Bug 72440 - konqueror crashes on javascripted window popup
Summary: konqueror crashes on javascripted window popup
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: openSUSE Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-01-12 04:00 UTC by Arthur Dodd
Modified: 2004-10-06 00:37 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
propoed patch (1.61 KB, patch)
2004-01-18 22:05 UTC, Waldo Bastian 		Details
proposed patch II (2.25 KB, patch)
2004-01-19 18:14 UTC, Waldo Bastian 		Details
iframe_onload.patch (2.17 KB, text/x-diff)
2004-04-17 01:08 UTC, Waldo Bastian 		Details
Show Obsolete (1) View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Arthur Dodd 2004-01-12 04:00:08 UTC 
Version:           unknown (using KDE 3.1.4)
Installed from:    SuSE
Compiler:          gcc version 3.3.1 (SuSE Linux)
OS:          Linux (i686) release 2.4.21-166-athlon

When I go to the website www.thepitfiend.com and then click on the "Listen Now" button it goes to load an html page popped up by a javascript. All of Konqueror then proceeds to crash.

The HTML page being loaded is stations.swcast.net/artman if that helps at all.
Comment 1 Arthur Dodd 2004-01-12 04:00:59 UTC 
Here's is the Backtrace:

(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...[New Thread 16384 (LWP 2080)]
(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...0x411e0a86 in waitpid ()
   from /lib/i686/libpthread.so.0
#0  0x411e0a86 in waitpid () from /lib/i686/libpthread.so.0
#1  0x406c6010 in KCrash::defaultCrashHandler(int) ()
   from /opt/kde3/lib/libkdecore.so.4
#2  0x411df96c in __pthread_sighandler () from /lib/i686/libpthread.so.0
#3  <signal handler called>
#4  0x41a6f217 in DOM::NodeImpl::removeHTMLEventListener(int) ()
   from /opt/kde3/lib/libkhtml.so.4
#5  0x41a6f306 in DOM::NodeImpl::setHTMLEventListener(int, DOM::EventListener*)
    () from /opt/kde3/lib/libkhtml.so.4
#6  0x41a97fa5 in DOM::HTMLFrameElementImpl::parseAttribute(DOM::AttributeImpl*) () from /opt/kde3/lib/libkhtml.so.4
#7  0x41a9917e in DOM::HTMLIFrameElementImpl::parseAttribute(DOM::AttributeImpl*) () from /opt/kde3/lib/libkhtml.so.4
#8  0x41a749de in DOM::ElementImpl::setAttributeMap(DOM::NamedAttrMapImpl*) ()
   from /opt/kde3/lib/libkhtml.so.4
#9  0x41a86f9a in khtml::KHTMLParser::parseToken(khtml::Token*) ()
   from /opt/kde3/lib/libkhtml.so.4
#10 0x41a8ee17 in khtml::HTMLTokenizer::processToken() ()
   from /opt/kde3/lib/libkhtml.so.4
#11 0x41a8cda1 in khtml::HTMLTokenizer::parseTag(khtml::DOMStringIt&) ()
   from /opt/kde3/lib/libkhtml.so.4
#12 0x41a8e465 in khtml::HTMLTokenizer::write(QString const&, bool) ()
   from /opt/kde3/lib/libkhtml.so.4
#13 0x41a8f73a in khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) ()
   from /opt/kde3/lib/libkhtml.so.4
#14 0x41b0ac84 in khtml::CachedScript::checkNotify() ()
   from /opt/kde3/lib/libkhtml.so.4
#15 0x41b0abfd in khtml::CachedScript::data(QBuffer&, bool) ()
   from /opt/kde3/lib/libkhtml.so.4
#16 0x41b0eed1 in khtml::Loader::slotFinished(KIO::Job*) ()
   from /opt/kde3/lib/libkhtml.so.4
#17 0x41b11526 in khtml::Loader::qt_invoke(int, QUObject*) ()
   from /opt/kde3/lib/libkhtml.so.4
#18 0x40abc69b in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#19 0x4019b1aa in KIO::Job::result(KIO::Job*) () from /opt/kde3/lib/libkio.so.4
#20 0x40187f97 in KIO::Job::emitResult() () from /opt/kde3/lib/libkio.so.4
#21 0x401894e6 in KIO::SimpleJob::slotFinished() ()
   from /opt/kde3/lib/libkio.so.4
#22 0x4018bcee in KIO::TransferJob::slotFinished() ()
   from /opt/kde3/lib/libkio.so.4
#23 0x4019cb39 in KIO::TransferJob::qt_invoke(int, QUObject*) ()
   from /opt/kde3/lib/libkio.so.4
#24 0x40abc69b in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#25 0x40abc464 in QObject::activate_signal(int) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#26 0x4017ea8c in KIO::SlaveInterface::finished() ()
   from /opt/kde3/lib/libkio.so.4
#27 0x4017d823 in KIO::SlaveInterface::dispatch(int, QMemArray<char> const&) ()
   from /opt/kde3/lib/libkio.so.4
#28 0x4017ce14 in KIO::SlaveInterface::dispatch() ()
   from /opt/kde3/lib/libkio.so.4
#29 0x4017a9db in KIO::Slave::gotInput() () from /opt/kde3/lib/libkio.so.4
#30 0x4017c46a in KIO::Slave::qt_invoke(int, QUObject*) ()
   from /opt/kde3/lib/libkio.so.4
#31 0x40abc69b in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#32 0x40abc7da in QObject::activate_signal(int, int) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#33 0x40debd90 in QSocketNotifier::activated(int) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#34 0x40ad97f0 in QSocketNotifier::event(QEvent*) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#35 0x40a5a6d6 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#36 0x40a599fe in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#37 0x406538c9 in KApplication::notify(QObject*, QEvent*) ()
   from /opt/kde3/lib/libkdecore.so.4
#38 0x40a46df5 in QEventLoop::activateSocketNotifiers() ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#39 0x40a021f6 in QEventLoop::processEvents(unsigned) ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#40 0x40a6e980 in QEventLoop::enterLoop() ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#41 0x40a6e876 in QEventLoop::exec() () from /usr/lib/qt3/lib/libqt-mt.so.3
#42 0x40a5a96f in QApplication::exec() () from /usr/lib/qt3/lib/libqt-mt.so.3
#43 0x4158f47a in main () from /opt/kde3/lib/konqueror.so
#44 0x0804d8f3 in launch(int, char const*, char const*, char const*, int, char const*, bool, char const*, bool, char const*) ()
#45 0x0804e71f in handle_launcher_request(int) ()
#46 0x0804eca8 in handle_requests(int) ()
#47 0x0804faf8 in main ()
Comment 2 Thiago Macieira 2004-01-12 04:10:39 UTC 
I can reproduce. Here's a backtrace with debugging symbols:

