Bug 206832 - konqueror crash when I use facebook (in BidiContext)
Summary: konqueror crash when I use facebook (in BidiContext)
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: 4.3.1
Platform: Unlisted Binaries Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 207099 209715 210399 217222 222303 224100 (view as bug list)
Depends on:
Blocks:
 
Reported: 2009-09-09 08:52 UTC by Martin Naď
Modified: 2010-09-14 13:00 UTC (History)
8 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Martin Naď 2009-09-09 08:52:32 UTC 
Application that crashed: konqueror
Version of the application: 4.3.1 (KDE 4.3.1)
KDE Version: 4.3.1 (KDE 4.3.1)
Qt Version: 4.5.2
Operating System: Linux 2.6.30.5-43.fc11.x86_64 x86_64
Distribution: "Fedora release 11 (Leonidas)"

What I was doing when the application crashed:
when I clicking on some link on facebook konqueror crash with this backtrace

 -- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0x7fe792cc8820 (LWP 3486))]

Thread 2 (Thread 0x7fe784c46910 (LWP 3500)):
#0  0x00000032eaa0b57d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00000032f4a5ad62 in QWaitConditionPrivate::wait (time=<value optimized out>, this=<value optimized out>) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (time=<value optimized out>, this=<value optimized out>) at thread/qwaitcondition_unix.cpp:159
#3  0x00000032f4a50e3a in QThreadPoolThread::run (this=<value optimized out>) at concurrent/qthreadpool.cpp:140
#4  0x00000032f4a59d45 in QThreadPrivate::start (arg=0x1a1f360) at thread/qthread_unix.cpp:188
#5  0x00000032eaa0686a in start_thread () from /lib64/libpthread.so.0
#6  0x00000032ea2de3bd in clone () from /lib64/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fe792cc8820 (LWP 3486)):
[KCrash Handler]
#5  khtml::BidiContext::deref (this=0x1000000010) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/bidi.cpp:206
#6  0x00007fe78872a8e4 in khtml::RootInlineBox::setLineBreakInfo (this=0x34a3e50, obj=0x0, breakPos=<value optimized out>, status=@0x7fff12ec2da0, context=0x0)
    at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_line.cpp:1177
#7  0x00007fe78872a9ba in khtml::RootInlineBox::childRemoved (this=0x1000000010, box=0x34a3eb8) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_line.cpp:1161
#8  0x00007fe78872aa25 in khtml::InlineFlowBox::removeFromLine (this=0x34a3ef8, child=0x34a3eb8) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_line.cpp:226
#9  0x00007fe78872b5cd in khtml::InlineBox::detach (this=0x34a3eb8, renderArena=0x1fd4320, noRemove=40) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_line.cpp:81
#10 0x00007fe788729d08 in khtml::InlineFlowBox::deleteLine (this=0x34a3ef8, arena=0x1fd4320) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_line.cpp:209
#11 0x00007fe788729d08 in khtml::InlineFlowBox::deleteLine (this=0x34a3e50, arena=0x1fd4320) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_line.cpp:209
#12 0x00007fe7886df184 in khtml::RenderContainer::removeChildNode (this=0x3e60a80, oldChild=0x3e60c20) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_container.cpp:224
#13 0x00007fe7886c5e3f in khtml::RenderBlock::removeChild (this=0x3e60828, oldChild=<value optimized out>) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_block.cpp:670
#14 0x00007fe7886d5b5e in khtml::RenderObject::remove (this=<value optimized out>) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_object.h:847
#15 khtml::RenderObject::detach (this=<value optimized out>) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_object.cpp:2365
#16 0x00007fe7886e2432 in khtml::RenderBox::detach (this=0x3e60700) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_box.cpp:224
#17 0x00007fe7886dfd9a in khtml::RenderContainer::updatePseudoChild (this=0x3e60660, type=khtml::RenderStyle::AFTER) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_container.cpp:342
#18 0x00007fe7886dff04 in khtml::RenderContainer::updatePseudoChildren (this=0x3e60660) at /usr/src/debug/kdelibs-4.3.1/khtml/rendering/render_container.cpp:298
#19 0x00007fe788632387 in DOM::ElementImpl::recalcStyle (this=0x321b610, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:970
#20 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#21 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x321b350, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#22 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#23 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x321afe0, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#24 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#25 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x321ac20, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#26 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#27 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x321a830, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#28 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#29 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x321a5b0, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#30 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#31 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x321a2e0, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#32 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#33 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x3219fc0, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#34 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#35 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x3219cf0, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#36 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#37 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x2142710, change=DOM::NodeImpl::Inherit) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#38 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#39 0x00007fe7886323d7 in DOM::ElementImpl::recalcStyle (this=0x21462b0, change=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_elementimpl.cpp:990
