Bug 167514

Summary: Easily reproducible segfault in QMetaObject::cast()
Product: [Applications] konqueror Reporter: Daniel Richard G. <skunk>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: christophe
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Daniel Richard G. 2008-07-27 08:47:22 UTC 
Version:           4.1.60 (using Devel)
Installed from:    Compiled sources
Compiler:          gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) 
OS:                Linux

1. Start up Konqueror, go to http://www.sunon.com/

2. Click the "more...." link at the bottom-right of the page

3. Load up some other page (e.g. click Home)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47752530406304 (LWP 24187)]
0x00002b6e00000025 in ?? ()

I get this consistently. The backtrace seems to indicate that KJS is at fault:

#0  0x00002b6e00000025 in ?? ()
#1  0x00002b6e3d491f47 in QMetaObject::cast (this=0x2b6e44ffb100,
    obj=0x11d47c0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qmetaobject.cpp:217
#2  0x00002b6e44d3b3f0 in KJS::Window::retrieve (p=0x11d47c0)
    at /opt/kde4/include/QtCore/qobject.h:436
#3  0x00002b6e44d3b550 in KJS::Window::retrieveWindow (p=0x11d47c0)
    at /scratch/kdesvn/kdelibs/khtml/ecma/kjs_window.cpp:425
#4  0x00002b6e44affc97 in KHTMLPart::begin (this=0x748a90, url=@0xfadd88,
    xOffset=0, yOffset=0) at /scratch/kdesvn/kdelibs/khtml/khtml_part.cpp:1863
#5  0x00002b6e44b00e00 in KHTMLPart::slotData (this=0x748a90,
    kio_job=<value optimized out>, data=@0x7fff6f5fc160)
    at /scratch/kdesvn/kdelibs/khtml/khtml_part.cpp:1573
#6  0x00002b6e44b26d03 in KHTMLPart::qt_metacall (this=0x748a90,
    _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0x7fff6f5fbd20)
    at /scratch/kdesvn/build/kdelibs/khtml/khtml_part.moc:264
#7  0x00002b6e3d4a1169 in QMetaObject::activate (sender=0xd6c200,
    from_signal_index=40, to_signal_index=40, argv=0x7fff6f5fbd20)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3007
#8  0x00002b6e3d4a15bf in QMetaObject::activate (sender=0xd6c200,
    m=0x2b6e3bf10880, local_signal_index=0, argv=0x7fff6f5fbd20)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3080
#9  0x00002b6e3bc3fa84 in KIO::TransferJob::data (this=0x11d47c0,
    _t1=0xd6c200, _t2=<value optimized out>)
    at /scratch/kdesvn/build/kdelibs/kio/jobclasses.moc:356
#10 0x00002b6e3bc51638 in KIO::TransferJob::qt_metacall (this=0xd6c200,
    _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0x7fff6f5fbeb0)
    at /scratch/kdesvn/build/kdelibs/kio/jobclasses.moc:337
#11 0x00002b6e3d4a1169 in QMetaObject::activate (sender=0x105b380,
    from_signal_index=4, to_signal_index=4, argv=0x7fff6f5fbeb0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3007
#12 0x00002b6e3d4a15bf in QMetaObject::activate (sender=0x105b380,
    m=0x2b6e3bf15c80, local_signal_index=0, argv=0x7fff6f5fbeb0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3080
#13 0x00002b6e3bd04c82 in KIO::SlaveInterface::data (this=0x11d47c0,
    _t1=<value optimized out>)
    at /scratch/kdesvn/build/kdelibs/kio/slaveinterface.moc:138
#14 0x00002b6e3bd084ae in KIO::SlaveInterface::dispatch (this=0x105b380,
    _cmd=100, rawdata=@0x7fff6f5fc160)
    at /scratch/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:163
#15 0x00002b6e3bd04f77 in KIO::SlaveInterface::dispatch (this=0x105b380)
    at /scratch/kdesvn/kdelibs/kio/kio/slaveinterface.cpp:91
#16 0x00002b6e3bcf4723 in KIO::Slave::gotInput (this=0x105b380)
    at /scratch/kdesvn/kdelibs/kio/kio/slave.cpp:319
#17 0x00002b6e3bcf535a in KIO::Slave::qt_metacall (this=0x105b380,
    _c=QMetaObject::InvokeMetaMethod, _id=37, _a=0x7fff6f5fc2c0)
    at /scratch/kdesvn/build/kdelibs/kio/slave.moc:75
#18 0x00002b6e3d4a1169 in QMetaObject::activate (sender=0x105bac0,
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3007
#19 0x00002b6e3d4a15bf in QMetaObject::activate (sender=0x105bac0,
