Bug 220967

Summary: Crash after clicking on a link [KUrl, KJS::XMLHttpRequest::urlMatchesDocumentDomain, KJS::XMLHttpRequest::processSyncLoadResults, KJS::XMLHttpRequest::send]
Product: [Applications] konqueror Reporter: Zsombor <renszarv07>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash CC: andresbajotierra, artur, cyrille.dunant, justin.zobel, leonardo.la.malfa, zilti
Priority: NOR    
Version: 4.3.4   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Zsombor 2010-01-02 12:41:33 UTC 
Application that crashed: konqueror
Version of the application: 4.3.4 (KDE 4.3.4)
KDE Version: 4.3.4 (KDE 4.3.4)
Qt Version: 4.6.0
Operating System: Linux 2.6.30-gentoo-r5 x86_64
Distribution: "Gentoo Base System release 2.0.1"

What I was doing when the application crashed:
I've opened http://www.keesia.com and clicked on the language switcher links. This not happens always, I've only able to reproduce twice.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 0 (LWP 17180)]

Thread 3 (Thread 0x7f24e7819950 (LWP 17198)):
#0  0x00007f24fab03c0d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f24fad858c7 in QWaitConditionPrivate::wait () from /usr/lib64/qt4/libQtCore.so.4
#2  0x00007f24fad855d8 in QWaitCondition::wait () from /usr/lib64/qt4/libQtCore.so.4
#3  0x00007f24fad7e0a2 in QThreadPoolThread::run () from /usr/lib64/qt4/libQtCore.so.4
#4  0x00007f24fad85297 in QThreadPrivate::start () from /usr/lib64/qt4/libQtCore.so.4
#5  0x00007f24faaff067 in start_thread () from /lib/libpthread.so.0
#6  0x00007f24f7a523fd in clone () from /lib/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f24e6da5950 (LWP 17200)):
#0  0x00007f24fab03c0d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f24fad858c7 in QWaitConditionPrivate::wait () from /usr/lib64/qt4/libQtCore.so.4
#2  0x00007f24fad855d8 in QWaitCondition::wait () from /usr/lib64/qt4/libQtCore.so.4
#3  0x00007f24fad7e0a2 in QThreadPoolThread::run () from /usr/lib64/qt4/libQtCore.so.4
#4  0x00007f24fad85297 in QThreadPrivate::start () from /usr/lib64/qt4/libQtCore.so.4
#5  0x00007f24faaff067 in start_thread () from /lib/libpthread.so.0
#6  0x00007f24f7a523fd in clone () from /lib/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f24fb2dc750 (LWP 17180)):
[KCrash Handler]
#5  0x00007f24fadf2a2c in QUrl::QUrl () from /usr/lib64/qt4/libQtCore.so.4
#6  0x00007f24fa7d6dd9 in KUrl::KUrl () from /usr/lib64/libkdecore.so.5
#7  0x00007f24e9e77305 in KJS::XMLHttpRequest::urlMatchesDocumentDomain () from /usr/lib64/libkhtml.so.5
#8  0x00007f24e9e77e9f in KJS::XMLHttpRequest::processSyncLoadResults () from /usr/lib64/libkhtml.so.5
#9  0x00007f24e9e7881a in KJS::XMLHttpRequest::send () from /usr/lib64/libkhtml.so.5
#10 0x00007f24e9e79620 in KJS::XMLHttpRequestProtoFunc::callAsFunction () from /usr/lib64/libkhtml.so.5
#11 0x00007f24e9888158 in KJS::JSObject::call () from /usr/lib64/libkjs.so.4
#12 0x00007f24e989e48d in KJS::Machine::runBlock () from /usr/lib64/libkjs.so.4
#13 0x00007f24e9886140 in KJS::FunctionImp::callAsFunction () from /usr/lib64/libkjs.so.4
#14 0x00007f24e9888158 in KJS::JSObject::call () from /usr/lib64/libkjs.so.4
#15 0x00007f24e989e48d in KJS::Machine::runBlock () from /usr/lib64/libkjs.so.4
#16 0x00007f24e9868fff in KJS::FunctionBodyNode::execute () from /usr/lib64/libkjs.so.4
