| Summary: | [CSS 2.1 Conformance] Crash when leaving a dynamic :first-letter testcase | ||
|---|---|---|---|
| Product: | [Applications] konqueror | Reporter: | Gérard Talbot (no longer involved) <browserbugs2> |
| Component: | khtml | Assignee: | Konqueror Developers <konq-bugs> |
| Status: | RESOLVED WORKSFORME | ||
| Severity: | crash | CC: | aiacovitti, justin.zobel, maksim |
| Priority: | NOR | Keywords: | testcase, triaged |
| Version: | 4.12.0 | ||
| Target Milestone: | --- | ||
| Platform: | Ubuntu | ||
| OS: | Linux | ||
| URL: | http://test.csswg.org/suites/css2.1/20110323/html4/first-letter-dynamic-001.htm | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
| Attachments: | VG log | ||
|
Description
Gérard Talbot (no longer involved)
2011-01-09 21:12:29 UTC
I clicked the Back button here. Backtrace data ============== Application: Konqueror (konqueror), signal: Segmentation fault [Current thread is 1 (Thread 0xb524b9e0 (LWP 6639))] Thread 2 (Thread 0xac85eb70 (LWP 6668)): #0 0xb78c5424 in __kernel_vsyscall () #1 0xb773ddf6 in poll () from /lib/libc.so.6 #2 0xb55faa1b in g_poll () from /lib/libglib-2.0.so.0 #3 0xb55ed43c in ?? () from /lib/libglib-2.0.so.0 #4 0xb55ed848 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #5 0xb69f459f in QEventDispatcherGlib::processEvents (this=0x9d6ddc0, flags=...) at kernel/qeventdispatcher_glib.cpp:417 #6 0xb69c4609 in QEventLoop::processEvents (this=0xac85e290, flags=) at kernel/qeventloop.cpp:149 #7 0xb69c4a8a in QEventLoop::exec (this=0xac85e290, flags=...) at kernel/qeventloop.cpp:201 #8 0xb68c0b7e in QThread::exec (this=0x9dd2330) at thread/qthread.cpp:490 #9 0xb69a335b in QInotifyFileSystemWatcherEngine::run (this=0x9dd2330) at io/qfilesystemwatcher_inotify.cpp:248 #10 0xb68c3df9 in QThreadPrivate::start (arg=0x9dd2330) at thread/qthread_unix.cpp:266 #11 0xb58e3cc9 in start_thread () from /lib/libpthread.so.0 #12 0xb774c69e in clone () from /lib/libc.so.6 Thread 1 (Thread 0xb524b9e0 (LWP 6639)): [KCrash Handler] #7 0xb24b77f6 in khtml::RenderTextFragment::detach (this=0x93780d0) at ../../khtml/rendering/render_text.cpp:1771 #8 0xb24a9d72 in khtml::RenderBox::detachRemainingChildren (this=0x937799c) at ../../khtml/rendering/render_box.cpp:241 #9 0xb24b44d5 in khtml::RenderFlow::detach (this=0x937799c) at ../../khtml/rendering/render_flow.cpp:326 #10 0xb24a9d72 in khtml::RenderBox::detachRemainingChildren (this=0x937788c) at ../../khtml/rendering/render_box.cpp:241 #11 0xb24b44d5 in khtml::RenderFlow::detach (this=0x937788c) at ../../khtml/rendering/render_flow.cpp:326 #12 0xb23dc00c in DOM::NodeImpl::detach (this=0x92f4a10) at ../../khtml/xml/dom_nodeimpl.cpp:901 #13 0xb23e9c6b in DOM::ElementImpl::detach (this=0x92f4a10) at ../../khtml/xml/dom_elementimpl.cpp:913 #14 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0x8e61a80) at ../../khtml/xml/dom_nodeimpl.cpp:1889 #15 0xb23e9c6b in DOM::ElementImpl::detach (this=0x8e61a80) at ../../khtml/xml/dom_elementimpl.cpp:913 #16 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0xa1c3f18) at ../../khtml/xml/dom_nodeimpl.cpp:1889 #17 0xb23e9c6b in DOM::ElementImpl::detach (this=0xa1c3f18) at ../../khtml/xml/dom_elementimpl.cpp:913 #18 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0x9376a30) at ../../khtml/xml/dom_nodeimpl.cpp:1889 #19 0xb23e9c6b in DOM::ElementImpl::detach (this=0x9376a30) at ../../khtml/xml/dom_elementimpl.cpp:913 #20 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0xa6dbae4) at ../../khtml/xml/dom_nodeimpl.cpp:1889 #21 0xb23c9304 in DOM::DocumentImpl::detach (this=0xa6dbad8) at ../../khtml/xml/dom_docimpl.cpp:1544 #22 0xb2351af4 in KHTMLPart::clear (this=0x8dc4ee8) at ../../khtml/khtml_part.cpp:1512 #23 0xb235d5cf in KHTMLPart::restoreState (this=0x8dc4ee8, stream=...) at ../../khtml/khtml_part.cpp:5548 #24 0xb238b5ae in KHTMLPartBrowserExtension::restoreState (this=0x8ec5048, stream=...) at ../../khtml/khtml_ext.cpp:103 #25 0xb7822430 in KonqView::restoreHistory (this=0x8eb93e8) at ../../../../apps/konqueror/src/konqview.cpp:816 #26 0xb7867b98 in KonqMainWindow::slotGoHistoryDelayed (this=0x87b1868) at ../../../../apps/konqueror/src/konqmainwindow.cpp:2790 #27 0xb787d4a4 in KonqMainWindow::qt_metacall (this=0x87b1868, _c=QMetaObject::InvokeMetaMethod, _id=105, _a=0xa37f328) at ./konqmainwindow.moc:441 #28 0xb69cb8ca in QMetaObject::metacall (object=0x87b1868, cl=181009976, idx=155, argv=0xa37f328) at kernel/qmetaobject.cpp:237 #29 0xb69d6df6 in QMetaCallEvent::placeMetaCall (this=0x9722280, object=0x87b1868) at kernel/qobject.cpp:534 #30 0xb69d86a2 in QObject::event (this=0x87b1868, e=0x0) at kernel/qobject.cpp:1219 #31 0xb5ea6936 in QWidget::event (this=0x87b1868, event=0x9722280) at kernel/qwidget.cpp:8646 #32 0xb62e7917 in QMainWindow::event (this=0x87b1868, event=0x9722280) at widgets/qmainwindow.cpp:1417 #33 0xb7051164 in KMainWindow::event (this=0x87b1868, ev=0x9722280) at ../../kdeui/widgets/kmainwindow.cpp:1100 #34 0xb7099a4f in KXmlGuiWindow::event (this=0x87b1868, ev=0x9722280) at ../../kdeui/xmlgui/kxmlguiwindow.cpp:132 #35 0xb787e6dd in KonqMainWindow::event (this=0x87b1868, e=0x9722280) at ../../../../apps/konqueror/src/konqmainwindow.cpp:5602 #36 0xb5e48fdc in QApplicationPrivate::notify_helper (this=0x86885b0, receiver=0x87b1868, e=0x9722280) at kernel/qapplication.cpp:4396 #37 0xb5e4f0e9 in QApplication::notify (this=0xbfba6c10, receiver=0x87b1868, e=0x9722280) at kernel/qapplication.cpp:4361 #38 0xb6f59d8a in KApplication::notify (this=0xbfba6c10, receiver=0x87b1868, event=0x9722280) at ../../kdeui/kernel/kapplication.cpp:310 #39 0xb69c5b3b in QCoreApplication::notifyInternal (this=0xbfba6c10, receiver=0x87b1868, event=0x9722280) at kernel/qcoreapplication.cpp:732 #40 0xb69c8d8b in sendEvent (receiver=0x0, event_type=0, data=0x8670eb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215 #41 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x8670eb0) at kernel/qcoreapplication.cpp:1373 #42 0xb69c8f4d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1266 #43 0xb69f4a74 in sendPostedEvents (s=0x868a910) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220 #44 postEventSourceDispatch (s=0x868a910) at kernel/qeventdispatcher_glib.cpp:277 #45 0xb55e9855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #46 0xb55ed668 in ?? () from /lib/libglib-2.0.so.0 #47 0xb55ed848 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #48 0xb69f4565 in QEventDispatcherGlib::processEvents (this=0x8670b70, flags=...) at kernel/qeventdispatcher_glib.cpp:415 #49 0xb5f0abe5 in QGuiEventDispatcherGlib::processEvents (this=0x8670b70, flags=...) at kernel/qguieventdispatcher_glib.cpp:204 #50 0xb69c4609 in QEventLoop::processEvents (this=0xbfba6a54, flags=) at kernel/qeventloop.cpp:149 #51 0xb69c4a8a in QEventLoop::exec (this=0xbfba6a54, flags=...) at kernel/qeventloop.cpp:201 #52 0xb69c900f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009 #53 0xb5e47e07 in QApplication::exec () at kernel/qapplication.cpp:3672 #54 0xb78aa592 in kdemain (argc=1, argv=0xbfba6ef4) at ../../../../apps/konqueror/src/konqmain.cpp:234 #55 0x080485ab in main (argc=1, argv=0xbfba6ef4) at konqueror_dummy.cpp:3 Created attachment 55784 [details]
VG log
Also somewhat related (another crash with :first-letter pseudo-element): bug 237652 Also triggering an application crash when clicking the Back button: http://test.csswg.org/suites/css2.1/20101210/html4/before-first-letter-selector-001.htm (RC4) http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-005.htm will cause Konqueror 4.5.5 application crash and http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-009.htm when leaving the page, will cause Konqueror 4.5.5 application crash Gérard Can't reproduce with trunk and looks vg clean-too. Pretty weird since the only relevant fix I can think of is in 4.5.5 already. Maksim, Please do me a favor: load this precise URL: http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-dynamic-001-ref.htm I crashed 3 times just a few min. ago when using Konqueror 4.6. Backtrace signature appended below. The code is <style type="text/css"> span:before { content: '"'; } span:after { content: '"'; } :after { border: 3px solid green; } :first-letter { color: green; } </style> </head> <body> <p><span>Foo</span></p> <p id="p2"><span id="q2"></span></p> -------------- I no longer