[New Thread 16384 (LWP 15028)]
0x4133d518 in waitpid () from /lib/libpthread.so.0
#0  0x4133d518 in waitpid () from /lib/libpthread.so.0
#1  0x4083ad68 in __JCR_LIST__ ()
   from /usr/local/kde3-20031222/lib/libkdecore.so.4
#2  0x4133c4a1 in __pthread_sighandler (signo=11, ctx=
      {gs = 0, __gsh = 0, fs = 0, __fsh = 0, es = 123, __esh = 0, ds = 123, __dsh = 0, edi = 17, esi = 140516240, ebp = 3221216168, esp = 3221216080, ebx = 1107635368, edx = 0, ecx = 0, eax = 0, trapno = 14, err = 4, eip = 1105647431, cs = 115, __csh = 0, eflags = 2163202, esp_at_signal = 3221216080, ss = 123, __ssh = 0, fpstate = 0xbfffd8d0, oldmask = 2147483648, cr2 = 28}) at sighandler.c:39
#3  0x414d5cc8 in killpg () from /lib/libc.so.6
#4  0x41e6d846 in DOM::NodeImpl::setHTMLEventListener(int, DOM::EventListener*)
    (this=0x0, id=17, listener=0x8601b90)
    at /home/thiago/programs/src/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:442
#5  0x41e98729 in DOM::HTMLFrameElementImpl::parseAttribute(DOM::AttributeImpl*) (this=0x854a088, attr=0x8601b90) at dom_nodeimpl.h:243
#6  0x41e99e09 in DOM::HTMLIFrameElementImpl::parseAttribute(DOM::AttributeImpl*) (this=0x854a088, attr=0x862d508)
    at /home/thiago/programs/src/kde/kdelibs/khtml/html/html_baseimpl.cpp:594
#7  0x41e73cda in DOM::ElementImpl::setAttributeMap(DOM::NamedAttrMapImpl*) (
    this=0x854a088, list=0x862d508)
    at /home/thiago/programs/src/kde/kdelibs/khtml/xml/dom_elementimpl.cpp:360
#8  0x41e84328 in khtml::KHTMLParser::parseToken(khtml::Token*) (
    this=0x85fac18, t=0x85fb0f4)
    at /home/thiago/programs/src/kde/kdelibs/khtml/html/htmlparser.cpp:249
#9  0x41e8c214 in khtml::HTMLTokenizer::processToken() (this=0x85fb0c0)
    at /home/thiago/programs/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1576
#10 0x41e8aac3 in khtml::HTMLTokenizer::parseTag(khtml::DOMStringIt&) (
    this=0x85fb0c0, src=@0x85fb1d4)
    at /home/thiago/programs/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1090
#11 0x41e8b7f6 in khtml::HTMLTokenizer::write(QString const&, bool) (
    this=0x85fb0c0, str=@0x85fb1d4, appendData=false)
    at /home/thiago/programs/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1344
#12 0x41e8cb1a in khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (
    this=0x85fb0c0)
    at /home/thiago/programs/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1644
#13 0x41f25883 in khtml::CachedScript::checkNotify() (this=0x848b230)
    at qptrdict.h:110
#14 0x41f257cf in khtml::CachedScript::data(QBuffer&, bool) (this=0x848b230, 
    buffer=@0x40055bf8)
    at /home/thiago/programs/src/kde/kdelibs/khtml/misc/loader.cpp:332
#15 0x41f296c7 in khtml::Loader::slotFinished(KIO::Job*) (this=0x84189b8, 
    job=0x8601260)
    at /home/thiago/programs/src/kde/kdelibs/khtml/misc/loader.cpp:1149
#16 0x41f2cc96 in khtml::Loader::qt_invoke(int, QUObject*) (this=0x84189b8, 
    _id=2, _o=0xbfffe230) at qucom_p.h:312
#17 0x40b72e09 in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#18 0x401913c8 in KIO::Job::result(KIO::Job*) (this=0x8601260, t0=0xfffffe00)
    at jobclasses.moc:156
#19 0x4017ab57 in KIO::Job::emitResult() (this=0x8601260)
    at /home/thiago/programs/src/kde/kdelibs/kio/kio/job.cpp:206
#20 0x4017c77e in KIO::SimpleJob::slotFinished() (this=0x8601260)
    at /home/thiago/programs/src/kde/kdelibs/kio/kio/job.cpp:530
#21 0x4017fb8f in KIO::TransferJob::slotFinished() (this=0xbfffe258)
    at /home/thiago/programs/src/kde/kdelibs/kio/kio/job.cpp:828
#22 0x40192aa0 in KIO::TransferJob::qt_invoke(int, QUObject*) (this=0x8601260, 
    _id=17, _o=0xbfffe5c0) at jobclasses.moc:800
#23 0x40b72e09 in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#24 0x40b72c05 in QObject::activate_signal(int) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#25 0x4016e03e in KIO::SlaveInterface::finished() (this=0xfffffe00)
    at qmetaobject.h:261
#26 0x4016b1f4 in KIO::SlaveInterface::dispatch(int, QMemArray<char> const&) (
    this=0x84b7638, _cmd=104, rawdata=@0xbfffe940)
    at /home/thiago/programs/src/kde/kdelibs/kio/kio/slaveinterface.cpp:255
#27 0x4016a444 in KIO::SlaveInterface::dispatch() (this=0x84b7638)
    at /home/thiago/programs/src/kde/kdelibs/kio/kio/slaveinterface.cpp:191
#28 0x401672d8 in KIO::Slave::gotInput() (this=0x40055bf8)
    at /home/thiago/programs/src/kde/kdelibs/kio/kio/slave.cpp:294
#29 0x40169989 in KIO::Slave::qt_invoke(int, QUObject*) (this=0x84b7638, 
    _id=4, _o=0xbfffeaa0) at slave.moc:113
#30 0x40b72e09 in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#31 0x40b72f3c in QObject::activate_signal(int, int) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#32 0x40e9ed7d in QSocketNotifier::activated(int) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#33 0x40b8e044 in QSocketNotifier::event(QEvent*) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#34 0x40b156e9 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#35 0x40b14d18 in QApplication::notify(QObject*, QEvent*) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#36 0x406d334c in KApplication::notify(QObject*, QEvent*) (this=0xbffff360, 
    receiver=0x8150620, event=0xbfffee00)
    at /home/thiago/programs/src/kde/kdelibs/kdecore/kapplication.cpp:503
#37 0x40b04720 in QEventLoop::activateSocketNotifiers() ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#38 0x40abfb19 in QEventLoop::processEvents(unsigned) ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#39 0x40b294b3 in QEventLoop::enterLoop() ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#40 0x40b29378 in QEventLoop::exec() ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#41 0x40b15918 in QApplication::exec() ()
   from /home/thiago/programs/obj-linux/kde/qt-copy/lib/libqt-mt.so.3
#42 0x416f324e in kdemain (argc=-512, argv=0xfffffe00)
    at /home/thiago/programs/src/kde/kdebase/konqueror/konq_main.cc:184
#43 0x416ad9a6 in kdeinitmain (argc=-512, argv=0xfffffe00)
    at konqueror_dummy.cc:2
#44 0x0804cd91 in launch (argc=4, _name=0x80660b4 "konqueror", 
    args=0x80660fc "/home/thiago", cwd=0x80660fc "/home/thiago", envc=44, 
    envs=0x8066696 "", reset_env=true, tty=0x0, avoid_loops=false, 
    startup_id_str=0xfffffe00 <Address 0xfffffe00 out of bounds>)
    at /home/thiago/programs/src/kde/kdelibs/kinit/kinit.cpp:604
#45 0x0804e354 in handle_launcher_request (sock=4)
    at /home/thiago/programs/src/kde/kdelibs/kinit/kinit.cpp:1167
#46 0x0804e94d in handle_requests (waitForPid=0)
    at /home/thiago/programs/src/kde/kdelibs/kinit/kinit.cpp:1350
#47 0x0804f987 in main (argc=3, argv=0xbffffa54, envp=0xfffffe00)
    at /home/thiago/programs/src/kde/kdelibs/kinit/kinit.cpp:1797
#48 0x414c4cb4 in __libc_start_main () from /lib/libc.so.6
Comment 3 Edmondo Tommasina 2004-01-13 22:08:30 UTC 
Some more information running it with valgrind:

edmondo@gollum:~> valgrind konqueror http://stations.swcast.net/artman
(...)
konqueror: KonqView::setLocationBarURL http://stations.swcast.net/artman this=0x46584ba4
konqueror: KonqMainWindow::setLocationBarURL: url = http://stations.swcast.net/artman
kio (Scheduler): Resume metadata is ''
kio (Scheduler): HOLD: Reusing held slave for http://stations.swcast.net/artman
konqueror: KonqMainWindow::slotRunFinished()
khtml (xml):  using compatibility parseMode
konqueror: KonqMainWindow::setCaption(SWCast.net :: The Pit Fiend.com Radio!)
==31541==
==31541== Invalid read of size 4
==31541==    at 0x49DE8A87: DOM::NodeImpl::removeHTMLEventListener(int) (dom_nodeimpl.cpp:425)
==31541==    by 0x49DE8B85: DOM::NodeImpl::setHTMLEventListener(int, DOM::EventListener*) (dom_nodeimpl.cpp:442)
==31541==    by 0x49E14950: DOM::HTMLFrameElementImpl::parseAttribute(DOM::AttributeImpl*) (dom_nodeimpl.h:243)
==31541==    by 0x49E16078: DOM::HTMLIFrameElementImpl::parseAttribute(DOM::AttributeImpl*) (html_baseimpl.cpp:592)
==31541==    Address 0x1C is not stack'd, malloc'd or free'd
(...)



