Bug 180605

Summary: konqueror crash on http://allegro.pl/new_item_cat.php?new=1
Product: [Applications] konqueror Reporter: Bartosz Krzeszewski <bartek>
Component: generalAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: andresbajotierra, frank78ac
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: backtrace
full backtrace
site code

Description Bartosz Krzeszewski 2009-01-14 01:40:21 UTC 
Version:            (using Devel)
Compiler:          gcc version 4.1.2 (Gentoo 4.1.2 p1.1) x86_64-pc-linux-gnu
OS:                Linux
Installed from:    Compiled sources

You need account to access this page.
HTML code of this page from Firefox:
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Wystaw przedmiot - Aukcje internetowe Allegro</title>
<meta name="keywords" content="aukcje internetowe,allegro,serwis aukcyjny" />
<meta name="description" content="Allegro - największe aukcje internetowe, najniższe ceny! Kup i sprzedaj!" />
<meta name="classification" content="global,all" />
<meta name="robots" content="all,index,follow" />
<meta name="revisit-after" content="2 days" />
<link rel="shortcut icon" href="http://static.allegro.pl/site_images/1/0/common/favicon.ico" />
<link rel="stylesheet" media="all" type="text/css" href="http://static.allegro.pl/site_images/1/0/layout_n9.css" />
<link rel="stylesheet" media="print" type="text/css" href="http://static.allegro.pl/site_images/1/0/print.css" />
<script type="text/javascript" src="http://static.allegro.pl/js/mainjs-4-min.js"></script><SCRIPT LANGUAGE="JavaScript">
<!--
	var gomez={
				gs: new Date().getTime(),
				acctId:'B3A70B',
				pgId:'new_item_cat',
				grpId:'',
				wrate:0.01
	};
//-->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript" type="text/javascript" src="/js/gtagb4.js"></SCRIPT>

<script type="text/javascript">var header=1;</script>
</head>
<body >
<div id="headerBox">
			<p id="small_menu"><strong id="my_login" style="font-weight:normal;display:none;padding-right:4px"></strong><strong><a href="javascript:OpenHelp()" title="Pytania i odpowiedzi">Pomoc</a></strong></p>
<ul id="topMenu">
	<li id="ico7"><a href="http://allegro.pl/" title="Wróć do strony głównej">Allegro</a></li>
	<li id="ico5"><a href="http://allegro.pl/new_item.php?new=1" title="Wystaw przedmiot na sprzedaż">Sprzedaj</a></li>
	<li id="ico4"><a href="http://allegro.pl/my_allegro.php" title="Informacje o Twoich transakcjach">Moje Allegro</a></li>

	<li id="ico3"><a href="http://allegro.pl/search.php" title="Znajdź przedmiot">Szukaj</a></li>
	<li id="ico2"><a href="http://allegro.pl/services/" title="Informacje o usługach w serwisie">Usługi</a></li>
	<li id="ico1"><a href="http://allegro.pl/spolecznosc/" title="Porozmawiaj, nie tylko o Allegro">Społeczność</a></li>
	<li id="ico0"><a href="/logout.php" title="Zakończ pracę">Wyloguj</a></li>
</ul> <!-- /topmenu -->
<div id="logo"><a href="http://allegro.pl/"><img src="http://static.allegro.pl/site_images/1/0/common/logo.gif"  alt="Allegro - Aukcje internetowe. Największy i najbezpieczniejszy serwis aukcyjny" title="Allegro - Aukcje internetowe. Największy i najbezpieczniejszy serwis aukcyjny" /></a></div>
</div>

<div class="tocenter" style="clear: both;"><table width="100%" cellpadding="0" cellspacing="0">
	<tr>
		<td class="navbar"><a class="bold spec" href="/"><span><span>Allegro</span></span></a> › <span class="bold">Wybór formatu i kategorii</span></td>
	</tr>
</table></div>
<style type="text/css">
#headerBox {
	padding: 0;
}
#headerBox #logo {
	padding-bottom: 11px;
}
#headerBox #logo a {
	background: url('http://static.allegro.pl/site_images/1/0/marketing/winter/logo.png') no-repeat;
	width: 184px;
	height: 64px;
	display: block;
}
#headerBox #logo a img {
	display: none;
}
</style>
<div id="pagecontent1"><table width="100%" cellpadding="0" cellspacing="0" border="0">
<tr>
	<td width="100%" height="1" bgcolor="#000000"><img src="http://static.allegro.pl/site_images/1/0/blank.gif" height="1"></td>

