Bug 264985 - [CSS 2.1 Conformance] [testcase] Containing block and absolutely positioned element in @media print page triggers an application crash when attempting to print
Summary: [CSS 2.1 Conformance] [testcase] Containing block and absolutely positioned e...
Status: VERIFIED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: 4.5.5
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords: testcase
: 176772 213882 221331 279984 (view as bug list)
Depends on:
Blocks:
 
Reported: 2011-01-31 18:49 UTC by Gérard Talbot (no longer involved)
Modified: 2011-08-12 18:09 UTC (History)
6 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.6.1
Sentry Crash Report:

Attachments
patch (663 bytes, patch)
2011-02-04 00:35 UTC, Andrea Iacovitti 		Details
updated patch (1.06 KB, patch)
2011-02-06 18:07 UTC, Andrea Iacovitti 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Gérard Talbot (no longer involved) 2011-01-31 18:49:35 UTC 
Version:           4.5.5 (using KDE 4.5.5) 
OS:                Linux

Testcase URL
------------

http://test.csswg.org/suites/css2.1/20110111/html4/containing-block-024.htm

Relevant code
-------------

       <style type="text/css">
            @media print
            {
                #print
                {
                    display: none;
                }
                p
                {
                    margin-top: 1.1in;
                    page-break-after: always;
                }
                div
                {
                    border: solid black;
                    height: 1in;
                    left: 0;
                    position: absolute;
                    top: 0;
                    width: 1in;
                }
            }
        </style>
    </head>
    <body>
        <p id="print">PREREQUISITE: Switch to paged media view.</p>
        <p>Test passes if there is a black box above.</p>
        <div></div>

Reproducible: Always

Steps to Reproduce:
Load provided reduced self-explanatory testcase and try to print it

Actual Results:  
Konqueror 4.5.5 crashes

Expected Results:  
Konqueror 4.5.5 should print one single page.
Approximate expected page rendering is:

"
------------
|          |
|          |
|          |
|          |
------------

Test passes if there is a black box above.
"

I will paste a backtrace just as described in
http://techbase.kde.org/User:DarioAndres/Basic_Guide_about_Crash_Reporting#Backtraces

Konqueror 4.5.5, Linux 2.6.35-25-generic-pae, i686 (32bits), Qt 4.7.0 here.
Comment 1 Gérard Talbot (no longer involved) 2011-01-31 18:53:30 UTC 
Backtrace of crash
------------------

Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb524e9e0 (LWP 5355))]

Thread 5 (Thread 0xb2bcab70 (LWP 5356)):
#0  0xb78c8424 in __kernel_vsyscall ()
#1  0xb7748371 in select () from /lib/libc.so.6
#2  0xb69a3bb8 in QProcessManager::run (this=0xb6afc888) at io/qprocess_unix.cpp:245
#3  0xb68c6df9 in QThreadPrivate::start (arg=0xb6afc888) at thread/qthread_unix.cpp:266
#4  0xb58e6cc9 in start_thread () from /lib/libpthread.so.0
#5  0xb774f69e in clone () from /lib/libc.so.6

Thread 4 (Thread 0xadcedb70 (LWP 5366)):
#0  0xb5681e36 in clock_gettime () from /lib/librt.so.1
#1  0xb692250b in do_gettime () at tools/qelapsedtimer_unix.cpp:105
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:119
#3  0xb69f96e5 in QTimerInfoList::updateCurrentTime (this=0xa3ee0b4) at kernel/qeventdispatcher_unix.cpp:339
#4  0xb69f972a in QTimerInfoList::timerWait (this=0xa3ee0b4, tm=...) at kernel/qeventdispatcher_unix.cpp:442
#5  0xb69f77a8 in timerSourcePrepareHelper (src=<value optimized out>, timeout=0xadced0bc) at kernel/qeventdispatcher_glib.cpp:136
#6  0xb69f783d in timerSourcePrepare (source=0x0, timeout=0xb5685ff4) at kernel/qeventdispatcher_glib.cpp:169
#7  0xb55efe6a in g_main_context_prepare () from /lib/libglib-2.0.so.0
#8  0xb55f0279 in ?? () from /lib/libglib-2.0.so.0
#9  0xb55f0848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#10 0xb69f759f in QEventDispatcherGlib::processEvents (this=0xa0b09e8, flags=...) at kernel/qeventdispatcher_glib.cpp:417
#11 0xb69c7609 in QEventLoop::processEvents (this=0xadced290, flags=) at kernel/qeventloop.cpp:149
#12 0xb69c7a8a in QEventLoop::exec (this=0xadced290, flags=...) at kernel/qeventloop.cpp:201
#13 0xb68c3b7e in QThread::exec (this=0xa238ff8) at thread/qthread.cpp:490
#14 0xb69a635b in QInotifyFileSystemWatcherEngine::run (this=0xa238ff8) at io/qfilesystemwatcher_inotify.cpp:248
#15 0xb68c6df9 in QThreadPrivate::start (arg=0xa238ff8) at thread/qthread_unix.cpp:266
#16 0xb58e6cc9 in start_thread () from /lib/libpthread.so.0
#17 0xb774f69e in clone () from /lib/libc.so.6

