Bug 135735

Summary: konqueror crashes in http://lmnop.blogs.com/
Product: [Applications] konqueror Reporter: gallir
Component: kjsAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: maksim
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description gallir 2006-10-16 10:39:45 UTC
Version:           3.5.5 (using KDE 3.5.5, Debian Package 4:3.5.5a-2 (testing/unstable))
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.17.11

It seems to me is related to some CSS or JS errors. Firefox JS' console shows me:

Error: Unknown property '_background-color'.  Declaration dropped.
Source File: http://lmnop.blogs.com/
Line: 1117

Error: Error in parsing value for property 'margin'.  Declaration dropped.
Source File: http://lmnop.blogs.com/
Line: 1081

Error: Unexpected end of file while searching for closing } of declaration block.
Source File: http://lmnop.blogs.com/
Line: 1011

Error: Expected declaration but found '.'.  Skipped to next declaration.
Source File: http://lmnop.blogs.com/
Line: 998

Error: Error in parsing value for property 'text-decoration'.  Declaration dropped.
Source File: http://lmnop.blogs.com/
Line: 990

Error: Error in parsing value for property 'text-decoration'.  Declaration dropped.
Source File: http://lmnop.blogs.com/
Line: 990

Error: D is not defined
Source File: http://lmnop.blogs.com/
Line: 735
...
Comment 1 Bram Schoenmakers 2006-10-16 11:06:31 UTC
Can confirm. This is the backtrace (I know, it could be more detailed, sorry about that).

