Bug 271593

Summary: JavaScript close button crashes Konqueror [@ KHTMLView::mouseReleaseEvent]
Product: [Applications] konqueror Reporter: HughDaniel <hugh.kde.bugs>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash CC: justin.zobel
Priority: NOR    
Version: 4.6.2   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description HughDaniel 2011-04-24 02:01:04 UTC
Application: konqueror (4.6.2 (4.6.2))
KDE Platform Version: 4.6.2 (4.6.2)
Qt Version: 4.7.2
Operating System: Linux 2.6.38-8-generic x86_64
Distribution: Ubuntu 11.04

-- Information about the crash:
- What I was doing when the application crashed:
Browsing the site "http://www.brando.com" (and I think others) if you click on a product and then click on the image of a product you get a popup window with a larger image.  If you click on the window system close box the window goes away as it sould.  If you click on the pages "Close" link you get a "Security Warning" dialog window, if you click on the "Cancel" button it is then that Konqueror crashes.

  Randomly picking a page there, goto "http://usb.brando.com/eagletec-usb-nano-flash-drive_p00892c041d15.html" and click no one of the six smaller images of the product and then first hit the window close button (the window goes away), then click on one of the six images again and click on the "Close" test, crash.  Repeatable on multiple machines (i686 & AMD64) running KDE-6.4.2/Ubuntu-11.04pre.

  Clicking the "follow" button also results in a crash.

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0x7ff2b0c71780 (LWP 2542))]

Thread 4 (Thread 0x7ff290e6f700 (LWP 2761)):
#0  0xffffffffff60014f in ?? ()
#1  0x00007ff290e6eae0 in ?? ()
#2  0x00007fffd95ff7b2 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

Thread 3 (Thread 0x7ff291670700 (LWP 2932)):
#0  0x00007ff2a95a6a39 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007ff2a95a73a8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007ff2a95a7639 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007ff2ae031446 in QEventDispatcherGlib::processEvents (this=0x4177e90, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007ff2ae005882 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007ff2ae005abc in QEventLoop::exec (this=0x7ff29166fdd0, flags=...) at kernel/qeventloop.cpp:201
#6  0x00007ff2adf1c924 in QThread::exec (this=<value optimized out>) at thread/qthread.cpp:492
#7  0x00007ff2adfe7c2f in QInotifyFileSystemWatcherEngine::run (this=0x7f21860) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007ff2adf1f175 in QThreadPrivate::start (arg=0x7f21860) at thread/qthread_unix.cpp:320
#9  0x00007ff2a9c66d8c in start_thread (arg=0x7ff291670700) at pthread_create.c:304
#10 0x00007ff2b050804d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7ff2829e0700 (LWP 3170)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007ff283b91832 in ?? () from /usr/lib/libQtWebKit.so.4
#2  0x00007ff2a9c66d8c in start_thread (arg=0x7ff2829e0700) at pthread_create.c:304
#3  0x00007ff2b050804d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#4  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7ff2b0c71780 (LWP 2542)):
[KCrash Handler]
#6  QCoreApplication::notifyInternal (this=0x7fffd95088a0, receiver=0x0, event=0x7fffd9506e90) at kernel/qcoreapplication.cpp:718
#7  0x00007ff29de42c69 in sendEvent (this=0xfb67af0, _mouse=<value optimized out>) at /usr/include/qt4/QtCore/qcoreapplication.h:215
#8  KHTMLView::mouseReleaseEvent (this=0xfb67af0, _mouse=<value optimized out>) at ../../khtml/khtmlview.cpp:1586
#9  0x00007ff2ad1a1cb8 in QWidget::event (this=0xfb67af0, event=0x7fffd9507a20) at kernel/qwidget.cpp:8259
#10 0x00007ff2ad551a66 in QFrame::event (this=0xfb67af0, e=0x7fffd9507a20) at widgets/qframe.cpp:557
#11 0x00007ff29de49f05 in KHTMLView::widgetEvent (this=0xfb67af0, e=<value optimized out>) at ../../khtml/khtmlview.cpp:2208
#12 0x00007ff29de49754 in KHTMLView::eventFilter (this=0xfb67af0, o=0xf72d860, e=0x7fffd9507a20) at ../../khtml/khtmlview.cpp:2053
#13 0x00007ff2ae006627 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0xf72d860, event=0x7fffd9507a20) at kernel/qcoreapplication.cpp:846
#14 0x00007ff2ad1509b1 in QApplicationPrivate::notify_helper (this=0x1c1ffd0, receiver=0xf72d860, e=0x7fffd9507a20) at kernel/qapplication.cpp:4458
#15 0x00007ff2ad155db3 in QApplication::notify (this=<value optimized out>, receiver=0xf72d860, e=0x7fffd9507a20) at kernel/qapplication.cpp:4023
#16 0x00007ff2aea47866 in KApplication::notify (this=0x7fffd95088a0, receiver=0xf72d860, event=0x7fffd9507a20) at ../../kdeui/kernel/kapplication.cpp:311
#17 0x00007ff2ae00649c in QCoreApplication::notifyInternal (this=0x7fffd95088a0, receiver=0xf72d860, event=0x7fffd9507a20) at kernel/qcoreapplication.cpp:731
#18 0x00007ff2ad151a0d in sendEvent (receiver=0xf72d860, event=0x7fffd9507a20, alienWidget=0xf72d860, nativeWidget=0xc6e5990, buttonDown=0x7ff2adc31218, lastMouseReceiver=..., spontaneous=true) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#19 QApplicationPrivate::sendMouseEvent (receiver=0xf72d860, event=0x7fffd9507a20, alienWidget=0xf72d860, nativeWidget=0xc6e5990, buttonDown=0x7ff2adc31218, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3122
#20 0x00007ff2ad1d1600 in QETWidget::translateMouseEvent (this=0xc6e5990, event=<value optimized out>) at kernel/qapplication_x11.cpp:4556
#21 0x00007ff2ad1d004a in QApplication::x11ProcessEvent (this=0x7fffd95088a0, event=0x7fffd9508370) at kernel/qapplication_x11.cpp:3678
#22 0x00007ff2ad1f8162 in x11EventSourceDispatch (s=0x1c24bf0, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#23 0x00007ff2a95a6bcd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#24 0x00007ff2a95a73a8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#25 0x00007ff2a95a7639 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#26 0x00007ff2ae0313ef in QEventDispatcherGlib::processEvents (this=0x1bd0340, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:422
#27 0x00007ff2ad1f7dfe in QGuiEventDispatcherGlib::processEvents (this=<value optimized out>, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#28 0x00007ff2ae005882 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#29 0x00007ff2ae005abc in QEventLoop::exec (this=0x7fffd9508670, flags=...) at kernel/qeventloop.cpp:201
#30 0x00007ff2ae009ecb in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008
#31 0x00007ff2b0867aa8 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_konqueror.so
#32 0x00007ff2b0440eff in __libc_start_main (main=0x400730 <_start+256>, argc=2, ubp_av=0x7fffd95091a8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffd9509198) at libc-start.c:226
#33 0x0000000000400659 in _start ()

