Summary: | [test case] crash running this html + js | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Declan Naughton <piratepenguin> |
Component: | khtml xml | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED DUPLICATE | ||
Severity: | crash | CC: | aiacovitti, drew.m.fisher, finex, frank78ac |
Priority: | NOR | Keywords: | testcase |
Version: | 4.9.2 | ||
Target Milestone: | --- | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | test case |
Description
Declan Naughton
2006-09-19 18:44:51 UTC
#6 0xb5fbe584 in DOM::NodeImpl::nextSibling (this=0x0) at ../../khtml/xml/dom_nodeimpl.h:127 #7 0xb6040088 in DOM::RangeImpl::compareBoundaryPoints (containerA=0x885f5e8, offsetA=1, containerB=0x88e2938, offsetB=0) at dom2_rangeimpl.cpp:368 #8 0xb5fcccd5 in KHTMLPart::extendSelectionTo (this=0x86896a0, x=487, y=29, absX=469, absY=10, innerNode=@0xbfa389c0) at khtml_part.cpp:6324 #9 0xb5fb4cc5 in KHTMLView::doAutoScroll (this=0x881dc68) at khtmlview.cpp:1782 #10 0xb5fcb6d1 in KHTMLPart::slotAutoScroll (this=0x86896a0) at khtml_part.cpp:6679 #11 0xb5fe8f53 in KHTMLPart::qt_invoke (this=0x86896a0, _id=65, _o=0xbfa38ad8) at khtml_part.moc:549 I can crash SVN trunk rev. 798811 with the provided testcase. There are different ways to crash it (I saved the HTML code in a file and passed this as command-line argument to Konqueror in a shell): 1. Click the first box, press TAB, click the 3rd and then the 4th box. Konqueror segfaults. 2. Just keep TAB pressed until Konqueror segfaults at some point. 3. Click the first box, press TAB, close Konqueror. Then it crashes with SIGABRT. Firefox does not crash in either case. It doesn't have new boxes popping up when TAB is pressed either. Here is a backtrace for 1 (those for 2 and 3 are different, but I don't want to make this comment too long and unclear): Application: Konqueror (konqueror), signal SIGSEGV Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1242462528 (LWP 9051)] [KCrash handler] #6 0xb40805f4 in DOM::DocumentImpl::view (this=0x101) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:2802 #7 0xb40a0f93 in DOM::NodeImpl::dispatchEvent (this=0x85f7798, evt=0x85f7798, exceptioncode=@0xbfd12f1c, tempEvent=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:417 #8 0xb3ff1ac1 in KHTMLView::dispatchMouseEvent (this=0x8318d88, eventId=4, targetNode=0x85b9f08, targetNodeNonShared=0x85b9f08, cancelable=true, detail=1, _mouse=0xbfd12ff8, setUnder=true, mouseEventType=1, orient=0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:3642 #9 0xb3ffa242 in KHTMLView::mouseReleaseEvent (this=0x8318d88, _mouse=0xbfd13868) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:1594 #10 0xb66746b3 in QWidget::event (this=0x8318d88, event=0xbfd13868) at kernel/qwidget.cpp:6920 #11 0xb6a471f2 in QFrame::event (this=0x8318d88, e=0xbfd13868) at widgets/qframe.cpp:657 #12 0xb3ff9293 in KHTMLView::widgetEvent (this=0x8318d88, e=0xbfd13868) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:2355 #13 0xb3ffd6b5 in KHTMLView::eventFilter (this=0x8318d88, o=0x8323a38, e=0xbfd13868) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:2219 #14 0xb718f102 in QCoreApplicationPrivate::sendThroughObjectEventFilters ( this=0x805d038, receiver=0x8323a38, event=0xbfd13868) at kernel/qcoreapplication.cpp:694 #15 0xb660ab25 in