Bug 129631

Summary: khtml crash on sun.com
Product: [Applications] konqueror Reporter: Pierre Habouzit <madcoder>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED NOT A BUG    
Severity: crash CC: finex
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian testing   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Pierre Habouzit 2006-06-22 09:37:39 UTC 
Version:            (using KDE KDE 3.5.3)
Installed from:    Debian testing/unstable Packages

from debian bug http://bugs.debian.org/374903
=============================================

Package: konqueror
Version: 4:3.5.3-2
Severity: normal


Visiting this page causes konqueror to segfault.

http://java.sun.com/javase/6/webnotes/index.html

the stack trace:

#0  0xb7c5e22f in free () from /lib/tls/libc.so.6
#1  0xb7c5fdfc in malloc () from /lib/tls/libc.so.6
#2  0xb7e13598 in operator new () from /usr/lib/libstdc++.so.6
#3  0xb6f8452f in QGListIterator::QGListIterator () from /usr/lib/libqt-mt.so.3
#4  0xb61bc221 in DOM::CSSSelector::operator== () from /usr/lib/libkhtml.so.4
#5  0xb61c052a in DOM::CSSParser::addBackgroundValue () from /usr/lib/libkhtml.so.4
#6  0xb610de56 in non-virtual thunk to DOM::DocumentImpl::error(int, QString const&) () from /usr/lib/libkhtml.so.4
Comment 1 Philip Rodrigues 2006-06-23 20:34:26 UTC 
Same on r548320 on FreeBSD. I can't get a backtrace, but the console says "Bus error: 10"
Comment 2 Thiago Macieira 2006-06-28 20:14:35 UTC 
Confirmed: stack overflow (548000):