Thread 3 (Thread 0xacc9ab70 (LWP 5807)):
#0  0xb78c8424 in __kernel_vsyscall ()
#1  0xb58eb4dc in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb775cd9d in pthread_cond_wait () from /lib/libc.so.6
#3  0xb68c79c7 in wait (this=0xc27eeb8, mutex=0xc27eeb4, time=4294967295) at thread/qwaitcondition_unix.cpp:88
#4  QWaitCondition::wait (this=0xc27eeb8, mutex=0xc27eeb4, time=4294967295) at thread/qwaitcondition_unix.cpp:160
#5  0xb63f9eaa in QFileInfoGatherer::run (this=0xc27eeac) at dialogs/qfileinfogatherer.cpp:214
#6  0xb68c6df9 in QThreadPrivate::start (arg=0xc27eeac) at thread/qthread_unix.cpp:266
#7  0xb58e6cc9 in start_thread () from /lib/libpthread.so.0
#8  0xb774f69e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xad49bb70 (LWP 5808)):
#0  0xb5681e36 in clock_gettime () from /lib/librt.so.1
#1  0xb692250b in do_gettime () at tools/qelapsedtimer_unix.cpp:105
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:119
#3  0xb69f96e5 in QTimerInfoList::updateCurrentTime (this=0xac306e34) at kernel/qeventdispatcher_unix.cpp:339
#4  0xb69f972a in QTimerInfoList::timerWait (this=0xac306e34, tm=...) at kernel/qeventdispatcher_unix.cpp:442
#5  0xb69f77a8 in timerSourcePrepareHelper (src=<value optimized out>, timeout=0xad49b0bc) at kernel/qeventdispatcher_glib.cpp:136
#6  0xb69f783d in timerSourcePrepare (source=0x0, timeout=0xb5685ff4) at kernel/qeventdispatcher_glib.cpp:169
#7  0xb55efe6a in g_main_context_prepare () from /lib/libglib-2.0.so.0
#8  0xb55f0279 in ?? () from /lib/libglib-2.0.so.0
#9  0xb55f0848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#10 0xb69f759f in QEventDispatcherGlib::processEvents (this=0xc22d578, flags=...) at kernel/qeventdispatcher_glib.cpp:417
#11 0xb69c7609 in QEventLoop::processEvents (this=0xad49b290, flags=) at kernel/qeventloop.cpp:149
#12 0xb69c7a8a in QEventLoop::exec (this=0xad49b290, flags=...) at kernel/qeventloop.cpp:201
#13 0xb68c3b7e in QThread::exec (this=0xc1489d8) at thread/qthread.cpp:490
#14 0xb69a635b in QInotifyFileSystemWatcherEngine::run (this=0xc1489d8) at io/qfilesystemwatcher_inotify.cpp:248
#15 0xb68c6df9 in QThreadPrivate::start (arg=0xc1489d8) at thread/qthread_unix.cpp:266
#16 0xb58e6cc9 in start_thread () from /lib/libpthread.so.0
#17 0xb774f69e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb524e9e0 (LWP 5355)):
[KCrash Handler]
#7  0xb1c9329f in khtml::RenderBlock::clearChildOfPageBreaks (this=0xa99ea18, child=0xa99eb60, pageBreakInfo=..., marginInfo=...) at ../../khtml/rendering/render_block.cpp:1670
#8  0xb1c950ba in khtml::RenderBlock::layoutBlockChildren (this=0xa99ea18, relayoutChildren=<value optimized out>) at ../../khtml/rendering/render_block.cpp:1607
#9  0xb1c95425 in khtml::RenderBlock::layoutBlock (this=0xa99ea18, relayoutChildren=true) at ../../khtml/rendering/render_block.cpp:837
#10 0xb1cf549d in khtml::RenderCanvas::layout (this=0xa99ea18) at ../../khtml/rendering/render_canvas.cpp:191
#11 0xb1b3350f in layoutIfNeeded (this=0xaa7afe0, quick=false) at ../../khtml/rendering/render_object.h:480
#12 KHTMLView::print (this=0xaa7afe0, quick=false) at ../../khtml/khtmlview.cpp:3284
#13 0xb1b91e60 in KHTMLPartBrowserExtension::print (this=0xac04198) at ../../khtml/khtml_ext.cpp:363
#14 0xb1b94933 in KHTMLPartBrowserExtension::qt_metacall (this=0xac04198, _c=QMetaObject::InvokeMetaMethod, _id=56, _a=0xbfe0cab8) at ./khtml_ext.moc:103
#15 0xb69ce8ca in QMetaObject::metacall (object=0xac04198, cl=QMetaObject::InvokeMetaMethod, idx=56, argv=0xbfe0cab8) at kernel/qmetaobject.cpp:237
