Bug 203629

Summary: Upload a photo to panoramio.com crashes konqueror (KHTMLView::setMouseEventsTarget,khtml::RenderWidget::handleEvent)
Product: [Applications] konqueror Reporter: Damir Perisa <damir.perisa>
Component: khtmlAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: crash CC: justin.zobel
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Damir Perisa 2009-08-12 23:01:52 UTC 
Application that crashed: konqueror
Version of the application: 4.3.00 (KDE 4.3.0)
KDE Version: 4.3.00 (KDE 4.3.0)
Qt Version: 4.5.2
Operating System: Linux 2.6.30-ARCH x86_64

What I was doing when the application crashed:
trying to upload a picture to panoramio.com makes konqueror krash - 100% reproducable

not tested on other architecture


 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 0 (LWP 3206)]

Thread 2 (Thread 0x7f3d5ee47910 (LWP 3208)):
#0  0x00007f3d735a105d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f3d738102b2 in QWaitCondition::wait () from /usr/lib/libQtCore.so.4
#2  0x00007f3d73806412 in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f3d7380f285 in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f3d7359c57a in start_thread () from /lib/libpthread.so.0
#5  0x00007f3d70f5c16d in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f3d73db1760 (LWP 3206)):
[KCrash Handler]
#5  0x00007f3d613dc990 in KHTMLView::setMouseEventsTarget () from /usr/lib/libkhtml.so.5
#6  0x00007f3d61561d4d in khtml::RenderWidget::handleEvent () from /usr/lib/libkhtml.so.5
#7  0x00007f3d614de208 in DOM::HTMLGenericFormElementImpl::defaultEventHandler () from /usr/lib/libkhtml.so.5
#8  0x00007f3d614edf62 in DOM::HTMLInputElementImpl::defaultEventHandler () from /usr/lib/libkhtml.so.5
#9  0x00007f3d61479d54 in DOM::NodeImpl::dispatchGenericEvent () from /usr/lib/libkhtml.so.5
#10 0x00007f3d61479f4e in DOM::NodeImpl::dispatchEvent () from /usr/lib/libkhtml.so.5
#11 0x00007f3d613de779 in KHTMLView::dispatchMouseEvent () from /usr/lib/libkhtml.so.5
#12 0x00007f3d613e8411 in KHTMLView::mouseReleaseEvent () from /usr/lib/libkhtml.so.5
#13 0x00007f3d716e0810 in QWidget::event () from /usr/lib/libQtGui.so.4
#14 0x00007f3d71a39a06 in QFrame::event () from /usr/lib/libQtGui.so.4
#15 0x00007f3d613e6e85 in KHTMLView::widgetEvent () from /usr/lib/libkhtml.so.5
#16 0x00007f3d613e714f in KHTMLView::eventFilter () from /usr/lib/libkhtml.so.5
#17 0x00007f3d738f4027 in QCoreApplicationPrivate::sendThroughObjectEventFilters () from /usr/lib/libQtCore.so.4
#18 0x00007f3d71691dfc in QApplicationPrivate::notify_helper () from /usr/lib/libQtGui.so.4
#19 0x00007f3d71698f41 in QApplication::notify () from /usr/lib/libQtGui.so.4
#20 0x00007f3d722c4ff6 in KApplication::notify () from /usr/lib/libkdeui.so.5
#21 0x00007f3d738f4d0c in QCoreApplication::notifyInternal () from /usr/lib/libQtCore.so.4
#22 0x00007f3d71698810 in QApplicationPrivate::sendMouseEvent () from /usr/lib/libQtGui.so.4
#23 0x00007f3d716fe714 in ?? () from /usr/lib/libQtGui.so.4
#24 0x00007f3d716fd409 in QApplication::x11ProcessEvent () from /usr/lib/libQtGui.so.4
#25 0x00007f3d717255fc in ?? () from /usr/lib/libQtGui.so.4
#26 0x00007f3d705e6dbe in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#27 0x00007f3d705ea568 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#28 0x00007f3d705ea690 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#29 0x00007f3d7391d1d6 in QEventDispatcherGlib::processEvents () from /usr/lib/libQtCore.so.4
#30 0x00007f3d71724dde in ?? () from /usr/lib/libQtGui.so.4
#31 0x00007f3d738f3612 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#32 0x00007f3d738f39e4 in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#33 0x00007f3d738f5b99 in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#34 0x00007f3d67f06ca3 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#35 0x0000000000406eae in _start ()