</tr>
<tr>
	<td><img src="http://static.allegro.pl/site_images/1/0/sell-step1.gif"></td>
</tr>
</table>
<br /><table align="center" border="0" width="80%">
<tr>
<td valign="top" width="75%" class="table-info">
<span class=normal10><b>Informacje</b><br>
Tutaj wystawisz przedmiot na sprzedaż. Po aktywacji opcji Ogłoszenia możesz również zamieścić ogłoszenie w kategorii Praca.<br><br>
Za wystawienie i sprzedaż przedmiotu oraz za zamieszczenie ogłoszenia pobierane są opłaty zgodne z <a href="javascript:OpenHelp(102)">cennikiem Allegro</a>.<br><br>

Przydatne odnośniki:</span>
<ul>
<li class="normal10"><a href="javascript:OpenHelp(188)">Jaki sposób sprzedaży wybrać?</a></li>
<li class="normal10"><a href="/country_pages/1/0/education/guide/index.php?page=2&type=1">Zobacz, jak skutecznie sprzedawać</a></li>
<li class="normal10"><a href="javascript:OpenHelp(1603)">Czym jest pracaAllegro?</a></li>
</ul>
</td></tr>
</table>
</td>
</tr>
</table>
<form action="new_item.php" method="post" name="sell_form">
<table align="center" border="0" cellspacing="0" cellpadding="0" width="80%">

<tr>
	<td><br /><table align="center" border="0" cellspacing="0" cellpadding="5" width="100%" class="form">
		<tr>
			<td class="formtitle" colspan="3">Format oferty</td>
		</tr>
		<tr>
			<td colspan="3" class="form2" style="border-left: 0;"><table cellspacing="3" cellpadding="4"><script language="JavaScript">
<!--
	function change_auction_type(form)
	{
		var to_change = form.auction_type_tmp.value;
		
		for (i=0;i<form.auction_type.length;i++)
		{
			if (form.auction_type[i].checked)
			{
				form.auction_type_tmp.value=form.auction_type[i].value;
			}
		}

		if (form.auction_type_tmp.value == "advert")
		{
			SetRootCats([53466], []);
			form.action="new_adv.php";
			if (document.getElementById("shopCatsDiv"))
				 document.getElementById("shopCatsDiv").style.display = "none";
			if (document.getElementById("CatsDiv"))
				document.getElementById("CatsDiv").style.display = "";
			if (document.getElementById("madvCatsDiv"))
				document.getElementById("madvCatsDiv").style.display = "none";
			if (document.getElementById("tbody_tamplate"))
				document.getElementById("tbody_tamplate").style.display = "";
		}
		else if (form.auction_type_tmp.value == "madv")
		{
			form.action="new_item_fast.php";
			if (document.getElementById("shopCatsDiv"))
				document.getElementById("shopCatsDiv").style.display = "none";
			if (document.getElementById("CatsDiv"))
				document.getElementById("CatsDiv").style.display = "none";
			if (document.getElementById("tbody_tamplate"))
				document.getElementById("tbody_tamplate").style.display = "none";
				
			if (document.getElementById("madvCatsDiv"))
				document.getElementById("madvCatsDiv").style.display = "";
		}
		else
		{
		  if(to_change == "advert" || to_change == "madv")
		  {
			 SetRootCats([0], [53466]);
			 form.action="new_item.php";
			 if (document.getElementById("shopCatsDiv"))
				 document.getElementById("shopCatsDiv").style.display = "";

			if (document.getElementById("CatsDiv"))
				document.getElementById("CatsDiv").style.display = "";
			if (document.getElementById("madvCatsDiv"))
				document.getElementById("madvCatsDiv").style.display = "none";
			if (document.getElementById("tbody_tamplate"))
				document.getElementById("tbody_tamplate").style.display = "";				 
			}
		}
		RefreshAll();
	}
	
	function go_to_new_item_fast()
	{
		document.forms.sell_form.action="/new_item_fast.php";
		document.forms.sell_form.submit();
	}
//-->
</script>
<tr>
	<td class="totop"><input type="radio" name="auction_type" value="auction" onClick="change_auction_type(this.form);" checked="checked" ></td>

