Bug 225332

Summary: konqueror crashes by entering to a web page
Product: [Applications] konqueror Reporter: Gatoso <gatoso>
Component: kjsAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: dieselmachine, faure
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: minimal reduction (will crash)

Description Gatoso 2010-02-03 00:25:57 UTC 
Application that crashed: konqueror
Version of the application: 4.3.4 (KDE 4.3.4)
KDE Version: 4.3.4 (KDE 4.3.4)
Qt Version: 4.5.3
Operating System: Linux 2.6.32-ARCH i686

What I was doing when the application crashed:
when I enter in this web page: 

http://www.elartedeprogramar.cl

konqueror crashes

Thanls a lot

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0xb55fb920 (LWP 10277))]

Thread 3 (Thread 0xb0000b70 (LWP 10292)):
#0  0xb77ee424 in __kernel_vsyscall ()
#1  0xb758d182 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb75eafef in QWaitConditionPrivate::wait (this=0x946add0, mutex=0x946adcc, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  QWaitCondition::wait (this=0x946add0, mutex=0x946adcc, time=30000) at thread/qwaitcondition_unix.cpp:159
#4  0xb75e083e in QThreadPoolThread::run (this=0x946af18) at concurrent/qthreadpool.cpp:140
#5  0xb75ea052 in QThreadPrivate::start (arg=0x946af18) at thread/qthread_unix.cpp:188
#6  0xb75888ac in start_thread () from /lib/libpthread.so.0
#7  0xb601c01e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xaf5ffb70 (LWP 10293)):
#0  0xb77ee424 in __kernel_vsyscall ()
#1  0xb758d182 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb75eafef in QWaitConditionPrivate::wait (this=0x946add0, mutex=0x946adcc, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  QWaitCondition::wait (this=0x946add0, mutex=0x946adcc, time=30000) at thread/qwaitcondition_unix.cpp:159
#4  0xb75e083e in QThreadPoolThread::run (this=0x946c2c8) at concurrent/qthreadpool.cpp:140
#5  0xb75ea052 in QThreadPrivate::start (arg=0x946c2c8) at thread/qthread_unix.cpp:188
#6  0xb75888ac in start_thread () from /lib/libpthread.so.0
#7  0xb601c01e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb55fb920 (LWP 10277)):
[KCrash Handler]
#6  0xb14cf4e3 in KJS::RegExp::match (this=0x94608c8, s=..., error=0xbfd2ad7f, i=2, pos=0xbfd2ad78, ovector=0xbfd2ad74) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/regexp.cpp:414
#7  0xb14e6da0 in KJS::RegExpObjectImp::performMatch (this=0xaf7b9220, r=0x94608c8, exec=0xbfd2b404, s=..., startOffset=2, endOffset=0xbfd2aed0, ovector=0xbfd2aebc)
    at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/regexp_object.cpp:254
#8  0xb14d5ac3 in replace (this=0xae980fa0, exec=0xbfd2b404, thisObj=0xae93b240, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/string_object.cpp:369
#9  KJS::StringProtoFunc::callAsFunction (this=0xae980fa0, exec=0xbfd2b404, thisObj=0xae93b240, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/string_object.cpp:611
#10 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2b404, thisObj=0xae93b240, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#11 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2b404, codeBlock=..., parentExec=0xbfd2b884) at codes.def:1192
#12 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xaf76e380, exec=0xbfd2b884, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#13 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2b884, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#14 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2b884, codeBlock=..., parentExec=0xbfd2bd04) at codes.def:1192
#15 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9f2760, exec=0xbfd2bd04, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#16 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2bd04, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#17 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2bd04, codeBlock=..., parentExec=0xbfd2c184) at codes.def:1192
#18 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9fdde0, exec=0xbfd2c184, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#19 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2c184, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#20 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2c184, codeBlock=..., parentExec=0xbfd2c604) at codes.def:1192
#21 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9fdf00, exec=0xbfd2c604, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#22 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2c604, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#23 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2c604, codeBlock=..., parentExec=0xbfd2ca84) at codes.def:1192
#24 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9fe7e0, exec=0xbfd2ca84, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#25 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2ca84, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#26 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2ca84, codeBlock=..., parentExec=0xbfd2cf04) at codes.def:1192
#27 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9feaa0, exec=0xbfd2cf04, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#28 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2cf04, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#29 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2cf04, codeBlock=..., parentExec=0xbfd2d384) at codes.def:1192
#30 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9feb00, exec=0xbfd2d384, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#31 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0xbfd2d384, thisObj=0xaf7bd680, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#32 0xb150efef in KJS::Machine::runBlock (exec=0xbfd2d384, codeBlock=..., parentExec=0x829a970) at codes.def:1192
#33 0xb14ed98b in KJS::FunctionImp::callAsFunction (this=0xae9e0700, exec=0x829a970, thisObj=0xaf7f0080, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/function.cpp:144
#34 0xb14f150d in KJS::JSObject::call (this=0x2, exec=0x829a970, thisObj=0xaf7f0080, args=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kjs/object.cpp:69
#35 0xb1a12cc7 in KJS::JSEventListener::handleEvent (this=0x9bdb148, evt=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/khtml/ecma/kjs_events.cpp:106
#36 0xb1a1d060 in KJS::XMLHttpRequest::changeState (this=0xaf7f0280, newState=KJS::XHRS_Loaded) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/khtml/ecma/xmlhttprequest.cpp:348
