219920 – [testcase site] Konqueror crashes at http://lxr.kde.org / http://xmpp.org/extensions/xep-0136.html [QVector, khtml::RenderTableSection::cellAt, khtml::RenderTableSection::addCell]

Bug 219920 - [testcase site] Konqueror crashes at http://lxr.kde.org / http://xmpp.org/extensions/xep-0136.html [QVector, khtml::RenderTableSection::cellAt, khtml::RenderTableSection::addCell]

Summary: [testcase site] Konqueror crashes at http://lxr.kde.org / http://xmpp.org/ext...

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Unlisted Binaries Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:	testcase

Depends on:
Blocks:

Reported:	2009-12-24 07:51 UTC by jensmh
Modified:	2010-02-22 20:12 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
New crash information added by DrKonqi: --- konqueror from trunk as of today also crashes. I do not exactly what to write here to make the bug reporting assitent happy, I just wanted to add the backtrace from trunk. Hopefully this is now enough text. (8.65 KB, text/plain) 2009-12-24 08:01 UTC, jensmh	Details
Non-reduced testcase (website save) (38.29 KB, application/gzip) 2010-01-28 21:47 UTC, Dario Andres	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description jensmh 2009-12-24 07:51:18 UTC

Application that crashed: konqueror
Version of the application: 4.3.4 (KDE 4.3.4)
KDE Version: 4.3.4 (KDE 4.3.4)
Qt Version: 4.5.3
Operating System: Linux 2.6.32-trunk-amd64 x86_64
Distribution: Debian GNU/Linux unstable (sid)

What I was doing when the application crashed:
When I go to http://lxr.kde.org and search for the identifier "i18n", konqueror crashes.
I tried 2 times -> 2 crashes.