#17 0x00007f24e9889de7 in KJS::Interpreter::evaluate () from /usr/lib64/libkjs.so.4
#18 0x00007f24e9889e61 in KJS::Interpreter::evaluate () from /usr/lib64/libkjs.so.4
#19 0x00007f24e9e62352 in KJS::KJSProxyImpl::evaluate () from /usr/lib64/libkhtml.so.5
#20 0x00007f24e9cd2991 in KHTMLPart::executeScript () from /usr/lib64/libkhtml.so.5
#21 0x00007f24e9e5375a in KJS::ScheduledAction::execute () from /usr/lib64/libkhtml.so.5
#22 0x00007f24e9e538dc in KJS::WindowQObject::timerEvent () from /usr/lib64/libkhtml.so.5
#23 0x00007f24fae3409c in QObject::event () from /usr/lib64/qt4/libQtCore.so.4
#24 0x00007f24f8630b59 in QApplicationPrivate::notify_helper () from /usr/lib64/qt4/libQtGui.so.4
#25 0x00007f24f8631997 in QApplication::notify () from /usr/lib64/qt4/libQtGui.so.4
#26 0x00007f24f94c3570 in KApplication::notify () from /usr/lib64/libkdeui.so.5
#27 0x00007f24fae262b7 in QCoreApplication::notifyInternal () from /usr/lib64/qt4/libQtCore.so.4
#28 0x00007f24fae4691d in QTimerInfoList::activateTimers () from /usr/lib64/qt4/libQtCore.so.4
#29 0x00007f24fae45162 in idleTimerSourceDispatch () from /usr/lib64/qt4/libQtCore.so.4
#30 0x00007f24f6ed3c03 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#31 0x00007f24f6ed5a82 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#32 0x00007f24f6ed5b62 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#33 0x00007f24fae44aac in QEventDispatcherGlib::processEvents () from /usr/lib64/qt4/libQtCore.so.4
#34 0x00007f24f86a6436 in QGuiEventDispatcherGlib::processEvents () from /usr/lib64/qt4/libQtGui.so.4
#35 0x00007f24fae23ead in QEventLoop::processEvents () from /usr/lib64/qt4/libQtCore.so.4
#36 0x00007f24fae24047 in QEventLoop::exec () from /usr/lib64/qt4/libQtCore.so.4
#37 0x00007f24f9eb7b35 in KIO::NetAccess::enter_loop () from /usr/lib64/libkio.so.5
#38 0x00007f24f9eb7ca1 in KIO::NetAccess::synchronousRunInternal () from /usr/lib64/libkio.so.5
#39 0x00007f24f9eb830e in KIO::NetAccess::synchronousRun () from /usr/lib64/libkio.so.5
#40 0x00007f24e9e7864c in KJS::XMLHttpRequest::send () from /usr/lib64/libkhtml.so.5
#41 0x00007f24e9e79620 in KJS::XMLHttpRequestProtoFunc::callAsFunction () from /usr/lib64/libkhtml.so.5
#42 0x00007f24e9888158 in KJS::JSObject::call () from /usr/lib64/libkjs.so.4
#43 0x00007f24e989e48d in KJS::Machine::runBlock () from /usr/lib64/libkjs.so.4
#44 0x00007f24e9886140 in KJS::FunctionImp::callAsFunction () from /usr/lib64/libkjs.so.4
#45 0x00007f24e9888158 in KJS::JSObject::call () from /usr/lib64/libkjs.so.4
#46 0x00007f24e989e48d in KJS::Machine::runBlock () from /usr/lib64/libkjs.so.4
#47 0x00007f24e9868fff in KJS::FunctionBodyNode::execute () from /usr/lib64/libkjs.so.4
#48 0x00007f24e9889de7 in KJS::Interpreter::evaluate () from /usr/lib64/libkjs.so.4
#49 0x00007f24e9889e61 in KJS::Interpreter::evaluate () from /usr/lib64/libkjs.so.4
#50 0x00007f24e9e62352 in KJS::KJSProxyImpl::evaluate () from /usr/lib64/libkhtml.so.5
#51 0x00007f24e9cd2991 in KHTMLPart::executeScript () from /usr/lib64/libkhtml.so.5
#52 0x00007f24e9e5375a in KJS::ScheduledAction::execute () from /usr/lib64/libkhtml.so.5
#53 0x00007f24e9e538dc in KJS::WindowQObject::timerEvent () from /usr/lib64/libkhtml.so.5