Possible duplicates by query: bug 266983, bug 261403, bug 258322, bug 251949, bug 249698.

Reported using DrKonqi
Comment 1 Tommi Tervo 2011-04-24 10:53:18 UTC
==24320== Invalid read of size 4
==24320==    at 0x9C73612: KHTMLView::part() const (khtmlview.h:135)
==24320==    by 0x9CDB68A: DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) (dom_nodeimpl.cpp:406)
==24320==    by 0x9C323D5: KHTMLView::dispatchMouseEvent(int, DOM::NodeImpl*, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int, int) (khtmlview.cpp:3607)
==24320==    by 0x9C27E4C: KHTMLView::mouseReleaseEvent(QMouseEvent*) (khtmlview.cpp:1576)
==24320==    by 0x53FABFF: QWidget::event(QEvent*) (qwidget.cpp:8259)
==24320==    by 0x5814B44: QFrame::event(QEvent*) (qframe.cpp:557)
==24320==    by 0x9C2A2D7: KHTMLView::widgetEvent(QEvent*) (khtmlview.cpp:2206)
==24320==    by 0x9C29CA0: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2051)
==24320==    by 0x508AEF5: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:846)
==24320==    by 0x539F6B3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4458)
==24320==    by 0x53A8FFF: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4023)
==24320==    by 0x4A5A8AD: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==24320==    by 0x508AD5D: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:731)
==24320==    by 0x53A078B: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (qcoreapplication.h:218)
==24320==    by 0x542CBEB: QETWidget::translateMouseEvent(_XEvent const*) (qapplication_x11.cpp:4461)
==24320==    by 0x542BD0D: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3465)
==24320==    by 0x54565CF: x11EventSourceDispatch(_GSource*, int (*)(void*), void*) (qguieventdispatcher_glib.cpp:146)
==24320==    by 0x6671B48: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.2400.1)
==24320==    by 0x667234F: ??? (in /usr/lib/libglib-2.0.so.0.2400.1)
==24320==    by 0x667260D: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.2400.1)
==24320==    by 0x50B953A: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:422)
==24320==    by 0x54561C9: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204)
==24320==    by 0x508A03C: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==24320==    by 0x508A268: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201)
==24320==    by 0x508ED0F: QCoreApplication::exec() (qcoreapplication.cpp:1008)
==24320==    by 0x539D3E3: QApplication::exec() (qapplication.cpp:3736)
==24320==    by 0x40E1581: kdemain (konqmain.cpp:227)
==24320==    by 0x80487D8: main (konqueror_dummy.cpp:3)
==24320==  Address 0x9aa8040 is 40 bytes inside a block of size 52 free'd
==24320==    at 0x40266AD: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==24320==    by 0x9C22167: KHTMLView::~KHTMLView() (khtmlview.cpp:575)
==24320==    by 0x509EAC3: QObjectPrivate::deleteChildren() (qobject.cpp:1955)
==24320==    by 0x53F58D2: QWidget::~QWidget() (qwidget.cpp:1631)
==24320==    by 0x53F5BC1: QWidget::~QWidget() (qwidget.cpp:1651)
==24320==    by 0x4172ADB: KParts::Part::~Part() (part.cpp:209)
==24320==    by 0x4173840: KParts::ReadOnlyPart::~ReadOnlyPart() (part.cpp:462)
==24320==    by 0x9C466ED: KHTMLPart::~KHTMLPart() (khtml_part.cpp:537)
==24320==    by 0x9C467D4: KHTMLPart::~KHTMLPart() (khtml_part.cpp:584)
==24320==    by 0x509DCA2: qDeleteInEventHandler(QObject*) (qobject.cpp:3986)
==24320==    by 0x50A03A7: QObject::event(QEvent*) (qobject.cpp:1200)
==24320==    by 0x539F6E3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4462)
==24320==    by 0x53A84A6: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3862)