#40 0x00007fe78867a549 in DOM::HTMLElementImpl::recalcStyle (this=0x1000000010, ch=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/html/html_elementimpl.cpp:242
#41 0x00007fe7886217df in DOM::DocumentImpl::recalcStyle (this=0x1be4be0, change=DOM::NodeImpl::NoChange) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_docimpl.cpp:1436
#42 0x00007fe78861a19d in DOM::DocumentImpl::updateDocumentsRendering () at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_docimpl.cpp:1478
#43 0x00007fe7887fa000 in KJS::Window::afterScriptExecution (this=0x1000000010) at /usr/src/debug/kdelibs-4.3.1/khtml/ecma/kjs_window.cpp:1269
#44 0x00007fe788828182 in KJS::JSEventListener::handleEvent (this=0x44ddf60, evt=@0x7fff12ec3410) at /usr/src/debug/kdelibs-4.3.1/khtml/ecma/kjs_events.cpp:119
#45 0x00007fe7886284d2 in DOM::NodeImpl::handleLocalEvents (this=<value optimized out>, evt=<value optimized out>, useCapture=<value optimized out>)
    at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_nodeimpl.cpp:731
#46 0x00007fe78862877e in DOM::NodeImpl::dispatchGenericEvent (this=0x329f1d0, evt=0x498e700) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_nodeimpl.cpp:513
#47 0x00007fe7886289ce in DOM::NodeImpl::dispatchEvent (this=0x329f1d0, evt=0x498e700, exceptioncode=@0x7fff12ec365c, tempEvent=true) at /usr/src/debug/kdelibs-4.3.1/khtml/xml/dom_nodeimpl.cpp:453
#48 0x00007fe78858e2b9 in KHTMLView::dispatchMouseEvent (this=0x1b063b0, eventId=<value optimized out>, targetNode=0x329f1d0, targetNodeNonShared=<value optimized out>, 
    cancelable=<value optimized out>, detail=<value optimized out>, _mouse=<value optimized out>, setUnder=true, mouseEventType=1, orient=0) at /usr/src/debug/kdelibs-4.3.1/khtml/khtmlview.cpp:3704
#49 0x00007fe788597fc7 in KHTMLView::mouseReleaseEvent (this=0x1b063b0, _mouse=0x7fff12ec4020) at /usr/src/debug/kdelibs-4.3.1/khtml/khtmlview.cpp:1576
#50 0x00000032f6bddd88 in QWidget::event (this=0x1b063b0, event=0x7fff12ec4020) at kernel/qwidget.cpp:7549
#51 0x00000032f6f35916 in QFrame::event (this=0x1b063b0, e=0x7fff12ec4020) at widgets/qframe.cpp:559
#52 0x00007fe788596925 in KHTMLView::widgetEvent (this=0x1b063b0, e=0x0) at /usr/src/debug/kdelibs-4.3.1/khtml/khtmlview.cpp:2325
#53 0x00007fe788596bff in KHTMLView::eventFilter (this=0x1b063b0, o=0x1b14ad0, e=0x7fff12ec4020) at /usr/src/debug/kdelibs-4.3.1/khtml/khtmlview.cpp:2189
#54 0x00000032f4b3e8e7 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0x1b14ad0, event=0x7fff12ec4020) at kernel/qcoreapplication.cpp:726
#55 0x00000032f6b8f66c in QApplicationPrivate::notify_helper (this=0x19de440, receiver=0x1b14ad0, e=0x7fff12ec4020) at kernel/qapplication.cpp:4052
#56 0x00000032f6b96741 in QApplication::notify (this=<value optimized out>, receiver=0x1b14ad0, e=0x7fff12ec4020) at kernel/qapplication.cpp:3758
#57 0x00007fe793602b56 in KApplication::notify (this=0x7fff12ec6070, receiver=0x1b14ad0, event=0x7fff12ec4020) at /usr/src/debug/kdelibs-4.3.1/kdeui/kernel/kapplication.cpp:302
#58 0x00000032f4b3f59c in QCoreApplication::notifyInternal (this=0x7fff12ec6070, receiver=0x1b14ad0, event=0x7fff12ec4020) at kernel/qcoreapplication.cpp:610
#59 0x00000032f6b96030 in QCoreApplication::sendSpontaneousEvent (event=<value optimized out>, receiver=<value optimized out>) at ../../src/corelib/kernel/qcoreapplication.h:216
#60 QApplicationPrivate::sendMouseEvent (event=<value optimized out>, receiver=<value optimized out>) at kernel/qapplication.cpp:2924
#61 0x00000032f6bfba4e in QETWidget::translateMouseEvent (this=0x2039ac0, event=<value optimized out>) at kernel/qapplication_x11.cpp:4404
#62 0x00000032f6bfab08 in QApplication::x11ProcessEvent (this=<value optimized out>, event=0x7fff12ec5b50) at kernel/qapplication_x11.cpp:3545
#63 0x00000032f6c227dc in x11EventSourceDispatch (s=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:146
#64 0x00000032eba37abe in g_main_dispatch (context=<value optimized out>) at gmain.c:1824
#65 IA__g_main_context_dispatch (context=<value optimized out>) at gmain.c:2377
#66 0x00000032eba3b278 in g_main_context_iterate (context=0x19e1120, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2455
#67 0x00000032eba3b3a0 in IA__g_main_context_iteration (context=0x19e1120, may_block=1) at gmain.c:2518
#68 0x00000032f4b67936 in QEventDispatcherGlib::processEvents (this=0x19c0d90, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#69 0x00000032f6c21f8e in QGuiEventDispatcherGlib::processEvents (this=0x1000000010, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#70 0x00000032f4b3ded2 in QEventLoop::processEvents (this=<value optimized out>, flags={i = 36}) at kernel/qeventloop.cpp:149
#71 0x00000032f4b3e2a4 in QEventLoop::exec (this=0x7fff12ec5e80, flags={i = 0}) at kernel/qeventloop.cpp:201
#72 0x00000032f4b40439 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#73 0x00000035198cf4e3 in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#74 0x00000032ea21ea2d in __libc_start_main () from /lib64/libc.so.6
#75 0x0000000000400759 in _start ()

