Bug 70532 - Focus field chrashes Konqueror - testcase
Summary: Focus field chrashes Konqueror - testcase
Status: RESOLVED DUPLICATE of bug 88306
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-12-15 21:43 UTC by Niels
Modified: 2005-10-18 14:23 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Niels 2003-12-15 21:43:10 UTC 
Version:           3.1.94 (using KDE KDE 3.1.94)
Installed from:    Gentoo Packages
Compiler:          GCC 3.2.3 20030422 (Gentoo Linux 1.4 3.2.3-r2, propolice)
OS:          Linux

When I click the input field in this script, Konqueror immediately craches.

<html>
 <body>
  <form>
   <div id='test'>
    <input type='text' onfocus="document.getElementById('test').innerHTML='<img src=http://kde.org/media/images/kde_logo.jpg>';">
   </div>
  </form>
 </body>
</html>


QT is version 3.2.3. The backtrace from the crash handler is:

(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...[New Thread 16384 (LWP 14476)]
0x41154137 in waitpid ()
   from /lib/libpthread.so.0
#0  0x41154137 in waitpid () from /lib/libpthread.so.0
#1  0x407c441e in KCrash::defaultCrashHandler(int) ()
   from /usr/kde/3.2/lib/libkdecore.so.4
#2  0x41152fea in __pthread_sighandler () from /lib/libpthread.so.0
#3  <signal handler called>
#4  0x422e93c0 in khtml::InlineBoxIterator::operator++() ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#5  0x422f2217 in khtml::findFlowBox(DOM::NodeImpl*, long, khtml::RenderArena*, khtml::RenderFlow*&, khtml::InlineBox**) () from /usr/kde/3.2/lib/libkhtml.so.4
#6  0x422ee0da in KHTMLView::moveCaretTo(DOM::NodeImpl*, long, bool) ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#7  0x42317686 in KHTMLPart::khtmlMousePressEvent(khtml::MousePressEvent*) ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#8  0x423171e7 in KHTMLPart::customEvent(QCustomEvent*) ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#9  0x40bbac0c in QObject::event(QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3
#10 0x40b623a5 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#11 0x40b61795 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#12 0x4071fd0e in KApplication::notify(QObject*, QEvent*) ()
   from /usr/kde/3.2/lib/libkdecore.so.4
#13 0x422e2fda in KHTMLView::viewportMousePressEvent(QMouseEvent*) ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#14 0x422e4f87 in KHTMLView::eventFilter(QObject*, QEvent*) ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#15 0x40bbad2e in QObject::activate_filters(QEvent*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#16 0x40bbac51 in QObject::event(QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3
#17 0x40bf192c in QWidget::event(QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3
#18 0x40c7c8de in QLineEdit::event(QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3
#19 0x423ca00c in khtml::LineEditWidget::event(QEvent*) ()
   from /usr/kde/3.2/lib/libkhtml.so.4
#20 0x40b623a5 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#21 0x40b61888 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#22 0x4071fd0e in KApplication::notify(QObject*, QEvent*) ()
   from /usr/kde/3.2/lib/libkdecore.so.4
#23 0x40afadb8 in QETWidget::translateMouseEvent(_XEvent const*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#24 0x40af8549 in QApplication::x11ProcessEvent(_XEvent*) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#25 0x40b0ee77 in QEventLoop::processEvents(unsigned) ()
   from /usr/qt/3/lib/libqt-mt.so.3
#26 0x40b75606 in QEventLoop::enterLoop() () from /usr/qt/3/lib/libqt-mt.so.3
#27 0x40b754a8 in QEventLoop::exec() () from /usr/qt/3/lib/libqt-mt.so.3
#28 0x40b625f1 in QApplication::exec() () from /usr/qt/3/lib/libqt-mt.so.3
#29 0x41c2a8f5 in kdemain () from /usr/kde/3.2/lib/libkdeinit_konqueror.so
#30 0x408d78a6 in kdeinitmain () from /usr/kde/3.2/lib/kde3/konqueror.so
#31 0x0804d5cd in strcpy ()
#32 0x0804f584 in strcpy ()
#33 0x0804e36c in strcpy ()
#34 0x0804c17b in strcpy ()
#35 0x412c790c in __libc_start_main () from /lib/libc.so.6
Comment 1 Dik Takken 2003-12-16 01:25:22 UTC 
Not reproducable for me: KDE 3.2.94, QT 3.2.3
Comment 2 Stephan Kulow 2004-01-15 14:22:26 UTC 
possibly fixed
Comment 3 Niels 2005-06-22 21:59:46 UTC 
This still crashes my Konqueror, now 3.4.1.
Comment 4 Niels 2005-08-29 19:04:26 UTC 
Still crashes my 3.4.2. Here's another bt:

Using host libthread_db library "/lib/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 16038)]
[KCrash handler]
#5  0xb61986e1 in khtml::CaretBoxLine::addConvertedInlineBox (this=0x8ff9c70, 
    box=0x8fe430c, sbp=@0xbfdbb860) at khtml_caret.cpp:684
#6  0xb619879c in khtml::CaretBoxLine::addConvertedInlineBox (this=0x8ff9c70, 
    box=0x8fe4338, sbp=@0xbfdbb860) at khtml_caret.cpp:713
#7  0xb6198ee0 in khtml::CaretBoxLine::constructCaretBoxLine (deleter=0x0, 
    basicFlowBox=0x8fe4338, seekBox=0x0, seekOutside=96, 
    seekOutsideEnd=false, iter=@0x0, seekObject=0x0) at khtml_caret.cpp:831
#8  0xb61cfb03 in findCaretBoxLine (node=0x8ea58f8, offset=-1076119104, 
    cblDeleter=0xbfdbb9c0, base=0x8fe4098, r_ofs=@0xbfdbb974, 
    caretBoxIt=@0xbfdbb978) at khtml_caret.cpp:1076
#9  0xb619cc48 in KHTMLView::moveCaretTo (this=0x8ec1168, node=0x8ea58f8, 
    offset=1, clearSel=true) at khtmlview.cpp:3605
#10 0xb61b9e30 in KHTMLPart::khtmlMousePressEvent (this=0x8efe060, 
    event=0xbfdbbed0) at khtml_part.cpp:5871
#11 0xb61b994d in KHTMLPart::customEvent (this=0x8efe060, event=0xbfdbbed0)
    at khtml_part.cpp:5723
#12 0xb711b1f1 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3
#13 0xb70c24bc in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#14 0xb70c185d in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#15 0xb7760d97 in KApplication::notify (this=0xbfdbd130, receiver=0x8efe060, 
    event=0xbfdbbed0) at kapplication.cpp:549
#16 0xb7f9dd96 in QApplication::sendEvent (receiver=0x0, event=0x8fe4190)
    at qapplication.h:491
#17 0xb618ecfe in KHTMLView::viewportMousePressEvent (this=0x8ec1168, 
    _mouse=0xbfdbbed0) at khtmlview.cpp:971
#18 0xb619296f in KHTMLView::eventFilter (this=0x8ec1168, o=0x8d9ac58, 
    e=0xbfdbc860) at khtmlview.cpp:1870
#19 0xb711b30e in QObject::activate_filters ()
   from /usr/qt/3/lib/libqt-mt.so.3
#20 0xb711b236 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3
#21 0xb715303f in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3
#22 0xb71e166e in QLineEdit::event () from /usr/qt/3/lib/libqt-mt.so.3
#23 0xb62785ce in khtml::LineEditWidget::event (this=0xbfdbc860, e=0x8d9ac58)
    at render_form.cpp:403
#24 0xb70c24bc in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#25 0xb70c1970 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#26 0xb7760d97 in KApplication::notify (this=0xbfdbd130, receiver=0x8d9ac58, 
    event=0xbfdbc860) at kapplication.cpp:549
#27 0xb705760c in QETWidget::translateMouseEvent ()
   from /usr/qt/3/lib/libqt-mt.so.3
#28 0xb705527c in QApplication::x11ProcessEvent ()
   from /usr/qt/3/lib/libqt-mt.so.3
#29 0xb706c77b in QEventLoop::processEvents ()
   from /usr/qt/3/lib/libqt-mt.so.3
#30 0xb70d4398 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#31 0xb70d4248 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#32 0xb70c26f1 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#33 0xb66aa7a4 in kdemain () from /usr/kde/3.4/lib/libkdeinit_konqueror.so
#34 0xb68e8558 in ?? () from /usr/lib/libXau.so.6
#35 0x00000000 in ?? ()
#36 0xb6a2d530 in ?? ()
#37 0x0000002d in ?? ()
#38 0x0000002d in ?? ()
#39 0xb7fc1000 in ?? () from /lib/ld-linux.so.2
#40 0x00000002 in ?? ()
#41 0xb69fdff4 in ?? () from /lib/libc.so.6
#42 0xb7fc0c80 in _dl_argv_internal () from /lib/ld-linux.so.2
#43 0x00000003 in ?? ()
#44 0xb7881030 in mALLOc (bytes=0) at malloc.c:3533
#45 0xb78cc738 in ?? () from /usr/kde/3.4/lib/libkdecore.so.4
#46 0xb78dd5a4 in kde_malloc_is_used () from /usr/kde/3.4/lib/libkdecore.so.4
#47 0x08161600 in ?? ()
#48 0xbfdbce7c in ?? ()
#49 0xb7880c28 in free (m=0x0) at malloc.c:5536
#50 0x08163180 in ?? ()
#51 0xbfdbd100 in ?? ()
#52 0x082e6fb0 in ?? ()
#53 0xbfdbd120 in ?? ()
#54 0xbfdbd130 in ?? ()
#55 0x00000108 in ?? ()
#56 0xb78815ac in fREe (mem=0xb78dd5c0) at malloc.c:2996
#57 0xb69fe130 in lock.0 () from /lib/libc.so.6
#58 0xb69fdff4 in ?? () from /lib/libc.so.6
#59 0xbfdbcf84 in ?? ()
#60 0xb691163e in _nl_load_domain () from /lib/libc.so.6
Comment 5 Frank Osterfeld 2005-10-01 15:27:48 UTC 
I can reproduce this, using SVN 3.5 branch, rev. 465933