Reported using DrKonqi
Comment 1 Tommi Tervo 2010-02-26 19:51:57 UTC 
" < maelcum> konqi successfully crashed after uploading the image to imgur.com"


Application: Konqueror (konqueror), signal: Segmentation fault
[KCrash Handler]
#6  0xb2bd216d in KHTMLView::setMouseEventsTarget (this=0x0, w=0x0) at /home/teve/kde/kdelibs/khtml/khtmlview.cpp:673
#7  0xb2da197b in khtml::RenderWidget::handleEvent (this=0x9d19c48, ev=...) at /home/teve/kde/kdelibs/khtml/rendering/render_replaced.cpp:1124
#8  0xb2cfc853 in DOM::HTMLGenericFormElementImpl::defaultEventHandler (this=0x9ec3708, evt=0xb999b40) at /home/teve/kde/kdelibs/khtml/html/html_formimpl.cpp:1049
#9  0xb2d01d5f in DOM::HTMLInputElementImpl::defaultEventHandler (this=0x9ec3708, evt=0xb999b40) at /home/teve/kde/kdelibs/khtml/html/html_formimpl.cpp:1954
#10 0xb2c7f74a in DOM::NodeImpl::dispatchGenericEvent (this=0x9ec3708, evt=0xb999b40) at /home/teve/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:526
#11 0xb2c7f327 in DOM::NodeImpl::dispatchEvent (this=0x9ec3708, evt=0xb999b40, exceptioncode=@0xbfc195c8, tempEvent=true) at /home/teve/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:453
#12 0xb2be331b in KHTMLView::dispatchMouseEvent (this=0x9f7a740, eventId=5, targetNode=0x9ec3708, targetNodeNonShared=0x9ec3708, cancelable=true, detail=1, _mouse=0xbfc19ef0, setUnder=false, 
    mouseEventType=1, orient=0) at /home/teve/kde/kdelibs/khtml/khtmlview.cpp:3743
#13 0xb2bd7bc8 in KHTMLView::mouseReleaseEvent (this=0x9f7a740, _mouse=0xbfc19ef0) at /home/teve/kde/kdelibs/khtml/khtmlview.cpp:1578
#14 0xb5d3305b in QWidget::event (this=0x9f7a740, event=0xbfc19ef0) at kernel/qwidget.cpp:7998
#15 0xb613f0e5 in QFrame::event (this=0x9f7a740, e=0xbfc19ef0) at widgets/qframe.cpp:557
#16 0xb2bdadf0 in KHTMLView::widgetEvent (this=0x9f7a740, e=0xbfc19ef0) at /home/teve/kde/kdelibs/khtml/khtmlview.cpp:2363
#17 0xb2bda7b3 in KHTMLView::eventFilter (this=0x9f7a740, o=0xa9083b8, e=0xbfc19ef0) at /home/teve/kde/kdelibs/khtml/khtmlview.cpp:2208
#18 0xb683d0ae in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x8068e68, receiver=0xa9083b8, event=0xbfc19ef0) at kernel/qcoreapplication.cpp:819
#19 0xb5cd23cd in QApplicationPrivate::notify_helper (this=0x8068e68, receiver=0xa9083b8, e=0xbfc19ef0) at kernel/qapplication.cpp:4296
#20 0xb5cd9c0e in QApplication::notify (this=0xbfc19c24, receiver=0xa9083b8, e=0xbfc19ef0) at kernel/qapplication.cpp:3865
#21 0xb6e30c68 in KApplication::notify (this=0xbfc1a7b0, receiver=0xa9083b8, event=0xbfc19ef0) at /home/teve/kde/kdelibs/kdeui/kernel/kapplication.cpp:302
#22 0xb683ddde in QCoreApplication::notifyInternal (this=0xbfc1a7b0, receiver=0xa9083b8, event=0xbfc19ef0) at kernel/qcoreapplication.cpp:704
#23 0xb5cd8b54 in sendSpontaneousEvent (event=<value optimized out>, receiver=<value optimized out>) at ../../src/corelib/kernel/qcoreapplication.h:218
#24 QApplicationPrivate::sendMouseEvent (event=<value optimized out>, receiver=<value optimized out>) at kernel/qapplication.cpp:2963
#25 0xb5d6669a in QETWidget::translateMouseEvent (this=0xa9083b8, event=0xbfc1a3fc) at kernel/qapplication_x11.cpp:4368
#26 0xb5d65c44 in QApplication::x11ProcessEvent (this=0xbfc1a7b0, event=0xbfc1a3fc) at kernel/qapplication_x11.cpp:3379
#27 0xb5d932b8 in x11EventSourceDispatch (s=0x806c040, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#28 0xb543a4c2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#29 0xb543dd98 in ?? () from /usr/lib/libglib-2.0.so.0
#30 0xb543debe in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#31 0xb686a931 in QEventDispatcherGlib::processEvents (this=0x8051e08, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#32 0xb5d92e0a in QGuiEventDispatcherGlib::processEvents (this=0x8051e08, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#33 0xb683c44d in QEventLoop::processEvents (this=0xbfc1a6b4, flags=) at kernel/qeventloop.cpp:149
#34 0xb683c899 in QEventLoop::exec (this=0xbfc1a6b4, flags=...) at kernel/qeventloop.cpp:201
#35 0xb6840a10 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#36 0xb5cd24a4 in QApplication::exec () at kernel/qapplication.cpp:3579
#37 0xb77914c3 in kdemain (argc=1, argv=0xbfc1aa74) at /home/teve/kde/kdebase/apps/konqueror/src/konqmain.cpp:232
#38 0x080487a9 in main (argc=1, argv=0xbfc1aa74) at /home/teve/kde/kbb/apps/konqueror/src/konqueror_dummy.cpp:3
Comment 2 Tommi Tervo 2010-02-26 20:12:44 UTC 
Cannot reproduce wirh valgrind, got a warning from different memory corruption.
(arena alloc is disabled)

