95319 – Konqueror crashes triple-clicking prepended/appended tags

Bug 95319 - Konqueror crashes triple-clicking prepended/appended tags

Summary: Konqueror crashes triple-clicking prepended/appended tags

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	unspecified
Platform:	Gentoo Packages Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (8):	100437 101132 107499 117645 119211 120358 127326 133284 (view as bug list)
Depends on:
Blocks:

Reported:	2004-12-17 07:51 UTC by Luke-Jr
Modified:	2006-10-24 16:16 UTC (History)
CC List:	8 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Testcase attached (409 bytes, text/html) 2005-05-24 12:22 UTC, Tommi Tervo	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Luke-Jr 2004-12-17 07:51:55 UTC

Version:            (using KDE KDE 3.3.2)
Installed from:    Gentoo Packages
Compiler:          gcc (GCC) 3.4.3  (Gentoo Linux 3.4.3, ssp-3.4.3-0, pie-8.7.6.6)
 
OS:                Linux

The following code will crash Konq if you triple-click on the text:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
 <head>
  <meta content="text/html; charset=UTF-8" http-equiv="content-type" />
  <title>Crash Konq 3.2.2</title>
  <style type="text/css">
   .x:after {
    content: "!";
   }
  </style>
 </head>
 <body>
  <span class="x">TRIPLE CLICK ME</span>
 </body>
</html>

Comment 1 Martin Koller 2005-01-22 15:37:55 UTC

Can confirm with current 3.4 HEAD.
The bt is:

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 9826)]
[KCrash handler]
#4  0x41c9d5ac in DOM::DocumentImpl::setSelection (this=0x85bdcd8, s=0x0, 
    sp=0, e=0x0, ep=1) at dom_nodeimpl.h:278
#5  0x41c6feb8 in KHTMLPart::khtmlMouseDoubleClickEvent (this=0x84cd110, 
    event=0x84cd110) at dom_node.h:863
#6  0x41c6f416 in KHTMLPart::customEvent (this=0x84cd110, event=0xbfffe460)
    at khtml_part.cpp:5621
#7  0x40e5ccce in QObject::event (this=0x84cd110, e=0xbfffe460)
    at kernel/qobject.cpp:755
#8  0x40dfc65b in QApplication::internalNotify (this=0xbffff3b0, 
    receiver=0x84cd110, e=0xbfffe460) at kernel/qapplication.cpp:2635
#9  0x40dfbb18 in QApplication::notify (this=0xbffff3b0, receiver=0x84cd110, 
    e=0xbfffe460) at kernel/qapplication.cpp:2358
#10 0x4092efdf in KApplication::notify (this=0xbffff3b0, receiver=0x84cd110, 
    event=0xbfffe460) at kapplication.cpp:549
#11 0x41c34935 in KHTMLView::viewportMouseDoubleClickEvent (this=0x84dffe0, 
    _mouse=0xbfffeca0) at khtmlview.cpp:1004
#12 0x41c33733 in KHTMLView::viewportMousePressEvent (this=0x84dffe0, 
    _mouse=0xbfffeca0) at khtmlview.cpp:852
#13 0x40f83140 in QScrollView::eventFilter (this=0x84dffe0, obj=0x84de890, 
    e=0xbfffeca0) at widgets/qscrollview.cpp:1497
#14 0x41c379f2 in KHTMLView::eventFilter (this=0x84dffe0, o=0x84de890, 
    e=0xbfffeca0) at khtmlview.cpp:1891
#15 0x40e5cd84 in QObject::activate_filters (this=0x84de890, e=0xbfffeca0)
    at kernel/qobject.cpp:902
#16 0x40e5cbf6 in QObject::event (this=0x84de890, e=0xbfffeca0)
    at kernel/qobject.cpp:735
#17 0x40e96f8f in QWidget::event (this=0x84de890, e=0xbfffeca0)
    at kernel/qwidget.cpp:4655
#18 0x40dfc65b in QApplication::internalNotify (this=0xbffff3b0, 
    receiver=0x84de890, e=0xbfffeca0) at kernel/qapplication.cpp:2635
#19 0x40dfbe11 in QApplication::notify (this=0xbffff3b0, receiver=0x84de890, 
    e=0xbfffeca0) at kernel/qapplication.cpp:2421
#20 0x4092efdf in KApplication::notify (this=0xbffff3b0, receiver=0x84de890, 
    event=0xbfffeca0) at kapplication.cpp:549
#21 0x40d91f67 in QApplication::sendSpontaneousEvent (receiver=0x84de890, 
    event=0xbfffeca0) at qapplication.h:494
#22 0x40d8b019 in QETWidget::translateMouseEvent (this=0x84de890, 
    event=0xbffff030) at kernel/qapplication_x11.cpp:4288
#23 0x40d88c5d in QApplication::x11ProcessEvent (this=0xbffff3b0, 
    event=0xbffff030) at kernel/qapplication_x11.cpp:3439
#24 0x40da334a in QEventLoop::processEvents (this=0x80b1c48, flags=4)
    at kernel/qeventloop_x11.cpp:192
#25 0x40e1094e in QEventLoop::enterLoop (this=0x80b1c48)
    at kernel/qeventloop.cpp:198
#26 0x40e1086a in QEventLoop::exec (this=0x80b1c48)
    at kernel/qeventloop.cpp:145
#27 0x40dfc7df in QApplication::exec (this=0xbffff3b0)
    at kernel/qapplication.cpp:2758
#28 0x4005f108 in kdemain (argc=2, argv=0xbffff514) at konq_main.cc:206
#29 0x080486c9 in main (argc=2, argv=0xbffff514) at konqueror.la.cc:2

