Bug 234674

Summary: Crash on imdb.com
Product: [Applications] konqueror Reporter: paragw
Component: khtml rendererAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: m.wege
Priority: NOR    
Version: 4.4.2   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: http://commits.kde.org/kdelibs/3a6edd8d183140da3ea042f91933b6d4756d5f7e Version Fixed In: 4.11.4
Sentry Crash Report:

Description paragw 2010-04-18 06:51:13 UTC 
Application: konqueror (4.4.2 (KDE 4.4.2))
KDE Platform Version: 4.4.2 (KDE 4.4.2)
Qt Version: 4.6.2
Operating System: Linux 2.6.34-rc4 x86_64
Distribution: Ubuntu lucid (development branch)

-- Information about the crash:
Visiting http://www.imdb.com/title/tt0887912/plotsummary thru a google search led to this crash.

The crash can be reproduced every time.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7fb3aa878760 (LWP 2174))]

Thread 4 (Thread 0x7fb38d3c1710 (LWP 2228)):
#0  0xffffffffff60017b in ?? ()
#1  0x00007fb38d3c0aa0 in ?? ()
#2  0x00007fff5f9ff852 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 3 (Thread 0x7fb38a59a710 (LWP 2707)):
#0  0x00007fb3a8ac7bc9 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007fb3a8d53692 in QWaitConditionPrivate::wait (this=<value optimized out>, mutex=0x2708380, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x2708380, time=30000) at thread/qwaitcondition_unix.cpp:159
#3  0x00007fb3a8d48a79 in QThreadPoolThread::run (this=0x2cd5b10) at concurrent/qthreadpool.cpp:140
#4  0x00007fb3a8d52775 in QThreadPrivate::start (arg=0x2cd5b10) at thread/qthread_unix.cpp:248
#5  0x00007fb3a8ac29ca in start_thread () from /lib/libpthread.so.0
#6  0x00007fb3a787569d in clone () from /lib/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fb38ad9b710 (LWP 2710)):
#0  0x00007fb3a8ac7bc9 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007fb3a8d53692 in QWaitConditionPrivate::wait (this=<value optimized out>, mutex=0x2708380, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x2708380, time=30000) at thread/qwaitcondition_unix.cpp:159
#3  0x00007fb3a8d48a79 in QThreadPoolThread::run (this=0x2702c10) at concurrent/qthreadpool.cpp:140
#4  0x00007fb3a8d52775 in QThreadPrivate::start (arg=0x2702c10) at thread/qthread_unix.cpp:248
#5  0x00007fb3a8ac29ca in start_thread () from /lib/libpthread.so.0
#6  0x00007fb3a787569d in clone () from /lib/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fb3aa878760 (LWP 2174)):
[KCrash Handler]
#5  khtml::RenderLayer::setHasVisibleContent (this=0x0, b=true) at ../../khtml/rendering/render_layer.cpp:286
#6  0x00007fb3963dd39f in khtml::RenderContainer::appendChildNode (this=0x2cd0df0, newChild=0x2cb82a8) at ../../khtml/rendering/render_container.cpp:550
#7  0x00007fb3963dd944 in khtml::RenderContainer::addChild (this=0x2cd0df0, newChild=0x2cb82a8, beforeChild=0x0) at ../../khtml/rendering/render_container.cpp:135
#8  0x00007fb3963c79a6 in khtml::RenderInline::addChildToFlow (this=0x2cd0df0, newChild=0x2cb82a8, beforeChild=0x0) at ../../khtml/rendering/render_inline.cpp:103
#9  0x00007fb3963c74fa in khtml::RenderInline::splitInlines (this=0x2cd10e8, fromBlock=0x2cd17b0, toBlock=0x2cd1638, middleBlock=<value optimized out>, beforeChild=0x2cb82a8, 
    oldCont=<value optimized out>) at ../../khtml/rendering/render_inline.cpp:130
#10 0x00007fb3963c77f2 in khtml::RenderInline::splitFlow (this=0x2cd10e8, beforeChild=<value optimized out>, newBlockBox=0x2cd1928, newChild=<value optimized out>, oldCont=<value optimized out>)
    at ../../khtml/rendering/render_inline.cpp:224
#11 0x00007fb39632249b in DOM::NodeImpl::createRendererIfNeeded (this=0x4c7cad0) at ../../khtml/xml/dom_nodeimpl.cpp:1084
#12 0x00007fb39632d5c9 in DOM::ElementImpl::attach (this=0x0) at ../../khtml/xml/dom_elementimpl.cpp:888
#13 0x00007fb3963a4081 in DOM::HTMLTableElementImpl::attach (this=0x4c7cad0) at ../../khtml/html/html_tableimpl.cpp:595
#14 0x00007fb39632e7e4 in DOM::ElementImpl::recalcStyle (this=0x4c7cad0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:986