QApplicationPrivate::notify_helper (this=0x805d038, receiver=0x8323a38, e=0xbfd13868) at kernel/qapplication.cpp:3762 #16 0xb660b680 in QApplication::notify (this=0xbfd141d8, receiver=0x8323a38, e=0xbfd13868) at kernel/qapplication.cpp:3495 #17 0xb784e001 in KApplication::notify (this=0xbfd141d8, receiver=0x8323a38, event=0xbfd13868) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311 #18 0xb7191381 in QCoreApplication::notifyInternal (this=0xbfd141d8, receiver=0x8323a38, event=0xbfd13868) at kernel/qcoreapplication.cpp:587 #19 0xb6618603 in QCoreApplication::sendSpontaneousEvent (receiver=0x8323a38, event=0xbfd13868) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218 #20 0xb66126e6 in QApplicationPrivate::sendMouseEvent (receiver=0x8323a38, event=0xbfd13868, alienWidget=0x8323a38, nativeWidget=0x8129058, buttonDown=0xb6f44c00, lastMouseReceiver=@0xb6f44c04) at kernel/qapplication.cpp:2760 #21 0xb669558c in QETWidget::translateMouseEvent (this=0x8129058, event=0xbfd13e7c) at kernel/qapplication_x11.cpp:4112 #22 0xb6692a81 in QApplication::x11ProcessEvent (this=0xbfd141d8, event=0xbfd13e7c) at kernel/qapplication_x11.cpp:3112 #23 0xb66c63e1 in x11EventSourceDispatch (s=0x805ff98, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148 #24 0xb608e11c in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #25 0xb609155f in ?? () from /usr/lib/libglib-2.0.so.0 #26 0x0805eaa0 in ?? () #27 0x00000000 in ?? () #0 0xffffe410 in __kernel_vsyscall () Created attachment 26525 [details]
test case
Attaching the test case because the link in the original report is not
reachable any more. Still crashes 4.1 and SVN trunk rev. 839800.
Still present in trunk, r886275, but looks a bit different. My backtrace is as follows: Application: Konqueror (konqueror), signal SIGSEGV Thread 1 (Thread 0xb60226c0 (LWP 4964)): [KCrash Handler] #6 0xb3edd3ac in DOM::DocumentImpl::view (this=0x49) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:2885 #7 0xb3f01053 in DOM::NodeImpl::dispatchEvent (this=0x9df98b0, evt=0x9ce4050, exceptioncode=@0xbf821e14, tempEvent=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:449 #8 0xb3f0380f in DOM::NodeImpl::dispatchHTMLEvent (this=0x9df98b0, _id=24, canBubbleArg=false, cancelableArg=false) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:550 #9 0xb3ee1c60 in DOM::DocumentImpl::setFocusNode (this=0x9cae180, newFocusNode=0x9df98b0) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:2468 #10 0xb3e4b853 in KHTMLView::focusNextPrevNode (this=0x9ba1350, next=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:2633 #11 0xb3e4ba29 in KHTMLView::focusNextPrevChild (this=0x9ba1350, next=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:2054 #12 0xb6af6109 in QWidget::focusNextPrevChild (this=0x9ba1260, next=true) at kernel/qwidget.cpp:5510 #13 0xb6af6109 in QWidget::focusNextPrevChild (this=0x9ba1fd8, next=true) at kernel/qwidget.cpp:5510 #14 0xb6af6109 in QWidget::focusNextPrevChild (this=0x9de7480, next=true) at kernel/qwidget.cpp:5510 #15 0xb3f914ec in FocusHandleWidget::focusNextPrev (this=0x9de7480, n=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/html/html_formimpl.cpp:1007 #16 0xb3f805be in DOM::HTMLGenericFormElementImpl::defaultEventHandler (this=0x9cea618, evt=0x9ce9d88) at /home/zarvox/kde/src/KDE/kdelibs/khtml/html/html_formimpl.cpp:1071 #17 0xb3f8da26 in DOM::HTMLInputElementImpl::defaultEventHandler (this=0x9cea618, evt=0x9ce9d88) at /home/zarvox/kde/src/KDE/kdelibs/khtml/html/html_formimpl.cpp:1865 #18 0xb3f030a0 in DOM::NodeImpl::dispatchGenericEvent (this=0x9cea618, evt=0x9ce9d88) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:524 #19 0xb3f0106f in DOM::NodeImpl::dispatchEvent (this=0x9cea618, evt=0x9ce9d88, exceptioncode=@0xbf822274, tempEvent=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:451 #20 0xb3f01d87 in DOM::NodeImpl::dispatchKeyEvent (this=0x9cea618, key=0xbf8228c4, keypress=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:690 #21 0xb3e461c8 in KHTMLView::dispatchKeyEventHelper (this=0x9ba1350, _ke=0xbf8228c4, keypress=true) at /home/zarvox/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:1710 #22 0xb3e462bf in KHTMLView::dispatchKeyEvent (this=0x9ba1350, _ke=0xbf8228c4) at /home/zarvox/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:1666 #23 0xb3e4f917 in KHTMLView::keyPressEvent (this=0x9ba1350, _ke=0xbf8228c4) at /home/zarvox/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:1797 #24 0xb3e4a097 in KHTMLView::eventFilter (this=0x9ba1350, o=0x9de7480, e=0xbf8228c4) at /home/zarvox/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:2340 #25 0xb7301d1c in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x98511a0, receiver=0x9de7480, event=0xbf8228c4) at kernel/qcoreapplication.cpp:694 #26 0xb6aa17b2 in QApplicationPrivate::notify_helper (this=0x98511a0, receiver=0x9de7480, e=0xbf8228c4) at kernel/qapplication.cpp:3799 #27 0xb6aa1dd1 in QApplication::notify (this=0xbf823368, receiver=0x9de7480, e=0xbf8228c4) at kernel/qapplication.cpp:3447 #28 0xb7824dc7 in KApplication::notify (this=0xbf823368, receiver=0x9de7480, event=0xbf8228c4) at /home/zarvox/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:307 #29 0xb730393f in QCoreApplication::notifyInternal (this=0xbf823368, receiver=0x9de7480, event=0xbf8228c4) at kernel/qcoreapplication.cpp:583 #30 0xb6aad60f in QCoreApplication::sendSpontaneousEvent (receiver=0x9de7480, event=0xbf8228c4) at ../../include/QtCore/qcoreapplication.h:218 #31 0xb6b0b21f in qt_sendSpontaneousEvent (receiver=0x9de7480, event=0xbf8228c4) at kernel/qapplication_x11.cpp:4588 #32 0xb6b44a1c in QKeyMapper::sendKeyEvent (keyWidget=0x9de7480, grab=false, type=QEvent::KeyPress, code=16777217, modifiers={i = -1081988568}, text=@0xbf822a5c, autorepeat=false, count=1, nativeScanCode=23, nativeVirtualKey=65289, nativeModifiers=0) at kernel/qkeymapper_x11.cpp:1652 #33 0xb6b45d7b in QKeyMapperPrivate::translateKeyEvent (this=0x987bb68, keyWidget=0x9de7480, event=0xbf822fbc, grab=false) at kernel/qkeymapper_x11.cpp:1623 #34 0xb6b1db35 in QApplication::x11ProcessEvent (this=0xbf823368, event=0xbf822fbc) at kernel/qapplication_x11.cpp:3053 #35 0xb6b481d8 in x11EventSourceDispatch (s=0x9854578, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:142 #36 0xb63216f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #37 0xb6324da3 in ?? () from /usr/lib/libglib-2.0.so.0 #38 0xb6324f61 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #39 0xb733172a in QEventDispatcherGlib::processEvents (this=0x98516a0, flags={i = -1081986700}) at kernel/qeventdispatcher_glib.cpp:319 #40 0xb6b479d0 in QGuiEventDispatcherGlib::processEvents (this=0x98516a0, flags={i = -1081986652}) at kernel/qguieventdispatcher_glib.cpp:198 #41 0xb730096c in QEventLoop::processEvents (this=0xbf823220, flags={i = -1081986588}) at kernel/qeventloop.cpp:143 #42 0xb7300ba9 in QEventLoop::exec (this=0xbf823220, flags={i = -1081986520}) at kernel/qeventloop.cpp:190 #43 0xb730413b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845 #44 0xb6aa14ee in QApplication::exec () at kernel/qapplication.cpp:3331 #45 0xb7eef0d4 in kdemain (argc=2, argv=0xbf8236d4) at /home/zarvox/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257 #46 0x08048756 in main (argc=) at /home/zarvox/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3 I've had reproduced the crash. This is the backtrace using current trunk (r1013927) Application: Konqueror (kdeinit4), signal: Segmentation fault [Current thread is 0 (LWP 2363)] Thread 3 (Thread 0x7f92f398d910 (LWP 2469)): #0 0x00007f9309758a62 in select () from /lib/libc.so.6 #1 0x00007f930cf941c1 in ?? () from /usr/lib/libQtCore.so.4 #2 0x00007f930cecf285 in ?? () from /usr/lib/libQtCore.so.4 #3 0x00007f930cc5c57a in start_thread () from /lib/libpthread.so.0 #4 0x00007f930975f16d in clone () from /lib/libc.so.6 #5 0x0000000000000000 in ?? () Thread 2 (Thread 0x7f92f2f86910 (LWP 2646)): #0 0x00007f930cc6105d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00007f930ced02b2 in QWaitCondition::wait () from /usr/lib/libQtCore.so.4 #2 0x00007f930cec6412 in ?? () from /usr/lib/libQtCore.so.4 #3 0x00007f930cecf285 in ?? () from /usr/lib/libQtCore.so.4 #4 0x00007f930cc5c57a in start_thread () from /lib/libpthread.so.0 #5 0x00007f930975f16d in clone () from /lib/libc.so.6 #6 0x0000000000000000 in ?? () Thread 1 (Thread 0x7f930d48b760 (LWP 2363)): [KCrash Handler] #5 0x00007f92f995217b in DOM::NodeImpl::handleLocalEvents (this=0x3477620, evt=<value optimized out>, useCapture=<value optimized out>) at /usr/include/QtCore/qlist.h:111 #6 0x00007f92f9952705 in DOM::NodeImpl::dispatchGenericEvent (this=0x3477620, evt=0x41500d0) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:499 #7 0x00007f92f995284e in DOM::NodeImpl::dispatchEvent (this=0x3477620, evt=0x41500d0, exceptioncode=@0x7fffb1e8b5ec, tempEvent=true) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:453 #8 0x00007f92f99540ba in DOM::NodeImpl::dispatchHTMLEvent (this=0x3477620, _id=24, canBubbleArg=<value optimized out>, cancelableArg=<value optimized out>) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:552 #9 0x00007f92f993e783 in DOM::DocumentImpl::setFocusNode (this=0x47fb4f0, newFocusNode=0x39) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_docimpl.cpp:2483 #10 0x00007f92f98c09ec in KHTMLView::focusNextPrevNode (this=0x2db7e20, next=true) at /home/test/KDE4/src/kdelibs/khtml/khtmlview.cpp:2586 #11 0x00007f92f98c0ea9 in KHTMLView::focusNextPrevChild (this=0x2db7e20, next=<value optimized out>) at /home/test/KDE4/src/kdelibs/khtml/khtmlview.cpp:1999 #12 0x00007f92f99b6227 in DOM::HTMLGenericFormElementImpl::defaultEventHandler (this=0x34ab0b0, evt=0x2ff79b0) at /home/test/KDE4/src/kdelibs/khtml/html/html_formimpl.cpp:1029 #13 0x00007f92f99c5f02 in DOM::HTMLInputElementImpl::defaultEventHandler (this=0x34ab0b0, evt=0x2ff79b0) at /home/test/KDE4/src/kdelibs/khtml/html/html_formimpl.cpp:1954 #14 0x00007f92f9952654 in