 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
The current source language is "auto; currently c".
[KCrash Handler]
#5  QVector<khtml::RenderTableCell*>::detach (this=0x1a76aa0, cell=0xbb9e3f0, row=0xbb9e370) at /usr/include/qt4/QtCore/qvector.h:129
#6  QVector<khtml::RenderTableCell*>::data (this=0x1a76aa0, cell=0xbb9e3f0, row=0xbb9e370) at /usr/include/qt4/QtCore/qvector.h:133
#7  QVector<khtml::RenderTableCell*>::operator[] (this=0x1a76aa0, cell=0xbb9e3f0, row=0xbb9e370) at /usr/include/qt4/QtCore/qvector.h:338
#8  khtml::RenderTableSection::cellAt (this=0x1a76aa0, cell=0xbb9e3f0, row=0xbb9e370) at ../../khtml/rendering/render_table.h:237
#9  khtml::RenderTableSection::addCell (this=0x1a76aa0, cell=0xbb9e3f0, row=0xbb9e370) at ../../khtml/rendering/render_table.cpp:1160
#10 0x00007ff53d278f17 in khtml::RenderTableRow::addChild (this=0xbb9e370, child=0xbb9e3f0, beforeChild=0x0) at ../../khtml/rendering/render_table.cpp:2279
#11 0x00007ff53d19d14b in DOM::NodeImpl::createRendererIfNeeded (this=0x6aec990) at ../../khtml/xml/dom_nodeimpl.cpp:1084
#12 0x00007ff53d1a82e9 in DOM::ElementImpl::attach (this=0x1a76aa0) at ../../khtml/xml/dom_elementimpl.cpp:863
#13 0x00007ff53d1d84ea in khtml::KHTMLParser::insertNode (this=0x126ef50, n=0x6aec990, flat=false) at ../../khtml/html/htmlparser.cpp:429
#14 0x00007ff53d1daa2f in khtml::KHTMLParser::parseToken (this=0x126ef50, t=0x125b778) at ../../khtml/html/htmlparser.cpp:302
#15 0x00007ff53d1db4d1 in khtml::HTMLTokenizer::processToken (this=0x125b750) at ../../khtml/html/htmltokenizer.cpp:2056
#16 0x00007ff53d1e2514 in khtml::HTMLTokenizer::parseTag (this=0x125b750, src=...) at ../../khtml/html/htmltokenizer.cpp:1529
#17 0x00007ff53d1e4b40 in khtml::HTMLTokenizer::write (this=0x125b750, str=<value optimized out>, appendData=<value optimized out>) at ../../khtml/html/htmltokenizer.cpp:1810
#18 0x00007ff53d127485 in KHTMLPart::write (this=<value optimized out>, 
    data=0x682c048 "; </td><td><a class='search-ref' href=\"/source/KDE/kdepim/runtime/resources/pop3/pop3resource.cpp#606\">/KDE/kdepim/runtime/resources/pop3/pop3resource.cpp, line 606</a></td>\n</tr><tr>\n  <td width='30'"..., len=<value optimized out>) at ../../khtml/khtml_part.cpp:2104
#19 0x00007ff53d1290cc in KHTMLPart::slotData (this=0x1885e80, kio_job=<value optimized out>, data=...) at ../../khtml/khtml_part.cpp:1786
#20 0x00007ff53d150308 in KHTMLPart::qt_metacall (this=0x1885e80, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff4c249760) at ./khtml_part.moc:271
#21 0x00007ff54f0cedf2 in QMetaObject::activate (sender=0x12a5e60, from_signal_index=<value optimized out>, to_signal_index=40, argv=0x1a76b20) at kernel/qobject.cpp:3112
#22 0x00007ff54e17c1a4 in KIO::TransferJob::data (this=0x1a76aa0, _t1=0x12a5e60, _t2=<value optimized out>) at ./jobclasses.moc:364
#23 0x00007ff54e181a26 in KIO::TransferJob::qt_metacall (this=0x12a5e60, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff4c249890) at ./jobclasses.moc:344
#24 0x00007ff54f0cedf2 in QMetaObject::activate (sender=0x11dbea0, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x1a76b20) at kernel/qobject.cpp:3112
#25 0x00007ff54e240f22 in KIO::SlaveInterface::data (this=0x1a76aa0, _t1=<value optimized out>) at ./slaveinterface.moc:140
#26 0x00007ff54e244a58 in KIO::SlaveInterface::dispatch (this=0x11dbea0, _cmd=100, rawdata=...) at ../../kio/kio/slaveinterface.cpp:163
#27 0x00007ff54e2411d3 in KIO::SlaveInterface::dispatch (this=0x11dbea0) at ../../kio/kio/slaveinterface.cpp:91
#28 0x00007ff54e23410d in KIO::Slave::gotInput (this=0x11dbea0) at ../../kio/kio/slave.cpp:322
#29 0x00007ff54e23622c in KIO::Slave::qt_metacall (this=0x11dbea0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff4c249c10) at ./slave.moc:76
#30 0x00007ff54f0cedf2 in QMetaObject::activate (sender=0xcb0680, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x1a76b20) at kernel/qobject.cpp:3112
#31 0x00007ff54e14ffb7 in KIO::ConnectionPrivate::dequeue (this=0x10b9f00) at ../../kio/kio/connection.cpp:82
#32 0x00007ff54e1500dd in KIO::Connection::qt_metacall (this=0xcb0680, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x293c530) at ./connection.moc:73
#33 0x00007ff54f0c96c8 in QObject::event (this=0xcb0680, e=0xb04e0d0) at kernel/qobject.cpp:1110
#34 0x00007ff54d03a01d in QApplicationPrivate::notify_helper (this=0xaeb420, receiver=0xcb0680, e=0xb04e0d0) at kernel/qapplication.cpp:4065
#35 0x00007ff54d04207a in QApplication::notify (this=0x7fff4c24a7a0, receiver=0xcb0680, e=0xb04e0d0) at kernel/qapplication.cpp:4030
#36 0x00007ff54dc91e06 in KApplication::notify (this=0x7fff4c24a7a0, receiver=0xcb0680, event=0xb04e0d0) at ../../kdeui/kernel/kapplication.cpp:302
#37 0x00007ff54f0b9c9c in QCoreApplication::notifyInternal (this=0x7fff4c24a7a0, receiver=0xcb0680, event=0xb04e0d0) at kernel/qcoreapplication.cpp:610
#38 0x00007ff54f0ba8e4 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0xa7bf80) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#39 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xa7bf80) at kernel/qcoreapplication.cpp:1247
#40 0x00007ff54f0e27d3 in QCoreApplication::sendPostedEvents (s=<value optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#41 postEventSourceDispatch (s=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:276
#42 0x00007ff54bf5113a in ?? () from /lib/libglib-2.0.so.0
#43 0x0000000000000000 in ?? ()

Reported using DrKonqi

Comment 1 jensmh 2009-12-24 08:01:42 UTC

Created attachment 39300 [details]
New crash information added by DrKonqi:
---
konqueror from trunk as of today also crashes.

I do not exactly what to write here to make the bug reporting assitent happy,
I just wanted to add the backtrace from trunk.

Hopefully this is now enough text.


I do not exactly what to write here to make the bug reporting assitent happy,
I just wanted to add the backtrace from trunk.

Hopefully this is now enough text.