	<td class="totop"><span class="bold10">Aukcja</span> (z licytacją) <a href="javascript:OpenHelp(188)"><img src="http://static.allegro.pl/site_images/1/0/help1.gif" width="13" height="12" border="0" alt="" title="Więcej..."></a><br><span class="normal10">Sprzedaj przedmiot temu, kto zaoferuje więcej (opcjonalnie do licytacji możesz również dodać cenę Kup Teraz).</span></td>
</tr>
<tr>
	<td class="totop"><input type="radio" name="auction_type" value="buy_now" onClick="change_auction_type(this.form);"  ></td>
	<td class="totop"><span class="bold10">Tylko</span> <span class="textBN">Kup Teraz!</span> (bez licytacji) <a href="javascript:OpenHelp(188)"><img src="http://static.allegro.pl/site_images/1/0/help1.gif" width="13" height="12" border="0" alt="" title="Więcej..."></a><br><span class="normal10">Sprzedaj przedmiot po stałej cenie.</span></td>

</tr>
</table>
<input type="hidden" name="auction_type_tmp" value="auction" />
	</td>
</tr>
</table>
<input type="hidden" name="va" value="00" />
<br />
<table align="center" border="0" width="100%" cellspacing="0" cellpadding="5" class="form">
	<tr>
		<td class="formtitle" colspan="2">Kategoria</td>
	</tr>

	<tr>
		<td class="form1bold" width="15%">Kategoria</td>
		<td class="form2"><input type="hidden" name="default_data" value="1">
<div id="CatsDiv" style="�"><SCRIPT language="JavaScript1.1" src="/categories/ajax_data.js?v14" charset="UTF-8" encoding="UTF-8"></SCRIPT><SCRIPT language="JavaScript1.1" src="/js/all-ui-min-3.js" charset="UTF-8" encoding="UTF-8"></SCRIPT><table cellspacing="0"  cellpadding="0" border="0"><tr><td>
<select size=11 class=form  OnChange="ChangeSelection(0); changed=1;" OnClick="if (!changed) ChangeSelection(0); else changed=0;" name="selects_array_0"><option></option></select>
</td>
<td>
<select size=11 class=form  OnChange="ChangeSelection(1); changed=1;" OnClick="if (!changed) ChangeSelection(1); else changed=0;" name="selects_array_1"><option></option></select>
</td>
<td>
<select size=11 class=form  OnChange="ChangeSelection(2); changed=1;" OnClick="if (!changed) ChangeSelection(2); else changed=0;" name="selects_array_2"><option></option></select>

</td>

	</tr>
	<tr><td height="25" colspan="3">
	<div id="index_desc" name="index_desc" class="right">Numer wybranej kategorii
	<input name="category" type="text" size="5" class="form" value="" OnChange="ChangeByIndex(document.sell_form.category.value,document.sell_form.subcategory.value)" /><br />
	<input name="subcategory" type="hidden" value=""  />
	</div>
	</td></tr>
	</table><SCRIPT type="text/javascript" language="JavaScript1.1">category_children[0]=[26013,19732,11763,5,20585,16696,8845,9,6,2,7,3,1,20782,1454,53466,10,3919,4,55067,1429,1005];main_root_children=category_children[0];category_name[26013]=[0,"Antyki i Sztuka",8];
category_name[19732]=[0,"Biżuteria i Zegarki",10];
category_name[11763]=[0,"Dla Dzieci",8];
category_name[5]=[0,"Dom i Ogród",8];
category_name[20585]=[0,"Filmy",8];
category_name[16696]=[0,"Firma i Przemysł",10];
category_name[8845]=[0,"Fotografia",5];
category_name[9]=[0,"Gry",6];
category_name[6]=[0,"Kolekcje",13];
category_name[2]=[0,"Komputery",16];
category_name[7]=[0,"Książki i Komiksy",10];
category_name[3]=[0,"Motoryzacja",12];
category_name[1]=[0,"Muzyka i Instrumenty",8];
category_name[20782]=[0,"Nieruchomości",2];
category_name[1454]=[0,"Odzież, Obuwie, Dodatki",5];
category_name[53466]=[0,"Praca",14];
category_name[10]=[0,"RTV i AGD",9];
category_name[3919]=[0,"Sport i Turystyka",14];
category_name[4]=[0,"Telefony i Akcesoria",6];
category_name[55067]=[0,"Wakacje",5];
category_name[1429]=[0,"Zdrowie i Uroda",6];
category_name[1005]=[0,"Pozostałe",3];
var allow_to_select_penultimate=0;country=1;server_name=(location.protocol == "http:" ? "http://" : "https://")+"allegro.pl";Select_box_cnt=3;
		<!--
		var selects_array = new Array;
		var inputs_array = new Array;
		inputs_array[0] = document.sell_form.category;
		inputs_array[1] = document.sell_form.subcategory;
		j = 0;

