Bug 262149

Summary:	crashes while surfing the pages that generated by sigplus component of Joomla.
Product:	[Applications] konqueror	Reporter:	Fehmi Demiralp <f.demiralp>
Component:	khtml	Assignee:	Konqueror Developers <konq-bugs>
Status:	RESOLVED FIXED
Severity:	crash	CC:	12cool725, aiacovitti, jlp, kavol, kdebugs, kollix, rasasi78, teo78, theuteck
Priority:	NOR	Keywords:	investigated
Version:	4.9.98 RC3
Target Milestone:	---
Platform:	Fedora RPMs
OS:	Linux
Latest Commit:	http://commits.kde.org/kdelibs/d1745120d69babfc89ed92b8d0e951b9627d6097	Version Fixed In:	4.10.1
Sentry Crash Report:
Attachments:	New crash information added by DrKonqi New crash information added by DrKonqi New crash information added by DrKonqi

Description Fehmi Demiralp 2011-01-05 03:04:49 UTC

Application: konqueror (4.5.4 (KDE 4.5.4))
KDE Platform Version: 4.5.4 (KDE 4.5.4)
Qt Version: 4.7.1
Operating System: Linux 2.6.35.10-74.fc14.i686.PAE i686
Distribution: "Fedora release 14 (Laughlin)"

-- Information about the crash:
- What I was doing when the application crashed:

visiting website http://hunyadi.info.hu/en/projects/sigplus-demo.
while surfing if a picture on the website is being clicked, a popup windows is openned but some times it cause a crash.

The crash can be reproduced some of the time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb77659b0 (LWP 19331))]

Thread 13 (Thread 0xb74d6b70 (LWP 19332)):
#0  0x00272c52 in __i686.get_pc_thunk.bx () from /lib/libc.so.6
#1  0x0032daad in poll () from /lib/libc.so.6
#2  0x05990dac in g_poll (fds=0xb6b029c0, nfds=1, timeout=-1) at gpoll.c:132
#3  0x059808b7 in g_main_context_poll (context=0x8aecd40, block=1, dispatch=1, self=<value optimized out>) at gmain.c:3093
#4  g_main_context_iterate (context=0x8aecd40, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2775
#5  0x0598104b in g_main_loop_run (loop=0x8aecdc0) at gmain.c:2988
#6  0x01076ed5 in gdbus_shared_thread_func (data=0x0) at gdbusprivate.c:277
#7  0x059a9bd0 in g_thread_create_proxy (data=0x8aecdd0) at gthread.c:1897
#8  0x007bff19 in start_thread () from /lib/libpthread.so.0
#9  0x00338c4e in clone () from /lib/libc.so.6

Thread 12 (Thread 0xa1afeb70 (LWP 19341)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x007c4d33 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x01ab4e1d in ?? () from /usr/lib/libxine.so.1
#3  0x007bff19 in start_thread () from /lib/libpthread.so.0
#4  0x00338c4e in clone () from /lib/libc.so.6

Thread 11 (Thread 0xa0ef2b70 (LWP 19342)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x003307a1 in select () from /lib/libc.so.6
#2  0x01adff69 in xine_usec_sleep () from /usr/lib/libxine.so.1
#3  0x01ac38c7 in ?? () from /usr/lib/libxine.so.1
#4  0x007bff19 in start_thread () from /lib/libpthread.so.0
#5  0x00338c4e in clone () from /lib/libc.so.6