    m=0x2b6e3bf0f580, local_signal_index=0, argv=0x0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:3080
#20 0x00002b6e3bc0fcc7 in KIO::ConnectionPrivate::dequeue (this=0x105b710)
    at /scratch/kdesvn/kdelibs/kio/kio/connection.cpp:82
#21 0x00002b6e3bc10012 in KIO::Connection::qt_metacall (this=0x105bac0,
    _c=QMetaObject::InvokeMetaMethod, _id=37, _a=0x121e7b0)
    at /scratch/kdesvn/build/kdelibs/kio/connection.moc:72
#22 0x00002b6e3d49b859 in QMetaCallEvent::placeMetaCall (this=0x12ee670,
    object=0x105bac0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:535
#23 0x00002b6e3d4a0370 in QObject::event (this=0x105bac0, e=0x12ee670)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qobject.cpp:1137
#24 0x00002b6e3dad4045 in QApplicationPrivate::notify_helper (this=0x5196b0,
    receiver=0x105bac0, e=0x12ee670)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3772
#25 0x00002b6e3dad4367 in QApplication::notify (this=0x7fff6f5fd1d0,
    receiver=0x105bac0, e=0x12ee670)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3366
#26 0x00002b6e3c48cc8b in KApplication::notify (this=0x7fff6f5fd1d0,
    receiver=0x105bac0, event=0x12ee670)
    at /scratch/kdesvn/kdelibs/kdeui/kernel/kapplication.cpp:311
#27 0x00002b6e3d48d4cc in QCoreApplication::notifyInternal (
    this=0x7fff6f5fd1d0, receiver=0x105bac0, event=0x12ee670)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:583
#28 0x00002b6e3d490d5f in QCoreApplication::sendEvent (receiver=0x105bac0,
    event=0x12ee670)
    at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:215
#29 0x00002b6e3d48da81 in QCoreApplicationPrivate::sendPostedEvents (
    receiver=0x0, event_type=0, data=0x502de0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1195
#30 0x00002b6e3d48dc4a in QCoreApplication::sendPostedEvents (receiver=0x0,
    event_type=0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:1091
#31 0x00002b6e3d4bbd1d in QCoreApplication::sendPostedEvents ()
    at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:220
#32 0x00002b6e3d4bad55 in postEventSourceDispatch (s=0x51cd30)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:211
#33 0x00002b6e402e9913 in g_main_context_dispatch ()
   from /usr/lib/libglib-2.0.so.0
#34 0x00002b6e402ec75d in g_main_context_check ()
   from /usr/lib/libglib-2.0.so.0
#35 0x00002b6e402ecc7e in g_main_context_iteration ()
   from /usr/lib/libglib-2.0.so.0
#36 0x00002b6e3d4ba3a6 in QEventDispatcherGlib::processEvents (this=0x519ab0,
    flags=@0x7fff6f5fce80)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:325
#37 0x00002b6e3db7291b in QGuiEventDispatcherGlib::processEvents (
    this=0x519ab0, flags=@0x7fff6f5fcee0)
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#38 0x00002b6e3d48a460 in QEventLoop::processEvents (this=0x7fff6f5fcf90,
    flags=@0x7fff6f5fcf40)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:149
#39 0x00002b6e3d48a65b in QEventLoop::exec (this=0x7fff6f5fcf90,
    flags=@0x7fff6f5fcfa0)
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qeventloop.cpp:196
#40 0x00002b6e3d48dd56 in QCoreApplication::exec ()
    at /scratch/kdesvn/qt-copy/src/corelib/kernel/qcoreapplication.cpp:845
#41 0x00002b6e3dad3da6 in QApplication::exec ()
    at /scratch/kdesvn/qt-copy/src/gui/kernel/qapplication.cpp:3304
#42 0x00002b6e3b6923bf in kdemain (argc=<value optimized out>,
    argv=<value optimized out>)
    at /scratch/kdesvn/kdebase/apps/konqueror/src/konqmain.cpp:227
#43 0x00002b6e3f9aa4ca in __libc_start_main () from /lib64/libc.so.6
#44 0x000000000040081a in _start () at ../sysdeps/x86_64/elf/start.S:113
Comment 1 Christophe Marin 2008-07-27 10:19:59 UTC 
I can't reproduce this crash using the SVN version (kdelibs rev. 838173)
Comment 2 Dario Andres 2008-07-27 17:43:30 UTC 
KDE 4.1.00 (KDE 4.0.99 (4.1 RC1+)) (KDEmod) in ArchLinux:

I can reproduce this bug

My backtrace:

Aplicación: Konqueror (konqueror), señal SIGSEGV
[Thread debugging using libthread_db enabled]
[New Thread 0xb61bb920 (LWP 7332)]
[New Thread 0xb1b2ab90 (LWP 7404)]
[New Thread 0xb2352b90 (LWP 7385)]
[KCrash handler]
#6  0x80000035 in ?? ()
#7  0xb7538c88 in QMetaObject::cast (this=0xb463b728, obj=0x9f4d0d0)
    at kernel/qmetaobject.cpp:217
#8  0xb42a8de1 in qobject_cast<KHTMLPart*> (object=0x9f4d0d0)
    at /usr/include/QtCore/qobject.h:436
#9  0xb44a33ef in KJS::Window::retrieve (p=0x9f4d0d0)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/khtml/ecma/kjs_window.cpp:455
#10 0xb44a5fcc in KJS::Window::retrieveWindow (p=0x9f4d0d0)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/khtml/ecma/kjs_window.cpp:425
#11 0xb42c5c4e in KHTMLPart::begin (this=0x9baf2f8, url=@0x9e0c4f8, 
    xOffset=162998448, yOffset=162998448)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/khtml/khtml_part.cpp:1875
#12 0xb42c3c7f in KHTMLPart::slotData (this=0x9baf2f8, kio_job=0x9b728b0, 
    data=@0xbff0b144)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/khtml/khtml_part.cpp:1585
#13 0xb42cbd52 in KHTMLPart::qt_metacall (this=0x9baf2f8, 
    _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbff0af0c)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/khtml/khtml_part.moc:264
#14 0xb7549636 in QMetaObject::activate (sender=0xa097138, 
    from_signal_index=<value optimized out>, to_signal_index=40, 
    argv=0x9b728b0) at kernel/qobject.cpp:3010
#15 0xb754b73a in QMetaObject::activate (sender=0xa097138, m=0xb7ea8c30, 
    local_signal_index=0, argv=0xbff0af0c) at kernel/qobject.cpp:3080
#16 0xb7d4e930 in KIO::TransferJob::data (this=0xa097138, _t1=0xa097138, 
    _t2=@0xbff0b144)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/kio/jobclasses.moc:356
#17 0xb7d4f1b3 in KIO::TransferJob::slotData (this=0xa097138, 
    _data=@0xbff0b144)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/kio/kio/job.cpp:927
#18 0xb7d58dcc in KIO::TransferJob::qt_metacall (this=0xa097138, 
    _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbff0b030)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/kio/jobclasses.moc:337
#19 0xb7549636 in QMetaObject::activate (sender=0xa0108d8, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=0x9b728b0) at kernel/qobject.cpp:3010
#20 0xb754b73a in QMetaObject::activate (sender=0xa0108d8, m=0xb7eab664, 
    local_signal_index=0, argv=0xbff0b030) at kernel/qobject.cpp:3080
#21 0xb7dea856 in KIO::SlaveInterface::data (this=0xa0108d8, _t1=@0xbff0b144)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/kio/slaveinterface.moc:138
#22 0xb7decbcf in KIO::SlaveInterface::dispatch (this=0xa0108d8, _cmd=100, 
    rawdata=@0xbff0b144)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/kio/kio/slaveinterface.cpp:163
#23 0xb7dece8f in KIO::SlaveInterface::dispatch (this=0xa0108d8)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/kio/kio/slaveinterface.cpp:91
#24 0xb7ddff54 in KIO::Slave::gotInput (this=0xa0108d8)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/kio/kio/slave.cpp:319
#25 0xb7de121a in KIO::Slave::qt_metacall (this=0xa0108d8, 
    _c=QMetaObject::InvokeMetaMethod, _id=162998448, _a=0xbff0b258)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/kio/slave.moc:75
#26 0xb7549636 in QMetaObject::activate (sender=0x9b9a2a0, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=0x9b728b0) at kernel/qobject.cpp:3010
#27 0xb754b73a in QMetaObject::activate (sender=0x9b9a2a0, m=0xb7ea82c0, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3080
#28 0xb7d28174 in KIO::Connection::readyRead (this=0x9b9a2a0)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/kio/connection.moc:84
