a46fc1 in QTreeModel::index (this=0xa934f0, item=0xbc5d50, column=0) at /home/lemma/kde/trunk/source/qt/src/gui/itemviews/qtreewidget.cpp:240
#5  0x00007f4347a5377d in QTreeWidgetPrivate::index (this=0xaa98e0, item=0xbc5d50, column=0) at ../../include/QtGui/private/../../../../../../../source/qt/src/gui/itemviews/qtreewidget_p.h:225
#6  0x00007f4347a47def in QTreeWidget::setItemExpanded (this=0x11205e0, item=0xbc5d50, expand=true) at /home/lemma/kde/trunk/source/qt/src/gui/itemviews/qtreewidget.cpp:3120
#7  0x00007f433562f09a in DOMTreeView::showRecursive (this=0xde5860, pNode=..., node=..., depth=0) at /home/lemma/kde/trunk/source/extragear/base/konq-plugins/domtreeviewer/domtreeview.cpp:261
#8  0x00007f433562f870 in DOMTreeView::slotShowTree (this=0xde5860, pNode=...) at /home/lemma/kde/trunk/source/extragear/base/konq-plugins/domtreeviewer/domtreeview.cpp:235
#9  0x00007f433563056e in DOMTreeView::connectToDocument (this=0xde5860) at /home/lemma/kde/trunk/source/extragear/base/konq-plugins/domtreeviewer/domtreeview.cpp:906
#10 0x00007f43356306a7 in DOMTreeView::connectToPart (this=0xde5860) at /home/lemma/kde/trunk/source/extragear/base/konq-plugins/domtreeviewer/domtreeview.cpp:869
#11 0x00007f4335630715 in DOMTreeView::slotSetHtmlPartDelayed (this=0xde5860) at /home/lemma/kde/trunk/source/extragear/base/konq-plugins/domtreeviewer/domtreeview.cpp:927
#12 0x00007f4335630b2c in DOMTreeView::qt_metacall (this=0xde5860, _c=QMetaObject::InvokeMetaMethod, _id=25, _a=0x7fff5307b5f0)
    at /home/lemma/kde/trunk/build/debug/build/extragear/base/konq-plugins/domtreeviewer/domtreeview.moc:156
#13 0x00007f43483d59c4 in QMetaObject::activate (sender=0xe51c60, from_signal_index=4, to_signal_index=4, argv=0x0) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qobject.cpp:3112
#14 0x00007f43483d7129 in QMetaObject::activate (sender=0xe51c60, m=0x7f43486f2fe0, local_signal_index=0, argv=0x0) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qobject.cpp:3186
#15 0x00007f43483dec86 in QSingleShotTimer::timeout (this=0xe51c60) at .moc/debug-shared/qtimer.moc:76
#16 0x00007f43483ded7d in QSingleShotTimer::timerEvent (this=0xe51c60) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qtimer.cpp:298
#17 0x00007f43483d2c94 in QObject::event (this=0xe51c60, e=0x7fff5307bfe0) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qobject.cpp:1074
#18 0x00007f4347353087 in QApplicationPrivate::notify_helper (this=0x622460, receiver=0xe51c60, e=0x7fff5307bfe0) at /home/lemma/kde/trunk/source/qt/src/gui/kernel/qapplication.cpp:4056
#19 0x00007f434735343e in QApplication::notify (this=0x7fff5307c650, receiver=0xe51c60, e=0x7fff5307bfe0) at /home/lemma/kde/trunk/source/qt/src/gui/kernel/qapplication.cpp:3603
#20 0x00007f43492f96b3 in KApplication::notify (this=0x7fff5307c650, receiver=0xe51c60, event=0x7fff5307bfe0) at /home/lemma/kde/trunk/source/KDE/kdelibs/kdeui/kernel/kapplication.cpp:302
#21 0x00007f43483ba1c7 in QCoreApplication::notifyInternal (this=0x7fff5307c650, receiver=0xe51c60, event=0x7fff5307bfe0)
    at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qcoreapplication.cpp:610
#22 0x00007f43483beebd in QCoreApplication::sendEvent (receiver=0xe51c60, event=0x7fff5307bfe0) at ../../include/QtCore/../../../../../../source/qt/src/corelib/kernel/qcoreapplication.h:213
#23 0x00007f43483f5a73 in QTimerInfoList::activateTimers (this=0x6261a0) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qeventdispatcher_unix.cpp:572
#24 0x00007f43483f3152 in timerSourceDispatch (source=0x626140) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qeventdispatcher_glib.cpp:165
#25 0x00007f4343cbae4a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#26 0x00007f4343cbe510 in ?? () from /usr/lib/libglib-2.0.so.0
#27 0x00007f4343cbe6ac in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#28 0x00007f43483f2062 in QEventDispatcherGlib::processEvents (this=0x605360, flags=...) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qeventdispatcher_glib.cpp:327
#29 0x00007f434741ef67 in QGuiEventDispatcherGlib::processEvents (this=0x605360, flags=...) at /home/lemma/kde/trunk/source/qt/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#30 0x00007f43483b6907 in QEventLoop::processEvents (this=0x7fff5307c380, flags=...) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qeventloop.cpp:149
#31 0x00007f43483b6b2b in QEventLoop::exec (this=0x7fff5307c380, flags=...) at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qeventloop.cpp:201
#32 0x00007f43483bac11 in QCoreApplication::exec () at /home/lemma/kde/trunk/source/qt/src/corelib/kernel/qcoreapplication.cpp:888
#33 0x00007f4347352de4 in QApplication::exec () at /home/lemma/kde/trunk/source/qt/src/gui/kernel/qapplication.cpp:3525
#34 0x00007f434ac1351c in kdemain (argc=1, argv=0x7fff5307d0e8) at /home/lemma/kde/trunk/source/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257
#35 0x00000000004008c7 in main (argc=1, argv=0x7fff5307d0e8) at /home/lemma/kde/trunk/build/debug/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3
Comment 2 Tommi Tervo 2009-11-03 20:28:00 UTC
*** Bug 212969 has been marked as a duplicate of this bug. ***
Comment 3 David Faure 2010-11-22 01:27:45 UTC
SVN commit 1199477 by dfaure:

Port away from kde3support (k3command/k3commandhistory -> qundocommand/kundostack)

Fix crash due to "delete cur_item ; cur_item = foo" without telling the caller of the method
who passed cur_item by pointer and kept using it afterwards. Interestingly this has been in the
code forever...
BUG: 206639
FIXED-IN: 4.6


 M  +1 -2      CMakeLists.txt  
 M  +3 -3      domtreecommands.cpp  
 M  +6 -11     domtreecommands.h  
 M  +4 -3      domtreeview.cpp  
 M  +1 -1      domtreeview.h  
 M  +13 -5     domtreewindow.cpp  
 M  +3 -3      domtreewindow.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1199477