Bug 120205

Summary: crash while using VPL editor in quanta 3.5
Product: [Applications] konqueror Reporter: Eduardo H.R. <joredu>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: amantia, ana, l.savernik
Priority: NOR    
Version: 3.5   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: File which triggers crash in VPL

Description Eduardo H.R. 2006-01-15 23:08:09 UTC
Version:           3.5 (using KDE 3.5.0, Kubuntu Package 4:3.5.0-0ubuntu0breezy1 breezy)
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.10-6-386

I belive is the same bug as in the bug report 111731
http://bugs.kde.org/show_bug.cgi?id=111731 ,but in this case in Quanta 3.5. 
The program crashes often when I cut/copy/paste urls from one part of the document to another but only when the VPL editor is active.
Comment 1 András Manţia 2006-01-23 10:20:45 UTC
Do you have an example document and an exact way to reproduce? I cannot 
reproduce it by just trying to copy/paste urls.
Comment 2 Eduardo H.R. 2006-01-24 01:51:43 UTC
Hi
On Monday January 23 2006 3:20 am, you wrote:
> ------- Additional Comments From amantia kde org  2006-01-23 10:20 -------
> Do you have an example document and an exact way to reproduce? I cannot
> reproduce it by just trying to copy/paste urls.

No, I've tried but I guess the errors were random? The program crashed several 
times when I was selecting fragments of text not just URL's probably it was a 
coincidence. Sorry if I am not helping much, If I find a way to reproduce the 
crashes I'll let you know.
Regards
Comment 3 Christopher Martin 2006-03-23 20:19:22 UTC
Created attachment 15275 [details]
File which triggers crash in VPL
Comment 4 Christopher Martin 2006-03-23 20:21:11 UTC
I'll attach a testcase document which was sent to Debian when this bug was reported to us (3.5.1), and which causes the VPL editor to crash. Just open the document, switch to VPL, and press Page Down. Crash.

Thanks,
Christopher Martin
Comment 5 András Manţia 2006-05-19 16:31:55 UTC
This is a KHTML bug (hopefully fixed for kdelibs 3.5.3). The other VPL 
crashes should also  be fixed for Quanta 3.5.3.
Comment 6 András Manţia 2006-05-19 16:32:48 UTC
This is a KHTML (caret mode) bug. caretNode can be NULL in 
static ElementImpl *determineBaseElement(NodeImpl *caretNode)

unfortunately simply returning 0 is not enough (just propagates the crash to a later stage), thus the following lines are also wrong in khtml_caret.cpp:

628: if (!doc) return 0;	// should not happen, but who knows.
633:  return 0;

Reproducible with Konqueror 3.5 svn as well if the attached file is loaded from the local disk.
Reassigning to KHTML.
Comment 7 András Manţia 2006-05-19 16:34:32 UTC
Leo, can you look at this?
Comment 8 Leo Savernik 2006-05-19 17:22:03 UTC
> Leo, can you look at this?


Sure. I just need some more information. First, determineBaseElement returning 
0 is supported. So whatever crashes later on resembles the real bug.

Second, I don't have a working installation of quanta atm, and time 
constraints keep me from compiling one. Therefore, I ask you to supply 
backtraces of those spots where khtml crashes.
Comment 9 András Manţia 2006-05-19 17:34:34 UTC
It crashed without Quanta as well. Just save the attached html file to 
your HDD and load in Konqueror, activate caret mode and press PgDn. But 
now I cannot reproduce it. But anyway, here is the backtrace with the 
current code:
0x00002b33f7ea44f6 in DOM::NodeImpl::getDocument (this=0x0) 
at /data/development/sources/kde-3.5/kdelibs/khtml/xml/dom_nodeimpl.h:273
273         DocumentImpl* getDocument() const { return 
document->document(); }
(gdb) bt
#0  0x00002b33f7ea44f6 in DOM::NodeImpl::getDocument (this=0x0) 
at /data/development/sources/kde-3.5/kdelibs/khtml/xml/dom_nodeimpl.h:273
#1  0x00002b33f7e8aa61 in determineBaseElement (caretNode=0x0) 
at /data/development/sources/kde-3.5/kdelibs/khtml/khtml_caret.cpp:627
#2  0x00002b33f7e92c8a in KHTMLView::moveCaretByPage (this=0xc62d40, 
next=true) 
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:4396
#3  0x00002b33f7e92dac in KHTMLView::moveCaretNextPage (this=0xc62d40) 
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:4436
#4  0x00002b33f7e938d3 in KHTMLView::caretKeyPressEvent (this=0xc62d40, 
_ke=0x7fffb43316d0)
    
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:4014
#5  0x00002b33f7ea0454 in KHTMLView::keyPressEvent (this=0xc62d40, 
_ke=0x7fffb43316d0)
    
