Bug 73333 - konqueror segfault: not easily reproducible, but very good backtrace
Summary: konqueror segfault: not easily reproducible, but very good backtrace
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: Debian testing Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 71775 (view as bug list)
Depends on:
Blocks:
 
Reported: 2004-01-23 16:36 UTC by Dominique Devriese
Modified: 2004-02-02 21:15 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Dominique Devriese 2004-01-23 16:36:37 UTC 
Version:            (using KDE KDE 3.1.5)
Installed from:    Debian testing/unstable Packages

Hi,

(This is a forward of the following bug report:
http://bugs.debian.org/229114 )  It looks like somehow, a 0-pointer ended up in the cachedScript QPtrList, although it appears it's not supposed to be there ( no null-checks on its contents anywhere ), so the problem is prolly how the 0-pointer got there.  Maybe a 0-check should be done before adding something to the list ?

cheers
domi

---

I've been getting a lot of mysterious segfaults from konqueror, and haven't  
had much luck finding out what's causing them. 
 
This time, I followed Dominique Devriese's advice, installed his debug  
versions of konqueror and kdelibs4, and ran konqueror inside of gdb, to get a  
backtrace. 
 
Here are the contents of konqueror-crash-s0QTsc.log, which shows which pages I  
was browsing when the segfault occured. 
 
closed(329baae2): 
opened(329baae2):file:/home/meldroc 
closed(329baae2): 
opened(329baae2):http://episteme.arstechnica.com/6/ubb.x 
closed(329baae2):http://episteme.arstechnica.com/6/ubb.x 
opened(329baae2):http://episteme.arstechnica.com/eve/ubb.x?a=frm&s=50009562&f=34709834 
closed(329baae2):http://episteme.arstechnica.com/eve/ubb.x?a=frm&s=50009562&f=34709834 
opened(329baae2):http://episteme.arstechnica.com/eve/ubb.x?a=tpc&s=50009562&f=34709834&m=26600106189 
 
In any case, surfing at Ars Technica's forums at  
http://episteme.arstechnica.com/6/ubb.x has caused frequent segfaults of this  
kind for me, as that particular site uses some complex javascript and css  
features that aren't frequently used elsewhere (and cause some rendering  
problems in Konqueror as well. 
 
Without further ado, here's the backtrace.  I can reproduce this segfault  
fairly easily on my machine, and I know that other people aren't getting them  
nearly as much.  So if you need more information, (I'm trying to feed  
konqueror through valgrind at the moment) let me know. 
 
