90462 – Crash while rendering http://hasso.linux.ee/konq-crash.html

Bug 90462 - Crash while rendering http://hasso.linux.ee/konq-crash.html

Summary: Crash while rendering http://hasso.linux.ee/konq-crash.html

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml renderer (show other bugs)
Version:	3.3
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (11):	119472 128021 128595 128766 130180 131547 132071 132135 133373 135882 137676 (view as bug list)
Depends on:
Blocks:

Reported:	2004-09-29 13:37 UTC by Hasso Tepper
Modified:	2006-11-21 17:58 UTC (History)
CC List:	11 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Hasso Tepper 2004-09-29 13:37:43 UTC

Version:           3.3 (using KDE 3.3.89 (CVS >= 20040820), compiled sources)
Compiler:          gcc version 3.3.4 (Debian 1:3.3.4-12)
OS:                Linux (i686) release 2.6.8.1-ipv6conntrack

http://hasso.linux.ee/konq-crash.html is part of internal web page. I'm still able to reproduce crash with it, but failed to remove more html code. I can remove either of javascript blocks - no crash any more. I can remove one "<td></td>" from line 11 - no crash any more. I have no KDE with debug info at the moment, so no backtrace. I can reproduce crash with 3.3 branch as well.

Comment 1 Tommi Tervo 2004-09-29 14:47:38 UTC

#21 0x41c8f5d5 in khtml::CollapsedBorderValue::style (this=0xbfffe770)
    at render_style.h:234
#22 0x41c8bdca in compareBorders (border1=@0xbfffe7b8, border2=@0xbfffe770)
    at render_table.cpp:1894
#23 0x41c8c393 in khtml::RenderTableCell::collapsedRightBorder (this=0x85cbeb0)
    at render_table.cpp:1976
#24 0x41c8cfb5 in khtml::RenderTableCell::borderRight (this=0x85cbeb0)
    at render_table.cpp:2150
#25 0x41c5ac07 in khtml::RenderBlock::calcMinMaxWidth (this=0x85cbeb0)
    at render_block.cpp:1987
#26 0x41c8b8ef in khtml::RenderTableCell::calcMinMaxWidth (this=0x85cbeb0)
    at render_table.cpp:1782
#27 0x41c6daf8 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbeb0)
    at render_object.cpp:1727
#28 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbd7c)
    at render_object.cpp:1713
#29 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbd1c)
    at render_object.cpp:1713
#30 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbc78)
    at render_object.cpp:1713
#31 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbbf0)
    at render_object.cpp:1713
#32 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbbcc)
    at render_object.cpp:1713
#33 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbb6c)
    at render_object.cpp:1713
#34 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cbac8)
    at render_object.cpp:1713
#35 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cba40)
    at render_object.cpp:1713
#36 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cb994)
    at render_object.cpp:1713
#37 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cb934)
    at render_object.cpp:1713
#38 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cb890)
    at render_object.cpp:1713
#39 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cb818)
    at render_object.cpp:1713
#40 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cb758)
    at render_object.cpp:1713
#41 0x41c6da09 in khtml::RenderObject::recalcMinMaxWidths (this=0x85cb668)
    at render_object.cpp:1713
#42 0x41ca6a3c in khtml::RenderCanvas::layout (this=0x85cb668)
    at render_canvas.cpp:135
#43 0x41b94e65 in KHTMLView::layout (this=0x851dd48) at khtmlview.cpp:727
#44 0x41b9d2b5 in KHTMLView::timerEvent (this=0x851dd48, e=0xbffff2c0)
    at khtmlview.cpp:2702
#45 0x40c84253 in QObject::event () from /opt/qt333/lib/libqt-mt.so.3
#46 0x40cbcb0f in QWidget::event () from /opt/qt333/lib/libqt-mt.so.3
#47 0x40c2a0bf in QApplication::internalNotify ()
   from /opt/qt333/lib/libqt-mt.so.3
#48 0x40c296be in QApplication::notify () from /opt/qt333/lib/libqt-mt.so.3
#49 0x407b1ed7 in KApplication::notify (this=0xbffff6a0, receiver=0x851dd48, 
    event=0xbffff2c0) at kapplication.cpp:495
#50 0x40c198f5 in QEventLoop::activateTimers ()
   from /opt/qt333/lib/libqt-mt.so.3
#51 0x40bd2ccb in QEventLoop::processEvents ()
   from /opt/qt333/lib/libqt-mt.so.3
#52 0x40c3c478 in QEventLoop::enterLoop () from /opt/qt333/lib/libqt-mt.so.3
#53 0x40c3c328 in QEventLoop::exec () from /opt/qt333/lib/libqt-mt.so.3
#54 0x40c2a311 in QApplication::exec () from /opt/qt333/lib/libqt-mt.so.3
#55 0x41801b17 in kdemain (argc=2, argv=0x80ecef8) at konq_main.cc:204
#56 0x40977938 in kdeinitmain (argc=2, argv=0x80ecef8) at konqueror_dummy.cc:2
#57 0x0804e2c5 in launch (argc=2, _name=0x80ecd3c "konqueror", 
    args=0x80ecd4f "\001", cwd=0x0, envc=1, envs=0x80ecd60 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x80ecd64 "baron;1096458387;826932;638_TIME193289363")
    at kinit.cpp:599
#58 0x0804f5d8 in handle_launcher_request (sock=8) at kinit.cpp:1163
#59 0x0804fccb in handle_requests (waitForPid=0) at kinit.cpp:1364
#60 0x08051335 in main (argc=3, argv=0xbffffd24, envp=0xbffffd34)
    at kinit.cpp:1817

