Bug 99854 - [test case] Crash leaving hover with CSS menu
Summary: [test case] Crash leaving hover with CSS menu
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: khtml (show other bugs)
Version: unspecified
Platform: Mandrake RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-02-20 12:58 UTC by Sitsofe Wheeler
Modified: 2005-03-30 01:06 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:


Attachments
Reduced testcase (459 bytes, text/html)
2005-02-20 12:59 UTC, Sitsofe Wheeler
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Sitsofe Wheeler 2005-02-20 12:58:38 UTC
Version:            (using KDE KDE 3.3.2)
Installed from:    Mandrake RPMs
OS:                Linux

(From http://qa.mandrakesoft.com/show_bug.cgi?id=13821)

Description:
When the cursor leaves a hover menu on http://www.crpp-bordeaux.cnrs.fr/~cgay/index.html konqueror crashes.

Backtraces
Unfortunately my backtrace is not useful because I don't have debugging compiled in...

How to reproduce:
(I'll attach a testcase)
1. Hover over the text that says "Hover here for crash"
2. Move off said text

Expected Behaviour
The word Submenu to appear then disappear

Actual Behaviour
The word Submenu appears but while moving off konqueror crashes.

Additional Information:
The problem seems to go away if the ul is not floated.
Comment 1 Sitsofe Wheeler 2005-02-20 12:59:47 UTC
Created attachment 9740 [details]
Reduced testcase

Reduced testcase of aforementioned URL.
Comment 2 Stephan Kulow 2005-02-20 16:05:41 UTC
worked

#0  0x41f96003 in khtml::RenderBlock::nodeAtPoint (this=0x8508a28, info=@0xbfffe0f0, _x=50, _y=10,
    _tx=10, _ty=0, hitTestAction=HitTestAll, inBox=false)
    at /home/coolo/prod/kdelibs/khtml/rendering/render_block.cpp:2057
#1  0x41f960d5 in khtml::RenderBlock::nodeAtPoint (this=0x8508858, info=@0xbfffe0f0, _x=50, _y=10,
    _tx=0, _ty=0, hitTestAction=HitTestChildrenOnly, inBox=false)
    at /home/coolo/prod/kdelibs/khtml/rendering/render_block.cpp:2058
#2  0x41fc03b6 in khtml::RenderLayer::nodeAtPointForLayer (this=0x85088d4, rootLayer=0x85087fc,
    info=@0xbfffe0f0, xMousePos=50, yMousePos=10, hitTestRect=@0xbfffe050)
    at /home/coolo/prod/kdelibs/khtml/rendering/render_layer.cpp:897
#3  0x41fc02e7 in khtml::RenderLayer::nodeAtPointForLayer (this=0x85087fc, rootLayer=0x85087fc,
    info=@0xbfffe0f0, xMousePos=50, yMousePos=10, hitTestRect=@0xbfffe050)
    at /home/coolo/prod/kdelibs/khtml/rendering/render_layer.cpp:889
#4  0x41fc0182 in khtml::RenderLayer::nodeAtPoint (this=0x85087fc, info=@0xbfffe0f0, x=50, y=10)
    at /home/coolo/prod/kdelibs/khtml/rendering/render_layer.cpp:851
#5  0x41f2eb7f in DOM::DocumentImpl::prepareMouseEvent (this=0x870e1f8, readonly=true, _x=50, _y=10,
    ev=0xbfffe180) at /home/coolo/prod/kdelibs/khtml/xml/dom_docimpl.cpp:1562
#6  0x41ecb461 in KHTMLView::dispatchMouseEvent (this=0x82da480, eventId=8, targetNode=0x8634738,
    targetNodeNonShared=0x8634738, cancelable=false, detail=0, _mouse=0xbfffe810, setUnder=true,
    mouseEventType=4) at /home/coolo/prod/kdelibs/khtml/khtmlview.cpp:2687
#7  0x41ec4339 in KHTMLView::viewportMouseMoveEvent (this=0x82da480, _mouse=0xbfffe810)
    at /home/coolo/prod/kdelibs/khtml/khtmlview.cpp:1086
Comment 3 Nicolas L. 2005-03-29 19:41:31 UTC
i confirm this bug too
Comment 4 Germain Garand 2005-03-30 01:06:01 UTC
CVS commit by ggarand: 

fix logic error in removeFromObjectLists leading to crash

BUG: 99854


  M +7 -4      render_object.cpp   1.286


--- kdelibs/khtml/rendering/render_object.cpp  #1.285:1.286
@@ -1484,8 +1484,11 @@ void RenderObject::removeFromObjectLists
     if (isFloating()) {
         RenderBlock* outermostBlock = containingBlock();
-        for (RenderBlock* p = outermostBlock;
-             p && !p->isCanvas() && p->containsFloat(this) && !p->isFloatingOrPositioned();
-             outermostBlock = p, p = p->containingBlock())
-            ;
+        for (RenderBlock* p = outermostBlock; p && !p->isCanvas() && p->containsFloat(this);) {
+            outermostBlock = p;
+            if (p->isFloatingOrPositioned())
+                break;
+            p = p->containingBlock();
+        }
+
         if (outermostBlock)
             outermostBlock->markAllDescendantsWithFloatsForLayout(this);