Bug 124554

Summary: crashes viewing search results on fudforum
Product: [Applications] konqueror Reporter: morhekil
Component: khtml xmlAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: maksim, torquil
Priority: NOR    
Version First Reported In: 3.5   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description morhekil 2006-03-30 12:30:34 UTC 
Version:           3.5.2 (using KDE 3.5.2, Gentoo)
Compiler:          gcc version 3.4.5 (Gentoo 3.4.5-r1, ssp-3.4.5-1.0, pie-8.7.9)
OS:                Linux (i686) release 2.6.15-suspend2-r8

Konqueror crashes when I'm trying to view topics from search result on any fudforum-based messages boards.
How to reproduce:
1. Go to any fudforum-based message board, for example:
http://fudforum.org/forum/
http://www.symfony-project.com/forum/index.php
2. Click on "Search", enter some search terms and click on "Search" button.
3. In the search results click on any topic to go directly to this topic's page.
Expected: topic's page with search terms highlighted.
Actual result: konqueror crashes.

You can also go directly by the following URL:
http://fudforum.org/forum/index.php?t=msg&goto=30807&&srch=test#msg_30807
and it will crash konqueror.
Comment 1 Tommi Tervo 2006-03-30 12:53:35 UTC 
khtml (tokenizer): Finished loading an external script

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1235024192 (LWP 31525)]
0xb5f84541 in DOM::DocumentImpl::setCSSTarget (this=0x84b62c0, n=0x87304f0)
    at dom_docimpl.cpp:2200
2200            m_cssTarget->setChanged();
(gdb) bt
#0  0xb5f84541 in DOM::DocumentImpl::setCSSTarget (this=0x84b62c0, n=0x87304f0)
    at dom_docimpl.cpp:2200
#1  0xb5f2b0e7 in KHTMLPart::gotoAnchor (this=0x83294b0, name=@0xbfc9aa78)
    at khtml_part.cpp:2523
#2  0xb5f3056c in KHTMLPart::restoreScrollPosition (this=0x83294b0)
    at khtml_part.cpp:7111
#3  0xb5f51d83 in KHTMLPart::qt_invoke (this=0x83294b0, _id=86, _o=0xbfc9ab7c)
    at khtml_part.moc:571
#4  0xb6e36929 in QObject::activate_signal ()
   from /usr/share/qt3/lib/libqt-mt.so.3
Comment 2 Maksim Orlovich 2006-04-08 19:40:15 UTC 
SVN commit 527561 by orlovich:

Do not crash if an old target got destroyed.
BUG:124554


 M  +11 -2     dom_docimpl.cpp  


--- branches/KDE/3.5/kdelibs/khtml/xml/dom_docimpl.cpp #527560:527561
@@ -388,6 +388,8 @@
     m_styleSheets->deref();
     if (m_addedStyleSheets)
         m_addedStyleSheets->deref();
+    if (m_cssTarget)
+        m_cssTarget->deref();
     if (m_focusNode)
         m_focusNode->deref();
     if ( m_hoverNode )
@@ -2196,11 +2198,18 @@
 
 void DocumentImpl::setCSSTarget(NodeImpl* n)
 {
-    if (m_cssTarget)
+    if (n == m_cssTarget)
+        return;
+
+    if (m_cssTarget) {
         m_cssTarget->setChanged();
+        m_cssTarget->deref();
+    }
     m_cssTarget = n;
-    if (n)
+    if (n) {
         n->setChanged();
+        n->ref();
+    }
 }
 
 void DocumentImpl::attachNodeIterator(NodeIteratorImpl *ni)
Comment 3 Maksim Orlovich 2006-04-16 20:25:58 UTC 
*** Bug 125579 has been marked as a duplicate of this bug. ***