Comment 2 Tommi Tervo 2004-09-29 14:59:00 UTC

Maybe related to #84579, bt is although different.

Comment 3 Hasso Tepper 2004-10-25 15:01:06 UTC

Current CVS works with this particular testcase. But with actual webpage I took this testcase from still crashes. Backtrace looks same. I'm not in the mood to walk again through this "html" trying to reduce it to the minimum. And as this page is in intranet and might contain info not meant to public, I will not post whole file here. If any of khtml developers wishes, I can send it privately though.

Comment 4 Hasso Tepper 2005-02-08 14:09:13 UTC

Current CVS (HEAD compiled in yesterday) crashes again with it. Not 100% though, but after some reloads it does.

Comment 5 Matteo Croce 2005-06-13 23:59:39 UTC

konqueror in kde 3.4 crashes too

Comment 6 Lauri Watts 2005-06-14 00:09:04 UTC

still crashes in HEAD SVN (pre 3.5)

Thanks to someone pasting the url in irc so I found this out the hard way :)

Comment 7 Matteo Croce 2005-06-14 16:30:45 UTC

I have found where konqueror crashes and i made a vey minimal test case.
The evil page is here: http://www.openjlab.org/konq-crash.html
I hope it will help solve this bug.

Comment 8 Matteo Croce 2005-07-02 18:39:41 UTC

Ok, i guess that there is a race condition, because adding that patch
to the evil html page won't crash konqueror:

--- konq-crash.html     2005-07-02 18:33:10.000000000 +0200
+++ konq-nocrash.html   2005-07-02 18:38:45.000000000 +0200
@@ -10,6 +10,7 @@
 <script>
         var el = document.getElementById('foo').childNodes(0).childNodes(0);
         var badV = el.childNodes(1);
+        alert('Konqueror will never crash!');
         el.removeChild(badV); // <=== this crashes
 </script>
 </body></html>

Comment 9 Charles Samuels 2006-03-04 21:40:25 UTC

I can't reproduce this in 3.5.1.

Can we get another confirmation?

Comment 10 Hasso Tepper 2006-03-04 21:54:37 UTC

Still crashes with URL from original report for me (sorry, forgot to put it back after site reorganisation, it's back now).

Comment 11 Jakub Stachowski 2006-04-01 19:18:02 UTC

Still crashes on 3.5.2

Comment 12 Matteo Croce 2006-04-02 23:03:54 UTC

Doesn't crash on my 3.5.2 (Debian sid amd64)

Comment 13 Ismail Donmez 2006-05-07 02:05:20 UTC

Doesn't crash here either KDE 3.5 SVN.

Comment 14 Patrick 2006-06-07 09:44:08 UTC

Doesn't crash here. Using konqueror 3.5.3.

