Bug 172268

Summary: [testcase] Selectors API Test Suite crashes konqueror
Product: [Applications] konqueror Reporter: Zayed Al-Saidi <zayed.alsaidi>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: frank78ac, maksim
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Test case (18 kB, but simple structure)

Description Zayed Al-Saidi 2008-10-06 13:15:10 UTC 
Version:            (using KDE 4.1.2)
OS:                Linux
Installed from:    Ubuntu Packages

When I open this website ( http://ejohn.org/apps/selectortest/ ), konqueror crashes:

The backtrace:

Application: Konqueror (konqueror), signal SIGSEGV
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0xb60ac940 (LWP 6462)]
[KCrash handler]
#6  0xb44241a6 in KJS::JSValue::toObject (this=0xb1051900, exec=0xbfbc267c)
    at /build/buildd/kde4libs-4.1.2/kjs/value.h:481
#7  0xb40820de in KJS::Machine::runBlock (exec=0xbfbc267c, 
    codeBlock=@0x8843414, parentExec=0xbfbc2bac) at codes.def:697
#8  0xb406478d in KJS::FunctionImp::callAsFunction (this=0xb1119480, 
    exec=0xbfbc2bac, thisObj=0xb1120000, args=@0xbfbc2b40)
    at /build/buildd/kde4libs-4.1.2/kjs/function.cpp:143
#9  0xb40689f5 in KJS::JSObject::call (this=0xb1119480, exec=0xbfbc2bac, 
    thisObj=0xb1120000, args=@0xbfbc2b40)
    at /build/buildd/kde4libs-4.1.2/kjs/object.cpp:99
#10 0xb40854fd in KJS::Machine::runBlock (exec=0xbfbc2bac, 
    codeBlock=@0x89dc1b4, parentExec=0x8834740) at codes.def:1206
#11 0xb406478d in KJS::FunctionImp::callAsFunction (this=0xb1119620, 
    exec=0x8834740, thisObj=0xb1120000, args=@0xbfbc2cf8)
    at /build/buildd/kde4libs-4.1.2/kjs/function.cpp:143
#12 0xb40689f5 in KJS::JSObject::call (this=0xb1119620, exec=0x8834740, 
    thisObj=0xb1120000, args=@0xbfbc2cf8)
    at /build/buildd/kde4libs-4.1.2/kjs/object.cpp:99
#13 0xb44138d8 in KJS::JSEventListener::handleEvent (this=0x8896808, 
    evt=@0xbfbc2d40)
    at /build/buildd/kde4libs-4.1.2/khtml/ecma/kjs_events.cpp:106
#14 0xb4228c48 in DOM::DocumentImpl::defaultEventHandler (this=0x889ccb0, 
    evt=0x86454c0)
    at /build/buildd/kde4libs-4.1.2/khtml/xml/dom_docimpl.cpp:2699
#15 0xb4243a5a in DOM::NodeImpl::dispatchWindowEvent (this=0x889ccbc, _id=16, 
    canBubbleArg=<value optimized out>, cancelableArg=<value optimized out>)
    at /build/buildd/kde4libs-4.1.2/khtml/xml/dom_nodeimpl.cpp:566
#16 0xb428e300 in DOM::HTMLDocumentImpl::close (this=0x889ccb0)
    at /build/buildd/kde4libs-4.1.2/khtml/html/html_documentimpl.cpp:249
#17 0xb41e1ba2 in KHTMLPart::checkEmitLoadEvent (this=0x8517cc8)
    at /build/buildd/kde4libs-4.1.2/khtml/khtml_part.cpp:2353
#18 0xb41e466d in KHTMLPart::slotFinishedParsing (this=0x8517cc8)
    at /build/buildd/kde4libs-4.1.2/khtml/khtml_part.cpp:2086
#19 0xb41ee3e3 in KHTMLPart::qt_metacall (this=0x8517cc8, 
    _c=QMetaObject::InvokeMetaMethod, _id=22, _a=0xbfbc2f48)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/khtml/khtml_part.moc:267
#20 0xb74cef79 in QMetaObject::activate (sender=0x889ccb0, 
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at kernel/qobject.cpp:3016
#21 0xb74cf642 in QMetaObject::activate (sender=0x889ccb0, m=0xb45bfbe8, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3086
#22 0xb4226d37 in DOM::DocumentImpl::finishedParsing (this=0x889ccb0)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/khtml/dom_docimpl.moc:77
#23 0xb4226d93 in DOM::DocumentImpl::qt_metacall (this=0x889ccb0, 
    _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0xbfbc3058)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/khtml/dom_docimpl.moc:67
#24 0xb428dab7 in DOM::HTMLDocumentImpl::qt_metacall (this=0x889ccb0, 
    _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbfbc3058)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/khtml/html_documentimpl.moc:62