Program received signal SIGSEGV, Segmentation fault. 
[Switching to Thread 1100894880 (LWP 8230)] 
0x4208d5f2 in khtml::CachedScript::isLoaded() const (this=0x0) at loader.h:231 
231     loader.h: No such file or directory. 
        in loader.h 
Current language:  auto; currently c++ 
(gdb) info threads 
* 1 Thread 1100894880 (LWP 8230)  0x4208d5f2 in  
khtml::CachedScript::isLoaded() const (this=0x0) at loader.h:231 
(gdb) backtrace full 
#0  0x4208d5f2 in khtml::CachedScript::isLoaded() const (this=0x0) 
    at loader.h:231 
No locals. 
#1  0x4208c98f in khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) ( 
    this=0x85f0060) at ../../../khtml/html/htmltokenizer.cpp:1602 
        done = false 
#2  0x421135c7 in khtml::CachedScript::checkNotify() (this=0x8929cc0) 
    at ../../../khtml/misc/loader.cpp:267 
        it = {<QGListIterator> = {list = 0x8929cc4, 
    curNode = 0x0}, <No data fields>} 
#3  0x4211354c in khtml::CachedScript::data(QBuffer&, bool) (this=0x8929cc0, 
    buffer=@0x892f9ac, eof=true) at ../../../khtml/misc/loader.cpp:259 
        data = {static null = { 
    static null = <same as static member of an already seen type>, 
    d = 0x804c0d8, static shared_null = 0x804c0d8}, d = 0x89294f0, 
  static shared_null = 0x804c0d8} 
#4  0x4211725c in khtml::Loader::slotFinished(KIO::Job*) (this=0x83c0f48, 
    job=0x8936718) at ../../../khtml/misc/loader.cpp:1107 
        expireDate = 1094341308 
        r = (Request *) 0x892f9a8 
        j = (class TransferJob *) 0x8936718 
#5  0x42119827 in khtml::Loader::qt_invoke(int, QUObject*) (this=0x83c0f48, 
    _id=2, _o=0xbfffecb0) at loader.moc:260 
No locals. 
---Type <return> to continue, or q <return> to quit--- 
#6  0x40bcc38c in QObject::activate_signal(QConnectionList*, QUObject*) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#7  0x402fb60f in KIO::Job::result(KIO::Job*) (this=0x8936718, t0=0x8936718) 
    at jobclasses.moc:156 
        clist = (struct QConnectionList *) 0x88e29e0 
        o = {{type = 0x4101c278, payload = {b = 68, c = 68 'D', s = -3516, 
      i = 1090581060, l = 1090581060, uc = 68 'D', us = 62020, 
      ui = 1090581060, ul = 1090581060, f = 8.05914688, 
      d = -1.9953081645209219, byte = "Dò\000AÈìÿ¿\217\235æ@`\016\222\b", 
      bytearray = {data = 0x4100f244 "\020\016k", size = 3221220552}, 
      ptr = 0x4100f244, voidstar = {ptr = 0x4100f244, owner = 200}, 
      charstar = {ptr = 0x4100f244 "\020\016k", owner = 200}, utf8 = { 
        ptr = 0x4100f244 "\020\016k", owner = 200}, local8bit = { 
        ptr = 0x4100f244 "\020\016k", owner = 200}, iface = 0x4100f244, 
      idisp = 0x4100f244}}, {type = 0x4101c2a0, payload = {b = 24, 
      c = 24 '\030', s = 26392, i = 143877912, l = 143877912, uc = 24 '\030', 
      us = 26392, ui = 143877912, ul = 143877912, f = 8.87147791e-34, 
      d = 46200.251046849589, byte = "\030g\223\b\b\217æ@èíÿ¿`\016\222\b", 
      bytearray = {data = 0x8936718 "\b%G@àä\222\b°Ô\222\b", 
        size = 1088851720}, ptr = 0x8936718, voidstar = {ptr = 0x8936718, 
        owner = 8}, charstar = {ptr = 0x8936718 "\b%G@àä\222\b°Ô\222\b", 
        owner = 8}, utf8 = {ptr = 0x8936718 "\b%G@àä\222\b°Ô\222\b", 
        owner = 8}, local8bit = {ptr = 0x8936718 "\b%G@àä\222\b°Ô\222\b", 
---Type <return> to continue, or q <return> to quit--- 
        owner = 8}, iface = 0x8936718, idisp = 0x8936718}}} 
#8  0x402e9d28 in KIO::Job::emitResult() (this=0x8936718) 
    at ../../../kio/kio/job.cpp:183 
No locals. 
#9  0x402eb4db in KIO::SimpleJob::slotFinished() (this=0x8936718) 
    at ../../../kio/kio/job.cpp:501 
No locals. 
#10 0x402ed115 in KIO::TransferJob::slotFinished() (this=0x8936718) 
    at ../../../kio/kio/job.cpp:780 
No locals. 
#11 0x402fd3e6 in KIO::TransferJob::qt_invoke(int, QUObject*) (this=0x8936718, 
    _id=17, _o=0xbfffef70) at jobclasses.moc:787 
No locals. 
#12 0x40bcc38c in QObject::activate_signal(QConnectionList*, QUObject*) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#13 0x40bcc1c4 in QObject::activate_signal(int) () from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#14 0x402dc68f in KIO::SlaveInterface::finished() (this=0x86c5050) 
    at slaveinterface.moc:226 
No locals. 
#15 0x402dae58 in KIO::SlaveInterface::dispatch(int, QMemArray<char> const&) ( 
    this=0x86c5050, _cmd=104, rawdata=@0xbffff150) 
    at ../../../kio/kio/slaveinterface.cpp:260 
---Type <return> to continue, or q <return> to quit--- 
        stream = <incomplete type> 
        str1 = {static null = { 
    static null = <same as static member of an already seen type>, 