Comment 15 Hasso Tepper 2006-06-07 11:08:50 UTC

Doesn't crash here either any more. Closing bug.

Comment 16 Tommi Tervo 2006-06-07 11:26:48 UTC

svn 541k crashes:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1235568960 (LWP 11481)]
0xb5fc1362 in khtml::CollapsedBorderValue::style (this=0xbfb165dc)
    at render_style.h:267
267     render_style.h: No such file or directory.
        in render_style.h
(gdb) bt
#0  0xb5fc1362 in khtml::CollapsedBorderValue::style (this=0xbfb165dc)
    at render_style.h:267
#1  0xb5fbaa21 in compareBorders (border1=@0xbfb16648, border2=@0xbfb165dc)
    at render_table.cpp:2222
#2  0xb5fbb054 in khtml::RenderTableCell::collapsedRightBorder (this=0x841884c)
    at render_table.cpp:2304
#3  0xb5fbbcdc in khtml::RenderTableCell::borderRight (this=0x841884c)
    at render_table.cpp:2478
#4  0xb5f76c4f in khtml::RenderBlock::calcMinMaxWidth (this=0x841884c)
    at render_block.cpp:2536
#5  0xb5fba289 in khtml::RenderTableCell::calcMinMaxWidth (this=0x841884c)
    at render_table.cpp:2089

Comment 17 Tommi Tervo 2006-06-10 17:35:31 UTC

*** Bug 128595 has been marked as a duplicate of this bug. ***

Comment 18 Mathias Weigt 2006-06-13 09:29:13 UTC

No crash here (kde-3.5.3) on gentoo (gcc-3.4.6) but on www.microsoft.com
So Bug 128595 doesn't seem the same.

Comment 19 Maksim Orlovich 2006-06-18 00:46:24 UTC

*** Bug 119472 has been marked as a duplicate of this bug. ***

Comment 20 Maksim Orlovich 2006-06-18 00:48:13 UTC

*** Bug 128021 has been marked as a duplicate of this bug. ***

Comment 21 makomk 2006-06-22 00:24:11 UTC

A quick run of Valgrind suggests Konqueror is reading from freed memory:

==2137== Invalid read of size 4
==2137==    at 0x7A0D976: khtml::DataRef<khtml::StyleSurroundData>::operator->() const (render_style.h:99)
==2137==    by 0x7B1B9DF: khtml::RenderStyle::borderLeft() const (render_style.h:977)
==2137==    by 0x7B16A26: khtml::RenderTableCell::collapsedRightBorder() const (render_table.cpp:2304)
==2137==    by 0x7B174FF: khtml::RenderTableCell::borderRight() const (render_table.cpp:2478)
==2137==    by 0x7ADD088: khtml::RenderBlock::calcMinMaxWidth() (render_block.cpp:2561)
==2137==    by 0x7B15F4E: khtml::RenderTableCell::calcMinMaxWidth() (render_table.cpp:2089)
==2137==    by 0x7AF458B: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1881)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7AF44F8: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1867)
==2137==    by 0x7B36254: khtml::RenderCanvas::layout() (render_canvas.cpp:159)
==2137==    by 0x7A09C97: KHTMLView::layout() (khtmlview.cpp:825)
==2137==    by 0x7A0A30F: KHTMLView::timerEvent(QTimerEvent*) (khtmlview.cpp:3418)
==2137==    by 0x4F0ECE7: QObject::event(QEvent*) (in /usr/qt/3/lib/libqt-mt.so.3.3.6)
==2137==    by 0x4F4A7BB: QWidget::event(QEvent*) (in /usr/qt/3/lib/libqt-mt.so.3.3.6)
==2137==    by 0x4EAD0FE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/qt/3/lib/libqt-mt.so.3.3.6)
==2137==    by 0x4EAD29B: QApplication::notify(QObject*, QEvent*) (in /usr/qt/3/lib/libqt-mt.so.3.3.6)
==2137==    by 0x4A1EC74: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:550)
==2137==    by 0x4EA051B: QEventLoop::activateTimers() (in /usr/qt/3/lib/libqt-mt.so.3.3.6)
==2137==  Address 0x64BF46C is 36 bytes inside a block of size 60 free'd
==2137==    at 0x401C61C: operator delete(void*) (vg_replace_malloc.c:244)
==2137==    by 0x7A77B26: khtml::Shared<khtml::RenderStyle>::deref() (shared.h:16)
==2137==    by 0x7AF828E: khtml::RenderObject::~RenderObject() (render_object.cpp:205)
==2137==    by 0x7B01917: khtml::RenderContainer::~RenderContainer() (render_box.cpp:58)
==2137==    by 0x7AFB587: khtml::RenderBox::~RenderBox() (render_box.cpp:179)
==2137==    by 0x7AE39B7: khtml::RenderFlow::~RenderFlow() (render_inline.h:36)
==2137==    by 0x7AD90EA: khtml::RenderBlock::~RenderBlock() (render_block.cpp:108)
==2137==    by 0x7B1D01C: khtml::RenderTableCell::~RenderTableCell() (render_table.cpp:2897)
==2137==    by 0x7AF35C7: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void*) (render_object.cpp:1565)
==2137==    by 0x7AF51BC: khtml::RenderObject::detach() (render_object.cpp:1556)
==2137==    by 0x7AF9DF3: khtml::RenderContainer::detach() (render_container.cpp:73)
==2137==    by 0x7AFBD24: khtml::RenderBox::detach() (render_box.cpp:188)
==2137==    by 0x7B15E7D: khtml::RenderTableCell::detach() (render_table.cpp:2067)
==2137==    by 0x7A7B06E: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:853)
==2137==    by 0x7A7C5E5: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1397)
==2137==    by 0x7A84A8D: DOM::ElementImpl::detach() (dom_elementimpl.cpp:537)
==2137==    by 0x7A7FFC5: DOM::NodeBaseImpl::removeChild(DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1181)
==2137==    by 0x7C1D1EF: DOM::Node::removeChild(DOM::Node const&) (dom_node.cpp:284)
==2137==    by 0x7B8DE0E: KJS::DOMNodeProtoFunc::tryCall(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_dom.cpp:514)
==2137==    by 0x7B82A93: KJS::DOMFunction::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_binding.cpp:114)
==2137==    by 0x7D584D8: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73)
==2137==    by 0x7D1C6E6: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870)
==2137==    by 0x7D21786: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980)
==2137==    by 0x7D27C9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097)
==2137==    by 0x7D21594: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942)
==2137==    by 0x7D21B2A: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021)
==2137==    by 0x7D27C9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097)
==2137==    by 0x7D21594: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942)
==2137==    by 0x7D4411D: KJS::InterpreterImp::evaluate(KJS::UString const&, KJS::Value const&) (internal.cpp:904)
==2137==    by 0x7D58FD9: KJS::Interpreter::evaluate(KJS::UString const&, KJS::Value const&) (interpreter.cpp:166)

(This is from with Konqueror 3.5.3 with the submitter's original test case, by the way). I'm pretty sure this is closely related to the crash in some way (though probably not the cause), but I'm not sure how - perhaps someone with knowledge of khtml internals could make more sense of it?

Comment 22 Tommi Tervo 2006-07-03 11:26:39 UTC

*** Bug 130180 has been marked as a duplicate of this bug. ***

Comment 23 Matteo Croce 2006-07-07 02:52:19 UTC

proof of comcept moved here: http://blueangel.us/konq-crash.html

Comment 24 Maksim Orlovich 2006-07-08 20:48:39 UTC

taking a look

Comment 25 Maksim Orlovich 2006-07-08 21:07:49 UTC

OK, the problem is that the grid inside the section is wrong, 
and so cellLeft returns a dangling pointer. Not sure how to fix this...

Comment 26 Maksim Orlovich 2006-07-08 21:37:58 UTC

OK, the analysis and some experimentation is as far as I'll take it. With the patch below, this doesn't crash, and 69628 works. But I get the debug output triggering in some testregression testcases --- adjacent to QGArray::at "index out of bounds warnings". So I'll live this to someone who knows the code better.