==26335== Invalid read of size 4
==26335==    at 0xC7EDB1E: khtml::RenderFileButton::widget() const (render_form.h:375)
==26335==    by 0xC7E71DB: khtml::RenderFileButton::handleFocusOut() (render_form.cpp:1461)
==26335==    by 0xC6AE25A: DOM::DocumentImpl::setFocusNode(DOM::NodeImpl*) (dom_docimpl.cpp:2470)
==26335==    by 0xC61F40F: KHTMLView::dispatchMouseEvent(int, DOM::NodeImpl*, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int, int) (khtmlview.cpp:3757)
==26335==    by 0xC611670: KHTMLView::mousePressEvent(QMouseEvent*) (khtmlview.cpp:1246)
==26335==    by 0x535F03C: QWidget::event(QEvent*) (qwidget.cpp:7994)
==26335==    by 0x576B0E4: QFrame::event(QEvent*) (qframe.cpp:557)
==26335==    by 0xC6167B2: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2208)
==26335==    by 0x501C0AD: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:819)
==26335==    by 0x52FE3CC: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4296)
==26335==    by 0x5305C0D: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3865)
==26335==  Address 0x1383e09c is 108 bytes inside a block of size 148 free'd
==26335==    at 0x40268A6: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==26335==    by 0xC7B4A53: khtml::RenderArena::free(unsigned int, void*) (render_arena.cpp:122)
==26335==    by 0xC796E6B: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void
*) (render_object.cpp:2400)
==26335==    by 0xC796EA7: khtml::RenderObject::arenaDelete(khtml::RenderArena*) (render_object.cpp:2407)
==26335==    by 0xC7DDF30: khtml::RenderWidget::deref() (render_replaced.cpp:1214)
==26335==    by 0xC7D88BB: khtml::RenderWidget::detach() (render_replaced.cpp:227)
==26335==    by 0xC6BCF4D: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:975)
==26335==    by 0xC6BF822: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1838)
==26335==    by 0xC6CC0E3: DOM::ElementImpl::detach() (dom_elementimpl.cpp:910)
==26335==    by 0xC6CC48D: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:984)
==26335==    by 0xC71EE51: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:238)
==26335==    by 0xC6CC5CB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1015)
==26335==    by 0xC71EE51: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:238)
==26335==    by 0xC6CC5CB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1015)
==26335==    by 0xC71EE51: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:238)
==26335==    by 0xC6CC5CB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1015)
==26335==    by 0xC71EE51: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:238)
Comment 3 Justin Zobel 2020-12-09 02:07:47 UTC 
Thank you for the crash report, Damir and Tommi.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 4 Bug Janitor Service 2020-12-24 04:34:25 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 5 Bug Janitor Service 2021-01-08 04:33:56 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!