#54 0x00007f24fae3409c in QObject::event () from /usr/lib64/qt4/libQtCore.so.4
#55 0x00007f24f8630b59 in QApplicationPrivate::notify_helper () from /usr/lib64/qt4/libQtGui.so.4
#56 0x00007f24f8631997 in QApplication::notify () from /usr/lib64/qt4/libQtGui.so.4
#57 0x00007f24f94c3570 in KApplication::notify () from /usr/lib64/libkdeui.so.5
#58 0x00007f24fae262b7 in QCoreApplication::notifyInternal () from /usr/lib64/qt4/libQtCore.so.4
#59 0x00007f24fae4691d in QTimerInfoList::activateTimers () from /usr/lib64/qt4/libQtCore.so.4
#60 0x00007f24fae45162 in idleTimerSourceDispatch () from /usr/lib64/qt4/libQtCore.so.4
#61 0x00007f24f6ed3c03 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#62 0x00007f24f6ed5a82 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#63 0x00007f24f6ed5b62 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#64 0x00007f24fae44aac in QEventDispatcherGlib::processEvents () from /usr/lib64/qt4/libQtCore.so.4
#65 0x00007f24f86a6436 in QGuiEventDispatcherGlib::processEvents () from /usr/lib64/qt4/libQtGui.so.4
#66 0x00007f24fae23ead in QEventLoop::processEvents () from /usr/lib64/qt4/libQtCore.so.4
#67 0x00007f24fae24047 in QEventLoop::exec () from /usr/lib64/qt4/libQtCore.so.4
#68 0x00007f24fae26916 in QCoreApplication::exec () from /usr/lib64/qt4/libQtCore.so.4
#69 0x00007f24ef4b7271 in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#70 0x000000000040641b in launch ()
#71 0x0000000000406e6e in handle_launcher_request ()
#72 0x00000000004073c9 in handle_requests ()
#73 0x0000000000408187 in main ()

Reported using DrKonqi
Comment 1 Tommi Tervo 2010-01-02 13:07:37 UTC 
==6094== Invalid read of size 4
==6094==    at 0x4FEF879: QUrl::QUrl(QUrl const&) (qurl.cpp:4104)
==6094==    by 0x4C64B73: KUrl::KUrl(KUrl const&) (kurl.cpp:472)
==6094==    by 0xACD596F: DOM::DocumentImpl::URL() const (dom_docimpl.h:354)
==6094==    by 0xAFE516E: KJS::XMLHttpRequest::urlMatchesDocumentDomain(KUrl const&) const (xmlhttprequest.cpp:370)
==6094==    by 0xAFE6F4B: KJS::XMLHttpRequest::processSyncLoadResults(QByteArray const&, KUrl const&, QString const&) (xmlhttprequest.cpp:689)
==6094==    by 0xAFE5F76: KJS::XMLHttpRequest::send(QString const&, int&) (xmlhttprequest.cpp:492)
==6094==    by 0xAFE8027: KJS::XMLHttpRequestProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (xmlhttprequest.cpp:874)
==6094==    by 0x7F554D0: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6094==    by 0x7F7BF78: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6094==    by 0x7F4E7A1: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6094==    by 0x7F554D0: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==6094==    by 0x7F7BF78: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6094==    by 0x7F1C76B: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927)
==6094==    by 0x7F5B0E5: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:556)
==6094==    by 0x7F5AC4A: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:496)
==6094==    by 0xAFBE9E9: KJS::KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158)
==6094==    by 0xACE8FE7: KHTMLPart::executeScript(DOM::Node const&, QString const&) (khtml_part.cpp:1378)
==6094==    by 0xAFB0BF1: KJS::ScheduledAction::execute(KJS::Window*) (kjs_window.cpp:2196)