#16 0xb69e16ad in QMetaObject::activate (sender=0x9e69980, m=0xb67ca370, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3280
#17 0xb5e43f99 in QAction::triggered (this=0x9e69980, _t1=false) at .moc/release-shared/moc_qaction.cpp:263
#18 0xb5e458dc in QAction::activate (this=0x9e69980, event=QAction::Trigger) at kernel/qaction.cpp:1256
#19 0xb63117ef in QMenuPrivate::activateCausedStack (this=0xa0ba7c8, causedStack=..., action=0x9e69980, action_e=QAction::Trigger, self=true) at widgets/qmenu.cpp:993
#20 0xb6317a4b in QMenuPrivate::activateAction (this=0xa0ba7c8, action=0x9e69980, action_e=QAction::Trigger, self=<value optimized out>) at widgets/qmenu.cpp:1085
#21 0xb63185e0 in QMenu::mouseReleaseEvent (this=0xa0a6810, e=0xbfe0d360) at widgets/qmenu.cpp:2301
#22 0xb70588a5 in KMenu::mouseReleaseEvent (this=0xa0a6810, e=0xbfe0d360) at ../../kdeui/widgets/kmenu.cpp:471
#23 0xb5ea9e08 in QWidget::event (this=0xa0a6810, event=0xbfe0d360) at kernel/qwidget.cpp:8187
#24 0xb631a02f in QMenu::event (this=0xa0a6810, e=0xbfe0d360) at widgets/qmenu.cpp:2410
#25 0xb5e4bfdc in QApplicationPrivate::notify_helper (this=0x9c35a20, receiver=0xa0a6810, e=0xbfe0d360) at kernel/qapplication.cpp:4396
#26 0xb5e52c2e in QApplication::notify (this=0xbfe0dd30, receiver=0xa0a6810, e=0xbfe0d360) at kernel/qapplication.cpp:3959
#27 0xb6f5cd8a in KApplication::notify (this=0xbfe0dd30, receiver=0xa0a6810, event=0xbfe0d360) at ../../kdeui/kernel/kapplication.cpp:310
#28 0xb69c8b3b in QCoreApplication::notifyInternal (this=0xbfe0dd30, receiver=0xa0a6810, event=0xbfe0d360) at kernel/qcoreapplication.cpp:732
#29 0xb5e51094 in sendEvent (receiver=0xa0a6810, event=0xbfe0d360, alienWidget=0x0, nativeWidget=0xa0a6810, buttonDown=0xb67e63c0, lastMouseReceiver=..., spontaneous=true) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#30 QApplicationPrivate::sendMouseEvent (receiver=0xa0a6810, event=0xbfe0d360, alienWidget=0x0, nativeWidget=0xa0a6810, buttonDown=0xb67e63c0, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3058
#31 0xb5ee0261 in QETWidget::translateMouseEvent (this=0xa0a6810, event=0xbfe0d87c) at kernel/qapplication_x11.cpp:4337
#32 0xb5edf151 in QApplication::x11ProcessEvent (this=0xbfe0dd30, event=0xbfe0d87c) at kernel/qapplication_x11.cpp:3414
#33 0xb5f0e36a in x11EventSourceDispatch (s=0x9c38c00, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#34 0xb55ec855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#35 0xb55f0668 in ?? () from /lib/libglib-2.0.so.0
#36 0xb55f0848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#37 0xb69f7565 in QEventDispatcherGlib::processEvents (this=0x9c1db70, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#38 0xb5f0dbe5 in QGuiEventDispatcherGlib::processEvents (this=0x9c1db70, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#39 0xb69c7609 in QEventLoop::processEvents (this=0xbfe0db74, flags=) at kernel/qeventloop.cpp:149
#40 0xb69c7a8a in QEventLoop::exec (this=0xbfe0db74, flags=...) at kernel/qeventloop.cpp:201
#41 0xb69cc00f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#42 0xb5e4ae07 in QApplication::exec () at kernel/qapplication.cpp:3672
#43 0xb78ad592 in kdemain (argc=2, argv=0xbfe0e014) at ../../../../apps/konqueror/src/konqmain.cpp:234
#44 0x080485ab in main (argc=2, argv=0xbfe0e014) at konqueror_dummy.cpp:3
Comment 2 Tommi Tervo 2011-01-31 21:45:24 UTC 
Possible related bug: 221331b