    d = 0x804c0d8, static shared_null = 0x804c0d8}, d = 0x804c0d8, 
  static shared_null = 0x804c0d8} 
        i = 1088855376 
        b = -65 '¿' 
        ul = 0 
#16 0x402daafa in KIO::SlaveInterface::dispatch() (this=0x86c5050) 
    at ../../../kio/kio/slaveinterface.cpp:196 
        cmd = 104 
        data = {<> = {<No data fields>}, <No data fields>} 
#17 0x402d872b in KIO::Slave::gotInput() (this=0x86c5050) 
    at ../../../kio/kio/slave.cpp:221 
No locals. 
#18 0x402d9fcf in KIO::Slave::qt_invoke(int, QUObject*) (this=0x86c5050, 
    _id=4, _o=0xbffff270) at slave.moc:113 
No locals. 
#19 0x40bcc38c in QObject::activate_signal(QConnectionList*, QUObject*) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#20 0x40bcc4ed in QObject::activate_signal(int, int) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
---Type <return> to continue, or q <return> to quit--- 
#21 0x40eea722 in QSocketNotifier::activated(int) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#22 0x40be8310 in QSocketNotifier::event(QEvent*) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#23 0x40b70a6f in QApplication::internalNotify(QObject*, QEvent*) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#24 0x40b7007b in QApplication::notify(QObject*, QEvent*) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#25 0x407b00ee in KApplication::notify(QObject*, QEvent*) (this=0xbffff840, 
    receiver=0x86c4b60, event=0xbffff580)  
at ../../kdecore/kapplication.cpp:455 
        t = SockAct 
#26 0x40b607aa in QEventLoop::activateSocketNotifiers() () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#27 0x40b1c108 in QEventLoop::processEvents(unsigned) () 
   from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#28 0x40b842d8 in QEventLoop::enterLoop() () from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#29 0x40b84188 in QEventLoop::exec() () from /usr/lib/libqt-mt.so.3 
---Type <return> to continue, or q <return> to quit--- 
No symbol table info available. 
#30 0x40b70cc1 in QApplication::exec() () from /usr/lib/libqt-mt.so.3 
No symbol table info available. 
#31 0x40084888 in main (argc=1, argv=0xbffff9b4) 
    at ../../konqueror/konq_main.cc:131 
        app = {<KApplication> = {<> = {<No data fields>}, <KInstance> = { 
      _vptr.KInstance = 0x400f0124, _dirs = 0x80f5260, _config = 0x80f50c8, 
      _iconLoader = 0x811d440, _name = <incomplete type>, 
      _aboutData = 0x8051948, d = 0x80f4a28}, static metaObj = 0x8104a30, 
    display = 0x8052e28, kipcCommAtom = 268, kipcEventMask = 255, 
    static KApp = 0xbffff840, pArgc = 1074010740, pSessionConfig = 0x0, 
    static s_DCOPClient = 0x81005f0, static s_dcopClientNeedsPostInit = false, 
    aCaption = {static null = { 
        static null = <same as static member of an already seen type>, 
        d = 0x804c0d8, static shared_null = 0x804c0d8}, d = 0x804c0d8, 
      static shared_null = 0x804c0d8}, bSessionManagement = true, 
    aIconPixmap = <incomplete type>, aMiniIconPixmap = <incomplete type>, 
    aIconName = {static null = { 
        static null = <same as static member of an already seen type>, 
        d = 0x804c0d8, static shared_null = 0x804c0d8}, d = 0x804c0d8, 
      static shared_null = 0x804c0d8}, aMiniIconName = {static null = { 
        static null = <same as static member of an already seen type>, 
        d = 0x804c0d8, static shared_null = 0x804c0d8}, d = 0x804c0d8, 
      static shared_null = 0x804c0d8}, useStyles = true, smw = 0x812b978, 
---Type <return> to continue, or q <return> to quit--- 
    static loadedByKdeinit = false, captionLayout = 1095819372, 
    d = 0x80f4c70}, closed_by_sm = false} 
        kiface = (class KonquerorIface *) 0x812bf68 
        args = (KCmdLineArgs *) 0x8052de8 
        crashlog_file = {mError = 0, mTmpName = {static null = { 
      static null = <same as static member of an already seen type>, 
      d = 0x804c0d8, static shared_null = 0x804c0d8}, d = 0x812e438, 
    static shared_null = 0x804c0d8}, mFd = 15, mStream = 0x0, mFile = 0x0, 
  mTextStream = 0x0, mDataStream = 0x0, bOpen = true, bAutoDelete = false, 
  d = 0x3a52bc} 
        list = (class QWidgetList *) 0x8130980 
        it = {<QPtrListIterator<QWidget>> = {<QGListIterator> = { 
      list = 0x812e438, 
      curNode = 0x408c4640}, <No data fields>}, <No data fields>} 
        w = (struct QWidget *) 0x414ab9ce 

cheers
domi
Comment 1 Stephan Kulow 2004-01-24 13:12:54 UTC 
*** Bug 71775 has been marked as a duplicate of this bug. ***
Comment 2 Waldo Bastian 2004-01-29 16:39:19 UTC 
Probably fixed by r1.284 of htmltokenizer.cpp
Comment 3 Dirk Mueller 2004-02-02 21:15:23 UTC 
yes, indeed.