#37 0xb1a1ea04 in KJS::XMLHttpRequest::slotFinished (this=0xaf7f0280) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/khtml/ecma/xmlhttprequest.cpp:720
#38 0xb1a1fc52 in KJS::XMLHttpRequestQObject::slotFinished (this=0xc296988, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xbfd2d6b8)
    at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/khtml/ecma/xmlhttprequest.cpp:93
#39 KJS::XMLHttpRequestQObject::qt_metacall (this=0xc296988, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xbfd2d6b8) at /home/jan/kdemod/core/kdelibs/src/build/khtml/xmlhttprequest.moc:72
#40 0xb76edfdc in QMetaObject::activate (sender=0xbd4f288, from_signal_index=<value optimized out>, to_signal_index=7, argv=0x0) at kernel/qobject.cpp:3112
#41 0xb76eec12 in QMetaObject::activate (sender=0xbd4f288, m=0xb757ae88, local_signal_index=3, argv=0xbfd2d6b8) at kernel/qobject.cpp:3186
#42 0xb73dbef3 in KJob::result (this=0xbd4f288, _t1=0xbd4f288) at /home/jan/kdemod/core/kdelibs/src/build/kdecore/kjob.moc:188
#43 0xb73dc379 in KJob::emitResult (this=0xbd4f288) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kdecore/jobs/kjob.cpp:304
#44 0xb6fbe580 in KIO::SimpleJob::slotFinished (this=0xbd4f288) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kio/kio/job.cpp:477
#45 0xb6fbea9a in KIO::TransferJob::slotFinished (this=0xbd4f288) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kio/kio/job.cpp:948
#46 0xb6fbc7c3 in KIO::TransferJob::qt_metacall (this=0xbd4f288, _c=QMetaObject::InvokeMetaMethod, _id=47, _a=0xbfd2d91c) at /home/jan/kdemod/core/kdelibs/src/build/kio/jobclasses.moc:343
#47 0xb76edfdc in QMetaObject::activate (sender=0x92df5a8, from_signal_index=<value optimized out>, to_signal_index=8, argv=0x0) at kernel/qobject.cpp:3112
#48 0xb76eec12 in QMetaObject::activate (sender=0x92df5a8, m=0xb719fb84, local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3186
#49 0xb7087c37 in KIO::SlaveInterface::finished (this=0x92df5a8) at /home/jan/kdemod/core/kdelibs/src/build/kio/slaveinterface.moc:165
#50 0xb708bb2d in KIO::SlaveInterface::dispatch (this=0x92df5a8, _cmd=104, rawdata=...) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kio/kio/slaveinterface.cpp:175
#51 0xb70880f3 in KIO::SlaveInterface::dispatch (this=0x92df5a8) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kio/kio/slaveinterface.cpp:91
#52 0xb707a1ea in KIO::Slave::gotInput (this=0x92df5a8) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kio/kio/slave.cpp:322
#53 0xb707c5e3 in KIO::Slave::qt_metacall (this=0x92df5a8, _c=QMetaObject::InvokeMetaMethod, _id=30, _a=0xbfd2dbfc) at /home/jan/kdemod/core/kdelibs/src/build/kio/slave.moc:76
#54 0xb76edfdc in QMetaObject::activate (sender=0x9695260, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3112
#55 0xb76eec12 in QMetaObject::activate (sender=0x9695260, m=0xb719c4c0, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3186
#56 0xb6f84ef7 in KIO::Connection::readyRead (this=0x9695260) at /home/jan/kdemod/core/kdelibs/src/build/kio/connection.moc:86
#57 0xb6f86cae in KIO::ConnectionPrivate::dequeue (this=0x98f9098) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kio/kio/connection.cpp:82
#58 0xb6f86dde in KIO::Connection::qt_metacall (this=0x9695260, _c=QMetaObject::InvokeMetaMethod, _id=5, _a=0xbdd45e8) at /home/jan/kdemod/core/kdelibs/src/build/kio/connection.moc:73
#59 0xb76e6ccb in QMetaCallEvent::placeMetaCall (this=0xbdcaa58, object=0x9695260) at kernel/qobject.cpp:477
#60 0xb76e83ce in QObject::event (this=0x9695260, e=0xbdcaa58) at kernel/qobject.cpp:1110
#61 0xb62a9924 in QApplicationPrivate::notify_helper (this=0x814cd80, receiver=0x9695260, e=0xbdcaa58) at kernel/qapplication.cpp:4065
#62 0xb62b100c in QApplication::notify (this=0xbfd2e534, receiver=0x9695260, e=0xbdcaa58) at kernel/qapplication.cpp:3605
#63 0xb6cec60a in KApplication::notify (this=0xbfd2e534, receiver=0x9695260, event=0xbdcaa58) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kdeui/kernel/kapplication.cpp:302
#64 0xb76d85bb in QCoreApplication::notifyInternal (this=0xbfd2e534, receiver=0x9695260, event=0xbdcaa58) at kernel/qcoreapplication.cpp:610
#65 0xb76d91e2 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0x80b01f0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#66 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x80b01f0) at kernel/qcoreapplication.cpp:1247
#67 0xb76d93ad in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1140
#68 0xb77031cf in QCoreApplication::sendPostedEvents (s=0x814f110) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#69 postEventSourceDispatch (s=0x814f110) at kernel/qeventdispatcher_glib.cpp:276
#70 0xb5eaf378 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#71 0xb5eb2bf0 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#72 0xb5eb2d23 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#73 0xb7702d25 in QEventDispatcherGlib::processEvents (this=0x80b1c20, flags=...) at kernel/qeventdispatcher_glib.cpp:407
#74 0xb6347705 in QGuiEventDispatcherGlib::processEvents (this=0x80b1c20, flags=...) at kernel/qguieventdispatcher_glib.cpp:202
#75 0xb76d6ba9 in QEventLoop::processEvents (this=0xbfd2e3f4, flags=) at kernel/qeventloop.cpp:149
#76 0xb76d6ffa in QEventLoop::exec (this=0xbfd2e3f4, flags=...) at kernel/qeventloop.cpp:201
#77 0xb76d946f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#78 0xb62a97a7 in QApplication::exec () at kernel/qapplication.cpp:3525
#79 0xb4036f0f in kdemain (argc=2, argv=0x80afd10) at /home/jan/kdemod/core/kdebase/src/kdebase-4.3.4/apps/konqueror/src/konqmain.cpp:271
#80 0x0804de42 in launch (argc=<value optimized out>, _name=<value optimized out>, args=<value optimized out>, cwd=0x0, envc=0, envs=0x8103f54 "", reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x8103f58 "zuargo-archlinux;1265153101;436187;4582_TIME2086984") at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kinit/kinit.cpp:677
#81 0x0804e9ad in handle_launcher_request (sock=<value optimized out>, who=<value optimized out>) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kinit/kinit.cpp:1169
#82 0x0804ee44 in handle_requests (waitForPid=<value optimized out>) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kinit/kinit.cpp:1362
#83 0x0804f63f in main (argc=2, argv=0xbfd2f044, envp=0xbfd2f050) at /home/jan/kdemod/core/kdelibs/src/kdelibs-4.3.4/kinit/kinit.cpp:1793

