| Summary: | Infinite recursion in khtml::RenderWidget::handleEvent | ||
|---|---|---|---|
| Product: | [Applications] konqueror | Reporter: | Christoph Feck <cfeck> |
| Component: | khtml forms | Assignee: | Konqueror Developers <konq-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | aiacovitti, baldosoft, bugs, jlp, kde, mmodem00, rasasi78, richih-kde, wannespam, xaver.xn |
| Priority: | NOR | ||
| Version: | 4.8.3 | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | http://commits.kde.org/kdelibs/5feb2da93c4fcd18d3a38659abb9fb040704d123 | Version Fixed In: | 4.8.4 |
| Sentry Crash Report: | |||
| Attachments: |
crashtest 1/2
testcrash 2/2 Possible patch Valgrind log for the crash. testcase: IFRAME whose content is the attachment at comment #2 |
||
|
Description
Christoph Feck
2010-07-08 03:46:06 UTC
Created attachment 48699 [details]
crashtest 1/2
crashtest (to be used with iframe_crash.html)
Created attachment 48700 [details]
testcrash 2/2
crash test 2/2 (to be used with crash.html)
Very similar crash here: #16682 0x00007f24e2f9ffed in KHTMLView::mouseMoveEvent (this=0x20ca010, _mouse=0x7ffff24633d0) at /d/kde/src/4/kdelibs/khtml/khtmlview.cpp:1362 #16683 0x00007f24f1d0791d in QWidget::event (this=0x20ca010, event=0x7ffff24633d0) at kernel/qwidget.cpp:8006 #16684 0x00007f24f21e1de7 in QFrame::event (this=0x20ca010, e=0x7ffff24633d0) at widgets/qframe.cpp:557 #16685 0x00007f24e2fa52c5 in KHTMLView::widgetEvent (this=0x20ca010, e=0x7ffff24633d0) at /d/kde/src/4/kdelibs/khtml/khtmlview.cpp:2362 #16686 0x00007f24e2fa4ad9 in KHTMLView::eventFilter (this=0x20ca010, o=0x20dcab0, e=0x7ffff24633d0) at /d/kde/src/4/kdelibs/khtml/khtmlview.cpp:2207 #16687 0x00007f24f31012ab in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x18afbb0, receiver=0x20dcab0, event=0x7ffff24633d0) at kernel/qcoreapplication.c pp:819 #16688 0x00007f24f1c93b09 in QApplicationPrivate::notify_helper (this=0x18afbb0, receiver=0x20dcab0, e=0x7ffff24633d0) at kernel/qapplication.cpp:4296 #16689 0x00007f24f1c919da in QApplication::notify (this=0x7ffff28bf310, receiver=0x24d8950, e=0x7ffff2463950) at kernel/qapplication.cpp:3865 #16690 0x00007f24f3eae6f9 in KApplication::notify (this=0x7ffff28bf310, receiver=0x24d8950, event=0x7ffff2463950) at /d/kde/src/4/kdelibs/kdeui/kernel/kapplication.cpp:309 #16691 0x00007f24f3100f90 in QCoreApplication::notifyInternal (this=0x7ffff28bf310, receiver=0x24d8950, event=0x7ffff2463950) at kernel/qcoreapplication.cpp:704 #16692 0x00007f24e2fb4edf in QCoreApplication::sendEvent (receiver=0x24d8950, event=0x7ffff2463950) at /d/qt/4/kde-qt-4.6/include/QtCore/../../src/corelib/kernel/qcoreappl ication.h:215 #16693 0x00007f24e31bb64c in khtml::RenderWidget::handleEvent (this=0x23f3608, ev=...) at /d/kde/src/4/kdelibs/khtml/rendering/render_replaced.cpp:1069 #16694 0x00007f24e30f0bb8 in DOM::HTMLFrameElementImpl::defaultEventHandler (this=0x24ca3a0, e=0x2ed82c0) at /d/kde/src/4/kdelibs/khtml/html/html_baseimpl.cpp:303 #16695 0x00007f24e3073a02 in DOM::NodeImpl::dispatchGenericEvent (this=0x24ca3b0, evt=0x2ed82c0) at /d/kde/src/4/kdelibs/khtml/xml/dom_nodeimpl.cpp:494 #16696 0x00007f24e3073408 in DOM::NodeImpl::dispatchEvent (this=0x24ca3b0, evt=0x2ed82c0, exceptioncode=@0x7ffff2463f54, tempEvent=true) at /d/kde/src/4/kdelibs/khtml/xml/ dom_nodeimpl.cpp:401 #16697 0x00007f24e2fae485 in KHTMLView::dispatchMouseEvent (this=0x20ca010, eventId=7, targetNode=0x24ca3b0, targetNodeNonShared=0x2452960, cancelable=false, detail=0, _mo use=0x7ffff24649f0, setUnder=true, mouseEventType=4, orient=0) at /d/kde/src/4/kdelibs/khtml/khtmlview.cpp:3747 #16698 0x00007f24e2f9ffed in KHTMLView::mouseMoveEvent (this=0x20ca010, _mouse=0x7ffff24649f0) at /d/kde/src/4/kdelibs/khtml/khtmlview.cpp:1362 #16699 0x00007f24f1d0791d in QWidget::event (this=0x20ca010, event=0x7ffff24649f0) at kernel/qwidget.cpp:8006 how do trigger the crash: 1) open the crash.html file 2) click on both radio buttons 3) click on the submit button 4) click again the radio buttons crash *** Bug 269830 has been marked as a duplicate of this bug. *** The bug is still reproducible with todays' trunk and the link from comment #0. Bug 269830 mentions an important detail: you have to disable JavaScript. With or without javascript enabled, I am not able to reproduce this bug from the captcha. I got the example to crash konqueror when used from a local file-directory, but not when accessed via http. Not sure what is going on with that. Created attachment 58482 [details]