Thread 10 (Thread 0xa06f1b70 (LWP 19343)):
#0  0x00819146 in clock_gettime () from /lib/librt.so.1
#1  0x021d54b9 in do_gettime () at tools/qelapsedtimer_unix.cpp:123
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#3  0x022a4003 in updateCurrentTime (this=0x9e0b904, tm=...) at kernel/qeventdispatcher_unix.cpp:339
#4  QTimerInfoList::timerWait (this=0x9e0b904, tm=...) at kernel/qeventdispatcher_unix.cpp:442
#5  0x022a2802 in timerSourcePrepareHelper (src=<value optimized out>, timeout=0xa06f106c) at kernel/qeventdispatcher_glib.cpp:136
#6  0x022a289d in timerSourcePrepare (source=0x9e0b8d0, timeout=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:169
#7  0x0597f6b6 in g_main_context_prepare (context=<value optimized out>, priority=0xa06f10dc) at gmain.c:2469
#8  0x0598055b in g_main_context_iterate (context=0x9e0b008, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2760
#9  0x05980c35 in g_main_context_iteration (context=0x9e0b008, may_block=1) at gmain.c:2843
#10 0x022a3067 in QEventDispatcherGlib::processEvents (this=0x95a9288, flags=...) at kernel/qeventdispatcher_glib.cpp:417
#11 0x022744ca in QEventLoop::processEvents (this=0xa06f1230, flags=...) at kernel/qeventloop.cpp:149
#12 0x0227477a in QEventLoop::exec (this=0xa06f1230, flags=...) at kernel/qeventloop.cpp:201
#13 0x0217b36b in QThread::exec (this=0x99ae728) at thread/qthread.cpp:490
#14 0x089d599b in Phonon::Xine::XineThread::run (this=0x99ae728) at /usr/src/debug/phonon-4.4.3/xine/xinethread.cpp:143
#15 0x0217de6a in QThreadPrivate::start (arg=0x99ae728) at thread/qthread_unix.cpp:285
#16 0x007bff19 in start_thread () from /lib/libpthread.so.0
#17 0x00338c4e in clone () from /lib/libc.so.6

Thread 9 (Thread 0x9fef0b70 (LWP 19344)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x0032db06 in poll () from /lib/libc.so.6
#2  0x01766063 in poll_func (ufds=0xa5b00f30, nfds=2, timeout=-1, userdata=0x9e0d0c0) at pulse/thread-mainloop.c:75
#3  0x01754e7a in pa_mainloop_poll (m=0x9e0d020) at pulse/mainloop.c:879
#4  0x01755655 in pa_mainloop_iterate (m=0x9e0d020, block=1, retval=0x0) at pulse/mainloop.c:961
#5  0x01755734 in pa_mainloop_run (m=0x9e0d020, retval=0x0) at pulse/mainloop.c:979
#6  0x01766004 in thread (userdata=0x9e0d000) at pulse/thread-mainloop.c:94
#7  0x017b9973 in internal_thread_func (userdata=0x9e0d150) at pulsecore/thread-posix.c:72
#8  0x007bff19 in start_thread () from /lib/libpthread.so.0
#9  0x00338c4e in clone () from /lib/libc.so.6

Thread 8 (Thread 0x9b6eeb70 (LWP 19345)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x007c498b in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x01ac81d8 in ?? () from /usr/lib/libxine.so.1
#3  0x007bff19 in start_thread () from /lib/libpthread.so.0
#4  0x00338c4e in clone () from /lib/libc.so.6

Thread 7 (Thread 0x9a2c3b70 (LWP 19347)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x007c4d33 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x01ab4e1d in ?? () from /usr/lib/libxine.so.1
#3  0x007bff19 in start_thread () from /lib/libpthread.so.0
#4  0x00338c4e in clone () from /lib/libc.so.6

Thread 6 (Thread 0x99ac2b70 (LWP 19348)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x0032db06 in poll () from /lib/libc.so.6
#2  0x01766063 in poll_func (ufds=0xa6501228, nfds=2, timeout=-1, userdata=0xa3d6158) at pulse/thread-mainloop.c:75
#3  0x01754e7a in pa_mainloop_poll (m=0xa3d60b8) at pulse/mainloop.c:879
#4  0x01755655 in pa_mainloop_iterate (m=0xa3d60b8, block=1, retval=0x0) at pulse/mainloop.c:961
#5  0x01755734 in pa_mainloop_run (m=0xa3d60b8, retval=0x0) at pulse/mainloop.c:979
#6  0x01766004 in thread (userdata=0xa3d5668) at pulse/thread-mainloop.c:94
#7  0x017b9973 in internal_thread_func (userdata=0xa3d61e8) at pulsecore/thread-posix.c:72
#8  0x007bff19 in start_thread () from /lib/libpthread.so.0
#9  0x00338c4e in clone () from /lib/libc.so.6