		for (i = 0; i < document.sell_form.elements.length; i++)
		{
			if (document.sell_form.elements[i].name.indexOf("selects_array") == 0)
			{
				selects_array[j] = document.sell_form.elements[i];
				ClearSelect(j++);
			}
		}
SetRootCats( [0],[53466] );
document.sell_form.category.value=''
RefreshAll();
//--></SCRIPT></div><div id="madvCatsDiv" style="display:none;"><SCRIPT language="JavaScript1.1" src="/categories/madv_ajax_data.js?v14" charset="UTF-8" encoding="UTF-8"></SCRIPT><SCRIPT language="JavaScript1.1" src="/js/all-ui-min-3.js" charset="UTF-8" encoding="UTF-8"></SCRIPT><table cellspacing="0"  cellpadding="0" border="0"><tr><td>

<select size=11 class=form  OnChange="madv_ChangeSelection(0); madv_changed=1;" OnClick="if (!madv_changed) madv_ChangeSelection(0); else madv_changed=0;" name="madv_selects_array_0"><option></option></select>
</td>
<td>
<select size=11 class=form  OnChange="madv_ChangeSelection(1); madv_changed=1;" OnClick="if (!madv_changed) madv_ChangeSelection(1); else madv_changed=0;" name="madv_selects_array_1"><option></option></select>
</td>
<td>
<select size=11 class=form  OnChange="madv_ChangeSelection(2); madv_changed=1;" OnClick="if (!madv_changed) madv_ChangeSelection(2); else madv_changed=0;" name="madv_selects_array_2"><option></option></select>
</td>

	</tr>
	<tr><td height="25" colspan="3">
	<div class="right">Numer wybranej kategorii
	<input name="madv_category" type="text" size="5" class="form" value="" OnChange="madv_ChangeByIndex(document.sell_form.madv_category.value,document.sell_form.madv_subcategory.value)" /><br />
	<input name="madv_subcategory" type="hidden" value="" />

	</div>
	</td></tr>
	</table><SCRIPT type="text/javascript" language="JavaScript1.1">
madv_category_children[0]=[48162,48238,48178,53872,48243,52510,48319];
madv_main_root_children=madv_category_children[0];
madv_category_name[48162]=[,"",0];
madv_category_name[48238]=[,"",0];
madv_category_name[48178]=[,"",0];
madv_category_name[53872]=[,"",0];
madv_category_name[48243]=[,"",0];
madv_category_name[52510]=[,"",0];
madv_category_name[48319]=[,"",0];
var madv_allow_to_select_penultimate=0;madv_country=1;madv_server_name=(location.protocol == "http:" ? "http://" : "https://")+"allegro.pl";madv_Select_box_cnt=3;
		<!--
		var madv_selects_array = new Array;
		var madv_inputs_array = new Array;
		madv_inputs_array[0] = document.sell_form.madv_category;
		madv_inputs_array[1] = document.sell_form.madv_subcategory;
		j = 0;

		for (i = 0; i < document.sell_form.elements.length; i++)
		{
			if (document.sell_form.elements[i].name.indexOf("madv_selects_array") == 0)
			{
				madv_selects_array[j] = document.sell_form.elements[i];
				madv_ClearSelect(j++);
			}
		}
madv_SetRootCats( [48162,48238,48178,53872,48243,52510,48319],[] );
document.sell_form.madv_category.value='';
madv_RefreshAll();
//--></SCRIPT></div></td>
		<td class="px3color-tr-f" width="3"><img src="http://static.allegro.pl/site_images/1/0/blank.gif" width="3"></td>
	</tr>
	<tr>
		<td class="form1noborder"><img src="http://static.allegro.pl/site_images/1/0/blank.gif" width="1" height="1" alt="" title="" /></td>
		<td class="formtip">Dokładnie określ kategorię, wybierając ją kolejno w oknach od lewej do prawej.</td>

	</tr>
</table>
<br />
<table align="center" border="0" cellspacing="0" cellpadding="5" width="100%" class="form">
<tbody id="tbody_tamplate"  style="">
	<tr>
		<td class="formtitle" colspan="2">Szablon opisu</td>
	</tr>
<tr>
		<td valign="top" class="form1bold" nowrap width="15%">Szablon<br><span class=small><a href=javascript:OpenHelp(342)>Więcej informacji</a></span></td>