Reported using DrKonqi
Comment 1 David Faure 2010-02-03 00:41:24 UTC 
processing parameters for (internal) call                                                                                                       
setting parameter textKJS: to:  : String (0x20c41dc0)                                                                                           
KJS: returning:  : String (0x20c417c0)                                                                                                          
KJS: returning: <img src="http://www.elartedeprogramar.cl/foro/chat/img/emoticons/grin.png" alt=":D" /> : String (0x20c41780)
            
konqueror: /d/kde/src/t/kdelibs/kjs/regexp.cpp:378: KJS::UString KJS::RegExp::match(const KJS::UString&, bool*, int, int*, int**): Assertion `s.data() == _originalS.data()' failed.
Comment 2 Germain Garand 2010-02-03 13:13:42 UTC 
Created attachment 40495 [details]
minimal reduction (will crash)
Comment 3 Maksim Orlovich 2010-06-05 19:44:53 UTC 
*** Bug 239957 has been marked as a duplicate of this bug. ***
Comment 4 Maksim Orlovich 2010-06-05 20:04:16 UTC 
SVN commit 1134920 by orlovich:

Fix problems with reentry of operations on the same regexp object
from helper JS functions passed to its ops, by properly separating out 
per-match state out of RegExp.

BUG:225332
CCBUG: 213606
(#213606 no longer crashes, but I am concerned about an another warning in the vg log there)



 M  +20 -23    regexp.cpp  
 M  +27 -16    regexp.h  
 M  +7 -5      regexp_object.cpp  
 M  +2 -1      regexp_object.h  
 M  +11 -12    string_object.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1134920