first frames:
#0  0xb7d9527c in mallopt () from /lib/i686/libc.so.6
#1  0xb7d97075 in malloc () from /lib/i686/libc.so.6
#2  0xb67945d8 in operator new () from /usr/lib/libstdc++.so.6
#3  0xb5ba602b in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:735
#4  0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#5  0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#6  0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#7  0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#8  0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#9  0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#10 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#11 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#12 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#13 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#14 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#15 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
    at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#16 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false)
[repeat ad nauseam]
#52347 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#52348 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660
#52349 0xb5ba74d4 in khtml::KHTMLParser::parseToken (this=0x8440790, t=0x843661c) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:289
#52350 0xb5ba8015 in khtml::HTMLTokenizer::processToken (this=0x84365e8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1677
#52351 0xb5bacb7e in khtml::HTMLTokenizer::parseTag (this=0x84365e8, src=@0x8436ae8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1173
#52352 0xb5bad1bb in khtml::HTMLTokenizer::write (this=0x84365e8, str=@0xbfc81028, appendData=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1436
#52353 0xb5baa00d in khtml::HTMLTokenizer::notifyFinished (this=0x84365e8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1747
#52354 0xb5c7e40b in khtml::CachedScript::checkNotify (this=0x8438a90) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/misc/loader.cpp:369
#52355 0xb5c7e64f in khtml::CachedScript::data (this=0x8438a90, buffer=@0x8438afc, eof=true) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/misc/loader.cpp:361
#52356 0xb5c7f7fb in khtml::Loader::slotFinished (this=0x834d2f0, job=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/misc/loader.cpp:1133
#52357 0xb5c7fa6d in khtml::Loader::qt_invoke (this=0x834d2f0, _id=2, _o=0xbfc81244) at ./khtml/misc/loader.moc:260
#52358 0xb6be2313 in QObject::activate_signal (this=0x842c5b8, clist=0x84153a8, o=0xbfc81244) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2356
#52359 0xb79e28c8 in KIO::Job::result (this=0x842c5b8, t0=0x38) at ./kio/kio/jobclasses.moc:162
#52360 0xb79e296c in KIO::Job::emitResult (this=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/job.cpp:226
#52361 0xb79e5998 in KIO::SimpleJob::slotFinished (this=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/job.cpp:574
#52362 0xb79f262d in KIO::TransferJob::slotFinished (this=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/job.cpp:944
#52363 0xb79e627a in KIO::TransferJob::qt_invoke (this=0x842c5b8, _id=17, _o=0xbfc815dc) at ./kio/kio/jobclasses.moc:1071
#52364 0xb6be2313 in QObject::activate_signal (this=0x842d108, clist=0x842db70, o=0xbfc815dc) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2356
#52365 0xb6be311c in QObject::activate_signal (this=0x842d108, signal=6) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2325
#52366 0xb79cfd61 in KIO::SlaveInterface::finished (this=0x38) at ./kio/kio/slaveinterface.moc:226
#52367 0xb79d1c7f in KIO::SlaveInterface::dispatch (this=0x842d108, _cmd=104, rawdata=@0xbfc81820) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/slaveinterface.cpp:243
#52368 0xb79d151e in KIO::SlaveInterface::dispatch (this=0x842d108) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/slaveinterface.cpp:173
#52369 0xb79cd5ad in KIO::Slave::gotInput (this=0x842d108) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/slave.cpp:300
#52370 0xb79cda88 in KIO::Slave::qt_invoke (this=0x842d108, _id=4, _o=0xbfc81978) at ./kio/kio/slave.moc:113
#52371 0xb6be2313 in QObject::activate_signal (this=0x842cb40, clist=0x842d320, o=0xbfc81978) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2356
#52372 0xb6be2ef0 in QObject::activate_signal (this=0x842cb40, signal=2, param=20) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2449
#52373 0xb6ffac68 in QSocketNotifier::activated (this=0x842cb40, t0=20) at /home/tjmaciei/src/kde3/qt-copy/src/.moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#52374 0xb6c080c3 in QSocketNotifier::event (this=0x842cb40, e=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qsocketnotifier.cpp:258
#52375 0xb6b6a02b in QApplication::internalNotify (this=0xbfc82044, receiver=0x842cb40, e=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qapplication.cpp:2635
#52376 0xb6b6a281 in QApplication::notify (this=0xbfc82044, receiver=0x842cb40, e=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qapplication.cpp:2358
#52377 0xb7378e29 in KApplication::notify (this=0xbfc82044, receiver=0x842cb40, event=0xbfc81c7c) at /home/tjmaciei/src/kde3/KDE/kdelibs/kdecore/kapplication.cpp:550
#52378 0xb7eee62e in QApplication::sendEvent (receiver=0x1, event=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/include/qapplication.h:496
#52379 0xb6b591f0 in QEventLoop::activateSocketNotifiers (this=0x81148f0) at kernel/qeventloop_unix.cpp:578
#52380 0xb6b045e4 in QEventLoop::processEvents (this=0x81148f0, flags=4) at kernel/qeventloop_x11.cpp:383
#52381 0xb6b8626a in QEventLoop::enterLoop (this=0x81148f0) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qeventloop.cpp:198
#52382 0xb6b86193 in QEventLoop::exec (this=0x81148f0) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qeventloop.cpp:145
#52383 0xb6b6899d in QApplication::exec (this=0xbfc82044) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qapplication.cpp:2758
#52384 0xb7ed528a in kdemain (argc=56, argv=0x38) at /home/tjmaciei/src/kde3/KDE/kdebase/konqueror/konq_main.cc:206
#52385 0xb7d45728 in __libc_start_main () from /lib/i686/libc.so.6
#52386 0x08048421 in _start () at ../sysdeps/i386/elf/start.S:119
Comment 3 Thiago Macieira 2006-06-28 20:15:34 UTC 
If it helps, this is the value of the node n:
$2 = {<khtml::TreeShared<DOM::NodeImpl>> = {_ref = 0, m_parent = 0x0}, _vptr.NodeImpl = 0xb5dc6c68, document = 0x83b1f28, m_previous = 0x0, m_next = 0x0, m_render = 0x0, m_regdListeners = {listeners = 0x0}, m_tabIndex = 0, m_hasTabIndex = false, m_hasId = false, m_attached = false, m_closed = false, m_changed = false, m_hasChangedChild = false, m_changedAscendentAttribute = false, m_inDocument = false, m_hasAnchor = false, m_specified = false, m_hovered = false, m_focused = false, m_active = false, m_implicit = false, m_htmlCompat = true, m_hasClassList = false, m_hasClass = false}
Comment 4 Thiago Macieira 2006-06-29 23:15:32 UTC 
More information:
p/a *n
$4 = {<khtml::TreeShared<DOM::NodeImpl>> = {_ref = 0x0, m_parent = 0x0},
  _vptr.NodeImpl = 0xb5e90c68 <vtable for DOM::HTMLTableRowElementImpl+8>, [cut]
Comment 5 Maksim Orlovich 2006-06-29 23:17:41 UTC 
Bug #129909 is likely pretty similar. Also, thiago noted that the n is a TR
Comment 6 Linus Östberg 2008-04-19 20:08:42 UTC 
The page has probably changed since the bug was reported, but it works fine in Konqueror 3.5.9 and 4 (trunk, r798696) now. Konqueror 4 even notes there is a coding error in the page, but shows it anyway.
Comment 7 FiNeX 2008-04-25 14:08:22 UTC 
Confirmed that the page doesn't crash konqueror anymore (both 3.5.9 and trunk r800924). Probably because the site could be changed. Closed as INVALID.