		<td class="form2">
			<input type="submit" name="goto_template" value="Wybierz szablon &gt;" class="submit-hidden" onclick="selects_array_0.disabled=true; selects_array_1.disabled=true; selects_array_2.disabled=true;">
		</td>
	</tr>
	<tr>
		<td class="form1noborder"><img src="http://static.allegro.pl/site_images/1/0/blank.gif" width="1" height="1" alt="" title="" /></td>
		<td class="formtip"><span class=small>Jeśli chcesz, możesz skorzystać z gotowych szablonów ofert lub ogłoszeń.</span></td>
	</tr>

</tbody>
	</table>
<br />
				<table width="100%" cellspacing="0" cellpadding="5" class="form">
					<tr>
						<td class="formsubmit"><input type="submit" class="form-submit" value="Dalej >" onclick="selects_array_0.disabled=true; selects_array_1.disabled=true; selects_array_2.disabled=true;" /></td>
					</tr>
				</table>
			</td>
		</tr>

	</table>
<script language="JavaScript">
<!--
		if (sell_form.auction_type_tmp.value == "advert")
		{
			sell_form.action="new_adv.php";
			if (document.getElementById("shopCatsDiv"))
				document.getElementById("shopCatsDiv").style.display = "none";
		}
		else
		{
			if (sell_form.auction_type_tmp.value == "madv")
				sell_form.action="new_item_fast.php";
			else
				sell_form.action="new_item.php";
				
			if (document.getElementById("shopCatsDiv"))
				document.getElementById("shopCatsDiv").style.display = "";
		}
//-->
</script>
</form>

<!-- saddr: 123-134 -->
<!-- site: 1/0 -->
</div> <!-- /pagecontent1 -->
<!-- Footer start -->
<div id="footerBox" style="width: 100%;">
<a class="arrowUp" href="#top"><img src="http://static.allegro.pl/site_images/1/0/common/arrow-up.gif" alt="up" /></a>
<ul id="footerMenu">
<li><a href="http://allegro.pl/country_pages/1/0/marketing/about.php" title="Informacje o Allegro"><strong>O nas</strong></a></li>
<li><a href="http://media.allegro.pl" title="Media o Allegro"><strong>Prasa</strong></a></li>

<li><a href="http://allegro.pl/country_pages/1/0/marketing/advertise.php" title="Współpraca reklamowa"><strong>Reklama</strong></a></li>
<li><a href="http://kariera.allegro.pl" title="Praca"><strong>Praca w Grupie Allegro</strong></a></li>
<li><a href="http://allegro.pl/ap/" title="Program Partnerski - zarabiaj z Allegro"><strong>Program Partnerski</strong></a></li>
<li><a href="http://allegro.pl/services/" title="Informacje o usługach i narzędziach Allegro"><strong>Usługi i narzędzia</strong></a></li>
<li><a href="http://allegro.pl/country_pages/1/0/sc/" title="Jak bezpiecznie kupować i sprzedawać"><strong>Bezpieczeństwo</strong></a></li>
</ul>
<p>Korzystanie z serwisu oznacza akceptację <a href="http://allegro.pl/country_pages/1/0/user_agreement.php"><span>regulaminu</span></a></p>

</div> <!-- /footerBox -->				<script language="JavaScript" type="text/javascript">
				<!--//--><![CDATA[//><!--
				var gemius_identifier = new String('nSeQzTLiYxc8qOFjpHufIna53y6N.GM_9xNWkYs.K.r.x7');
				//--><!]]>
				</script>

				<script language="JavaScript" type="text/javascript" src="http://static.allegro.pl/js/gemius.js"></script>
					<script src="http://static.allegro.pl/js/urchin.js" type="text/javascript"></script>
	<script type="text/javascript">
	_uacct = "UA-2827377-1";
	urchinTracker();
	</script>
	</div> <!-- /tocenter -->
<script type="text/javascript" src="http://static.allegro.pl/js/sizzle-min.js"></script>
</body>
</html>
Comment 1 Frank Reininghaus 2009-01-14 23:53:40 UTC 
Thanks for the bug report! I can't confirm: Opening the provided code does not crash Konqueror (trunk rev. 911116) for me. By the way, it might be better to attach a test case of this size to the bug report, not paste it directly.