And the backtrace without valgrind:
0x4163e2f9 in __wait4 () from /lib/libc.so.6
#0  0x4163e2f9 in __wait4 () from /lib/libc.so.6
#1  0x4163e2a7 in __libc_waitpid (pid=31556, stat_loc=0xfffffe00, options=0)
    at ../sysdeps/unix/sysv/linux/waitpid.c:26
#2  0x4144fbb3 in waitpid (pid=31556, stat_loc=0x0, options=0)
    at wrapsyscall.c:181
#3  0x408f21f4 in KCrash::defaultCrashHandler(int) (sig=11) at kcrash.cpp:246
#4  <signal handler called>
#5  DOM::NodeImpl::removeHTMLEventListener(int) (this=0x0, id=17)
    at dom_nodeimpl.cpp:425
#6  0x42135b86 in DOM::NodeImpl::setHTMLEventListener(int, DOM::EventListener*)
    (this=0x0, id=17, listener=0x834dbe0) at dom_nodeimpl.cpp:442
#7  0x42161951 in DOM::HTMLFrameElementImpl::parseAttribute(DOM::AttributeImpl*) (this=0x834f5c0, attr=0xbfffdcb0) at dom_nodeimpl.h:243
#8  0x42163079 in DOM::HTMLIFrameElementImpl::parseAttribute(DOM::AttributeImpl*) (this=0x834f5c0, attr=0x834e398) at html_baseimpl.cpp:592
#9  0x4213c1fa in DOM::ElementImpl::setAttributeMap(DOM::NamedAttrMapImpl*) (
    this=0x834f5c0, list=0x3) at dom_elementimpl.cpp:360
#10 0x4214ce11 in khtml::KHTMLParser::parseToken(khtml::Token*) (
    this=0x8324680, t=0x832457c) at htmlparser.cpp:249
#11 0x42154f30 in khtml::HTMLTokenizer::processToken() (this=0x8324548)
    at htmltokenizer.cpp:1576
#12 0x4215381d in khtml::HTMLTokenizer::parseTag(khtml::DOMStringIt&) (
    this=0x8324548, src=@0x832465c) at htmltokenizer.cpp:1090
#13 0x4215455e in khtml::HTMLTokenizer::write(QString const&, bool) (
    this=0x8324548, str=@0xbfffe070, appendData=false)
    at htmltokenizer.cpp:1344
#14 0x421558db in khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (
    this=0x8324548) at htmltokenizer.cpp:1645
Comment 4 Waldo Bastian 2004-01-18 22:04:35 UTC 
in HTMLFrameElementImpl::parseAttribute(AttributeImpl *attr)
for the case ATTR_ONLOAD:
static_cast<HTMLDocumentImpl*>( getDocument() )->body() result in a NULL pointer