crash when trying http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-005.htm and http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-009.htm -------------------- { Debugging info may not be sufficient: A warning/notification message tells me that I need to install kdebase-dbg and libqt4-dbg debugging packages .. I will do this. } Application: Konqueror (konqueror), signal: Segmentation fault [Current thread is 1 (Thread 0xb4f06930 (LWP 12936))] Thread 6 (Thread 0xaf41eb70 (LWP 12942)): #0 0xb7736424 in __kernel_vsyscall () #1 0xb75b7371 in select () from /lib/libc.so.6 #2 0xb67a3bb8 in ?? () from /usr/lib/libQtCore.so.4 #3 0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4 #4 0xb54dccc9 in start_thread () from /lib/libpthread.so.0 #5 0xb75be69e in clone () from /lib/libc.so.6 Thread 5 (Thread 0xaea7fb70 (LWP 12947)): #0 0xb7736424 in __kernel_vsyscall () #1 0xb54e1884 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #2 0xb75cbdf4 in pthread_cond_timedwait () from /lib/libc.so.6 #3 0xb66c794f in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4 #4 0xb66bb5b3 in ?? () from /usr/lib/libQtCore.so.4 #5 0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4 #6 0xb54dccc9 in start_thread () from /lib/libpthread.so.0 #7 0xb75be69e in clone () from /lib/libc.so.6 Thread 4 (Thread 0xae27eb70 (LWP 12948)): #0 0xb7736424 in __kernel_vsyscall () #1 0xb54e1884 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #2 0xb75cbdf4 in pthread_cond_timedwait () from /lib/libc.so.6 #3 0xb66c794f in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4 #4 0xb66bb5b3 in ?? () from /usr/lib/libQtCore.so.4 #5 0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4 #6 0xb54dccc9 in start_thread () from /lib/libpthread.so.0 #7 0xb75be69e in clone () from /lib/libc.so.6 Thread 3 (Thread 0xac684b70 (LWP 12949)): #0 0xb54df3eb in pthread_mutex_lock () from /lib/libpthread.so.0 #1 0xb75cbf66 in pthread_mutex_lock () from /lib/libc.so.6 #2 0xb5439d0f in g_main_context_prepare () from /lib/libglib-2.0.so.0 #3 0xb543a279 in ?? () from /lib/libglib-2.0.so.0 #4 0xb543a848 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #5 0xb67f759f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #6 0xb67c7609 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #7 0xb67c7a8a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #8 0xb66c3b7e in QThread::exec() () from /usr/lib/libQtCore.so.4 #9 0xb67a635b in ?? () from /usr/lib/libQtCore.so.4 #10 0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4 #11 0xb54dccc9 in start_thread () from /lib/libpthread.so.0 #12 0xb75be69e in clone () from /lib/libc.so.6 Thread 2 (Thread 0xabe83b70 (LWP 12951)): #0 0xb7736424 in __kernel_vsyscall () #1 0xb54e1884 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #2 0xb75cbdf4 in pthread_cond_timedwait () from /lib/libc.so.6 #3 0xb66c794f in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4 #4 0xb66bb5b3 in ?? () from /usr/lib/libQtCore.so.4 #5 0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4 #6 0xb54dccc9 in start_thread () from /lib/libpthread.so.0 #7 0xb75be69e in clone () from /lib/libc.so.6 Thread 1 (Thread 0xb4f06930 (LWP 12936)): [KCrash Handler] #7 0xb2148336 in ?? () from /usr/lib/libkhtml.so.5 #8 0xb213cb4f in ?? () from /usr/lib/libkhtml.so.5 #9 0xb2145015 in ?? () from /usr/lib/libkhtml.so.5 #10 0xb213cb4f in ?? () from /usr/lib/libkhtml.so.5 #11 0xb2145015 in ?? () from /usr/lib/libkhtml.so.5 #12 0xb206b64c in ?? () from /usr/lib/libkhtml.so.5 #13 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5 #14 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5 #15 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5 #16 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5 #17 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5 #18 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5 #19 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5 #20 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5 #21 0xb2058424 in ?? () from /usr/lib/libkhtml.so.5 #22 0xb1fe034c in KHTMLPart::clear() () from /usr/lib/libkhtml.so.5 #23 0xb1fe1b46 in KHTMLPart::begin(KUrl const&, int, int) () from /usr/lib/libkhtml.so.5 #24 0xb1fdcb77 in KHTMLPart::slotData(KIO::Job*, QByteArray const&) () from /usr/lib/libkhtml.so.5 #25 0xb1ffbee6 in KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkhtml.so.5 #26 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4 #27 0xb67e16ad in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4 #28 0xb709d6d9 in KIO::TransferJob::data(KIO::Job*, QByteArray const&) () from /usr/lib/libkio.so.5 #29 0xb70a0522 in KIO::TransferJob::slotData(QByteArray const&) () from /usr/lib/libkio.so.5 #30 0xb70a4315 in KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5 #31 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4 #32 0xb67e16ad in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4 #33 0xb7161d33 in KIO::SlaveInterface::data(QByteArray const&) () from /usr/lib/libkio.so.5 #34 0xb716546e in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /usr/lib/libkio.so.5 #35 0xb71620d3 in KIO::SlaveInterface::dispatch() () from /usr/lib/libkio.so.5 #36 0xb7154a28 in KIO::Slave::gotInput() () from /usr/lib/libkio.so.5 #37 0xb7154c33 in KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5 #38 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4 #39 0xb67e16ad in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4 #40 0xb706bef7 in KIO::Connection::readyRead() () from /usr/lib/libkio.so.5 #41 0xb706e25e in ?? () from /usr/lib/libkio.so.5 #42 0xb706e38e in KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5 #43 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4 #44 0xb67d9df6 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/libQtCore.so.4 #45 0xb67db6a2 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4 #46 0xb5c4bfdc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #47 0xb5c5204e in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #48 0xb6dadf7a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5 #49 0xb67c8b3b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #50 0xb67cbd8b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4 #51 0xb67cbf4d in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4 #52 0xb67f7a74 in ?? () from /usr/lib/libQtCore.so.4 #53 0xb5436855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #54 0xb543a668 in ?? () from /lib/libglib-2.0.so.0 #55 0xb543a848 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #56 0xb67f7565 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #57 0xb5d0dbe5 in ?? () from /usr/lib/libQtGui.so.4 #58 0xb67c7609 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #59 0xb67c7a8a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #60 0xb67cc00f in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4 #61 0xb5c4ae07 in QApplication::exec() () from /usr/lib/libQtGui.so.4 #62 0xb771be42 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_konqueror.so #63 0x080485ab in _start () Maksim, I still can crash in a very reliable manner. Steps: After clearing history and cache, I load http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-dynamic-001.htm and then type-append in the address bar "-ref" string so that I can go to http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-dynamic-001-ref.htm and then the webpage never loads, Konqueror 4.6 crashes. Gérard Thanks. Can confirm with the 001/001-ref. Looks like something quite different than the original stuff, though: #7 DOM::Position::Position (this=0xbfeb5890, o=...) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_position.cpp:144 #8 0xb199e87c in DOM::Selection::extent (this=0x10) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_selection.h:89 #9 0xb1998e56 in DOM::Selection::Selection (this=0x998b2b0, o=...) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_selection.cpp:103 #10 0xb1b171cc in khtml::EditCommandImpl::startingSelection (this=0x0) at /store/maksim/kde-dev/src/kdelibs/khtml/editing/htmlediting_impl.h:113 #11 0xb1a3af2c in khtml::RenderTextFragment::detach (this=0x99a4a98) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_text.cpp:1771 #12 0xb1a2f1eb in khtml::RenderBox::detachRemainingChildren (this=0x99a19d0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_box.cpp:241 #13 0xb1a386b5 in khtml::RenderFlow::detach (this=0x99a19d0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_flow.cpp:326 #14 0xb1a2f1eb in khtml::RenderBox::detachRemainingChildren (this=0x99589e0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_box.cpp:241 #15 0xb1a386b5 in khtml::RenderFlow::detach (this=0x99589e0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_flow.cpp:326 #16 0xb1963c1c in DOM::NodeImpl::detach (this=0x998b010) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:908 #17 0xb1963c97 in DOM::NodeBaseImpl::detach (this=0x998b010) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1898 #18 0xb1976645 in DOM::ElementImpl::detach (this=0x998b010) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913 #19 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x9834f40) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896 #20 0xb1976645 in DOM::ElementImpl::detach (this=0x9834f40) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913 #21 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x97fd018) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896 #22 0xb1976645 in DOM::ElementImpl::detach (this=0x97fd018) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913 #23 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x9842990) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896 #24 0xb1976645 in DOM::ElementImpl::detach (this=0x9842990) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913 #25 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x97bdbb4) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896 #26 0xb1956cf4 in DOM::DocumentImpl::detach (this=0x97bdba8) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_docimpl.cpp:1544 #27 0xb18f938d in KHTMLPart::clear (this=0x8eb1248) at /store/maksim/kde-dev/src/kdelibs/khtml/khtml_part.cpp:1514 Actually, no, the bt is just misleading. ==5121== Invalid read of size 4 ==5121== at 0xBDE5F21: khtml::RenderTextFragment::detach() (render_text.cpp:1771) ==5121== by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241) ==5121== by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326) ==5121== by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241) ==5121== by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326) ==5121== by 0xBD0EC1B: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:908) ==5121== Address 0x7063d40 is 8 bytes inside a block of size 84 free'd ==5121== at 0x4023EB3: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==5121== by 0xBDC73A2: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void*) (render_object.cpp:2408) ==5121== by 0xBDCEE57: khtml::RenderObject::detach() (render_object.cpp:2384) ==5121== by 0xBDE5EF2: khtml::RenderText::detach() (render_text.cpp:729) ==5121== by 0xBDE5F33: khtml::RenderTextFragment::detach() (render_text.cpp:1773) ==5121== by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241) ==5121== by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326) ==5121== by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241) ==5121== by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326) ==5121== by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241) ==5121== by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326) ==5121== by 0xBD0EC1B: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:908) Steps to reproduce: After clearing history and cache, I load http://test.csswg.org/suites/css2.1/20110323/html4/first-letter-dynamic-001.htm and then type-append in the address bar "-ref" string and press "Enter" key so that I can go to http://test.csswg.org/suites/css2.1/20110323/html4/first-letter-dynamic-001-ref.htm and then the webpage never loads, Konqueror 4.8.4 crashes immediately. I am using KDE Platform Version: 4.8.4 Konqueror version: 4.8.4 (with KHTML rendering engine) Qt Version: 4.8.1 Operating System: Linux 3.2.0-25-generic-pae i686 (32bits) Distribution: Kubuntu 12.04 LTS here. Version field, URL field and Keywords field have been updated. Gérard Thank you for the crash reports. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you. Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone! This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone! |