DOM::NodeImpl::dispatchGenericEvent (this=0x34ab0b0, evt=0x2ff79b0) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:526 #15 0x00007f92f995284e in DOM::NodeImpl::dispatchEvent (this=0x34ab0b0, evt=0x2ff79b0, exceptioncode=@0x7fffb1e8b98c, tempEvent=true) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:453 #16 0x00007f92f9953152 in DOM::NodeImpl::dispatchKeyEvent (this=<value optimized out>, key=0x7fffb1e8bfe0, keypress=<value optimized out>) at /home/test/KDE4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:694 #17 0x00007f92f98c122d in KHTMLView::dispatchKeyEvent (this=0x2db7e20, _ke=0x7fffb1e8bfe0) at /home/test/KDE4/src/kdelibs/khtml/khtmlview.cpp:1626 #18 0x00007f92f98ccde9 in KHTMLView::keyPressEvent (this=0x2db7e20, _ke=0x7fffb1e8bfe0) at /home/test/KDE4/src/kdelibs/khtml/khtmlview.cpp:1747 #19 0x00007f92f98ca524 in KHTMLView::eventFilter (this=0x2db7e20, o=0x4714b10, e=0x7fffb1e8bfe0) at /home/test/KDE4/src/kdelibs/khtml/khtmlview.cpp:2285 #20 0x00007f930cfb4007 in QCoreApplicationPrivate::sendThroughObjectEventFilters () from /usr/lib/libQtCore.so.4 #21 0x00007f930a32d66c in QApplicationPrivate::notify_helper () from /usr/lib/libQtGui.so.4 #22 0x00007f930a335483 in QApplication::notify () from /usr/lib/libQtGui.so.4 #23 0x00007f930b4346c6 in KApplication::notify (this=0x7fffb1e8e2d0, receiver=0x4714b10, event=0x7fffb1e8bfe0) at /home/test/KDE4/src/kdelibs/kdeui/kernel/kapplication.cpp:302 #24 0x00007f930cfb4cec in QCoreApplication::notifyInternal () from /usr/lib/libQtCore.so.4 #25 0x00007f930a3bcfca in ?? () from /usr/lib/libQtGui.so.4 #26 0x00007f930a3bf511 in ?? () from /usr/lib/libQtGui.so.4 #27 0x00007f930a398a44 in QApplication::x11ProcessEvent () from /usr/lib/libQtGui.so.4 #28 0x00007f930a3c0e6c in ?? () from /usr/lib/libQtGui.so.4 #29 0x00007f9308de9dbe in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #30 0x00007f9308ded568 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0 #31 0x00007f9308ded690 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #32 0x00007f930cfdd1b6 in QEventDispatcherGlib::processEvents () from /usr/lib/libQtCore.so.4 #33 0x00007f930a3c064e in ?? () from /usr/lib/libQtGui.so.4 #34 0x00007f930cfb35f2 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4 #35 0x00007f930cfb39c4 in QEventLoop::exec () from /usr/lib/libQtCore.so.4 #36 0x00007f930cfb5b79 in QCoreApplication::exec () from /usr/lib/libQtCore.so.4 #37 0x00007f93003ab883 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at /home/test/KDE4/src/kdebase/apps/konqueror/src/konqmain.cpp:257 #38 0x00000000004070be in launch (argc=2, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=16, envs=<value optimized out>, reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x2419b56 "blackhole;1251044086;276265;2158_TIME289289") at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:705 #39 0x0000000000407ccd in handle_launcher_request (sock=8, who=<value optimized out>) at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:1197 #40 0x00000000004081b1 in handle_requests (waitForPid=0) at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:1390 #41 0x0000000000408962 in main (argc=4, argv=<value optimized out>, envp=<value optimized out>) at /home/test/KDE4/src/kdelibs/kinit/kinit.cpp:1825 *** This bug has been marked as a duplicate of bug 264403 *** |