#25 0xb74cef79 in QMetaObject::activate (sender=0x89c3858, 
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at kernel/qobject.cpp:3016
#26 0xb74cf642 in QMetaObject::activate (sender=0x89c3858, m=0xb45c1308, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3086
#27 0xb4258d57 in khtml::Tokenizer::finishedParsing (this=0x89c3858)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/khtml/xml_tokenizer.moc:75
#28 0xb4277159 in khtml::HTMLTokenizer::end (this=0x89c3858)
    at /build/buildd/kde4libs-4.1.2/khtml/html/htmltokenizer.cpp:1883
#29 0xb4279fb3 in khtml::HTMLTokenizer::finish (this=0x89c3858)
    at /build/buildd/kde4libs-4.1.2/khtml/html/htmltokenizer.cpp:1932
#30 0xb4226678 in DOM::DocumentImpl::finishParsing (this=0x889ccb0)
    at /build/buildd/kde4libs-4.1.2/khtml/xml/dom_docimpl.cpp:1522
#31 0xb41e4ab6 in KHTMLPart::end (this=0x8517cc8)
    at /build/buildd/kde4libs-4.1.2/khtml/khtml_part.cpp:2008
#32 0xb41e4ded in KHTMLPart::slotFinished (this=0x8517cc8, job=0x89c6390)
    at /build/buildd/kde4libs-4.1.2/khtml/khtml_part.cpp:1860
#33 0xb41ee2d6 in KHTMLPart::qt_metacall (this=0x8517cc8, 
    _c=QMetaObject::InvokeMetaMethod, _id=17, _a=0xbfbc335c)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/khtml/khtml_part.moc:262
#34 0xb74cef79 in QMetaObject::activate (sender=0x89c6390, 
    from_signal_index=7, to_signal_index=7, argv=0xbfbc335c)
    at kernel/qobject.cpp:3016
#35 0xb74cf642 in QMetaObject::activate (sender=0x89c6390, m=0xb777b868, 
    local_signal_index=3, argv=0xbfbc335c) at kernel/qobject.cpp:3086
#36 0xb7681673 in KJob::result (this=0x89c6390, _t1=0x89c6390)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kdecore/kjob.moc:186
#37 0xb7681b92 in KJob::emitResult (this=0x89c6390)
    at /build/buildd/kde4libs-4.1.2/kdecore/jobs/kjob.cpp:290
#38 0xb7b5dcdf in KIO::SimpleJob::slotFinished (this=0x89c6390)
    at /build/buildd/kde4libs-4.1.2/kio/kio/job.cpp:498
#39 0xb7b5e320 in KIO::TransferJob::slotFinished (this=0x89c6390)
    at /build/buildd/kde4libs-4.1.2/kio/kio/job.cpp:967
#40 0xb7b64b18 in KIO::TransferJob::qt_metacall (this=0x89c6390, 
    _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfbc35b8)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kio/jobclasses.moc:336
#41 0xb74cef79 in QMetaObject::activate (sender=0x84f80c8, 
    from_signal_index=8, to_signal_index=8, argv=0x0)
    at kernel/qobject.cpp:3016
#42 0xb74cf642 in QMetaObject::activate (sender=0x84f80c8, m=0xb7cc6c04, 
    local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3086
#43 0xb7c00ac7 in KIO::SlaveInterface::finished (this=0x84f80c8)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kio/slaveinterface.moc:161
#44 0xb7c02cab in KIO::SlaveInterface::dispatch (this=0x84f80c8, _cmd=104, 
    rawdata=@0xbfbc3754)
    at /build/buildd/kde4libs-4.1.2/kio/kio/slaveinterface.cpp:175
#45 0xb7c030ed in KIO::SlaveInterface::dispatch (this=0x84f80c8)
    at /build/buildd/kde4libs-4.1.2/kio/kio/slaveinterface.cpp:90
#46 0xb7bf5c67 in KIO::Slave::gotInput (this=0x84f80c8)
    at /build/buildd/kde4libs-4.1.2/kio/kio/slave.cpp:322
#47 0xb7bf703d in KIO::Slave::qt_metacall (this=0x84f80c8, 
    _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfbc3868)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kio/slave.moc:75
#48 0xb74cef79 in QMetaObject::activate (sender=0x83c3760, 
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at kernel/qobject.cpp:3016
#49 0xb74cf642 in QMetaObject::activate (sender=0x83c3760, m=0xb7cc3860, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3086
#50 0xb7b30917 in KIO::Connection::readyRead (this=0x83c3760)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kio/connection.moc:84