Can you provide a backtrace? See
http://techbase.kde.org/Development/Tutorials/Debugging/How_to_create_useful_crash_reports
Comment 2 Bartosz Krzeszewski 2009-01-15 12:19:56 UTC 
Created attachment 30272 [details]
backtrace

Recompiled konqueror with debug flag and got this backtrace
Comment 3 Frank Reininghaus 2009-01-15 22:32:28 UTC 
I'm pasting the backtrace here because that makes duplicate checks easier. It appears that some debugging info is still missing. Maybe you also have to recompile kdelibs with debugging enabled.

Thread 3 (Thread 0x7f2ff3d0e950 (LWP 10682)):
#0  0x00007f3003269c8d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f30034d6027 in QWaitCondition::wait () from /usr/lib64/qt4/libQtCore.so.4
#2  0x00007f30034cc5d0 in ?? () from /usr/lib64/qt4/libQtCore.so.4
#3  0x00007f30034d5132 in ?? () from /usr/lib64/qt4/libQtCore.so.4
#4  0x00007f3003265097 in start_thread () from /lib/libpthread.so.0
#5  0x00007f3000bec6fd in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f2ff4715950 (LWP 10687)):
#0  0x00007f3003269c8d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f30034d6027 in QWaitCondition::wait () from /usr/lib64/qt4/libQtCore.so.4
#2  0x00007f30034cc5d0 in ?? () from /usr/lib64/qt4/libQtCore.so.4
#3  0x00007f30034d5132 in ?? () from /usr/lib64/qt4/libQtCore.so.4
#4  0x00007f3003265097 in start_thread () from /lib/libpthread.so.0
#5  0x00007f3000bec6fd in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f3005f40760 (LWP 10673)):
#0  0x00007f3000bbf421 in nanosleep () from /lib/libc.so.6
#1  0x00007f3000bbf244 in sleep () from /lib/libc.so.6
#2  0x00007f3004423a4b in ?? () from /usr/kde/live/lib64/libkdeui.so.5
#3  0x00007f30044241cd in KCrash::defaultCrashHandler () from /usr/kde/live/lib64/libkdeui.so.5
#4  <signal handler called>
#5  0x00007f2ff859f70e in ?? () from /usr/kde/live/lib64/libkjs.so.4
#6  0x00007f2ff857fcd9 in KJS::FunctionImp::callAsFunction () from /usr/kde/live/lib64/libkjs.so.4
#7  0x00007f2ff8585769 in KJS::JSObject::call () from /usr/kde/live/lib64/libkjs.so.4
#8  0x00007f2ff859f1bc in ?? () from /usr/kde/live/lib64/libkjs.so.4
#9  0x00007f2ff85584be in ?? () from /usr/kde/live/lib64/libkjs.so.4
#10 0x00007f2ff8588170 in KJS::Interpreter::evaluate () from /usr/kde/live/lib64/libkjs.so.4
#11 0x00007f2ff8588293 in KJS::Interpreter::evaluate () from /usr/kde/live/lib64/libkjs.so.4
#12 0x00007f2ff8c178db in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#13 0x00007f2ff89d62e8 in KHTMLPart::executeScript () from /usr/kde/live/lib64/libkhtml.so.5
#14 0x00007f2ff8a7fc51 in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#15 0x00007f2ff8a8189f in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#16 0x00007f2ff8a853ad in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#17 0x00007f2ff8a87ff0 in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#18 0x00007f2ff8a88e5d in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#19 0x00007f2ff8a8ad01 in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#20 0x00007f2ff8b9c117 in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#21 0x00007f2ff8b9e97d in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#22 0x00007f2ff8b9ce8d in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#23 0x00007f2ff8ba2142 in ?? () from /usr/kde/live/lib64/libkhtml.so.5