Reported using DrKonqi
Comment 1 A. Spehr 2009-09-09 10:54:55 UTC 
Any particular facebook link? And what language was it in? Thanks!
Comment 2 Martin Naď 2009-09-09 12:20:32 UTC 
every confirms links, every links on http://apps.facebook.com/fishworld/* from my home page but when I copy this link and paste and go konqueror not crash (no everytime). Language is Czech
Comment 3 Dario Andres 2009-09-09 18:28:38 UTC 
Probably related to bug 206218 , bug 204132, bug 193177, bug 202705. Thanks
Comment 4 Dario Andres 2009-10-09 03:14:47 UTC 
*** Bug 209715 has been marked as a duplicate of this bug. ***
Comment 5 Dario Andres 2009-10-09 03:15:58 UTC 
*** Bug 207099 has been marked as a duplicate of this bug. ***
Comment 6 Frank Reininghaus 2009-10-13 19:24:46 UTC 
*** Bug 210399 has been marked as a duplicate of this bug. ***
Comment 7 Tommi Tervo 2009-12-03 16:49:52 UTC 
*** Bug 217222 has been marked as a duplicate of this bug. ***
Comment 8 Pino Toscano 2010-01-25 00:44:42 UTC 
*** Bug 224100 has been marked as a duplicate of this bug. ***
Comment 9 Germain Garand 2010-02-22 20:12:49 UTC 
SVN commit 1094434 by ggarand:

InlineBox::deleteLine shouldn't try to remove() the line box before
disposing of it.

This causes crashes in release mode because remove() will call to a
possibly invalid parent (this parent-is-invalid circumstance isn't fully
clear to me, though), the link to which is only nulled out in
Debug mode.

Let's play this low risk : align Release on Debug for branch backport...

BUG: 193717
BUG: 206832

 M  +0 -2      render_line.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1094434
Comment 10 Germain Garand 2010-02-22 20:12:53 UTC 
SVN commit 1094435 by ggarand:

InlineBox::deleteLine shouldn't try to remove() the line box before
disposing of it.

This causes crashes in release mode because remove() will call to a
possibly invalid parent (this parent-is-invalid circumstance isn't fully
clear to me, though), the link to which is only nulled out in
Debug mode.

Let's play this low risk : align Release on Debug for branch backport...

... then stop removing the line box instead.

BUG: 193717
BUG: 206832

 M  +3 -1      render_line.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1094435
Comment 11 Tommi Tervo 2010-09-14 13:00:17 UTC 
*** Bug 222303 has been marked as a duplicate of this bug. ***