Index: rendering/render_table.h
===================================================================
--- rendering/render_table.h    (revision 559919)
+++ rendering/render_table.h    (working copy)
@@ -236,9 +236,17 @@ public:
     };

     RenderTableCell *&cellAt( int row,  int col ) {
+        if (needCellRecalc) {
+            qDebug("*********** booo ************");
+            recalcCells();
+        }
        return (*(grid[row].row))[col];
     }
     RenderTableCell *cellAt( int row,  int col ) const {
+        if (needCellRecalc) {
+            qDebug("********** booo  ************");
+            const_cast<RenderTableSection*>(this)->recalcCells();
+        }
        return (*(grid[row].row))[col];
     }

Index: rendering/render_table.cpp
===================================================================
--- rendering/render_table.cpp  (revision 559919)
+++ rendering/render_table.cpp  (working copy)
@@ -1743,6 +1743,7 @@ void RenderTableSection::recalcCells()
     cRow = -1;
     clearGrid();
     grid.resize( 0 );
+    needCellRecalc = false;

     for (RenderObject *row = firstChild(); row; row = row->nextSibling()) {
         if (row->isTableRow())  {
@@ -1756,7 +1757,6 @@ void RenderTableSection::recalcCells()
                     addCell( static_cast<RenderTableCell *>(cell), static_cast<RenderTableRow *>(row) );
         }
     }
-    needCellRecalc = false;
     setNeedsLayout(true);
 }

Comment 27 Eugene Seppel 2006-07-13 23:54:04 UTC

Also konqueror 3.5.2-0ubuntu27 from Ubuntu 6.06 LTS crashed on microsoft.com (such bugs are marked as duplicate of this bug)

Comment 28 Tommi Tervo 2006-07-21 13:33:40 UTC

*** Bug 128766 has been marked as a duplicate of this bug. ***

Comment 29 Maksim Orlovich 2006-07-30 18:21:14 UTC

*** Bug 131547 has been marked as a duplicate of this bug. ***

Comment 30 Dirk Mueller 2006-08-07 16:37:32 UTC

SVN commit 570648 by mueller:

fix crash upon deleting cells from rows
BUG:90462


 M  +12 -0     render_table.cpp  
 M  +2 -0      render_table.h  


--- branches/KDE/3.5/kdelibs/khtml/rendering/render_table.cpp #570647:570648
@@ -1984,6 +1984,15 @@
     setInline(false);   // our object is not Inline
 }
 
+RenderObject* RenderTableRow::removeChildNode(RenderObject* child)
+{
+    RenderTableSection *s = section();
+    if (s)
+        s->setNeedCellRecalc();
+
+    return RenderContainer::removeChildNode( child );
+}
+
 void RenderTableRow::detach()
 {
     RenderTableSection *s = section();
@@ -2235,6 +2244,9 @@
     kdDebug( 6040 ) << renderName() << "(TableCell)::calcMinMaxWidth() known=" << minMaxKnown() << endl;
 #endif
 
+    if (section()->needCellRecalc)
+        section()->recalcCells();
+
     RenderBlock::calcMinMaxWidth();
     if (element() && style()->whiteSpace() == NORMAL) {
         // See if nowrap was set.
--- branches/KDE/3.5/kdelibs/khtml/rendering/render_table.h #570647:570648
@@ -306,6 +306,8 @@
 
     virtual void layout();
 
+    virtual RenderObject* removeChildNode(RenderObject* child);
+
     // The only time rows get a layer is when they have transparency.
     virtual bool requiresLayer() const { return /* style()->opacity() < 1.0f; */ false ; }
     virtual void paint(PaintInfo& i, int tx, int ty);

Comment 31 Tommi Tervo 2006-08-08 18:12:57 UTC

*** Bug 132071 has been marked as a duplicate of this bug. ***

Comment 32 Tommi Tervo 2006-08-09 12:50:14 UTC

*** Bug 132135 has been marked as a duplicate of this bug. ***

Comment 33 Tommi Tervo 2006-09-01 12:59:00 UTC

*** Bug 133373 has been marked as a duplicate of this bug. ***

Comment 34 Tommi Tervo 2006-10-18 13:10:53 UTC

*** Bug 135882 has been marked as a duplicate of this bug. ***

Comment 35 Tommi Tervo 2006-11-21 17:58:03 UTC

*** Bug 137676 has been marked as a duplicate of this bug. ***