Bug 164348

Summary: Konqueror crashes on http://www.sagemath.org
Product: [Applications] konqueror Reporter: Björn Tjorven Herzig <raichoo>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Severity: crash CC: christophe, jtamate, maksim, marcus, mwoehlke.floss, skunk
Priority: NOR    
Version: SVN   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:

Description Björn Tjorven Herzig 2008-06-17 23:34:08 UTC
Version:            (using Devel)
Installed from:    Compiled sources

Tested on KDE 4.0, KDE 4.1 Beta 1 and recent KDE4 Daily.

Konqueror crashes when clicking on "Documentation" on http://www.sagemath.org. As far as i tested it, it happened every time I clicked that link.

Comment 1 Christophe Marin 2008-06-17 23:42:41 UTC
BT :

Application: Konqueror (konqueror), signal SIGSEGV
[Thread debugging using libthread_db enabled]
[New Thread 0xb61ac720 (LWP 22369)]
[KCrash handler]
#6  0xb3fb5fb6 in khtml::TreeShared<DOM::NodeImpl>::ref (this=0x0)
    at /media/kde/src/KDE/kdelibs/khtml/misc/shared.h:61
#7  0xb40321d1 in NodeListImpl (this=0xbf8d7b80, n=0x0, type=15, 
    factory=0xb408db30 <CollectionCache::make()>)
    at /media/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:2021
#8  0xb408d05d in HTMLCollectionImpl (this=0xbf8d7b80, _base=0x0, _type=15)
    at /media/kde/src/KDE/kdelibs/khtml/html/html_miscimpl.cpp:70
#9  0xb41e1b4f in KJS::FrameArray::getOwnPropertySlot (this=0xb1a3b0c0, 
    exec=0xbf8d883c, propertyName=@0xbf8d876c, slot=@0xbf8d7c10)
    at /media/kde/src/KDE/kdelibs/khtml/ecma/kjs_window.cpp:2570
#10 0xb449e03a in KJS::JSObject::getPropertySlot (this=0xb1a3b0c0, 
    exec=0xbf8d883c, propertyName=@0xbf8d876c, slot=@0xbf8d7c10)
    at /media/kde/src/KDE/kdelibs/kjs/object.h:584
#11 0xb449c8fa in KJS::JSObject::get (this=0xb1a3b0c0, exec=0xbf8d883c, 
    propertyName=@0xbf8d876c) at /media/kde/src/KDE/kdelibs/kjs/object.cpp:165
#12 0xb44b7122 in KJS::Machine::runBlock (exec=0xbf8d883c, block=@0xa21a58c)
    at codes.def:705
#13 0xb4465f61 in KJS::FunctionBodyNode::execute (this=0xa21a538, 
    exec=0xbf8d883c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:989
#14 0xb4498ecf in KJS::FunctionImp::callAsFunction (this=0xb1a3dcc0, 
    exec=0xbf8d955c, thisObj=0xb1a3dda0, args=@0xbf8d94c8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:127
#15 0xb449d00d in KJS::JSObject::call (this=0xb1a3dcc0, exec=0xbf8d955c, 
    thisObj=0xb1a3dda0, args=@0xbf8d94c8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#16 0xb44bf4e3 in KJS::Machine::runBlock (exec=0xbf8d955c, block=@0xa44dd04)
    at codes.def:1163
#17 0xb4465f61 in KJS::FunctionBodyNode::execute (this=0xa44dcb0, 
    exec=0xbf8d955c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:989
#18 0xb4498ecf in KJS::FunctionImp::callAsFunction (this=0xb1a3dae0, 
    exec=0xbf8da27c, thisObj=0xb1a40000, args=@0xbf8da1e8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:127
#19 0xb449d00d in KJS::JSObject::call (this=0xb1a3dae0, exec=0xbf8da27c, 
    thisObj=0xb1a40000, args=@0xbf8da1e8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#20 0xb44bf4e3 in KJS::Machine::runBlock (exec=0xbf8da27c, block=@0xa116dc4)
    at codes.def:1163
#21 0xb4465f61 in KJS::FunctionBodyNode::execute (this=0xa116d70, 
    exec=0xbf8da27c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:989
#22 0xb4498ecf in KJS::FunctionImp::callAsFunction (this=0xb1a3cf60, 
    exec=0xa152140, thisObj=0xb1a40000, args=@0xa4a0d9c)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:127
#23 0xb449d00d in KJS::JSObject::call (this=0xb1a3cf60, exec=0xa152140, 
    thisObj=0xb1a40000, args=@0xa4a0d9c)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#24 0xb41e2bb3 in KJS::ScheduledAction::execute (this=0xa4a0d98, 
    at /media/kde/src/KDE/kdelibs/khtml/ecma/kjs_window.cpp:2179
#25 0xb41e2e41 in KJS::WindowQObject::timerEvent (this=0x887aa00)
    at /media/kde/src/KDE/kdelibs/khtml/ecma/kjs_window.cpp:2355
#26 0xb74d5b64 in QObject::event (this=0x887aa00, e=0xbf8da984)
    at kernel/qobject.cpp:1105
#27 0xb6947269 in QApplicationPrivate::notify_helper (this=0x82fabf8, 
    receiver=0x887aa00, e=0xbf8da984) at kernel/qapplication.cpp:3772
#28 0xb694757e in QApplication::notify (this=0xbf8dadec, receiver=0x887aa00, 
    e=0xbf8da984) at kernel/qapplication.cpp:3366
#29 0xb7ae8f81 in KApplication::notify (this=0xbf8dadec, receiver=0x887aa00, 
    at /media/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#30 0xb74c326b in QCoreApplication::notifyInternal (this=0xbf8dadec, 
    receiver=0x887aa00, event=0xbf8da984) at kernel/qcoreapplication.cpp:583
#31 0xb74c6db3 in QCoreApplication::sendEvent (receiver=0x887aa00, 
    event=0xbf8da984) at kernel/qcoreapplication.h:215
#32 0xb74f4273 in QTimerInfoList::activateTimers (this=0x82fdb34)
    at kernel/qeventdispatcher_unix.cpp:563
#33 0xb74f1b84 in timerSourceDispatch (source=0x82fdb00)
    at kernel/qeventdispatcher_glib.cpp:166
#34 0xb63f0978 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#35 0xb63f3bce in ?? () from /usr/lib/libglib-2.0.so.0
#36 0x082fce38 in ?? ()
#37 0x00000000 in ?? ()
#0  0xb7fbf430 in __kernel_vsyscall ()
Comment 2 Christophe Marin 2008-06-17 23:53:28 UTC
kdelibs rev. 821568. 

