Bug 166781

Summary: Konqueror hangs on vwforum.vwforum.ro
Product: [Applications] konqueror Reporter: András Manţia <amantia>
Component: khtmlAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: normal CC: mail, maksim
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description András Manţia 2008-07-16 23:01:58 UTC 
Version:            (using Devel)
Installed from:    Compiled sources

The following url causes a hang in Konqueror:
http://vwforum.vwforum.ro/index.php?s=396f370b42abd8fc7a1c23407092916f&showtopic=43393&view=getnewpost

A backtrace  is here:
(gdb) bt                                                                                                                                     
#0  0x00007f81a577089b in DOM::TagNodeListImpl::nodeMatches (this=0x3c03190, testNode=0x5f99850)                                             
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2155                                                           
#1  0x00007f81a576faff in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2009                                                           
#2  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#3  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#4  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#5  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#6  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#7  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#8  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#9  0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#10 0x00007f81a576fb17 in DOM::NodeListImpl::calcLength (this=0x3c03190, start=<value optimized out>)                                        
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:2012                                                           
#11 0x00007f81a576fd99 in DOM::NodeListImpl::length (this=0x3c03190)                                                                         
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:1998                                                           
#12 0x00007f81a58fd43b in KJS::DOMNodeList::getOwnPropertySlot (this=0x7f81a09f86c0, exec=0x7fffbdf5e0a0, propertyName=@0x7fffbdf5d870,      
    slot=@0x7fffbdf5d8e0) at /data/development/sources/kde-trunk/kdelibs/khtml/ecma/kjs_binding.h:225                                        
#13 0x00007f81a6214f9f in KJS::JSObject::getOwnPropertySlot (this=0x7f81a09f86c0, exec=0x7fffbdf5e0a0, propertyName=<value optimized out>,   
    slot=@0x7fffbdf5d8e0) at /data/development/sources/kde-trunk/kdelibs/kjs/object.cpp:200                                                  
#14 0x00007f81a62146cb in KJS::JSObject::getPropertySlot (this=<value optimized out>, exec=0x7fffbdf5e0a0, propertyName=7025,                
    slot=@0x7fffbdf5d8e0) at /data/development/sources/kde-trunk/kdelibs/kjs/object.cpp:185                                                  
#15 0x00007f81a621328a in KJS::JSValue::getByIndex (this=<value optimized out>, exec=0x7fffbdf5e0a0, propertyName=7025)                      
    at /data/development/sources/kde-trunk/kdelibs/kjs/value.cpp:227                                                                         
---Type <return> to continue, or q <return> to quit---                                                                                       
#16 0x00007f81a622e717 in KJS::Machine::runBlock (exec=0x7fffbdf5e0a0, codeBlock=<value optimized out>, parentExec=0x20a6e60) at codes.def:712
#17 0x00007f81a620e42a in KJS::FunctionImp::callAsFunction (this=0x7f81a07062c0, exec=0x20a6e60, thisObj=<value optimized out>,               
    args=@0x7fffbdf5e2e0) at /data/development/sources/kde-trunk/kdelibs/kjs/function.cpp:143                                                 
#18 0x00007f81a621553c in KJS::JSObject::call (this=0x7f81a07062c0, exec=0x20a6e60, thisObj=0x7f81a0f20300, args=@0x7fffbdf5e2e0)             
    at /data/development/sources/kde-trunk/kdelibs/kjs/object.cpp:99                                                                          
#19 0x00007f81a5967855 in KJS::JSEventListener::handleEvent (this=0x418a640, evt=@0x7fffbdf5e360)                                             
    at /data/development/sources/kde-trunk/kdelibs/khtml/ecma/kjs_events.cpp:106                                                              
#20 0x00007f81a575d4bb in DOM::DocumentImpl::defaultEventHandler (this=0x1256920, evt=0x57f1f30)                                              
    at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_docimpl.cpp:2689                                                             
#21 0x00007f81a57751b0 in DOM::NodeImpl::dispatchWindowEvent (this=0x1256938, _id=16, canBubbleArg=<value optimized out>,                     
    cancelableArg=<value optimized out>) at /data/development/sources/kde-trunk/kdelibs/khtml/xml/dom_nodeimpl.cpp:565                        
#22 0x00007f81a57c4b29 in DOM::HTMLDocumentImpl::close (this=0x1256920)                                                                       
    at /data/development/sources/kde-trunk/kdelibs/khtml/html/html_documentimpl.cpp:249                                                       
#23 0x00007f81a56fac6d in KHTMLPart::checkCompleted (this=0x12aa220) at /data/development/sources/kde-trunk/kdelibs/khtml/khtml_part.cpp:2265 
#24 0x00007f81a5726a83 in KHTMLPart::qt_metacall (this=0x12aa220, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fffbdf5e720)
    at /data/development/build/kde-trunk/kdelibs/khtml/khtml_part.moc:314                                                                        
#25 0x00007f81b37db40f in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#26 0x00007f81b37db9e1 in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#27 0x00007f81a58cb33b in khtml::Loader::requestDone (this=0x3c03190, _t1=0x10e5100, _t2=0x44d6990)                                              
    at /data/development/build/kde-trunk/kdelibs/khtml/loader.moc:150                                                                            
#28 0x00007f81a58d086f in khtml::Loader::slotFinished (this=0xf13d70, job=0x4d245a0)                                                             