#29 0xb7d28ddc in KIO::ConnectionPrivate::dequeue (this=0xa1430c0)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/kio/kio/connection.cpp:82
#30 0xb7d29ced in KIO::Connection::qt_metacall (this=0x9b9a2a0, 
    _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x9c8eaa0)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/build/kio/connection.moc:72
#31 0xb7541734 in QMetaCallEvent::placeMetaCall (this=0xa04c430, 
    object=0x9b9a2a0) at kernel/qobject.cpp:535
#32 0xb7542f92 in QObject::event (this=0x9b9a2a0, e=0xa04c430)
    at kernel/qobject.cpp:1140
#33 0xb6b6efa8 in QApplicationPrivate::notify_helper (this=0x9899318, 
    receiver=0x9b9a2a0, e=0xa04c430) at kernel/qapplication.cpp:3772
#34 0xb6b75ca9 in QApplication::notify (this=0xbff0bb4c, receiver=0x9b9a2a0, 
    e=0xa04c430) at kernel/qapplication.cpp:3366
#35 0xb79895b0 in KApplication::notify (this=0xbff0bb4c, receiver=0x9b9a2a0, 
    event=0xa04c430)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdelibs/src/kdelibs-4.0.99/kdeui/kernel/kapplication.cpp:311
#36 0xb7532ec1 in QCoreApplication::notifyInternal (this=0xbff0bb4c, 
    receiver=0x9b9a2a0, event=0xa04c430) at kernel/qcoreapplication.cpp:587
#37 0xb7533da3 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, 
    event_type=0, data=0x9874288)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#38 0xb753401f in QCoreApplication::sendPostedEvents (receiver=0x0, 
    event_type=0) at kernel/qcoreapplication.cpp:1091
#39 0xb755eca4 in postEventSourceDispatch (s=0x989bb10)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#40 0xb639c0e8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#41 0xb639f783 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#42 0xb639f941 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#43 0xb755e9b1 in QEventDispatcherGlib::processEvents (this=0x9899650, flags=
      {i = -1074743128}) at kernel/qeventdispatcher_glib.cpp:325
#44 0xb6c08f0d in QGuiEventDispatcherGlib::processEvents (this=0x9899650, 
    flags={i = -1074743080}) at kernel/qguieventdispatcher_glib.cpp:204
#45 0xb7531a4c in QEventLoop::processEvents (this=0xbff0b950, flags=
      {i = -1074743016}) at kernel/qeventloop.cpp:149
#46 0xb7531c05 in QEventLoop::exec (this=0xbff0b950, flags={i = -1074742952})
    at kernel/qeventloop.cpp:200
#47 0xb75340c6 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845
#48 0xb6b6ed53 in QApplication::exec () at kernel/qapplication.cpp:3304
#49 0xb7fd6666 in kdemain (argc=2, argv=0xbff0be54)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdebase-apps/src/kdebase-4.0.99/apps/konqueror/src/konqmain.cpp:227
#50 0x080487c3 in main (argc=)
    at /home/dario/myData/ArchPKG/kdemod4/work/kdebase-apps/src/kdebase-4.0.99/apps/konqueror/src/konqueror_dummy.cpp:3
#0  0xb7fef424 in __kernel_vsyscall ()
Comment 3 Daniel Richard G. 2008-07-28 07:18:16 UTC 
Christophe: My build was a little old, so I rebuilt from SVN earlier today (kdelibs rev 838453). I can still reproduce the crash, with the same backtrace.

I don't have very many KDE options set, as I am only using Konqueror4, and not the entire desktop environment. Perhaps something in your KDE user configuration is preempting the bug? What if you were to try it with a new/empty config?
Comment 4 Maksim Orlovich 2008-07-28 17:15:46 UTC 
The only settings that matters are for popup blocking... Fixing upcoming.
Comment 5 Maksim Orlovich 2008-07-28 17:31:28 UTC 
SVN commit 838712 by orlovich:

Don't crash on navigating away when a suppressed popup 
comes from a child frame which in turn got navigated away,
deleting the part the m_suppressedPopupOriginParts list is referring to.

BUG:167514


 M  +2 -1      khtmlpart_p.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=838712