#15 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#16 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x32e4940, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#17 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#18 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x312d5f0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#19 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#20 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x2d2e2c0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#21 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#22 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x3385d50, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#23 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#24 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x422b140, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#25 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#26 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x3b343d0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#27 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#28 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x4a2caa0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#29 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#30 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x421fbc0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#31 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#32 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x3d12c70, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#33 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#34 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x30325b0, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#35 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#36 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x4a08560, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#37 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#38 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x316b730, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#39 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#40 0x00007fb39632e717 in DOM::ElementImpl::recalcStyle (this=0x4ac6e60, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_elementimpl.cpp:1015
#41 0x00007fb396379919 in DOM::HTMLElementImpl::recalcStyle (this=0x0, ch=DOM::NodeImpl::NoInherit) at ../../khtml/html/html_elementimpl.cpp:238
#42 0x00007fb39631d9ff in DOM::DocumentImpl::recalcStyle (this=0x3bb2680, change=DOM::NodeImpl::Force) at ../../khtml/xml/dom_docimpl.cpp:1435
#43 0x00007fb396318f3e in DOM::DocumentImpl::updateStyleSelector (this=0x3bb2680, shallow=<value optimized out>) at ../../khtml/xml/dom_docimpl.cpp:2215
#44 0x00007fb396374bdc in DOM::HTMLStyleElementImpl::parseText (this=0x267a470) at ../../khtml/html/html_headimpl.cpp:667
#45 0x00007fb396325431 in DOM::NodeImpl::dispatchSubtreeModifiedEvent (this=0x0) at ../../khtml/xml/dom_nodeimpl.cpp:670
#46 0x00007fb39632573e in DOM::NodeBaseImpl::appendChild (this=0x267a470, newChild=0x371d670, exceptioncode=@0x7fff5f83e7d8) at ../../khtml/xml/dom_nodeimpl.cpp:1740
#47 0x00007fb3964bcc08 in KJS::DOMNode::putValueProperty (this=<value optimized out>, exec=0x7fff5f83f110, token=<value optimized out>, value=0x7fb3940fc900) at ../../khtml/ecma/kjs_dom.cpp:453
#48 0x00007fb3964d7d9c in lookupPut<KJS::HTMLElement, KJS::DOMElement> (this=0x7fb39406a400, exec=0x7fff5f83f110, propertyName=..., value=0x7fb3940fc900, attr=0) at ../../kjs/lookup.h:266
#49 KJS::HTMLElement::put (this=0x7fb39406a400, exec=0x7fff5f83f110, propertyName=..., value=0x7fb3940fc900, attr=0) at ../../khtml/ecma/kjs_html.cpp:2370
#50 0x00007fb395a4147a in KJS::Machine::runBlock (exec=0x7fff5f83f110, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:660
#51 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406d280, exec=0x7fff5f83faf0, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#52 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#53 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f83faf0, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#54 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406d100, exec=0x7fff5f8404d0, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#55 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#56 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f8404d0, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#57 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406e000, exec=0x7fff5f840f80, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#58 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#59 0x00007fb395a10295 in KJS::FunctionProtoFunc::callAsFunction (this=<value optimized out>, exec=0x7fff5f840f80, thisObj=0x7fb39406e000, args=<value optimized out>)
    at ../../kjs/function_object.cpp:123