==6094==    by 0xAFB1C97: KJS::WindowQObject::timerEvent(QTimerEvent*) (kjs_window.cpp:2362)
==6094==    by 0x50569DB: QObject::event(QEvent*) (qobject.cpp:1210)
==6094==    by 0x5379063: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4245)
==6094==    by 0x5376B28: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3669)
==6094==    by 0x4890897: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302)
==6094==    by 0x503F3B0: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704)
==6094==    by 0x5042E88: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:215)
==6094==    by 0x5079A59: QTimerInfoList::activateTimers() (qeventdispatcher_unix.cpp:603)
==6094==    by 0x507594F: timerSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:184)
==6094==    by 0x5075A08: idleTimerSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:231)
==6094==    by 0x64B04C1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.2200.1)
==6094==    by 0x64B3D97: ??? (in /usr/lib/libglib-2.0.so.0.2200.1)
==6094==    by 0x64B3EBD: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.2200.1)
==6094==    by 0x5076AEB: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:407)
==6094==    by 0x5445A67: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:202)
==6094==    by 0x503C812: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==6094==    by 0x503C957: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201)
==6094==    by 0x503FA8C: QCoreApplication::exec() (qcoreapplication.cpp:981)
==6094==    by 0x537673F: QApplication::exec() (qapplication.cpp:3578)
==6094==    by 0x40FF770: kdemain (konqmain.cpp:257)
==6094==    by 0x80487A8: main (konqueror_dummy.cpp:3)
==6094==  Address 0x58 is not stack'd, malloc'd or (recently) free'd
Comment 2 Tommi Tervo 2010-01-02 13:08:04 UTC 
*** Bug 217074 has been marked as a duplicate of this bug. ***
Comment 3 Dario Andres 2010-12-15 18:10:15 UTC 
[Comment from a bug triager]
From bug 246733:
- What I was doing when the application crashed:
I was browsing alexa.com and changing repeatedly the values in the input fields
and refreshing.
This bug occurred after 5-6 change of inputs.  The website had stopped
displaying (blank page) and I pressed reload.

[KCrash Handler]
#6  QUrl::QUrl (this=0x7fff48967f40, other=...) at io/qurl.cpp:4147
#7  0x00007fec00bb3c29 in KUrl::KUrl (this=0x7fff48967f40, _u=...) at
/usr/src/debug/kdelibs-4.4.95/kdecore/io/kurl.cpp:472
#8  0x00007febe9a7ee78 in URL (this=<value optimized out>) at
/usr/src/debug/kdelibs-4.4.95/khtml/xml/dom_docimpl.h:366
#9  KJS::XMLHttpRequest::urlMatchesDocumentDomain (this=<value optimized out>)
at /usr/src/debug/kdelibs-4.4.95/khtml/ecma/xmlhttprequest.cpp:392
#10 0x00007febe9a7f3d4 in KJS::XMLHttpRequest::processSyncLoadResults
(this=0x7fff48967f40, data=..., finalURL=..., headers=...) at
/usr/src/debug/kdelibs-4.4.95/khtml/ecma/xmlhttprequest.cpp:711
#11 0x00007febe9a7fe01 in KJS::XMLHttpRequest::send (this=0x7febe5000a00,
_body=<value optimized out>, ec=<value optimized out>) at
/usr/src/debug/kdelibs-4.4.95/khtml/ecma/xmlhttprequest.cpp:514
#12 0x00007febe9a80ca0 in KJS::XMLHttpRequestProtoFunc::callAsFunction
(this=<value optimized out>, exec=0x7fff48968c70, thisObj=0x7febe5000a00,
args=...)