Patch attached.
Comment 5 Waldo Bastian 2004-01-18 22:05:27 UTC 
Created attachment 4230 [details]
propoed patch

This patches fixes for me. Please review.
Comment 6 Waldo Bastian 2004-01-19 17:30:39 UTC 
Testcase to highlight the body() == 0 problem:

<HTML>
<IFRAME ID="SWResults" STYLE="display: none;"onLoad="SWUpdateChannel( );">
</IFRAME>
</HTML>
Comment 7 Waldo Bastian 2004-01-19 17:52:59 UTC 
Reason for body() == 0:
Body has not been generated because the IFRAME has not been inserted when parseAttribute is called.
Comment 8 Waldo Bastian 2004-01-19 18:14:26 UTC 
Created attachment 4243 [details]
proposed patch II

new patch, please review/commit
Comment 9 Edmondo Tommasina 2004-01-20 08:27:08 UTC 
Hi Waldo

I tested your proposed patch II. It's GOOD!!! :-) For me the problem it's solved. Thanks a lot for it.
Comment 10 Rob Buis 2004-02-18 20:10:58 UTC 
Hi,

So what is the status now? Patch just needs to be applied?
Cheers,

Rob.
Comment 11 Waldo Bastian 2004-04-15 15:32:29 UTC 
CVS commit by waba: 

Fix crash on http://stations.swcast.net/artman (BR72440)
CCMAIL: 72440-done@bugs.kde.org