#60 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#61 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f840f80, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#62 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406d700, exec=0x7fff5f841960, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#63 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#64 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f841960, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#65 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406d080, exec=0x7fff5f842340, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#66 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#67 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f842340, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#68 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406d980, exec=0x7fff5f842d20, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#69 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#70 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f842d20, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#71 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406da80, exec=0x7fff5f843700, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#72 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#73 0x00007fb395a49ad4 in KJS::Machine::runBlock (exec=0x7fff5f843700, codeBlock=<value optimized out>, parentExec=<value optimized out>) at codes.def:1192
#74 0x00007fb395a29efa in KJS::FunctionImp::callAsFunction (this=0x7fb39406da00, exec=0x27bee60, thisObj=<value optimized out>, args=<value optimized out>) at ../../kjs/function.cpp:144
#75 0x00007fb395a2d7a9 in KJS::JSObject::call (this=0x0, exec=0x18, thisObj=0x0, args=...) at ../../kjs/object.cpp:70
#76 0x00007fb3964f3d72 in KJS::ScheduledAction::execute (this=0x2d5c890, window=0x7fb39d4a0000) at ../../khtml/ecma/kjs_window.cpp:2186
#77 0x00007fb3964f56d3 in KJS::WindowQObject::timerEvent (this=0x26019d0) at ../../khtml/ecma/kjs_window.cpp:2362
#78 0x00007fb3a8e56a63 in QObject::event (this=0x26019d0, e=0x7fff5f8440f0) at kernel/qobject.cpp:1212
#79 0x00007fb3a7fe322c in QApplicationPrivate::notify_helper (this=0x1a3c670, receiver=0x26019d0, e=0x7fff5f8440f0) at kernel/qapplication.cpp:4300
#80 0x00007fb3a7fe96fb in QApplication::notify (this=0x7fff5f844690, receiver=0x26019d0, e=0x7fff5f8440f0) at kernel/qapplication.cpp:4183
#81 0x00007fb3a938e526 in KApplication::notify (this=0x7fff5f844690, receiver=0x26019d0, event=0x7fff5f8440f0) at ../../kdeui/kernel/kapplication.cpp:302
#82 0x00007fb3a8e4706c in QCoreApplication::notifyInternal (this=0x7fff5f844690, receiver=0x26019d0, event=0x7fff5f8440f0) at kernel/qcoreapplication.cpp:704
#83 0x00007fb3a8e73d42 in QCoreApplication::sendEvent (this=0x1a402e0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#84 QTimerInfoList::activateTimers (this=0x1a402e0) at kernel/qeventdispatcher_unix.cpp:603
#85 0x00007fb3a8e70824 in timerSourceDispatch (source=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:184
#86 0x00007fb3a422a8c2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#87 0x00007fb3a422e748 in ?? () from /lib/libglib-2.0.so.0
#88 0x00007fb3a422e8fc in g_main_context_iteration () from /lib/libglib-2.0.so.0
#89 0x00007fb3a8e70513 in QEventDispatcherGlib::processEvents (this=0x19b0140, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412
#90 0x00007fb3a809346e in QGuiEventDispatcherGlib::processEvents (this=0x0, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#91 0x00007fb3a8e45992 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#92 0x00007fb3a8e45d6c in QEventLoop::exec (this=0x7fff5f844390, flags=) at kernel/qeventloop.cpp:201
#93 0x00007fb3a8e49aab in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#94 0x00007fb39de88076 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#95 0x00000000004070f3 in _start ()

Reported using DrKonqi
Comment 1 Dawit Alemayehu 2011-11-19 19:28:23 UTC 
Cannot reproduce with KDE 4.7.3. Feel free to reopen the ticket if that is not the case for you.
Comment 2 Dawit Alemayehu 2012-01-27 16:59:21 UTC 
*** Bug 291158 has been marked as a duplicate of this bug. ***
Comment 3 Dawit Alemayehu 2012-01-27 17:00:24 UTC 
Ignore comment #1 since the exact same crash was reproduced by another reporter in most recent versions of KDE. See comment #2.
Comment 4 Andrea Iacovitti 2013-11-19 16:11:01 UTC 
Git commit 3a6edd8d183140da3ea042f91933b6d4756d5f7e by Andrea Iacovitti.
Committed on 19/11/2013 at 16:08.
Pushed by aiacovitti into branch 'KDE/4.11'.

Crash protection against null layer.
FIXED-IN: 4.11.4

M  +20   -8    khtml/rendering/render_container.cpp
M  +9    -4    khtml/xml/dom2_eventsimpl.cpp

http://commits.kde.org/kdelibs/3a6edd8d183140da3ea042f91933b6d4756d5f7e