Bug 128792

Summary: konqueror crashes after reloading local HTML
Product: [Applications] konqueror Reporter: Tim <lecit>
Component: khtmlAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: m.wege
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: backtrace from the crash
the html file causes konqueror crashes

Description Tim 2006-06-07 22:00:28 UTC 
Version:            (using KDE KDE 3.5.3)
Installed from:    Compiled From Sources
Compiler:          gcc-4.1.1 
OS:                Linux

When I click on the HTML file on my local drive, the file is loaded, and then i click on reload button, the Konqueror crashes.
Comment 1 Tim 2006-06-07 22:06:55 UTC 
Created attachment 16517 [details]
backtrace from the crash
Comment 2 Tim 2006-06-07 22:08:47 UTC 
Created attachment 16518 [details]
the html file causes konqueror crashes
Comment 3 Tommi Tervo 2006-06-07 22:39:06 UTC 
I can't get a valid backtrace, bug confirmed on svn 549130
Comment 4 Andreas Kling 2006-06-07 23:04:41 UTC 
#0  0x00002af82372c1e6 in raise () from /lib/libc.so.6
#1  0x00002af82372d8a0 in abort () from /lib/libc.so.6
#2  0x00002af8237624d7 in __fsetlocking () from /lib/libc.so.6
#3  0x00002af823768f14 in mallopt () from /lib/libc.so.6
#4  0x00002af823769080 in free () from /lib/libc.so.6
#5  0x00002af823358f1e in operator delete () from /usr/lib/gcc/x86_64-pc-linux-gnu/3.4.4/libstdc++.so.6
#6  0x00002af824bf8fdc in ~RenderFrameSet (this=0x9cb490) at /storage/src/kde3/kdelibs/khtml/rendering/render_frames.cpp:80
#7  0x00002af824bc0d02 in khtml::RenderObject::arenaDelete (this=0x2b6, arena=0x63e710, base=0x9cb490)
    at /storage/src/kde3/kdelibs/khtml/rendering/render_object.cpp:1565
#8  0x00002af824bc80fa in khtml::RenderBox::detach (this=0x9cb490) at /storage/src/kde3/kdelibs/khtml/rendering/render_box.cpp:189
#9  0x00002af824b60606 in DOM::NodeImpl::detach (this=0x9d0eb0) at /storage/src/kde3/kdelibs/khtml/xml/dom_nodeimpl.cpp:853
#10 0x00002af824b6175f in DOM::NodeBaseImpl::detach (this=0x9d0ab0) at /storage/src/kde3/kdelibs/khtml/xml/dom_nodeimpl.cpp:1395
#11 0x00002af824b6175f in DOM::NodeBaseImpl::detach (this=0x63d0d8) at /storage/src/kde3/kdelibs/khtml/xml/dom_nodeimpl.cpp:1395
#12 0x00002af824b5937c in DOM::DocumentImpl::detach (this=0x63d080) at /storage/src/kde3/kdelibs/khtml/xml/dom_docimpl.cpp:1197
#13 0x00002af824b26ba3 in KHTMLPart::clear (this=0x958870) at /storage/src/kde3/kdelibs/khtml/khtml_part.cpp:1407
#14 0x00002af824b27118 in KHTMLPart::begin (this=0x958870, url=@0x9640a8, xOffset=0, yOffset=0)
    at /storage/src/kde3/kdelibs/khtml/khtml_part.cpp:1886
#15 0x00002af824b1d84c in KHTMLPart::slotData (this=0x958870, kio_job=0x2b6, data=@0x7fffffa89300)
    at /storage/src/kde3/kdelibs/khtml/khtml_part.cpp:1579
#16 0x00002af824b32078 in KHTMLPart::qt_invoke (this=0x958870, _id=-5730520, _o=0x7fffffa88ef0) at khtml_part.moc:501
#17 0x00002af8210f8e27 in QObject::activate_signal () from /opt/qt3/lib/libqt-mt.so.3