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1232771200 (LWP 27398)]
[KCrash handler]
#4  0xb6167b85 in khtml::CaretBoxLine::addConvertedInlineBox (this=0x8295468, 
    box=0x870a29c, sbp=@0xbfffddc0) at khtml_caret.cpp:685
#5  0xb6167c01 in khtml::CaretBoxLine::addConvertedInlineBox (this=0x8295468, 
    box=0x870a2c4, sbp=@0xbfffddc0) at render_line.h:163
#6  0xb6168b8a in khtml::CaretBoxLine::constructCaretBoxLine (
    deleter=0xbfffdfa0, basicFlowBox=0x870a2c4, seekBox=0x0, iter=@0x0, 
    seekObject=0x0) at khtml_caret.cpp:832
#7  0xb6169522 in findCaretBoxLine (node=0x8678b00, offset=-1073750112, 
    cblDeleter=0xbfffdfa0, base=0x870a03c, r_ofs=@0xbfffdf44, 
    caretBoxIt=@0xbfffdf48) at khtml_caret.cpp:1077
#8  0xb616f781 in KHTMLView::moveCaretTo (this=0x87a8fb8, node=0x8678b00, 
    offset=1, clearSel=true) at khtmlview.cpp:3965
#9  0xb6199ab3 in KHTMLPart::khtmlMousePressEvent (this=0x94eee98, 
    event=0xbfffe450) at qguardedptr.h:113
#10 0xb6199397 in KHTMLPart::customEvent (this=0x94eee98, event=0xbfffe450)
    at khtml_part.cpp:5908
#11 0xb6f5aa17 in QObject::event () from /usr/share/qt3/lib/libqt-mt.so.3
#12 0xb6f05370 in QApplication::internalNotify ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#13 0xb6f049d4 in QApplication::notify () from /usr/share/qt3/lib/libqt-mt.so.3
#14 0xb7530285 in KApplication::notify (this=0xbffff680, receiver=0x94eee98, 
    event=0xbfffe450) at kapplication.cpp:550
#15 0xb6159073 in KHTMLView::viewportMousePressEvent (this=0x87a8fb8, 
    _mouse=0xbfffe450) at khtmlview.cpp:982
#16 0xb615d7e4 in KHTMLView::eventFilter (this=0x87a8fb8, o=0x8704848, 
    e=0xbfffed90) at khtmlview.cpp:1890
#17 0xb6f5ab01 in QObject::activate_filters ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#18 0xb6f5aa5d in QObject::event () from /usr/share/qt3/lib/libqt-mt.so.3
#19 0xb6f9076f in QWidget::event () from /usr/share/qt3/lib/libqt-mt.so.3
#20 0xb701b346 in QLineEdit::event () from /usr/share/qt3/lib/libqt-mt.so.3
#21 0xb626c88c in khtml::LineEditWidget::event (this=0xbfffed90, e=0x8704848)
    at render_form.cpp:434
#22 0xb6f05370 in QApplication::internalNotify ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#23 0xb6f04ac7 in QApplication::notify () from /usr/share/qt3/lib/libqt-mt.so.3
#24 0xb7530285 in KApplication::notify (this=0xbffff680, receiver=0x8704848, 
    event=0xbfffed90) at kapplication.cpp:550
#25 0xb6e9e12f in QETWidget::translateMouseEvent ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#26 0xb6e9be1c in QApplication::x11ProcessEvent ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#27 0xb6eb1ec2 in QEventLoop::processEvents ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#28 0xb6f1674c in QEventLoop::enterLoop ()
   from /usr/share/qt3/lib/libqt-mt.so.3
#29 0xb6f1660e in QEventLoop::exec () from /usr/share/qt3/lib/libqt-mt.so.3
#30 0xb6f0557b in QApplication::exec () from /usr/share/qt3/lib/libqt-mt.so.3
#31 0xb7f391cc in kdemain (argc=0, argv=0x0) at konq_main.cc:206
#32 0x0804866b in main (argc=0, argv=0x0) at konqueror.la.cc:2
Comment 6 Tommi Tervo 2005-10-18 14:23:16 UTC 

*** This bug has been marked as a duplicate of 88306 ***