==24819== Invalid read of size 4
==24819==    at 0xE189D3B: khtml::RenderBlock::clearChildOfPageBreaks(khtml::RenderObject*, khtml::RenderBlock::PageBreakInfo&, khtml::RenderBlock::MarginInfo&) (render_block.cpp:1670)
==24819==    by 0xE1899B8: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1607)
==24819==    by 0xE1864F8: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:837)
==24819==    by 0xE2032AC: khtml::RenderCanvas::layout() (render_canvas.cpp:191)
==24819==    by 0xE03976C: khtml::RenderObject::layoutIfNeeded() (in /opt/kde46trnk/lib/libkhtml.so.5.6.0)
==24819==    by 0xE0304D0: KHTMLView::print(bool) (khtmlview.cpp:3142)
==24819==    by 0xE093897: KHTMLPartBrowserExtension::print() (khtml_ext.cpp:364)
==24819==    by 0xE09B45C: KHTMLPartBrowserExtension::qt_metacall(QMetaObject::Call, int, void**) (khtml_ext.moc:103)
==24819==    by 0x5071E5C: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==24819==    by 0x5081FFB: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3272)
==24819==    by 0x53772BC: QAction::triggered(bool) (moc_qaction.cpp:263)
==24819==    by 0x537755A: QAction::activate(QAction::ActionEvent) (qaction.cpp:1257)
==24819==    by 0x53776FF: QAction::event(QEvent*) (qaction.cpp:1183)
==24819==    by 0x494E04E: KAction::event(QEvent*) (kaction.cpp:131)
==24819==    by 0x537E413: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4445)
==24819==    by 0x5387136: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3845)
==24819==    by 0x4A3E55D: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==24819==    by 0x506B5BD: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:732)
==24819==    by 0x53B713E: QShortcutMap::dispatchEvent(QKeyEvent*) (qcoreapplication.h:215)
==24819==    by 0x53B86B4: QShortcutMap::tryShortcutEvent(QObject*, QKeyEvent*) (qshortcutmap.cpp:364)
==24819==    by 0x5388E37: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3887)
==24819==    by 0x4A3E55D: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==24819==    by 0x506B5BD: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:732)
==24819==    by 0x537C37C: qt_sendSpontaneousEvent(QObject*, QEvent*) (qcoreapplication.h:218)
==24819==    by 0x5430532: QKeyMapper::sendKeyEvent(QWidget*, bool, QEvent::Type, int, QFlags<Qt::KeyboardModifier>, QString const&, bool, int, unsigned int, unsigned int, unsigned int, bool*) (qkeymapper_x11.cpp:1867)
==24819==    by 0x5430A00: QKeyMapperPrivate::translateKeyEvent(QWidget*, _XEvent const*, bool) (qkeymapper_x11.cpp:1837)
==24819==    by 0x5409641: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3457)
==24819==    by 0x5434DAF: x11EventSourceDispatch(_GSource*, int (*)(void*), void*) (qguieventdispatcher_glib.cpp:146)
==24819==    by 0x65F6B48: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.2400.1)
==24819==    by 0x65F734F: ??? (in /usr/lib/libglib-2.0.so.0.2400.1)
==24819==    by 0x65F760D: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.2400.1)
==24819==    by 0x5099D5A: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:422)
==24819==    by 0x54349A9: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204)
==24819==    by 0x506A89C: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==24819==    by 0x506AAC8: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201)
==24819==    by 0x506F56F: QCoreApplication::exec() (qcoreapplication.cpp:1009)
==24819==    by 0x537C113: QApplication::exec() (qapplication.cpp:3719)
==24819==    by 0x40E154E: kdemain (konqmain.cpp:219)
==24819==    by 0x80487D8: main (konqueror_dummy.cpp:3)
==24819==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
Comment 3 Andrea Iacovitti 2011-02-04 00:35:23 UTC 
Created attachment 56841 [details]
patch

