Bug 128564

Summary: setting setJavaEnabled crashes app when non existing page is loaded
Product: [Applications] konqueror Reporter: mateusz-lists
Component: khtml partAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: ismail, michaell
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Testcase.
Patch from the comment #3 as attachment. Confirmed sollution

Description mateusz-lists 2006-06-03 14:59:44 UTC 
Version:            (using KDE KDE 3.5.3)
Installed from:    Unspecified Linux
Compiler:          gcc version 3.3.6 (PLD Linux) 
OS:                Linux

Attached code worked well under 3.3.x / 3.4.x
After upgrade do 3.5.2 or 3.5.3 crashes.
Setting any of setJScriptEnabled, setJavaEnabled ... and than loading of non-existing page crashes application after page is loaded.

Bug is confirmed by Jim Bublitz - PyKDE coder, maintainer and guru:

"The backtrace indicates the crash is occurring pretty deep within the C++ 
code, so if it's a PyKDE problem it's going to be difficult to find. It's 
hard to see how it could be a PyKDE problem though - the URL appears to be 
fetched and the 404 page rendered in the instant before the crash, and 
everything is happening in the C++ world at that point.

I'd try a C++ version and see if that works."

I'm not C++/KDE programmer so I'm unable to try.

Below PyKDE code:

--------------------------------------------------------------------

import kdecore, kdeui, khtml

class KAqWindow(kdeui.KMainWindow):
    def __init__(self,name):
        kdeui.KMainWindow.__init__(self)
        self.browser = khtml.KHTMLPart(self) 
        self.browser.view().resize(800,600)
        self.browser.view().show()

        # NOTE: Turning of/off any of below options under kde 3.5.2 /
        # 3.5.3 crashes app when loading
        # non existing url, while working under kde 3.3.x / 3.4.x

        self.browser.setJScriptEnabled(False)
        #self.browser.setJavaEnabled(0)
        #self.browser.setPluginsEnabled(0)
        #self.browser.setAutoloadImages(0) # Why it does not work anyway?
        #self.browser.setMetaRefreshEnabled(1)
        #self.browser.setOnlyLocalReferences(1);


class KAquisitorApp(kdecore.KApplication):
    def __init__(self):
        kdecore.KApplication.__init__(self,[''],"KAquisitorApp")
        self.window = KAqWindow("KAquisitor")
        self.setMainWidget(self.window)
        self.window.show()
        self.window.resize(800,600)


kapp = KAquisitorApp()
kapp.window.browser.openURL(kdecore.KURL("http://www.ant.gliwice.pl/not_existing_url"))
kapp.exec_loop()
print "LOG: If your context got there (after closing main window) - bug does not affect you."
Comment 1 mateusz-lists 2006-06-03 15:01:14 UTC 
Created attachment 16442 [details]
Testcase.
Comment 2 Ismail Donmez 2006-06-03 15:27:46 UTC 
Valgrind reports an invalid read just before crashing:

==7258== Invalid read of size 4
==7258==    at 0x6B06817: QGuardedPtr<khtml::RenderPart>::operator khtml::RenderPart*() const (qguardedptr.h:117)
==7258==    by 0x6AE567E: KHTMLPart::slotFinished(KIO::Job*) (khtml_part.cpp:1846)
==7258==    by 0x6B01A18: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==7258==    by 0x4C5808C: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/qt/3/lib/libqt-mt.so.3.3.6)
==7258==    by 0x90C1867: ???
==7258==  Address 0x28 is not stack'd, malloc'd or (recently) free'd
Comment 3 Ismail Donmez 2006-06-03 15:33:18 UTC 
Looks like d->m_frame is NULL, following patch makes the problem go away:

Index: khtml_part.cpp
===================================================================
--- khtml_part.cpp      (revision 547540)
+++ khtml_part.cpp      (working copy)
@@ -1843,7 +1843,7 @@
   }
   KIO::TransferJob *tjob = ::qt_cast<KIO::TransferJob*>(job);
   if (tjob && tjob->isErrorPage()) {
-    khtml::RenderPart *renderPart = d->m_frame->m_frame;
+    khtml::RenderPart *renderPart = d->m_frame ? d->m_frame->m_frame : 0L;
     if (renderPart) {
       HTMLObjectElementImpl* elt = static_cast<HTMLObjectElementImpl *>(renderPart->element());
       if (!elt)
Comment 4 Philip Rodrigues 2006-09-26 20:46:56 UTC 
*** Bug 125399 has been marked as a duplicate of this bug. ***
Comment 5 Modestas Vainius 2007-02-03 23:29:35 UTC 
Created attachment 19526 [details]
Patch from the comment #3 as attachment. Confirmed sollution

Bug#138449 is definitely a duplicate of this bug.
Bugs #126812, #127137, #135117 are related and probably dupes too.
A Debian user had a crash with similar backtrace and he confirmed that the
patch in the comment #3 (also this attachment) fixed the issue. Please commit
the patch to kde svn.
Comment 6 Modestas Vainius 2007-02-04 00:51:56 UTC 
To reproduce the bug, make sure Javascript (Java is irrelevant) is disabled (Configure Konqueror -> Java & Javascript -> [ ] Enable Javascript globally (unchecked)) and load a non existing page, eg. http://packages.qa.debian.org/exim4-config
Not all non existing pages trigger the problem.
Comment 7 michaell 2007-02-04 12:15:29 UTC 
It crashes if you get sequentially proxy error messages. Such messages are "standard" for e.g. in secure networks like freenet, i2p, entropy, etc.
Another example where it crashes directly is, when you were automatically rediredted from a Moved temporarily (302) to a Not Found (404).
Comment 8 mateusz-lists 2010-05-08 12:16:31 UTC 
No longer with KDE 4.x.x for me.