Thread 5 (Thread 0x952c0b70 (LWP 19349)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x007c498b in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x01ac81d8 in ?? () from /usr/lib/libxine.so.1
#3  0x007bff19 in start_thread () from /lib/libpthread.so.0
#4  0x00338c4e in clone () from /lib/libc.so.6

Thread 4 (Thread 0x946b4b70 (LWP 19350)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x003307a1 in select () from /lib/libc.so.6
#2  0x01adff69 in xine_usec_sleep () from /usr/lib/libxine.so.1
#3  0x01ac38c7 in ?? () from /usr/lib/libxine.so.1
#4  0x007bff19 in start_thread () from /lib/libpthread.so.0
#5  0x00338c4e in clone () from /lib/libc.so.6

Thread 3 (Thread 0x930e3b70 (LWP 19355)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x007c4d33 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x01ab4e1d in ?? () from /usr/lib/libxine.so.1
#3  0x007bff19 in start_thread () from /lib/libpthread.so.0
#4  0x00338c4e in clone () from /lib/libc.so.6

Thread 2 (Thread 0x8c0c7b70 (LWP 19360)):
#0  0x00411424 in __kernel_vsyscall ()
#1  0x007c4d33 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0x01ab4e1d in ?? () from /usr/lib/libxine.so.1
#3  0x007bff19 in start_thread () from /lib/libpthread.so.0
#4  0x00338c4e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb77659b0 (LWP 19331)):
[KCrash Handler]
#7  0x415996d8 in khtml::RenderMedia::eventFilter (this=0xb2d0a80, o=0xb0c0418, e=0xbfc5adb0) at /usr/src/debug/kdelibs-4.5.4/khtml/rendering/render_media.cpp:81
#8  0x022754ea in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x8ab49c0, receiver=0xb0c0418, event=0xbfc5adb0) at kernel/qcoreapplication.cpp:847
#9  0x04c5f241 in QApplicationPrivate::notify_helper (this=0x8ab49c0, receiver=0xb0c0418, e=0xbfc5adb0) at kernel/qapplication.cpp:4441
#10 0x04c63f7f in QApplication::notify (this=0xbfc5b65c, receiver=0xb0c0418, e=0xbfc5adb0) at kernel/qapplication.cpp:4410
#11 0x02b6ff7b in KApplication::notify (this=0xbfc5b65c, receiver=0xb0c0418, event=0xbfc5adb0) at /usr/src/debug/kdelibs-4.5.4/kdeui/kernel/kapplication.cpp:310
#12 0x02275333 in QCoreApplication::notifyInternal (this=0xbfc5b65c, receiver=0xb0c0418, event=0xbfc5adb0) at kernel/qcoreapplication.cpp:732
#13 0x04c5fb4c in sendEvent (enter=0xb0c0418, leave=0x8edb370) at ../../src/corelib/kernel/qcoreapplication.h:215
#14 QApplicationPrivate::dispatchEnterLeave (enter=0xb0c0418, leave=0x8edb370) at kernel/qapplication.cpp:2769
#15 0x04ce790c in QApplication::x11ProcessEvent (this=0xbfc5b65c, event=0xbfc5b1bc) at kernel/qapplication_x11.cpp:3560
#16 0x04d12790 in x11EventSourceDispatch (s=0x8ab7be8, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148
#17 0x05980192 in g_main_dispatch (context=0x8ab6e90) at gmain.c:2149
#18 g_main_context_dispatch (context=0x8ab6e90) at gmain.c:2702
#19 0x05980978 in g_main_context_iterate (context=0x8ab6e90, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2780
#20 0x05980c35 in g_main_context_iteration (context=0x8ab6e90, may_block=1) at gmain.c:2843
#21 0x022a302d in QEventDispatcherGlib::processEvents (this=0x8a9d368, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#22 0x04d12406 in QGuiEventDispatcherGlib::processEvents (this=0x8a9d368, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#23 0x022744ca in QEventLoop::processEvents (this=0xbfc5b494, flags=...) at kernel/qeventloop.cpp:149
#24 0x0227477a in QEventLoop::exec (this=0xbfc5b494, flags=...) at kernel/qeventloop.cpp:201
#25 0x02279327 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#26 0x04c5d078 in QApplication::exec () at kernel/qapplication.cpp:3719
#27 0x03129ddd in kdemain (argc=2, argv=0xbfc5b924) at /usr/src/debug/kdebase-4.5.4/apps/konqueror/src/konqmain.cpp:219
#28 0x0804875c in main (argc=2, argv=0xbfc5b924) at /usr/src/debug/kdebase-4.5.4/i686-redhat-linux-gnu/apps/konqueror/src/konqueror_dummy.cpp:3

