Bug 130971

Summary: konqueror segfault accessing http://tvnz.co.nz
Product: [Applications] konqueror Reporter: Dale Ogilvie <kv27plx02>
Component: khtml rendererAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: A minimal testcase for this bug

Description Dale Ogilvie 2006-07-17 13:41:21 UTC 
Version:            (using KDE KDE 3.5.3)
Installed from:    Compiled From Sources
Compiler:          gcc 4.0.3 
OS:                Linux

Browsing to http://tvnz.co.nz crashes konqueror every time. Running from the console it dies with segfault. This site is full of flash and javascript - very nasty.

Another user <qupada> on #kde duplicated the problem on his system, I didn't ask what his setup was.

My system is home-built LinuxFromScratch

dale@gordon:~$ uname -a
Linux gordon 2.6.17.4 #1 PREEMPT Fri Jul 14 20:45:38 NZST 2006 i686 athlon-4 i386 GNU/Linux
Comment 1 Maksim Orlovich 2006-07-17 19:00:15 UTC 
Infinite recursion/stack overflow:

#3  0xb7282a15 in QConstString (this=0x14, unicode=0x86e0ee8, length=0) at tools/qstring.cpp:6874
#4  0xb6147732 in khtml::Font::width (this=0x86e09b8, chs=0x86e0ee8, pos=0, len=0, start=0, end=0, toAdd=0)
    at /code/KDE/kde3/kdelibs/khtml/rendering/font.cpp:290
#5  0xb611232d in khtml::RenderText::width (this=0x86d6e60, from=0, len=0, f=0x86e09b8)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_text.cpp:1263
#6  0xb60e57c7 in khtml::RenderBlock::findNextLineBreak (this=0x86d6cac, start=@0xbf029390, bidi=@0xbf029324)
    at /code/KDE/kde3/kdelibs/khtml/rendering/bidi.cpp:1909
#7  0xb60e6ac4 in khtml::RenderBlock::layoutInlineChildren (this=0x86d6cac, relayoutChildren=true, breakBeforeLine=0)
    at /code/KDE/kde3/kdelibs/khtml/rendering/bidi.cpp:1477
#8  0xb60f01dd in khtml::RenderBlock::layoutBlock (this=0x86d6cac, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:704
#9  0xb60f06ee in khtml::RenderBlock::layout (this=0x86d6cac)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:598
#10 0xb6034660 in khtml::RenderObject::layoutIfNeeded (this=0x86d6cac)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_object.h:420
#11 0xb60efa9c in khtml::RenderBlock::layoutBlockChildren (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:1418
#12 0xb60f01ee in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:706
#13 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_layer.cpp:754
#14 0xb60f0658 in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:792
#15 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_layer.cpp:754
#16 0xb60f0658 in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:792
#17 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_layer.cpp:754
#18 0xb60f0658 in khtml::RenderBlock::layoutBlock (this=0x86d6bc4, relayoutChildren=true)
    at /code/KDE/kde3/kdelibs/khtml/rendering/render_block.cpp:792
#19 0xb611a4ee in khtml::RenderLayer::checkScrollbarsAfterLayout (this=0x86d6c48)
Comment 2 Sune Vuorela 2007-01-12 15:44:41 UTC 
I see this in kde3.5.5 in debian.

on the page: http://blog.zugschlus.de/archives/468-Hetzner-DS-3000.html

(reported as http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392547)

/Sune
Comment 3 Modestas Vainius 2007-01-13 00:44:58 UTC 
Created attachment 19262 [details]
A minimal testcase for this bug

I attach a minimal testcase to reproduce this bug. The most important parts are
combination of "overflow:auto" and "float:right" styles. The text inside <div>
does not matter as long as it is long enough (so scrollbar appears when
konqueror window made small enough)
Comment 4 Modestas Vainius 2007-01-13 13:19:33 UTC 
Fixed in KDE 3.5.6 . Please close this bug
Comment 5 Tommi Tervo 2007-01-13 14:00:55 UTC 
Confirmed, pre 3.5.6 won't crash
Comment 6 Dale Ogilvie 2007-02-15 10:33:49 UTC 
I'm the original reporter of this bug. As of today, konqueror still crashes when browsing to http://tvnz.co.nz.

I am using KDE 3.5.6 from the ArchLinux packages. I will check on my LFS system to see if the same crash results, or whether this is Arch specific.
Comment 7 Dale Ogilvie 2007-02-15 11:05:58 UTC 
Oh great. Browsing http://tvnz.co.nz works fine on my self-compiled LFS system.

Perhaps this is ArchLinux specific -- was this bug fixed late in the 3.5.6 cycle? Arch patches clobber the fix??
Comment 8 Dale Ogilvie 2007-02-15 12:11:53 UTC 
Never mind. Arch have just released a new kdelibs3.5.6-4 which seems to have fixed the issue.