The attached diff fixes the crash for me, but two pages are printed
Comment 4 Gérard Talbot (no longer involved) 2011-02-04 01:48:34 UTC 
> two pages are printed

That could well be possible since, after the 
<p>Test passes if there is a black box above.</p>
, there should be a page-break. So, the 2nd page should be blank.

Andrea, Thank you for your assistance on this bug report,

Gérard
Comment 5 Maksim Orlovich 2011-02-06 16:40:57 UTC 
@Andrea: I have just made exactly the same patch and queued it. The change is correct, so feel free to commit it if you want/can.
Comment 6 Maksim Orlovich 2011-02-06 17:06:36 UTC 
*** Bug 221331 has been marked as a duplicate of this bug. ***
Comment 7 Maksim Orlovich 2011-02-06 17:11:24 UTC 
*** Bug 176772 has been marked as a duplicate of this bug. ***
Comment 8 Maksim Orlovich 2011-02-06 17:12:42 UTC 
*** Bug 213882 has been marked as a duplicate of this bug. ***
Comment 9 Andrea Iacovitti 2011-02-06 18:07:23 UTC 
Created attachment 56926 [details]
updated patch

@Maksim: Sorry, i can't commit at the moment (and for the next few days). Please, if you want, feel free to do it.

Just one hint/question: it's worth to duplicate the same check some lines later (see the updated patch) in your opinion?

thanks
Comment 10 Andrea Iacovitti 2011-02-08 00:19:42 UTC 
Git commit 0126c4bf738229fedb1a5a1c05abf565b3131dce by Andrea Iacovitti.
Committed on 07/02/11 at 21:57.
Pushed by aiacovitti into branch 'KDE/4.6'.

Check for parent() to avoid crash

BUG: 264985

M  +2    -2    khtml/rendering/render_block.cpp     

http://commits.kde.org/kdelibs/0126c4bf738229fedb1a5a1c05abf565b3131dce
Comment 11 Raphael Kubo da Costa 2011-02-08 01:11:08 UTC 
SVN commit 1219297 by rkcosta:

Mention bug khtml bug 264985 in the changelog.

CCBUG: 264985
CCMAIL: aiacovitti@libero.it


 M  +5 -0      changelog_branch_4_6.xml  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1219297
Comment 12 Gérard Talbot (no longer involved) 2011-03-28 01:17:06 UTC 
I get expected results (2 pages printed; the second one being blank) while using Konqueror 4.6.1 (KDE 4.6, Qt 4.7.0, Linux 2.6.35-28-generic-pae).

Marking VERIFIED as FIXED

Gérard
Comment 13 Christoph Feck 2011-08-12 18:09:10 UTC 
*** Bug 279984 has been marked as a duplicate of this bug. ***