The BT is the same as one found when triaging konqueror bugs (bug 127147 see the last comment).
Comment 3 mario tuling 2008-06-20 04:13:11 UTC
hm rev 822278, doesnt crash here
Comment 4 A. Spehr 2008-06-27 06:08:29 UTC
r823211 doesn't crash (zarvox)
r824521 doesn't crash (Med)
(It crashes for me, but I've screwed up my build, I think.)

*** This bug has been marked as a duplicate of 127147 ***
Comment 5 A. Spehr 2008-06-27 06:14:04 UTC
Or I'm not on crack, Maksim says its timing dependant. So bug still valid.
Comment 6 Maksim Orlovich 2008-08-13 19:02:25 UTC
*** Bug 169041 has been marked as a duplicate of this bug. ***
Comment 7 Maksim Orlovich 2008-08-13 19:06:47 UTC
Let's keep it separate from back button issues, which trigger this bug due to a different one..
Comment 8 Maksim Orlovich 2008-08-13 19:07:17 UTC
*** Bug 166056 has been marked as a duplicate of this bug. ***
Comment 9 Maksim Orlovich 2008-08-13 19:09:19 UTC
*** Bug 127147 has been marked as a duplicate of this bug. ***
Comment 10 Maksim Orlovich 2008-08-13 19:10:44 UTC
Anyway, looks like I forgot to merge in the initial fix into 4.0.x;
but this will likely get fixed cleaner by just getting rid of FrameArray in the first place. 
Comment 12 Maksim Orlovich 2008-08-24 17:14:55 UTC
*** Bug 169729 has been marked as a duplicate of this bug. ***