#24 0x00007f30035c71ac in QMetaObject::activate () from /usr/lib64/qt4/libQtCore.so.4
#25 0x00007f3003bf3a32 in KJob::result () from /usr/kde/live/lib64/libkdecore.so.5
#26 0x00007f3003bf41bf in KJob::emitResult () from /usr/kde/live/lib64/libkdecore.so.5
#27 0x00007f3004ddbaea in KIO::SimpleJob::slotFinished () from /usr/kde/live/lib64/libkio.so.5
#28 0x00007f3004dded73 in KIO::TransferJob::slotFinished () from /usr/kde/live/lib64/libkio.so.5
#29 0x00007f3004ddb7aa in KIO::TransferJob::qt_metacall () from /usr/kde/live/lib64/libkio.so.5
#30 0x00007f30035c71ac in QMetaObject::activate () from /usr/lib64/qt4/libQtCore.so.4
#31 0x00007f3004e8870f in KIO::SlaveInterface::dispatch () from /usr/kde/live/lib64/libkio.so.5
#32 0x00007f3004e86731 in KIO::SlaveInterface::dispatch () from /usr/kde/live/lib64/libkio.so.5
#33 0x00007f3004e793de in KIO::Slave::gotInput () from /usr/kde/live/lib64/libkio.so.5
#34 0x00007f3004e796da in KIO::Slave::qt_metacall () from /usr/kde/live/lib64/libkio.so.5
#35 0x00007f30035c71ac in QMetaObject::activate () from /usr/lib64/qt4/libQtCore.so.4
#36 0x00007f3004daf287 in ?? () from /usr/kde/live/lib64/libkio.so.5
#37 0x00007f3004daf312 in KIO::Connection::qt_metacall () from /usr/kde/live/lib64/libkio.so.5
#38 0x00007f30035c2952 in QObject::event () from /usr/lib64/qt4/libQtCore.so.4
#39 0x00007f30028fb2ee in QApplicationPrivate::notify_helper () from /usr/lib64/qt4/libQtGui.so.4
#40 0x00007f30028ffe0e in QApplication::notify () from /usr/lib64/qt4/libQtGui.so.4
#41 0x00007f30043c48cb in KApplication::notify () from /usr/kde/live/lib64/libkdeui.so.5
#42 0x00007f30035b3218 in QCoreApplication::notifyInternal () from /usr/lib64/qt4/libQtCore.so.4
#43 0x00007f30035b406d in QCoreApplicationPrivate::sendPostedEvents () from /usr/lib64/qt4/libQtCore.so.4
#44 0x00007f30035dd4e3 in QEventDispatcherUNIX::processEvents () from /usr/lib64/qt4/libQtCore.so.4
#45 0x00007f300297ffc3 in ?? () from /usr/lib64/qt4/libQtGui.so.4
#46 0x00007f30035b2595 in QEventLoop::processEvents () from /usr/lib64/qt4/libQtCore.so.4
#47 0x00007f30035b26f8 in QEventLoop::exec () from /usr/lib64/qt4/libQtCore.so.4
#48 0x00007f30035b440e in QCoreApplication::exec () from /usr/lib64/qt4/libQtCore.so.4
#49 0x00007f3005b21396 in kdemain () from /usr/kde/live/lib64/libkdeinit4_konqueror.so
#50 0x00007f3000b445d4 in __libc_start_main () from /lib/libc.so.6
#51 0x00000000004008f9 in _start ()
#0  0x00007f3000bbf421 in nanosleep () from /lib/libc.so.6
Comment 4 Bartosz Krzeszewski 2009-01-19 00:49:29 UTC 
Created attachment 30405 [details]
full backtrace