    at /usr/src/debug/kdelibs-4.4.95/khtml/ecma/xmlhttprequest.cpp:912
#13 0x00007febe9159b17 in call (args=<value optimized out>, thisObj=<value
optimized out>, exec=<value optimized out>, this=<value optimized out>) at
/usr/src/debug/kdelibs-4.4.95/kjs/object.h:616
#14 KJS::Machine::runBlock (args=<value optimized out>, thisObj=<value
optimized out>, exec=<value optimized out>, this=<value optimized out>) at
codes.def:1204
#15 0x00007febe9138504 in KJS::FunctionImp::callAsFunction
(this=0x7febe31db840, exec=0x7fff489694f0, thisObj=<value optimized out>,
args=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.95/kjs/function.cpp:172
#16 0x00007febe9159b17 in call (args=<value optimized out>, thisObj=<value
optimized out>, exec=<value optimized out>, this=<value optimized out>) at
/usr/src/debug/kdelibs-4.4.95/kjs/object.h:616
#17 KJS::Machine::runBlock (args=<value optimized out>, thisObj=<value
optimized out>, exec=<value optimized out>, this=<value optimized out>) at
codes.def:1204
#18 0x00007febe9138504 in KJS::FunctionImp::callAsFunction
(this=0x7febe1b439c0, exec=0x7fff48969f10, thisObj=<value optimized out>,
args=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.95/kjs/function.cpp:172
#19 0x00007febe9159b17 in call (args=<value optimized out>, thisObj=<value
optimized out>, exec=<value optimized out>, this=<value optimized out>) at
/usr/src/debug/kdelibs-4.4.95/kjs/object.h:616
#20 KJS::Machine::runBlock (args=<value optimized out>, thisObj=<value
optimized out>, exec=<value optimized out>, this=<value optimized out>) at
codes.def:1204
#21 0x00007febe910f9a3 in KJS::FunctionBodyNode::execute (this=0x9d04c80,
exec=0x7fff48969f10) at /usr/src/debug/kdelibs-4.4.95/kjs/nodes.cpp:927
#22 0x00007febe9140cab in KJS::Interpreter::evaluate (this=0x8bdd3e0,
sourceURL=..., startingLineNumber=0, code=<value optimized out>,
codeLength=<value optimized out>, thisV=0x7febe5000980)
    at /usr/src/debug/kdelibs-4.4.95/kjs/interpreter.cpp:556
#23 0x00007febe9140e13 in KJS::Interpreter::evaluate (this=0xb0, sourceURL=...,
startingLineNumber=1217823152, code=<value optimized out>, thisV=<value
optimized out>)
    at /usr/src/debug/kdelibs-4.4.95/kjs/interpreter.cpp:496
#24 0x00007febe9a5ac33 in KJSProxy::evaluate (this=0x96c5560, filename=) at
/usr/src/debug/kdelibs-4.4.95/khtml/ecma/kjs_proxy.cpp:126
#25 0x00007febe97e7295 in KHTMLPart::executeScript (this=0x92877d0,
filename=..., baseLine=<value optimized out>, n=<value optimized out>,
script=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.95/khtml/khtml_part.cpp:1282
Comment 4 Dario Andres 2010-12-15 18:10:27 UTC 
*** Bug 246733 has been marked as a duplicate of this bug. ***
Comment 5 Tommi Tervo 2011-02-05 08:38:37 UTC 
*** Bug 265478 has been marked as a duplicate of this bug. ***
Comment 6 Christophe Marin 2011-09-26 07:42:19 UTC 
*** Bug 255122 has been marked as a duplicate of this bug. ***
Comment 7 Justin Zobel 2020-12-03 22:52:54 UTC 
Thank you for the report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 8 Cyrille Dunant 2020-12-04 08:37:42 UTC 
I don't have KDE4 installed any more. I cannot confirm or infirm the report.
Comment 9 Justin Zobel 2022-11-06 23:48:19 UTC 
Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!
Comment 10 Bug Janitor Service 2022-11-21 05:11:59 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 11 Bug Janitor Service 2022-12-06 05:18:31 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!