Summary: | Konqueror sometimes crashes when closing the window, because of a failed assertion in khtml::Cache::clear() | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | gambas <g4mba5> |
Component: | khtml adblock | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | gschintgen, kde, rapsys, woebbeking |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Mandriva RPMs | ||
OS: | AIX | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | Possible patch |
Description
gambas
2006-01-04 17:41:05 UTC
I need to know the URL that causes it for this report to be of any help. This basically means an image got leaked --- and a number of causes for that are fixed already.. In this case it was 'file:///home/benoit/gambas/html/gambas.sourceforge.net/index.html', which is a copy of my web site http://gambas.sourceforge.net. The crash happens not very often, and apparently never on the same URL. Sorry for not having more information... Well, just because you started konqueror with that page, doesn't meant it wasn't reused for something else... And this class of bugs should be reasonably reproducible. You don't use getComputedStyle anywhere, do you? What is getComputedStyle() ? A JavaScript function. A memory leak in that was one of the things fixed post 3.5 that could cause this assert. But I'll take it as a no, I guess. Actually, it could me more complicated, as if my web site do not use an y javascript, I put a link to http://frappr.com/gambas which uses tons of javascript. And maybe I had navigated on this page from the left frame of http://gambas.sourceforge.net, and came back later to the home page. Isn't it possible to add a crash handler in konqueror that dumps more information, like all the pages that were browsed? This way, these kind of bugs would be easier to reproduce. That's it :-) I browsed to the gambas map on http://frappr.com/gambas from my web site, I displayed all the markers, and all the users in the right panel, I moved the map a little, I displayed some users on Australia, and then I closed the window. Crash! Note that you have to change the browser identity to be allowed browsing http://frappr.com. I used "Safari..." svn -r487836 #8 0xb61c7bac in khtml::Cache::clear () at loader.cpp:1312 #9 0xb6046670 in ~KHTMLFactory (this=0x8298408) at khtml_factory.cpp:98 #10 0xb603446c in KHTMLFactory::deref () at khtml_factory.cpp:139 #11 0xb6046681 in ~KHTMLFactory (this=0x8b799d0) at khtml_factory.cpp:103 #12 0xb77188a0 in ~KLibrary (this=0x8ab2d58) at klibloader.cpp:131 #13 0xb76a6095 in KLibLoader::close_pending (this=0x8237970, wrap=0x82b79b8) at klibloader.cpp:516 Hmm, I can't trigger it, though :-(. Any hints on what to do? Here is what I do exactly: 1) Open konqueror on http://gambas.sf.net 2) Click on the "Where are we" picture in the left frame. 3) Wait a little. 4) Click on "Show 50 more markers" in right frame. 5) Click again. 6) And click again. All markers are show now. 7) Close the window. It crashes there, the way I described. Doesn't crash for me when I do that... And I don't think I have any relevant in my tree. But this could be a fix you don't have -- but Tommi's tree is new enough to have it.. I get this crash quite often. Try closing konqueror after visiting this URL: http://maclive.net/sid/134 Here's the backtrace: Using host libthread_db library "/lib/libthread_db.so.1". `system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread -1209022800 (LWP 13647)] [KCrash handler] #4 0xffffe410 in __kernel_vsyscall () #5 0x473ef651 in raise () from /lib/libc.so.6 #6 0x473f115c in abort () from /lib/libc.so.6 #7 0x473e8d09 in __assert_fail () from /lib/libc.so.6 #8 0x490aea94 in khtml::Cache::clear () at loader.cpp:1313 #9 0x48f8b0f5 in ~KHTMLFactory (this=0x8445a08) at khtml_factory.cpp:98 #10 0x48f8b2e2 in KHTMLFactory::deref () at khtml_factory.cpp:139 #11 0x48f8b027 in ~KHTMLFactory (this=0x84b3dd0) at khtml_factory.cpp:103 #12 0x4818e2a5 in ~KLibrary (this=0x84e3a40) at klibloader.cpp:131 #13 0x4818eb55 in KLibrary::slotTimeout (this=0x84e3a40) at klibloader.cpp:253 #14 0x48190236 in KLibrary::qt_invoke (this=0x84e3a40, _id=4, _o=0xbf91ea10) at klibloader.moc:91 #15 0x47af7b13 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #16 0x47af7954 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #17 0x47e2dcab in QTimer::timeout () from /usr/qt/3/lib/libqt-mt.so.3 #18 0x47b18aa0 in QTimer::event () from /usr/qt/3/lib/libqt-mt.so.3 #19 0x47a9c5fc in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3 #20 0x47a9b99d in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3 #21 0x48104b8b in KApplication::notify (this=0xbf91f3b0, receiver=0x87fb6e0, event=0xbf91ee90) at kapplication.cpp:550 #22 0x47a8c089 in QEventLoop::activateTimers () from /usr/qt/3/lib/libqt-mt.so.3 #23 0x47a47447 in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3 #24 0x47aae558 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3 #25 0x47aae408 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3 #26 0x47a9c831 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3 #27 0x46d112ec in kdemain (argc=0, argv=0x0) at konq_main.cc:206 #28 0xb7ddd7d6 in kdeinitmain (argc=0, argv=0x0) at konqueror_dummy.cc:3 #29 0x0804dcfc in launch (argc=2, _name=0x81e771c "konqueror", args=0x81e772f "\001", cwd=0x0, envc=1, envs=0x81e7740 "", reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x0) at kinit.cpp:637 #30 0x0804f329 in handle_launcher_request (sock=9) at kinit.cpp:1201 #31 0x0804f8a0 in handle_requests (waitForPid=0) at kinit.cpp:1404 #32 0x08050938 in main (argc=2, argv=0xbf91fad4, envp=0x0) at kinit.cpp:1848 Thanks for the report --- but I don't see the problem w/3.5.x branch on that site either... Ivor invited how to reproduce this crash. Enable adblock and add option hide images, go to some website (e.g. osnews.com) block some ad and close konqueror -> crash: konqueror: loader.cpp:1275: static void khtml::Cache::clear(): Assertion `it.current()->canDelete()' failed. *** Bug 125072 has been marked as a duplicate of this bug. *** *** Bug 127701 has been marked as a duplicate of this bug. *** Just experienced the crash with KDE 3.5.3 I am quite sure 99% of these crashes now are due to adblock. Redirecting the bug there. Created attachment 16707 [details]
Possible patch
I can't reliably trigger crashes, but I haven't had any since applying this
simplification of the adblock code.