    at /data/development/sources/kde-trunk/kdelibs/khtml/misc/loader.cpp:1398                                                                    
#29 0x00007f81a58d74b7 in khtml::Loader::qt_metacall (this=0xf13d70, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>,                
    _a=0x7fffbdf5e9b0) at /data/development/build/kde-trunk/kdelibs/khtml/loader.moc:129                                                         
#30 0x00007f81b37db40f in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#31 0x00007f81b37db9e1 in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#32 0x00007f81b3e6df22 in KJob::result (this=0x3c03190, _t1=0x4d245a0) at /data/development/build/kde-trunk/kdelibs/kdecore/kjob.moc:186         
#33 0x00007f81b3e6e2e7 in KJob::emitResult (this=0x4d245a0) at /data/development/sources/kde-trunk/kdelibs/kdecore/jobs/kjob.cpp:290             
#34 0x00007f81b4fcd6d0 in KIO::SimpleJob::slotFinished (this=0x4d245a0) at /data/development/sources/kde-trunk/kdelibs/kio/kio/job.cpp:498       
#35 0x00007f81b4fd0ff3 in KIO::TransferJob::slotFinished (this=0x4d245a0) at /data/development/sources/kde-trunk/kdelibs/kio/kio/job.cpp:967     
#36 0x00007f81b4fd1d55 in KIO::TransferJob::qt_metacall (this=0x4d245a0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>,            
    _a=0x7fffbdf5edd0) at /data/development/build/kde-trunk/kdelibs/kio/jobclasses.moc:336                                                       
---Type <return> to continue, or q <return> to quit---                                                                                           
#37 0x00007f81b37db40f in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#38 0x00007f81b37db9e1 in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#39 0x00007f81b508abe1 in KIO::SlaveInterface::dispatch (this=0x28afa70, _cmd=104, rawdata=<value optimized out>)                                
    at /data/development/sources/kde-trunk/kdelibs/kio/kio/slaveinterface.cpp:176                                                                
#40 0x00007f81b5087528 in KIO::SlaveInterface::dispatch (this=0x28afa70)                                                                         
    at /data/development/sources/kde-trunk/kdelibs/kio/kio/slaveinterface.cpp:91                                                                 
#41 0x00007f81b5078003 in KIO::Slave::gotInput (this=0x28afa70) at /data/development/sources/kde-trunk/kdelibs/kio/kio/slave.cpp:319             
#42 0x00007f81b507a728 in KIO::Slave::qt_metacall (this=0x28afa70, _c=QMetaObject::InvokeMetaMethod, _id=-1513138704, _a=0x7fffbdf5f270)         
    at /data/development/build/kde-trunk/kdelibs/kio/slave.moc:75                                                                                
#43 0x00007f81b37db40f in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#44 0x00007f81b37db9e1 in QMetaObject::activate () from /opt/qt4/lib/libQtCore.so.4                                                              
#45 0x00007f81b4f9abc0 in KIO::ConnectionPrivate::dequeue (this=0x28abc00)                                                                       
    at /data/development/sources/kde-trunk/kdelibs/kio/kio/connection.cpp:82                                                                     
#46 0x00007f81b4f9acfa in KIO::Connection::qt_metacall (this=0x28abf60, _c=QMetaObject::InvokeMetaMethod, _id=-1513138704, _a=0x4fc9620)
    at /data/development/build/kde-trunk/kdelibs/kio/connection.moc:72
#47 0x00007f81b37d3c11 in QMetaCallEvent::placeMetaCall () from /opt/qt4/lib/libQtCore.so.4
#48 0x00007f81b37d8e02 in QObject::event () from /opt/qt4/lib/libQtCore.so.4
#49 0x00007f81b06281b7 in QApplicationPrivate::notify_helper (this=0x61f4e0, receiver=0x28abf60, e=0x53f9ec0)
    at /data/development/sources/kde-trunk/qt-copy/src/gui/kernel/qapplication.cpp:3772
#50 0x00007f81b06284d3 in QApplication::notify (this=0x7fffbdf602e0, receiver=0x28abf60, e=0x53f9ec0)
    at /data/development/sources/kde-trunk/qt-copy/src/gui/kernel/qapplication.cpp:3366
#51 0x00007f81b4b045bb in KApplication::notify (this=0x7fffbdf602e0, receiver=0x28abf60, event=0x53f9ec0)
    at /data/development/sources/kde-trunk/kdelibs/kdeui/kernel/kapplication.cpp:311
#52 0x00007f81b37c1f64 in QCoreApplication::notifyInternal () from /opt/qt4/lib/libQtCore.so.4
#53 0x00007f81b37c6c11 in QCoreApplication::sendEvent () from /opt/qt4/lib/libQtCore.so.4
#54 0x00007f81b37c25c7 in QCoreApplicationPrivate::sendPostedEvents () from /opt/qt4/lib/libQtCore.so.4
#55 0x00007f81b37c28d6 in QCoreApplication::sendPostedEvents () from /opt/qt4/lib/libQtCore.so.4
#56 0x00007f81b37fa8df in QCoreApplication::sendPostedEvents () from /opt/qt4/lib/libQtCore.so.4
#57 0x00007f81b37f9b01 in postEventSourceDispatch () from /opt/qt4/lib/libQtCore.so.4
#58 0x00007f81ad9b693a in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#59 0x00007f81ad9ba040 in ?? () from /usr/lib64/libglib-2.0.so.0
#60 0x00007f81ad9ba1dc in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
---Type <return> to continue, or q <return> to quit---
#61 0x00007f81b37f8c0e in QEventDispatcherGlib::processEvents () from /opt/qt4/lib/libQtCore.so.4
#62 0x00007f81b06e83bb in QGuiEventDispatcherGlib::processEvents (this=0x61a630, flags={i = -1107951728})
    at /data/development/sources/kde-trunk/qt-copy/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#63 0x00007f81b37be5f7 in QEventLoop::processEvents () from /opt/qt4/lib/libQtCore.so.4
#64 0x00007f81b37be7f4 in QEventLoop::exec () from /opt/qt4/lib/libQtCore.so.4
#65 0x00007f81b37c29e5 in QCoreApplication::exec () from /opt/qt4/lib/libQtCore.so.4
#66 0x00007f81b0627f14 in QApplication::exec () at /data/development/sources/kde-trunk/qt-copy/src/gui/kernel/qapplication.cpp:3304
#67 0x00007f81b5b15b01 in kdemain (argc=<value optimized out>, argv=<value optimized out>)
    at /data/development/sources/kde-trunk/kdebase/apps/konqueror/src/konqmain.cpp:227
#68 0x00007f81aeb5e436 in __libc_start_main () from /lib64/libc.so.6
#69 0x00000000004008c9 in _start ()
(gdb)
Comment 1 Maksim Orlovich 2008-07-16 23:04:48 UTC 
Skeleton of the stuck function --- blows away the collection cache:

{
  var images = document.getElementsByTagName("IMG");
  var _sw = screen.width * (parseInt(ipsclass.settings["resize_percent"]) / 100);
  for (var i = 0; i < images.length; i++)
    {
      if (images[i].className == "linked-image")
        {
              images[i].id = "--ipb-img-resizer-" + _count;
              images[i]._resized = 1;
              images[i]._width = _width;
              var div = document.createElement("div");
              div.innerHTML = _img + "&nbsp;" + ipsclass.lang_build_string(ipb_global_lang["image_resized"], _percent, _width, _height);
              div.className = "resized-linked-image";
              div._src = images[i].src;
              images[i].parentNode.insertBefore(div, images[i]);
            }
        }
    }
}

This may or may not drop the constant factor:
--- ecma/kjs_dom.cpp    (revision 831910)
+++ ecma/kjs_dom.cpp    (working copy)
@@ -700,7 +700,18 @@
 
 JSValue* DOMNodeList::indexGetter(ExecState *exec, unsigned index)
 {
-  return getDOMNode(exec, m_impl->item(index));
+  DOM::NodeImpl* n = m_impl->item(index);
+
+  if (n)
+    return getDOMNode(exec, n);
+
+  // Ouch. Not an index after all -- do backup behavior.
+  Identifier prop = Identifier::from(index);
+  n = getByName(prop);
+  if (n)
+    return getDOMNode(exec, n);
+
+  return getDirect(prop);
 }
 
 JSValue *DOMNodeList::nameGetter(ExecState *exec, JSObject*, const Identifier& name, const PropertySlot& slot)
@@ -746,8 +757,9 @@
   if (proto && proto->hasProperty(exec, propertyName))
     return false;
 
-  //May be it's an index?
-  if (getIndexSlot(this, *m_impl, propertyName, slot))
+  //May be it's an index? Do this w/o index check, since perhaps we're accessing low in
+  // an uncacheable collection
+  if (getIndexSlot(this, propertyName, slot))
     return true;
 
   //May be it's a name -- check by ID
Comment 2 Maksim Orlovich 2008-07-17 17:38:40 UTC 
One thing: you probably want to revert the patch I asked you to test, it has a bug that makes things very crashy.
Comment 3 George Kiagiadakis 2008-08-27 14:06:09 UTC 
I am getting exactly the same freeze and backtrace with konqueror 4.1.0 on other forums too (like http://www.e-pcmag.gr/forum/ and http://forum.insanelymac.com/). I guess they might be all using the same forum software on the server side, as they all look similar.

PS: bug 165668 seems to be a duplicate of this one...
Comment 4 Maksim Orlovich 2008-08-27 19:00:25 UTC 
Fix committed

*** This bug has been marked as a duplicate of bug 169844 ***