Bug 130850

Summary: site issue: history back crashes
Product: [Applications] konqueror Reporter: Maciej Pilichowski <bluedzins>
Component: generalAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Maciej Pilichowski 2006-07-15 07:40:22 UTC 
Version:            (using KDE KDE 3.5.3)
Installed from:    SuSE RPMs

Go to (one url -- please take care of newlines):
http://www.zaiks.org.pl/portalzaiks/zax_PytaniaFirst.jsp?sysparameters=packed=(true);&parameters=ID=(INDEX$1556);IndexPath=(INDEX$1555/INDEX$1556);wstep=(n);wariant=(JakSkorzystac);

Wait till page is loaded. Click on "inne" (left column, last item). Wait till page is loaded. Click "back" button in Konqueror. Crash.

Using host libthread_db library "/lib/tls/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread 1096238208 (LWP 6671)]
[KCrash handler]
#6  0x41c17379 in DOM::NodeListImpl::NodeListImpl ()
   from /opt/kde3/lib/libkhtml.so.4
#7  0x41c3e59d in DOM::HTMLCollectionImpl::HTMLCollectionImpl ()
   from /opt/kde3/lib/libkhtml.so.4
#8  0x41d7c955 in KJS::FrameArray::get () from /opt/kde3/lib/libkhtml.so.4
#9  0x41eb39f2 in KJS::Reference::getValue () from /opt/kde3/lib/libkjs.so.1
#10 0x41eb3f52 in KJS::Node::evaluate () from /opt/kde3/lib/libkjs.so.1
#11 0x41eb5a8c in KJS::EqualNode::evaluate () from /opt/kde3/lib/libkjs.so.1
#12 0x41eb568f in KJS::BinaryLogicalNode::evaluate ()
   from /opt/kde3/lib/libkjs.so.1
#13 0x41e93d43 in KJS::Node::toBoolean () from /opt/kde3/lib/libkjs.so.1
#14 0x41ec8276 in KJS::IfNode::execute () from /opt/kde3/lib/libkjs.so.1
#15 0x41eccb6d in KJS::SourceElementsNode::execute ()
   from /opt/kde3/lib/libkjs.so.1
#16 0x41ec7ecc in KJS::BlockNode::execute () from /opt/kde3/lib/libkjs.so.1
#17 0x41ecd627 in KJS::InterpreterImp::evaluate ()
   from /opt/kde3/lib/libkjs.so.1
#18 0x41ecdb3a in KJS::Interpreter::evaluate () from /opt/kde3/lib/libkjs.so.1
#19 0x41d7f349 in KJS::KJSProxyImpl::evaluate ()
   from /opt/kde3/lib/libkhtml.so.4
#20 0x41bf72b2 in KHTMLPart::executeScript () from /opt/kde3/lib/libkhtml.so.4
#21 0x41c4f834 in khtml::HTMLTokenizer::scriptExecution ()
   from /opt/kde3/lib/libkhtml.so.4
#22 0x41c6c52d in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib/libkhtml.so.4
#23 0x41c6d6fe in khtml::HTMLTokenizer::parseSpecial ()
   from /opt/kde3/lib/libkhtml.so.4
#24 0x41c6da8d in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib/libkhtml.so.4
#25 0x41c70870 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib/libkhtml.so.4
#26 0x41bc4e6f in KHTMLPart::write () from /opt/kde3/lib/libkhtml.so.4
#27 0x41bd1aa4 in KHTMLPart::slotData () from /opt/kde3/lib/libkhtml.so.4
#28 0x41bf8b0e in KHTMLPart::qt_invoke () from /opt/kde3/lib/libkhtml.so.4
#29 0x40858039 in QObject::activate_signal ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#30 0x4018021f in KIO::TransferJob::data () from /opt/kde3/lib/libkio.so.4
#31 0x40180298 in KIO::TransferJob::slotData () from /opt/kde3/lib/libkio.so.4
#32 0x401d4609 in KIO::TransferJob::qt_invoke () from /opt/kde3/lib/libkio.so.4
#33 0x40858039 in QObject::activate_signal ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#34 0x4017d3e2 in KIO::SlaveInterface::data () from /opt/kde3/lib/libkio.so.4
#35 0x401ed11b in KIO::SlaveInterface::dispatch ()
   from /opt/kde3/lib/libkio.so.4
#36 0x40191a07 in KIO::SlaveInterface::dispatch ()