SVN commit 553393 by kling: Death to the crash-on-exit adblock bug. Tested & verified. Patch from Allan Sandfeld -- THANK YOU :) BUG: 119512 M +6 -25 khtml_part.cpp --- branches/KDE/3.5/kdelibs/khtml/khtml_part.cpp #553392:553393 @@ -6703,38 +6703,19 @@ if ( node->id() == ID_IMG || node->id() == ID_IFRAME || - (node->id() == ID_INPUT && !strcasecmp( static_cast<ElementImpl *>(node)->getAttribute(ATTR_TYPE), "image")) ) + (node->id() == ID_INPUT && static_cast<HTMLInputElementImpl *>(node)->inputType() == HTMLInputElementImpl::IMAGE )) { if ( KHTMLFactory::defaultHTMLSettings()->isAdFiltered( d->m_doc->completeURL( static_cast<ElementImpl *>(node)->getAttribute(ATTR_SRC).string() ) ) ) { - // We found an IMG, IFRAME or INPUT (of type "image") matching a filter. - - // Detach the node from the document and rendering trees. - node->detach(); - - // Connect its siblings to each other instead. - NodeImpl *next = node->nextSibling(); - NodeImpl *prev = node->previousSibling(); - - if( next ) next->setPreviousSibling( prev ); - if( prev ) prev->setNextSibling( next ); - - // If it's the first or last child of its parent, we cut it off there too. + // We found an IMG, IFRAME or INPUT (of type IMAGE) matching a filter. + node->ref(); NodeImpl *parent = node->parent(); if( parent ) { - if( node == parent->firstChild() ) - parent->setFirstChild( next ); - - if( node == parent->lastChild() ) - parent->setLastChild( prev ); + int exception = 0; + parent->removeChild(node, exception); } - - node->removedFromDocument(); - - // If nobody needs this node, we can safely delete it. - if( !node->refCount() ) - delete node; + node->deref(); } } } *** Bug 129976 has been marked as a duplicate of this bug. *** I just hit this again using Akregator - despite having Allan's patch applied. Using host libthread_db library "/lib/tls/libthread_db.so.1". `system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread -1242859168 (LWP 13327)] [KCrash handler] #6 0xffffe410 in __kernel_vsyscall () #7 0xb5ef1421 in raise () from /lib/tls/libc.so.6 #8 0xb5ef2e3d in abort () from /lib/tls/libc.so.6 #9 0xb5eeacd2 in __assert_fail () from /lib/tls/libc.so.6 #10 0xb790fa6f in khtml::Cache::clear () at loader.cpp:1280 #11 0xb77e4391 in ~KHTMLFactory (this=0x818eeb0) at khtml_factory.cpp:98 #12 0xb77e3ec8 in KHTMLFactory::deref () at khtml_factory.cpp:139 #13 0xb77e4c36 in KHTMLFactory::deregisterPart (part=0x0) at khtml_factory.cpp:167 #14 0xb77cac3c in ~KHTMLPart (this=0x818f0a0, __vtt_parm=0xb5da6128) at khtml_part.cpp:523 #15 0xb5d45edf in ~Viewer (this=0x818f0a0, __vtt_parm=0xb5da6128) at viewer.cpp:89 #16 0xb5d47f68 in ~ArticleViewer (this=0x818f0a0) at articleviewer.cpp:182 #17 0xb74ecfa0 in KParts::Part::slotWidgetDestroyed (this=0x818f0a0) at part.cpp:268 #18 0xb74ed00a in KParts::Part::qt_invoke (this=0x818f0a0, _id=2, _o=0x0) at part.moc:108 #19 0xb74ed071 in KParts::ReadOnlyPart::qt_invoke (this=0x818f0a0, _id=2, _o=0xbfe13200) at part.moc:261 #20 0xb77d6e03 in KHTMLPart::qt_invoke (this=0x818f0a0, _id=2, _o=0xbfe13200) at khtml_part.moc:574 #21 0xb5d47063 in Akregator::Viewer::qt_invoke (this=0x818f0a0, _id=135852192, _o=0xbfe13200) at viewer.moc:201 #22 0xb5d4d60a in Akregator::ArticleViewer::qt_invoke (this=0x818f0a0, _id=2, _o=0xbfe13200) at articleviewer.moc:136 #23 0xb66c04bd in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #24 0xb66c0c52 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #25 0xb6a16df9 in QObject::destroyed () from /usr/qt/3/lib/libqt-mt.so.3 #26 0xb66bee74 in QObject::~QObject () from /usr/qt/3/lib/libqt-mt.so.3 #27 0xb66f83e2 in QWidget::~QWidget () from /usr/qt/3/lib/libqt-mt.so.3 #28 0xb67e1947 in QScrollView::~QScrollView () from /usr/qt/3/lib/libqt-mt.so.3 #29 0xb779d7c2 in ~KHTMLView (this=0x81b64b8) at khtmlview.cpp:519 #30 0xb66f8475 in QWidget::~QWidget () from /usr/qt/3/lib/libqt-mt.so.3 #31 0xb67ebd2d in QSplitter::~QSplitter () from /usr/qt/3/lib/libqt-mt.so.3 #32 0xb66f7fd8 in QWidget::~QWidget () from /usr/qt/3/lib/libqt-mt.so.3 #33 0xb5d72998 in Akregator::View::slotOnShutdown (this=0x820a658) at akregator_view.cpp:411 #34 0xb5d6b133 in Akregator::Part::slotOnShutdown (this=0x815f628) at akregator_part.cpp:264 #35 0xb5d6b318 in ~Part (this=0x815f628) at akregator_part.cpp:303 #36 0x08053898 in Akregator::MainWindow::queryExit (this=0x8125980) at mainwindow.cpp:240 #37 0xb6fff8e4 in KMainWindow::closeEvent (this=0x8125980, e=0xbfe13970) at kmainwindow.cpp:651 #38 0xb66f9792 in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3 #39 0xb67bc322 in QMainWindow::event () from /usr/qt/3/lib/libqt-mt.so.3 #40 0xb665bdbf in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3 #41 0xb665bf5c in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3 #42 0xb6ca8581 in KApplication::notify (this=0xbfe14680, receiver=0x8125980, event=0xbfe13970) at kapplication.cpp:550 #43 0xb66f8c93 in QWidget::close () from /usr/qt/3/lib/libqt-mt.so.3 #44 0xb7008d8c in QWidget::close (this=0x0) at qwidget.h:826 #45 0xb700839b in KSystemTray::maybeQuit (this=0x8253e50) at ksystemtray.cpp:208 #46 0xb70089fa in KSystemTray::qt_invoke (this=0x8253e50, _id=60, _o=0x0) at ksystemtray.moc:104 #47 0xb7ea5500 in Akregator::TrayIcon::qt_invoke (this=0x8253e50, _id=60, _o=0xbfe13b40) at trayicon.moc:103 #48 0xb66c0534 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #49 0xb66c0c52 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #50 0xb6f93cfe in KAction::activated (this=0x0) at kaction.moc:176 #51 0xb6f947da in KAction::slotActivated (this=0xbfe13b54) at kaction.cpp:1102 #52 0xb6f9783b in KAction::slotPopupActivated (this=0x82575b0) at kaction.cpp:1137 #53 0xb6f97986 in KAction::qt_invoke (this=0x82575b0, _id=16, _o=0xbfe13cd0) at kaction.moc:219 #54 0xb66c0534 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #55 0xb6a1829d in QSignal::signal () from /usr/qt/3/lib/libqt-mt.so.3 #56 0xb66dab43 in QSignal::activate () from /usr/qt/3/lib/libqt-mt.so.3 #57 0xb67d0e08 in QPopupMenu::mouseReleaseEvent () from /usr/qt/3/lib/libqt-mt.so.3 #58 0xb6f8306d in KPopupMenu::mouseReleaseEvent (this=0x82548a0, e=0xbfe14210) at kpopupmenu.cpp:511 #59 0xb66f9a16 in QWidget::event () from /usr/qt/3/lib/libqt-mt.so.3 #60 0xb665bdbf in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3 #61 0xb665c175 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3 #62 0xb6ca8581 in KApplication::notify (this=0xbfe14680, receiver=0x82548a0, event=0xbfe14210) at kapplication.cpp:550 #63 0xb65f36ab in QETWidget::translateMouseEvent () from /usr/qt/3/lib/libqt-mt.so.3 #64 0xb65f20ce in QApplication::x11ProcessEvent () from /usr/qt/3/lib/libqt-mt.so.3 #65 0xb66061e6 in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3 #66 0xb66725b2 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3 #67 0xb6672506 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3 #68 0xb665af6f in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3 #69 0x08051b13 in main (argc=0, argv=0x0) at main.cpp:110 |