==24320==    by 0x4A5A8AD: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==24320==    by 0x508AD5D: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:731)
==24320==    by 0x508EAEB: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.h:215)
==24320==    by 0x508EC3B: QCoreApplication::sendPostedEvents(QObject*, int) (qcoreapplication.cpp:1265)
==24320==    by 0x50B93B3: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qcoreapplication.h:220)
==24320==    by 0x6671B48: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.2400.1)
==24320==    by 0x667234F: ??? (in /usr/lib/libglib-2.0.so.0.2400.1)
==24320==    by 0x667260D: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.2400.1)
==24320==    by 0x50B953A: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:422)
==24320==    by 0x54561C9: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204)
==24320==    by 0x508A03C: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==24320==    by 0x508A268: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:201)
==24320==    by 0x58ECBEC: QDialog::exec() (qdialog.cpp:552)
==24320==    by 0x49BB7FC: KMessageBox::createKMessageBox(KDialog*, QIcon const&, QString const&, QStringList const&, QString const&, bool*, QFlags<KMessageBox::Option>, QString const&, QMessageBox::Icon) (kmessagebox.cpp:337)
==24320==    by 0x49BA474: KMessageBox::createKMessageBox(KDialog*, QMessageBox::Icon, QString const&, QStringList const&, QString const&, bool*, QFlags<KMessageBox::Option>, QString const&) (kmessagebox.cpp:152)
==24320==    by 0x49BD414: KMessageBox::warningContinueCancelListWId(unsigned long, QString const&, QStringList const&, QString const&, KGuiItem const&, KGuiItem const&, QString const&, QFlags<KMessageBox::Option>) (kmessagebox.cpp:708)
==24320==    by 0x49BD04A: KMessageBox::warningContinueCancelList(QWidget*, QString const&, QStringList const&, QString const&, KGuiItem const&, KGuiItem const&, QString const&, QFlags<KMessageBox::Option>) (kmessagebox.cpp:670)
==24320==    by 0x49BCF3D: KMessageBox::warningContinueCancel(QWidget*, QString const&, QString const&, KGuiItem const&, KGuiItem const&, QString const&, QFlags<KMessageBox::Option>) (kmessagebox.cpp:646)
==24320==    by 0x9C6AE60: KHTMLPart::checkLinkSecurity(KUrl const&, KLocalizedString const&, QString const&) (khtml_part.cpp:6804)
==24320==    by 0x9C58CAD: KHTMLPart::urlSelected(QString const&, int, int, QString const&, KParts::OpenUrlArguments const&, KParts::BrowserArguments const&) (khtml_part.cpp:3719)
==24320==    by 0x9D3BCC9: DOM::HTMLAnchorElementImpl::defaultEventHandler(DOM::EventImpl*) (html_inlineimpl.cpp:157)
==24320==    by 0x9CDBB94: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:494)
==24320==    by 0x9CDB673: DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) (dom_nodeimpl.cpp:401)
==24320==    by 0x9C323D5: KHTMLView::dispatchMouseEvent(int, DOM::NodeImpl*, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int, int) (khtmlview.cpp:3607)
==24320==    by 0x9C27E4C: KHTMLView::mouseReleaseEvent(QMouseEvent*) (khtmlview.cpp:1576)
==24320==    by 0x53FABFF: QWidget::event(QEvent*) (qwidget.cpp:8259)
==24320==    by 0x5814B44: QFrame::event(QEvent*) (qframe.cpp:557)
==24320==    by 0x9C2A2D7: KHTMLView::widgetEvent(QEvent*) (khtmlview.cpp:2206)
==24320==    by 0x9C29CA0: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2051)
Comment 2 Justin Zobel 2020-12-09 02:13:41 UTC
Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 3 Bug Janitor Service 2020-12-24 04:34:34 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 4 Bug Janitor Service 2021-01-08 04:34:05 UTC
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!