Comment 2 Tommi Tervo 2005-03-01 12:37:02 UTC

*** Bug 100437 has been marked as a duplicate of this bug. ***

Comment 3 Thiago Macieira 2005-03-09 02:37:05 UTC

*** Bug 101132 has been marked as a duplicate of this bug. ***

Comment 4 Tommi Tervo 2005-05-24 12:22:21 UTC

Created attachment 11178 [details]
Testcase attached

Comment 5 Tommi Tervo 2005-12-04 11:07:13 UTC

*** Bug 117645 has been marked as a duplicate of this bug. ***

Comment 6 Tommi Tervo 2006-01-18 09:04:00 UTC

*** Bug 120358 has been marked as a duplicate of this bug. ***

Comment 7 Charles Samuels 2006-03-30 19:08:32 UTC

SVN commit 524563 by charles:

BUG:95319
don't crash when triple-clicking on a line that has :after or :before content,
or anything that isn't in the DOM.


 M  +3 -3      khtml_part.cpp  


--- branches/KDE/3.5/kdelibs/khtml/khtml_part.cpp #524562:524563
@@ -5961,9 +5961,9 @@
         if (n->isText()) {
             khtml::RenderText* const textRenderer = static_cast<khtml::RenderText *>(n);
             const khtml::InlineTextBoxArray &runs = textRenderer->inlineTextBoxes();
-	    const unsigned lim = runs.count();
+            const unsigned lim = runs.count();
             for (unsigned i = 0; i != lim; ++i) {
-                if (runs[i]->m_y == y) {
+                if (runs[i]->m_y == y && textRenderer->element()) {
                     startNode = textRenderer->element();
                     startOffset = runs[i]->m_start;
                     return true;
@@ -6004,7 +6004,7 @@
             khtml::RenderText* const textRenderer =  static_cast<khtml::RenderText *>(n);
             const khtml::InlineTextBoxArray &runs = textRenderer->inlineTextBoxes();
             for (int i = (int)runs.count()-1; i >= 0; --i) {
-                if (runs[i]->m_y == y) {
+                if (runs[i]->m_y == y && textRenderer->element()) {
                     endNode = textRenderer->element();
                     endOffset = runs[i]->m_start + runs[i]->m_len;
                     return true;

Comment 8 Tommi Tervo 2006-05-14 22:25:39 UTC

*** Bug 127326 has been marked as a duplicate of this bug. ***

Comment 9 Tommi Tervo 2006-07-27 14:45:04 UTC

*** Bug 107499 has been marked as a duplicate of this bug. ***

Comment 10 Tommi Tervo 2006-08-30 22:50:41 UTC

*** Bug 133284 has been marked as a duplicate of this bug. ***

Comment 11 Allan Sandfeld 2006-10-24 16:16:29 UTC

*** Bug 119211 has been marked as a duplicate of this bug. ***