Possible patch
A part of the infinite loop had comments above it, warning of event duplication and question the need to do it. This patch simplies disables that part, hopefully this doesn't break anything.
Thanks Allen, the patch fixes the bug. If there are regressions because of this, I will report them clearly indicating that I applied this patch. This is not a good patch, i have done tests building kdelibs with and without the patch and with the patch applied in severall websites konqueror takes forever to load, seams like theres no internet. Althoutgh this patch does fix this problem, but since causes a major issue. What you see has nothing to do with this patch, but is a recent kio issue. And you already noticed it yourself, see bug 271896... Yes, please ignore my previous comment. Why not commit it in trunk? Allen, I am using your patch since nearly two months now, and I did not see any regressions. Could you commit it to master? (In reply to comment #7) > Created an attachment (id=58482) [details] > Possible patch > > A part of the infinite loop had comments above it, warning of event duplication > and question the need to do it. This patch simplies disables that part, > hopefully this doesn't break anything. Your patch fixes another bad bug i encountered: open http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe and try to scroll down the iframe on the left of page by left clicking an moving down the vertical scrollbar -> konq will first block then simply die with "Segmentation fault". *** Bug 271113 has been marked as a duplicate of this bug. *** *** Bug 270829 has been marked as a duplicate of this bug. *** Hi: I triaged this bug at http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe I couldn't get konqueror to crash with either of the tescase files or the URL reported by the original reporter. I'm attaching a valgrind log which indicates that this bug leads to a stack overflow. I cam here since I myself had a stack overflow crash, only with a different top part KJS related (KJS::Machine::runBlock KJS::FunctionImp::callAsFunction). If you are interested I got this crash when I chose firefox 3.6 as UA on gmail and I moved around while viewing an HTML draft message. If this bug is about stack overflow maybe worthwhile to also take a look at https://bugs.kde.org/show_bug.cgi?id=258111 and eventually to mark it as duplicate. HTH, Created attachment 68389 [details]
Valgrind log for the crash.
Crash reproduced on KDE 4.7.4 on Debian testing.
http://www.atm-molise.it/orari.asp is another page that makes konqueror close with "segmentstion fault" error: just try to scroll one of the SELECT element by moving the scollbar with the mouse. Patch in comment #7 fixes the issue. @Allan: I am using your patch since you posted it and AFAICT I have not observed any regression *** Bug 299181 has been marked as a duplicate of this bug. *** Created attachment 71388 [details] testcase: IFRAME whose content is the attachment at comment #2 Git commit 5feb2da93c4fcd18d3a38659abb9fb040704d123 by Andrea Iacovitti. Committed on 28/05/2012 at 07:18. Pushed by aiacovitti into branch 'KDE/4.8'. Do not duplicate mouse move events (patch by Allan Sandfeld) FIXED-IN: 4.8.4 M +2 -2 khtml/rendering/render_replaced.cpp http://commits.kde.org/kdelibs/5feb2da93c4fcd18d3a38659abb9fb040704d123 *** Bug 279570 has been marked as a duplicate of this bug. *** *** Bug 226737 has been marked as a duplicate of this bug. *** |