Using host libthread_db library "/lib/libthread_db.so.1".
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
[Thread debugging using libthread_db enabled]
[New Thread -1233250112 (LWP 14930)]
[KCrash handler]
#6  0xb6290adb in KJS::ValueImp::dispatchToBoolean ()
   from /usr/kde/branch/lib/libkjs.so.1
#7  0xb62975a5 in KJS::Node::toBoolean () from /usr/kde/branch/lib/libkjs.so.1
#8  0xb62b2e0f in KJS::LogicalNotNode::evaluate ()
   from /usr/kde/branch/lib/libkjs.so.1
#9  0xb62becbe in KJS::ExprStatementNode::execute ()
   from /usr/kde/branch/lib/libkjs.so.1
#10 0xb62bb458 in KJS::SourceElementsNode::execute ()
   from /usr/kde/branch/lib/libkjs.so.1
#11 0xb62ae2e9 in KJS::BlockNode::execute ()
   from /usr/kde/branch/lib/libkjs.so.1
#12 0xb62c6b6a in KJS::InterpreterImp::evaluate ()
   from /usr/kde/branch/lib/libkjs.so.1
#13 0xb62c6eca in KJS::Interpreter::evaluate ()
   from /usr/kde/branch/lib/libkjs.so.1
#14 0xb65af9a2 in KJS::KJSProxyImpl::evaluate ()
   from /usr/kde/branch/lib/libkhtml.so.4
#15 0xb64036a1 in KHTMLPart::executeScript ()
   from /usr/kde/branch/lib/libkhtml.so.4
#16 0xb645bc62 in khtml::HTMLTokenizer::scriptExecution ()
   from /usr/kde/branch/lib/libkhtml.so.4
#17 0xb6478fd7 in khtml::HTMLTokenizer::scriptHandler ()
   from /usr/kde/branch/lib/libkhtml.so.4
#18 0xb647a67b in khtml::HTMLTokenizer::parseSpecial ()
   from /usr/kde/branch/lib/libkhtml.so.4
#19 0xb647bf24 in khtml::HTMLTokenizer::parseTag ()
   from /usr/kde/branch/lib/libkhtml.so.4
#20 0xb647d5ad in khtml::HTMLTokenizer::write ()
   from /usr/kde/branch/lib/libkhtml.so.4
#21 0xb6475230 in khtml::HTMLTokenizer::notifyFinished ()
   from /usr/kde/branch/lib/libkhtml.so.4
#22 0xb6540714 in khtml::CachedScript::checkNotify ()
   from /usr/kde/branch/lib/libkhtml.so.4
#23 0xb6543a5f in khtml::CachedScript::data ()
   from /usr/kde/branch/lib/libkhtml.so.4
#24 0xb6546bfe in khtml::Loader::slotFinished ()
   from /usr/kde/branch/lib/libkhtml.so.4
#25 0xb6549b3c in khtml::Loader::qt_invoke ()
   from /usr/kde/branch/lib/libkhtml.so.4
#26 0xb6f6a4b9 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#27 0xb7b36a4e in KIO::Job::result () from /usr/kde/branch/lib/libkio.so.4
#28 0xb7b7198c in KIO::Job::emitResult () from /usr/kde/branch/lib/libkio.so.4
#29 0xb7b95c9e in KIO::SimpleJob::slotFinished ()
   from /usr/kde/branch/lib/libkio.so.4
#30 0xb7b963bd in KIO::TransferJob::slotFinished ()
   from /usr/kde/branch/lib/libkio.so.4
#31 0xb7b8647a in KIO::TransferJob::qt_invoke ()
   from /usr/kde/branch/lib/libkio.so.4
#32 0xb6f6a4b9 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#33 0xb6f6b10d in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#34 0xb7b3235c in KIO::SlaveInterface::finished ()
   from /usr/kde/branch/lib/libkio.so.4
#35 0xb7bae131 in KIO::SlaveInterface::dispatch ()
   from /usr/kde/branch/lib/libkio.so.4
#36 0xb7b89e9e in KIO::SlaveInterface::dispatch ()
   from /usr/kde/branch/lib/libkio.so.4
#37 0xb7b83b9b in KIO::Slave::gotInput () from /usr/kde/branch/lib/libkio.so.4
#38 0xb7b8a610 in KIO::Slave::qt_invoke () from /usr/kde/branch/lib/libkio.so.4
#39 0xb6f6a4b9 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#40 0xb6f6b002 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3
#41 0xb72a3c60 in QSocketNotifier::activated ()
   from /usr/qt/3/lib/libqt-mt.so.3
#42 0xb6f88410 in QSocketNotifier::event () from /usr/qt/3/lib/libqt-mt.so.3
#43 0xb6f0b477 in QApplication::internalNotify ()
   from /usr/qt/3/lib/libqt-mt.so.3
#44 0xb6f0c041 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3
#45 0xb768166e in KApplication::notify ()
   from /usr/kde/branch/lib/libkdecore.so.4
#46 0xb6f000b1 in QEventLoop::activateSocketNotifiers ()
   from /usr/qt/3/lib/libqt-mt.so.3
#47 0xb6ebb7ce in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3
#48 0xb6f22001 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3
#49 0xb6f21e86 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3
#50 0xb6f0aeff in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3
#51 0xb7f769bc in kdemain () from /usr/kde/branch/lib/libkdeinit_konqueror.so
#52 0x080486f2 in main ()
Comment 2 Maksim Orlovich 2006-10-16 16:17:57 UTC
Testcase:
<script>
!--D()
</script>

(! gets confused because there is an exception there).

The !-- comes from <!--, not sure where...
Comment 3 Maksim Orlovich 2006-10-16 16:19:15 UTC
Ah, the !-- is actually inline, so support with that doesn't have the problem:
<script>!--
D(["mb","<br></span>Why\ndo people get so carried away with fonts that mimic real handwriting? \nIt drives me insane when

So it's basically just that Node::toBoolean doesn't like exceptions.
Comment 4 Maksim Orlovich 2006-10-17 22:08:32 UTC
SVN commit 596534 by orlovich:

Properly propagate exception value here, so if we're nested inside 
a node that operates on values directly, it wouldn't crash tryng to get them...
Thanks to Harri for explaining that there are multiple check exception macros 
and about how these methods work..
BUG:135735


 M  +1 -1      nodes.cpp  


--- branches/KDE/3.5/kdelibs/kjs/nodes.cpp #596533:596534
@@ -1028,7 +1028,7 @@
 Value PrefixNode::evaluate(ExecState *exec) const
 {
   Reference ref = expr->evaluateReference(exec);
-  KJS_CHECKEXCEPTION
+  KJS_CHECKEXCEPTIONVALUE
   Value v = ref.getValue(exec);
   double n = v.toNumber(exec);