Reported using DrKonqi

Comment 1 Martin Koller 2011-06-23 18:31:49 UTC

can still reproduce with 4.6.4

Comment 2 Christophe Marin 2011-11-23 23:38:42 UTC

*** Bug 287305 has been marked as a duplicate of this bug. ***

Comment 3 Christophe Marin 2011-11-23 23:39:37 UTC

from 287305:

-- Information about the crash:
- What I was doing when the application crashed:
I was viewing a new item (a review on tweakers.net) and akregator segfaulted on
me, twice!


http://tweakers.net/nieuws/78267/nvidia-toont-android-ice-cream-sandwich-op-transformer-prime.html

Comment 4 Jekyll Wu 2012-06-27 15:56:02 UTC

*** Bug 302638 has been marked as a duplicate of this bug. ***

Comment 5 Jekyll Wu 2012-07-17 00:11:22 UTC

*** Bug 303636 has been marked as a duplicate of this bug. ***

Comment 6 Raúl 2012-09-18 20:47:21 UTC

Created attachment 74009 [details]
New crash information added by DrKonqi

konqueror (4.8.3 (4.8.3)) on KDE Platform 4.8.4 (4.8.4) using Qt 4.8.2

- What I was doing when the application crashed:

I closed a tab in a konqueror window that had been already used to play html5 videos (youtube).

HTH,

-- Backtrace (Reduced):
#6  0x00007ffe78291e83 in khtml::RenderMedia::eventFilter (this=0xc7ad068, o=0x1d6ed8a0, e=0x7fff32199500) at ../../khtml/rendering/render_media.cpp:81
#7  0x00007ffe89faacc6 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>, receiver=0x1d6ed8a0, event=0x7fff32199500) at kernel/qcoreapplication.cpp:1025
#8  0x00007ffe890d76dc in QApplicationPrivate::notify_helper (this=this@entry=0x8e4f60, receiver=receiver@entry=0x1d6ed8a0, e=e@entry=0x7fff32199500) at kernel/qapplication.cpp:4552
#9  0x00007ffe890dbb8a in QApplication::notify (this=0x7fff3219a1a0, receiver=0x1d6ed8a0, e=0x7fff32199500) at kernel/qapplication.cpp:4417
#10 0x00007ffe8aa368a6 in KApplication::notify (this=0x7fff3219a1a0, receiver=0x1d6ed8a0, event=0x7fff32199500) at ../../kdeui/kernel/kapplication.cpp:311

Comment 7 kavol 2013-01-21 11:02:12 UTC

Created attachment 76595 [details]
New crash information added by DrKonqi

konqueror (4.9.5) on KDE Platform 4.9.5 using Qt 4.8.4

- What I was doing when the application crashed:

I've just clicked a link in kmail that led to youtube - https://www.youtube.com/watch?v=1IomAerbV7g

