Bug 73311 - Konqueror crashes on http://www.mozdev.org
Summary: Konqueror crashes on http://www.mozdev.org
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 73338 73570 74174 74240 74411 75002 75320 75767 79376 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-01-23 10:24 UTC by Cornelius Schumacher
Modified: 2004-07-06 12:40 UTC (History)
11 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Cornelius Schumacher 2004-01-23 10:24:21 UTC 
Version:            (using KDE Devel)
Installed from:    Compiled sources

When going to http://www.mozdev.org Konqueror crashes in khtml. Coolo has the backtrace.
Comment 1 Stephan Kulow 2004-01-23 10:46:10 UTC 
(gdb) where
#0  0x421dc20d in khtml::RenderBox::calcWidth() (this=0x87e9760) at /coolo/prod/kdelibs/khtml/rendering/render_box.cpp:621
#1  0x421eb89f in khtml::RenderImage::setPixmap(QPixmap const&, QRect const&, khtml::CachedImage*) (this=0x87e9760, p=@0x8aeb0a8,
    r=@0xbfffd9d0, o=0x89880c0) at /coolo/prod/kdelibs/khtml/rendering/render_image.cpp:153
#2  0x4223c0a6 in khtml::CachedImage::ref(khtml::CachedObjectClient*) (this=0x89880c0, c=0x87e9760)
    at /coolo/prod/kdelibs/khtml/misc/loader.cpp:465
#3  0x421ecf53 in khtml::RenderImage::updateImage(khtml::CachedImage*) (this=0x87e9760, new_image=0x89880c0)
    at /coolo/prod/kdelibs/khtml/rendering/render_image.cpp:412
#4  0x421eb45c in khtml::RenderImage::setContentObject(khtml::CachedObject*) (this=0x87e9760, co=0x89880e8)
    at /coolo/prod/kdelibs/khtml/rendering/render_image.cpp:91
#5  0x421d9012 in khtml::RenderContainer::updatePseudoChild(khtml::RenderStyle::PseudoId, khtml::RenderObject*) (this=0x87e9680,
    type=AFTER, child=0x0) at /coolo/prod/kdelibs/khtml/rendering/render_container.cpp:270
#6  0x421c175e in khtml::RenderBlock::setStyle(khtml::RenderStyle*) (this=0x87e9680, _style=0x89caa50)
    at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:95
#7  0x421d0605 in khtml::RenderObject::createObject(DOM::NodeImpl*, khtml::RenderStyle*) (node=0x89caa10, style=0x89caa50)
    at /coolo/prod/kdelibs/khtml/rendering/render_object.cpp:129
#8  0x4217abbb in DOM::ElementImpl::attach() (this=0x89caa10) at /coolo/prod/kdelibs/khtml/xml/dom_elementimpl.cpp:444
#9  0x4218d356 in khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (this=0x8b54040, n=0x89caa10, flat=false)
    at /coolo/prod/kdelibs/khtml/html/htmlparser.cpp:318
#10 0x4218d255 in khtml::KHTMLParser::parseToken(khtml::Token*) (this=0x8b54040, t=0x8418444)
    at /coolo/prod/kdelibs/khtml/html/htmlparser.cpp:276
#11 0x4219561a in khtml::HTMLTokenizer::processToken() (this=0x8418410) at /coolo/prod/kdelibs/khtml/html/htmltokenizer.cpp:1577
#12 0x42193fe9 in khtml::HTMLTokenizer::parseTag(khtml::DOMStringIt&) (this=0x8418410, src=@0x8418524)
    at /coolo/prod/kdelibs/khtml/html/htmltokenizer.cpp:1090
#13 0x421949c2 in khtml::HTMLTokenizer::write(QString const&, bool) (this=0x8418410, str=@0xbfffde50, appendData=true)
    at /coolo/prod/kdelibs/khtml/html/htmltokenizer.cpp:1345

David and I see the same crash in the domts test suite and tracked it down
to the code 
void HTMLObjectBaseElementImpl::renderAlternative()
{
    // an unbelievable hack. FIXME!!

It detaches the renderer and deletes some cached objects.

BTW: the main page doesn't crash for me, but http://www.mozdev.org/projects/active.html does reproducable
Comment 2 Stephan Kulow 2004-01-23 17:40:39 UTC 
*** Bug 73338 has been marked as a duplicate of this bug. ***
Comment 3 Dirk Mueller 2004-01-25 04:54:05 UTC 
Subject: kdelibs/khtml

CVS commit by mueller: 

* rendering/render_image.cpp (setPixmap): handle cases when
we're not inserted in the tree yet, but the image is already loaded
(this happens when the memory cache actually works) (#73311).
CCMAIL: 73311-done@bugs.kde.org


  M +6 -0      ChangeLog   1.182
  M +11 -6     rendering/render_image.cpp   1.129


--- kdelibs/khtml/rendering/render_image.cpp  #1.128:1.129
@@ -151,6 +151,8 @@ void RenderImage::setPixmap( const QPixm
         int oldwidth = m_width;
         int oldheight = m_height;
+        if ( parent() ) {
         calcWidth();
         calcHeight();
+        }
 
         if(iwchanged || m_width != oldwidth || m_height != oldheight)
@@ -161,4 +163,7 @@ void RenderImage::setPixmap( const QPixm
     }
 
+    // we're not fully integrated in the tree yet.. we'll come back.
+    if ( !parent() )
+        return;
 
     if(needlayout)

--- kdelibs/khtml/ChangeLog  #1.181:1.182
@@ -1,2 +1,8 @@
+2004-01-25  Dirk Mueller  <mueller@kde.org>
+
+        * rendering/render_image.cpp (setPixmap): handle cases when
+        we're not inserted in the tree yet, but the image is already loaded
+        (this happens when the memory cache actually works) (#73311).
+
 2004-01-23  Lubos Lunak  <l.lunak@kde.org>
Comment 4 Sashmit Bhaduri 2004-01-27 06:53:05 UTC 
*** Bug 73570 has been marked as a duplicate of this bug. ***
Comment 5 Stephan Kulow 2004-02-05 16:25:27 UTC 
*** Bug 74240 has been marked as a duplicate of this bug. ***
Comment 6 Stephan Kulow 2004-02-07 10:11:57 UTC 
*** Bug 74411 has been marked as a duplicate of this bug. ***
Comment 7 Stephan Kulow 2004-02-07 10:12:48 UTC 
*** Bug 74174 has been marked as a duplicate of this bug. ***
Comment 8 Tommi Tervo 2004-02-11 22:49:32 UTC 
*** Bug 75002 has been marked as a duplicate of this bug. ***
Comment 9 Stephan Kulow 2004-02-16 13:54:51 UTC 
*** Bug 75320 has been marked as a duplicate of this bug. ***
Comment 10 Stephan Kulow 2004-02-21 16:55:50 UTC 
*** Bug 75767 has been marked as a duplicate of this bug. ***
Comment 11 Tommi Tervo 2004-07-06 12:40:14 UTC 
*** Bug 79376 has been marked as a duplicate of this bug. ***