   from /opt/kde3/lib/libkio.so.4
#37 0x4019690b in KIO::Slave::gotInput () from /opt/kde3/lib/libkio.so.4
#38 0x40196abb in KIO::Slave::qt_invoke () from /opt/kde3/lib/libkio.so.4
#39 0x40858039 in QObject::activate_signal ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#40 0x40858621 in QObject::activate_signal ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#41 0x40ba6a90 in QSocketNotifier::activated ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#42 0x40877450 in QSocketNotifier::event () from /usr/lib/qt3/lib/libqt-mt.so.3
#43 0x407f7351 in QApplication::internalNotify ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#44 0x407f7cd9 in QApplication::notify () from /usr/lib/qt3/lib/libqt-mt.so.3
#45 0x4052f35e in KApplication::notify () from /opt/kde3/lib/libkdecore.so.4
#46 0x407eaf8d in QEventLoop::activateSocketNotifiers ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#47 0x407a48b2 in QEventLoop::processEvents ()
   from /usr/lib/qt3/lib/libqt-mt.so.3
#48 0x4080e3a2 in QEventLoop::enterLoop () from /usr/lib/qt3/lib/libqt-mt.so.3
#49 0x4080e286 in QEventLoop::exec () from /usr/lib/qt3/lib/libqt-mt.so.3
#50 0x407f6c9f in QApplication::exec () from /usr/lib/qt3/lib/libqt-mt.so.3
#51 0x416e6d0c in kdemain () from /opt/kde3/lib/libkdeinit_konqueror.so
#52 0x40cfa544 in kdeinitmain () from /opt/kde3/lib/kde3/konqueror.so
#53 0x0804e180 in launch ()
#54 0x0804e834 in handle_launcher_request ()
#55 0x0804edb7 in handle_requests ()
#56 0x0804fec3 in main ()
Comment 1 Andreas Kling 2006-07-15 17:19:12 UTC 
==2169== Invalid read of size 4
==2169==    at 0xADF932C: khtml::TreeShared<DOM::NodeImpl>::ref() (shared.h:34)
==2169==    by 0xAE66B6A: DOM::NodeListImpl::NodeListImpl(DOM::NodeImpl*, int, DOM::NodeListImpl::Cache* (*)()) (dom_nodeimpl.cpp:1681)
==2169==    by 0xAEAAB73: DOM::HTMLCollectionImpl::HTMLCollectionImpl(DOM::NodeImpl*, int) (html_miscimpl.cpp:73)
==2169==    by 0xAFDEC06: KJS::FrameArray::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_window.cpp:2240)
==2169==    by 0xB411136: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:143)
==2169==    by 0xB3D0BAE: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130)
==2169==    by 0xB3D58B8: KJS::EqualNode::evaluate(KJS::ExecState*) const (nodes.cpp:1406)
==2169==    by 0xB3D5566: KJS::BinaryLogicalNode::evaluate(KJS::ExecState*) const (nodes.cpp:1487)
==2169==    by 0xB3D0CA6: KJS::Node::toBoolean(KJS::ExecState*) const (nodes.cpp:136)
==2169==    by 0xB3D4317: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2016)
==2169==    by 0xB3D16CA: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097)
==2169==    by 0xB3CF7E9: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942)
==2169==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
Comment 2 Andreas Kling 2006-07-15 17:32:09 UTC 
It seems `part->document().handle()' returns NULL at ecma/kjs_window.cpp:2239

A simple `if(!doc) return Undefined();' stops the crashing, but I have no idea if this is the correct solution. Maksim?
Comment 3 Maksim Orlovich 2006-07-16 05:27:56 UTC 
It's not the correct solution, I believe, but may be the practical one. The true problem is that the frame restoration code does weird stuff, and runs JS too early.


*** This bug has been marked as a duplicate of 127147 ***