Comment 2 Dario Andres 2009-12-24 20:53:30 UTC

This could be related to bug 202499 or bug 187742

Comment 3 Anne-Marie Mahfouf 2010-01-28 21:04:06 UTC

I get the same backtrace from http://xmpp.org/extensions/xep-0136.html
I ran Konqueror through gdb to get the backtrace

--------
(gdb) bt                                                                                         
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb5fd4c00 in raise () from /lib/i686/libc.so.6
#2  0xb5fd6668 in abort () from /lib/i686/libc.so.6
#3  0xb7121b72 in qt_message_output (msgType=QtFatalMsg,
    buf=0x8ed2b90 "ASSERT failure in QVector<T>::operator[]: \"index out of range\", file /usr/local/branch-src/qt-kde/include/QtCore/../../src/corelib/tools/qvector.h, line 346")
    at global/qglobal.cpp:2250
#4  0xb7121d7c in qt_message (msgType=QtFatalMsg,
    msg=0xb72de944 "ASSERT failure in %s: \"%s\", file %s, line %d",
    ap=0xbfb1e1a4 "\215öÁ³zöÁ³,öÁ³Z\001") at global/qglobal.cpp:2296
#5  0xb7121dea in qFatal (msg=0xb72de944 "ASSERT failure in %s: \"%s\", file %s, line %d")
    at global/qglobal.cpp:2479
#6  0xb7121e28 in qt_assert_x (where=0xb3c1f68d "QVector<T>::operator[]",
    what=0xb3c1f67a "index out of range",
    file=0xb3c1f62c "/usr/local/branch-src/qt-kde/include/QtCore/../../src/corelib/tools/qvector.h", line=346) at global/qglobal.cpp:2021
#7  0xb39054ed in QVector<khtml::RenderTableCell*>::operator[] (this=0x90255e8, i=3)
    at /usr/local/branch-src/qt-kde/include/QtCore/../../src/corelib/tools/qvector.h:346
#8  0xb390553c in khtml::RenderTableSection::cellAt (this=0x8ed04c4, row=1, col=3)
    at /usr/local/branch-src/kdelibs/khtml/rendering/render_table.h:237
#9  0xb38fe60a in khtml::RenderTableSection::addCell (this=0x8ed04c4, cell=0x8ed0780,
    row=0x8ed072c) at /usr/local/branch-src/kdelibs/khtml/rendering/render_table.cpp:1331
#10 0xb38fea5d in khtml::RenderTableRow::addChild (this=0x8ed072c, child=0x8ed0780,
    beforeChild=0x0) at /usr/local/branch-src/kdelibs/khtml/rendering/render_table.cpp:2279
#11 0xb37d8d7c in DOM::NodeImpl::createRendererIfNeeded (this=0x913a868)
    at /usr/local/branch-src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1084
#12 0xb37e461b in DOM::ElementImpl::attach (this=0x913a868)
    at /usr/local/branch-src/kdelibs/khtml/xml/dom_elementimpl.cpp:888
#13 0xb387bae1 in DOM::HTMLTableCellElementImpl::attach (this=0x913a868)
    at /usr/local/branch-src/kdelibs/khtml/html/html_tableimpl.cpp:943
#14 0xb37d5d75 in DOM::NodeBaseImpl::attach (this=0x913a6c0)
    at /usr/local/branch-src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1823
#15 0xb37e4626 in DOM::ElementImpl::attach (this=0x913a6c0)
    at /usr/local/branch-src/kdelibs/khtml/xml/dom_elementimpl.cpp:891
#16 0xb37d5d75 in DOM::NodeBaseImpl::attach (this=Cannot access memory at address 0xbfb1e3e8)
    at /usr/local/branch-src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1823

Comment 4 Anne-Marie Mahfouf 2010-01-28 21:07:24 UTC

Konqueror from 4.4 branch
Qt : 4.6.1
Plate-forme de développement de KDE : 4.3.95 (KDE 4.3.95 (KDE 4.4 RC2))
Konqueror : 4.3.95 (KDE 4.3.95 (KDE 4.4 RC2))

and also Konqueror trunk
Qt: 4.6.1
KDE Development Platform: 4.4.60 (KDE 4.4.60 (KDE 4.5 >= 20100120))
Konqueror: 4.4.60 (KDE 4.4.60 (KDE 4.5 >= 20100120))

Comment 5 Dario Andres 2010-01-28 21:47:08 UTC

I can reproduce the crash here using:

Qt: 4.6.1 (kde-qt master commit 5ccbae0c2d9254efe67599137afec763d4fec0f6
        Date:   Tue Jan 19 20:42:24 2010 +0100)
KDE Development Platform: 4.4.61 (KDE 4.4.61 (KDE 4.5 >= 20100127))
kdelibs svn rev. 1081027 / kdebase svn rev. 1078669
on ArchLinux i686 - Kernel 2.6.32.3

Comment 6 Dario Andres 2010-01-28 21:47:47 UTC

Created attachment 40325 [details]
Non-reduced testcase (website save)

Comment 7 Germain Garand 2010-02-22 20:12:34 UTC

SVN commit 1094430 by ggarand:

really big tables could overflow those

BUG: 219920

 M  +4 -4      render_table.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1094430