  M +17 -11    html_baseimpl.cpp   1.197
  M +2 -0      html_baseimpl.h   1.85


--- kdelibs/khtml/html/html_baseimpl.cpp  #1.196:1.197
@@ -280,15 +280,4 @@ void HTMLFrameElementImpl::parseAttribut
         // when attached, has no effect
         break;
-    case ATTR_ONLOAD:
-        static_cast<HTMLDocumentImpl*>( getDocument() )->body()
-              ->setHTMLEventListener(EventImpl::LOAD_EVENT,
-            getDocument()->createHTMLEventListener(attr->value().string(),"onload"));
-        break;
-    case ATTR_ONUNLOAD:
-        static_cast<HTMLDocumentImpl*>( getDocument() )->body()
-              ->setHTMLEventListener(EventImpl::UNLOAD_EVENT,
-            getDocument()->createHTMLEventListener(attr->value().string(),"onunload"));
-        break;
-
     default:
         HTMLElementImpl::parseAttribute(attr);
@@ -296,4 +285,21 @@ void HTMLFrameElementImpl::parseAttribut
 }
 
+void HTMLFrameElementImpl::insertedIntoDocument()
+{
+    HTMLElementImpl *body = static_cast<HTMLDocumentImpl*>( getDocument() )->body();
+
+    DOMString onLoad = getAttribute(ATTR_ONLOAD);
+    if (!onLoad.isNull())
+        body->setHTMLEventListener(EventImpl::LOAD_EVENT,
+            getDocument()->createHTMLEventListener(onLoad.string(),"onload"));
+
+    DOMString onUnLoad = getAttribute(ATTR_ONUNLOAD);
+    if (!onUnLoad.isNull())
+        body->setHTMLEventListener(EventImpl::UNLOAD_EVENT,
+            getDocument()->createHTMLEventListener(onUnLoad.string(),"onunload"));
+
+    HTMLElementImpl::insertedIntoDocument();
+}
+
 void HTMLFrameElementImpl::attach()
 {

--- kdelibs/khtml/html/html_baseimpl.h  #1.84:1.85
@@ -89,4 +89,6 @@ public:
     virtual void attach();
 
+    virtual void insertedIntoDocument();
+
     bool noResize() { return noresize; }
     void setLocation( const DOMString& str );
Comment 12 Waldo Bastian 2004-04-16 10:08:45 UTC 
On Fri April 16 2004 00:48, Dirk Mueller wrote:
> > Without it it crashes on this attached testcase. Suggestions for how to
> > let it fix both?
>
> There are two possible solutions:
>
> a) review again if we should really register it on the body or if we can do
> it differently.

What are the other options?

> b) create the body node on demand when it doesn't exist yet. thats not a
> problem, the parser can handle that.

KHTMLParser::insertNode would be the place to do that, right? The problem is 
that setAttributeMap is called before insertNode is called, so even when the 
iframe causes the body element to get created (I think it does that already?)  
the body element hasn't been inserted yet at the time setAttributeMap is 
called. See also http://bugs.kde.org/show_bug.cgi?id=72440 comment #7

Cheers,
Waldo
Comment 13 Dirk Mueller 2004-04-16 21:52:30 UTC 
On Friday 16 April 2004 10:10, Waldo Bastian wrote:

> > a) review again if we should really register it on the body or if we can
> > do it differently.
> What are the other options?

the document node, the document element (my best hopes are for the latter). 

> > b) create the body node on demand when it doesn't exist yet. thats not a
> > problem, the parser can handle that.
> KHTMLParser::insertNode would be the place to do that, right? The problem
> is that setAttributeMap is called before insertNode is called, so even when
> the iframe causes the body element to get created (I think it does that
> already?) the body element hasn't been inserted yet at the time
> setAttributeMap is called. See also
> http://bugs.kde.org/show_bug.cgi?id=72440 comment #7

ahmm, right, I remember now. if a) doesn't work we maybe have to attach an 
autogenerated <body> right after parsing <html>.
Comment 14 Waldo Bastian 2004-04-17 01:08:36 UTC 
On Fri April 16 2004 21:52, Dirk Mueller wrote:
> On Friday 16 April 2004 10:10, Waldo Bastian wrote:
> > > a) review again if we should really register it on the body or if we
> > > can do it differently.
> >
> > What are the other options?
>
> the document node, the document element (my best hopes are for the latter).

Like this?

Cheers,
Waldo


Created an attachment (id=5666)
iframe_onload.patch
Comment 15 David Faure 2004-10-06 00:37:52 UTC 
For the record: this is now fixed in CVS, as part of the gmail fix.