-- Backtrace (Reduced):
#6  0x00007f5b59a56bb3 in khtml::RenderMedia::eventFilter (this=0x4815be8, o=0x312c640, e=0x7fffb2925080) at /usr/src/debug/kdelibs-4.9.5/khtml/rendering/render_media.cpp:81
#7  0x00007f5b7e27abf6 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>, receiver=0x312c640, event=0x7fffb2925080) at kernel/qcoreapplication.cpp:1056
#8  0x00007f5b7d40f59c in QApplicationPrivate::notify_helper (this=this@entry=0x23e0fc0, receiver=receiver@entry=0x312c640, e=e@entry=0x7fffb2925080) at kernel/qapplication.cpp:4558
#9  0x00007f5b7d413a4a in QApplication::notify (this=0x7fffb2925d20, receiver=0x312c640, e=0x7fffb2925080) at kernel/qapplication.cpp:4423
#10 0x00007f5b7f2a6916 in KApplication::notify (this=0x7fffb2925d20, receiver=0x312c640, event=0x7fffb2925080) at /usr/src/debug/kdelibs-4.9.5/kdeui/kernel/kapplication.cpp:311

Comment 8 kavol 2013-01-22 12:48:24 UTC

Created attachment 76628 [details]
New crash information added by DrKonqi

konqueror (4.9.5) on KDE Platform 4.9.5 using Qt 4.8.4

- What I was doing when the application crashed:

just clicked a link via youtu.be redirect, it crashed after opening the video page

-- Backtrace (Reduced):
#6  0x00007fb2aefc9bb3 in khtml::RenderMedia::eventFilter (this=0x4cb0da8, o=0x33e8ac0, e=0x7fff7e76fe30) at /usr/src/debug/kdelibs-4.9.5/khtml/rendering/render_media.cpp:81
#7  0x00007fb2d973bbf6 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<optimized out>, receiver=0x33e8ac0, event=0x7fff7e76fe30) at kernel/qcoreapplication.cpp:1056
#8  0x00007fb2d88d059c in QApplicationPrivate::notify_helper (this=this@entry=0x159d320, receiver=receiver@entry=0x33e8ac0, e=e@entry=0x7fff7e76fe30) at kernel/qapplication.cpp:4558
#9  0x00007fb2d88d4a4a in QApplication::notify (this=0x7fff7e770ad0, receiver=0x33e8ac0, e=0x7fff7e76fe30) at kernel/qapplication.cpp:4423
#10 0x00007fb2da767916 in KApplication::notify (this=0x7fff7e770ad0, receiver=0x33e8ac0, event=0x7fff7e76fe30) at /usr/src/debug/kdelibs-4.9.5/kdeui/kernel/kapplication.cpp:311

Comment 9 Andrea Iacovitti 2013-01-22 13:53:56 UTC

from khtml/rendering/render_media.cpp :
...
bool RenderMedia::eventFilter(QObject* o, QEvent* e)
{
    if (widget()->layout()->count() != 1 && mediaElement()->isVideo()) {
        switch(e->type()) {
        case QEvent::Enter:
	case QEvent::FocusIn:
	    widget()->layout()->itemAt(1)->widget()->show();
	    break;
	case QEvent::Leave:
	case QEvent::FocusOut:
	    widget()->layout()->itemAt(1)->widget()->hide();
	    break;
	default: ;
        }
    }

    return RenderWidget::eventFilter(o, e);
}
...

it crash when widget()->layout()->count() == 0,
because of an out of bound index access: widget()->layout()->itemAt(1)->show()

Comment 10 Jekyll Wu 2013-02-27 14:08:19 UTC

*** Bug 315850 has been marked as a duplicate of this bug. ***

Comment 11 Andrea Iacovitti 2013-02-28 07:10:55 UTC

Git commit d1745120d69babfc89ed92b8d0e951b9627d6097 by Andrea Iacovitti.
Committed on 28/02/2013 at 08:07.
Pushed by aiacovitti into branch 'KDE/4.10'.

Fix crash when dealing with video toolbox.
FIXED-IN: 4.10.1

M  +1    -1    khtml/rendering/render_media.cpp

http://commits.kde.org/kdelibs/d1745120d69babfc89ed92b8d0e951b9627d6097