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:1435
#6  0x00002b33faa3160a in QWidget::event () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#7  0x00002b33fa9a7985 in QApplication::internalNotify () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#8  0x00002b33fa9a8ab8 in QApplication::notify () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#9  0x00002b33f9cf3c4d in KApplication::notify (this=0x921570, 
receiver=0xc62d40, event=0x7fffb43316d0)
    
at /data/development/sources/kde-3.5/kdelibs/kdecore/kapplication.cpp:550
#10 0x00002b33fa94e17e in QETWidget::translateKeyEvent () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#11 0x00002b33fa94f180 in QApplication::x11ProcessEvent () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#12 0x00002b33fa95e22f in QEventLoop::processEvents () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#13 0x00002b33fa9bc6a1 in QEventLoop::enterLoop () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#14 0x00002b33fa9bc54a in QEventLoop::exec () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#15 0x000000000047315f in main (argc=1, argv=0x7fffb4331ed8) 
at /home/andris/development/kdewebdev/quanta/src/main.cpp:212


And the backtrace if I add  "if (!caretNode) return 0;" there:

0x00002b92125bf1e0 in QValueVector<khtml::CaretBox*>::begin (this=0x0) 
at /usr/lib64/qt3/include/qvaluevector.h:316
316             return sh->start;
(gdb)
(gdb) bt
#0  0x00002b92125bf1e0 in QValueVector<khtml::CaretBox*>::begin 
(this=0x0) at /usr/lib64/qt3/include/qvaluevector.h:316
#1  0x00002b92125bf203 in QValueVector<khtml::CaretBox*>::operator[] 
(this=0x0, i=0) at /usr/lib64/qt3/include/qvaluevector.h:363
#2  0x00002b92125c0b78 in khtml::CaretBoxLine::containingBlock 
(this=0x0) 
at /data/development/sources/kde-3.5/kdelibs/khtml/khtml_caret_p.h:352
#3  0x00002b92125a9598 in moveIteratorByPage (ld=@0x7fff99c1a720, 
it=@0x7fff99c1a790, mindist=447, next=true)
    
at /data/development/sources/kde-3.5/kdelibs/khtml/khtml_caret.cpp:2608
#4  0x00002b92125abd2d in KHTMLView::moveCaretByPage (this=0xc62d40, 
next=true) 
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:4401
#5  0x00002b92125abdbc in KHTMLView::moveCaretNextPage (this=0xc62d40) 
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:4436
#6  0x00002b92125ac8e3 in KHTMLView::caretKeyPressEvent (this=0xc62d40, 
_ke=0x7fff99c1afb0)
    
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:4014
#7  0x00002b92125b9464 in KHTMLView::keyPressEvent (this=0xc62d40, 
_ke=0x7fff99c1afb0)
    
at /data/development/sources/kde-3.5/kdelibs/khtml/khtmlview.cpp:1435
#8  0x00002b921514a60a in QWidget::event () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#9  0x00002b92150c0985 in QApplication::internalNotify () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#10 0x00002b92150c1ab8 in QApplication::notify () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#11 0x00002b921440cc4d in KApplication::notify (this=0x921570, 
receiver=0xc62d40, event=0x7fff99c1afb0)
    
at /data/development/sources/kde-3.5/kdelibs/kdecore/kapplication.cpp:550
#12 0x00002b921506717e in QETWidget::translateKeyEvent () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#13 0x00002b9215068180 in QApplication::x11ProcessEvent () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#14 0x00002b921507722f in QEventLoop::processEvents () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#15 0x00002b92150d56a1 in QEventLoop::enterLoop () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#16 0x00002b92150d554a in QEventLoop::exec () 
from /usr/lib/qt3/lib64/libqt-mt.so.3
#17 0x000000000047315f in main (argc=1, argv=0x7fff99c1b7b8) 
at /home/andris/development/kdewebdev/quanta/src/main.cpp:212
Comment 10 Leo Savernik 2006-05-19 18:22:22 UTC
SVN commit 542562 by savernik:

Added missing sanity check which caused crashes in caret mode on pgup/pgdn
when there was no valid caret.

QuantaDevs, please test.

CCMAIL: amantia@kde.org
BUG: 120205


 M  +1 -0      khtmlview.cpp  


--- branches/KDE/3.5/kdelibs/khtml/khtmlview.cpp #542561:542562
@@ -4381,6 +4381,7 @@
 void KHTMLView::moveCaretByPage(bool next)
 {
   Node &caretNodeRef = m_part->d->caretNode();
+  if (caretNodeRef.isNull()) return;
 
   NodeImpl *caretNode = caretNodeRef.handle();
 //  kdDebug(6200) << ": caretNode=" << caretNode << endl;
Comment 11 András Manţia 2006-05-19 21:22:55 UTC
It's fine, thanks Leo!

Andras