recompiled all kde4 with debug flag
Comment 5 Frank Reininghaus 2009-01-29 22:26:37 UTC 
(In reply to comment #4)

The backtrace is still lacking the necessary information. I think you have to pass -DCMAKE_BUILD_TYPE=debugfull to the cmake command when building all KDE packages.

Another thing that might help would be the problematic HTML code. If you can store the page (e.g., with Firefox) and can crash Konqueror reproducibly when opening it, please attach it here. Thanks!
Comment 6 Bartosz Krzeszewski 2009-02-03 18:07:08 UTC 
Created attachment 30922 [details]
site code
Comment 7 Maksim Orlovich 2009-02-03 20:47:09 UTC 
Reproducible with that --- thanks!, on this machine w/o outdated build --- will try a newer version later. What may help too, though, is if you ran konq from a terminal and pasted the assertion failure message.

==13779== Invalid read of size 4
==13779==    at 0x7CCBB6C: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0> const&, KJS::ExecState*) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x7CAB127: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x7CB1409: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x7CCEFA2: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0> const&, KJS::ExecState*) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x7C82A83: KJS::FunctionBodyNode::execute(KJS::ExecState*) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x7CB4506: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x7CB4666: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (in /opt/kde4/lib/libkjs.so.4.1.0)
==13779==    by 0x9AE3490: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (in /opt/kde4/lib/libkhtml.so.5.1.0)
==13779==    by 0x98A37FC: KHTMLPart::executeScript(QString const&, int, DOM::Node const&, QString const&) (in /opt/kde4/lib/libkhtml.so.5.1.0)
==13779==    by 0x994E2F5: khtml::HTMLTokenizer::scriptExecution(QString const&, QString const&, int) (in /opt/kde4/lib/libkhtml.so.5.1.0)
==13779==    by 0x994FF97: khtml::HTMLTokenizer::scriptHandler() (in /opt/kde4/lib/libkhtml.so.5.1.0)
==13779==    by 0x995393C: khtml::HTMLTokenizer::parseSpecial(khtml::TokenizerString&) (in /opt/kde4/lib/libkhtml.so.5.1.0)
==13779==  Address 0x0 is not stack'd, malloc'd or (recently) free'd

(Outdated 4.2 build triggers an assertion in a hashtable:
konqueror: /home/maksim/KDE42/src/kdelibs/kjs/wtf/HashTable.h:441: void WTF::HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::checkKey(const T&) [with T = unsigned int, HashTranslator = WTF::IdentityHashTranslator<unsigned int, std::pair<unsigned int, KJS::JSValue*>, WTF::IntHash<unsigned int>>, Key = unsigned int, Value = std::pair<unsigned int, KJS::JSValue*>, Extractor = WTF::PairFirstExtractor<std::pair<unsigned int, KJS::JSValue*> >, HashFunctions = WTF::IntHash<unsigned int>, Traits = WTF::PairHashTraits<WTF::HashTraits<unsigned int>, WTF::HashTraits<KJS::JSValue*> >, KeyTraits = WTF::HashTraits<unsigned int>]: Assertion `!HashTranslator::equal(KeyTraits::emptyValue(), key)' failed.

hmm, there way something in my TODO for sparse vectors that looked like this, I think.
Comment 8 Maksim Orlovich 2009-02-03 21:13:01 UTC 
Testcase:
A = [];
A[20000] = 42;
print(A[0]);

Patch:
--- array_instance.cpp  (revision 892610)                                                                                 
+++ array_instance.cpp  (working copy)                                                                                    
@@ -253,6 +257,13 @@
         if (!map) {
             map = new SparseArrayValueMap;
             storage->m_sparseValueMap = map;
+
+            // If we create a sparse map, we need to ensure that there is at least one spot
+            // in the vector map, however, since the sparse map can't put/get key 0.
+            // It's safe to do it here, since put(0) will always put it in the vector part,
+            // but we have to do it before a get(0) or it will crash
+            if (!m_vectorLength)
+                increaseVectorLength(1);
         }
         map->add(i, value);
         return;



Now I just need to remember to commit it
Comment 9 Maksim Orlovich 2009-02-07 19:58:36 UTC 
SVN commit 922902 by orlovich:

Fix crash when we create a sparse array w/o a dense vector component, and then access [0].
BUG:180605


 M  +7 -0      array_instance.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=922902
Comment 10 Maksim Orlovich 2009-02-07 19:59:30 UTC 
SVN commit 922903 by orlovich:

Merged revision 922902:
Fix crash when we create a sparse array w/o a dense vector component, and then access [0].
BUG:180605

 M  +7 -0      array_instance.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=922903
Comment 11 Maksim Orlovich 2009-02-07 20:14:07 UTC 
SVN commit 922909 by orlovich:

Regression test for #180605
CCBUG:180605


 M  +5 -0      Array.js  


WebSVN link: http://websvn.kde.org/?view=rev&revision=922909
Comment 12 Bartosz Krzeszewski 2009-02-08 21:15:43 UTC 
Now page doesn't crash konqueror but there is only 2 items in first select field in "Kategoria", should be much more. When I clik on one of them then second field should be filled with items, instead of this konqueror crashes.
Comment 13 Dario Andres 2009-05-15 15:28:59 UTC 
@Bartosz Krzeszewski : if Konqueror is still crashing for you.. are you getting the same backtrace or a different one ? Thanks
Comment 14 Bartosz Krzeszewski 2009-05-16 11:58:31 UTC 
@Dario Andres: No, Konqueror is not crashing any more. But page is incomplete in Konqueror. Should I post another bug report?
Comment 15 Dario Andres 2009-05-16 20:42:58 UTC 
@Bartosz Krzeszewski: yes, please file a new bug report about the bad rendering of the page. 
As the originally reported crash is no longer there I'm closing this as FIXED
Thanks