#18 0x00002af81f9c9741 in KIO::TransferJob::data (this=0x9eb720, t0=0x9eb720, t1=@0x7fffffa89300) at jobclasses.moc:993
#19 0x00002af81f9cb1ee in KIO::TransferJob::qt_invoke (this=0x9eb720, _id=18, _o=0x7fffffa89000) at jobclasses.moc:1072
#20 0x00002af8210f8e27 in QObject::activate_signal () from /opt/qt3/lib/libqt-mt.so.3
#21 0x00002af81f9b87f8 in KIO::SlaveInterface::data (this=0x848080, t0=@0x7fffffa89300) at slaveinterface.moc:194
#22 0x00002af81f9ba558 in KIO::SlaveInterface::dispatch (this=0x848080, _cmd=100, rawdata=@0x7fffffa89300)
    at /storage/src/kde3/kdelibs/kio/kio/slaveinterface.cpp:234
#23 0x00002af81f9b9fc3 in KIO::SlaveInterface::dispatch (this=0x848080) at /storage/src/kde3/kdelibs/kio/kio/slaveinterface.cpp:173
#24 0x00002af81f9b688d in KIO::Slave::gotInput (this=0x848080) at /storage/src/kde3/kdelibs/kio/kio/slave.cpp:300
#25 0x00002af81f9b6c88 in KIO::Slave::qt_invoke (this=0x848080, _id=4, _o=0x7fffffa89420) at slave.moc:113
#26 0x00002af8210f8e27 in QObject::activate_signal () from /opt/qt3/lib/libqt-mt.so.3
#27 0x00002af8210f9511 in QObject::activate_signal () from /opt/qt3/lib/libqt-mt.so.3
#28 0x00002af82111481b in QSocketNotifier::event () from /opt/qt3/lib/libqt-mt.so.3
#29 0x00002af8210922ed in QApplication::internalNotify () from /opt/qt3/lib/libqt-mt.so.3
#30 0x00002af821092492 in QApplication::notify () from /opt/qt3/lib/libqt-mt.so.3
#31 0x00002af820531ac0 in KApplication::notify (this=0x7fffffa89d40, receiver=0x927bc0, event=0x7fffffa89720)
    at /storage/src/kde3/kdelibs/kdecore/kapplication.cpp:550
#32 0x00002af821085c89 in QEventLoop::activateSocketNotifiers () from /opt/qt3/lib/libqt-mt.so.3
#33 0x00002af82103e425 in QEventLoop::processEvents () from /opt/qt3/lib/libqt-mt.so.3
#34 0x00002af8210a9f55 in QEventLoop::enterLoop () from /opt/qt3/lib/libqt-mt.so.3
#35 0x00002af8210a9eb2 in QEventLoop::exec () from /opt/qt3/lib/libqt-mt.so.3
#36 0x00002af81f188f8a in kdemain (argc=1, argv=0x7fffffa89a30) at /storage/src/kde3/kdebase/konqueror/konq_main.cc:206
#37 0x00002af8237190e3 in __libc_start_main () from /lib/libc.so.6
#38 0x00000000004007e9 in _start ()
Comment 5 Andreas Kling 2006-06-09 19:35:06 UTC 
SVN commit 549744 by kling:

toLengthArray() should return null for comma-less strings.
RenderFrameSet::layout() checks for this, but stuff like <frameset cols=""> makes KHTML crash.

BUG: 128792


 M  +5 -0      dom_stringimpl.cpp  


--- branches/KDE/3.5/kdelibs/khtml/xml/dom_stringimpl.cpp #549743:549744
@@ -308,6 +308,11 @@
     str = str.simplifyWhiteSpace();
 
     len = str.contains(',') + 1;
+
+    // If we have no commas, we have no array.
+    if( len == 1 )
+        return 0L;
+
     khtml::Length* r = new khtml::Length[len];
 
     int i = 0;
Comment 6 Tim 2006-06-09 22:40:52 UTC 
the above patch now fixes the crash in konqueror. Many thanks for the fix
Comment 7 Maksim Orlovich 2006-07-13 17:20:49 UTC 
*** Bug 130741 has been marked as a duplicate of this bug. ***