#51 0xb7b31788 in KIO::ConnectionPrivate::dequeue (this=0x83e3338)
    at /build/buildd/kde4libs-4.1.2/kio/kio/connection.cpp:82
#52 0xb7b325ce in KIO::Connection::qt_metacall (this=0x83c3760, 
    _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x89c0bc0)
    at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kio/connection.moc:72
#53 0xb74c88ab in QMetaCallEvent::placeMetaCall (this=0x841e500, 
    object=0x83c3760) at kernel/qobject.cpp:535
#54 0xb74c9c31 in QObject::event (this=0x83c3760, e=0x841e500)
    at kernel/qobject.cpp:1140
#55 0xb699bf9c in QApplicationPrivate::notify_helper (this=0x805cd40, 
    receiver=0x83c3760, e=0x841e500) at kernel/qapplication.cpp:3800
#56 0xb69a0bf9 in QApplication::notify (this=0xbfbc424c, receiver=0x83c3760, 
    e=0x841e500) at kernel/qapplication.cpp:3392
#57 0xb7938483 in KApplication::notify (this=0xbfbc424c, receiver=0x83c3760, 
    event=0x841e500)
    at /build/buildd/kde4libs-4.1.2/kdeui/kernel/kapplication.cpp:311
#58 0xb74ba0b9 in QCoreApplication::notifyInternal (this=0xbfbc424c, 
    receiver=0x83c3760, event=0x841e500) at kernel/qcoreapplication.cpp:591
#59 0xb74bb469 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, 
    event_type=0, data=0x804b6b0)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#60 0xb74bb68d in QCoreApplication::sendPostedEvents (receiver=0x0, 
    event_type=0) at kernel/qcoreapplication.cpp:1095
#61 0xb74e562f in postEventSourceDispatch (s=0x805eab0)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#62 0xb641cdd6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#63 0xb6420193 in ?? () from /usr/lib/libglib-2.0.so.0
#64 0xb642074e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#65 0xb74e59f8 in QEventDispatcherGlib::processEvents (this=0x805bb40, 
    flags=@0xbfbc3f68) at kernel/qeventdispatcher_glib.cpp:325
#66 0xb6a2fa25 in QGuiEventDispatcherGlib::processEvents (this=0x805bb40, 
    flags=@0xbfbc3f98) at kernel/qguieventdispatcher_glib.cpp:204
#67 0xb74b933d in QEventLoop::processEvents (this=0xbfbc4010, 
    flags=@0xbfbc3fd4) at kernel/qeventloop.cpp:149
#68 0xb74b94cd in QEventLoop::exec (this=0xbfbc4010, flags=@0xbfbc4018)
    at kernel/qeventloop.cpp:200
#69 0xb74bb74d in QCoreApplication::exec () at kernel/qcoreapplication.cpp:849
#70 0xb699b897 in QApplication::exec () at kernel/qapplication.cpp:3330
#71 0xb7f77abd in kdemain () from /usr/lib/kde4/lib/libkdeinit4_konqueror.so
#72 0x08048582 in _start ()
#0  0xb7f91410 in __kernel_vsyscall ()
Comment 1 Maksim Orlovich 2008-10-06 15:30:12 UTC 
Confirm, tricky.
Comment 2 Frank Reininghaus 2008-10-10 03:39:22 UTC 
Created attachment 27772 [details]
Test case (18 kB, but simple structure)

This test case still crashes 4.1.2 and trunk rev. 869769 for me. Seems to be related to the number of <div>'s in the page - if I remove some of them, there's no crash.
Comment 3 Maksim Orlovich 2009-02-15 01:09:07 UTC 
SVN commit 926292 by orlovich:

Doh. Mark self first. 
BUG:172268


 M  +1 -0      kjs_traversal.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=926292
Comment 4 Maksim Orlovich 2009-02-15 01:11:51 UTC 
SVN commit 926293 by orlovich:

Merged revision 926292:
Doh. Mark self first. 
BUG:172268

 M  +1 -0      kjs_traversal.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=926293
Comment 5 Maksim Orlovich 2009-02-15 01:14:39 UTC 
SVN commit 926294 by orlovich:

Add in Frank Reininghaus's testcase for #172268

CCBUG:172268


 M  +2 -0      baseline/dom/svnignore  
 A             baseline/dom/treewalker-mark-crash.html-dom  
 A             tests/dom/treewalker-mark-crash.html  


WebSVN link: http://websvn.kde.org/?view=rev&revision=926294