Bug 273247

Summary: Crash bug when accessing http://www.cosmotography.com/images/small_ngc3031.html
Product: [Applications] konqueror Reporter: Richard Hartmann <richih-kde>
Component: khtml rendererAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash    
Priority: NOR    
Version: 4.6.2   
Target Milestone: ---   
Platform: Debian unstable   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: konqueror_crash.html

Description Richard Hartmann 2011-05-14 08:07:14 UTC 
Application: konqueror (4.6.2 (4.6.2))
KDE Platform Version: 4.6.2 (4.6.2)
Qt Version: 4.7.2
Operating System: Linux 2.6.38-2-686 i686
Distribution: Debian GNU/Linux unstable (sid)

-- Information about the crash:
Go to

  http://www.cosmotography.com/images/small_ngc3031.html

, mouse over the picture and *boom*.

I will attach the HTML file.

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb50d0710 (LWP 19750))]

Thread 2 (Thread 0xafd4bb70 (LWP 19757)):
#0  0xb78e0424 in __kernel_vsyscall ()
#1  0xb5717703 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:236
#2  0xb777ca64 in __pthread_cond_timedwait (cond=0x8cca560, mutex=0x8cca548, abstime=0xafd4b2b8) at forward.c:152
#3  0xb690f1ee in wait (this=0x8d1a184, mutex=0x8d1a180, time=30000) at thread/qwaitcondition_unix.cpp:86
#4  QWaitCondition::wait (this=0x8d1a184, mutex=0x8d1a180, time=30000) at thread/qwaitcondition_unix.cpp:160
#5  0xb69020c4 in QThreadPoolThread::run (this=0x84bfc70) at concurrent/qthreadpool.cpp:140
#6  0xb690ed53 in QThreadPrivate::start (arg=0x84bfc70) at thread/qthread_unix.cpp:320
#7  0xb5712c39 in start_thread (arg=0xafd4bb70) at pthread_create.c:304
#8  0xb776f91e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130

Thread 1 (Thread 0xb50d0710 (LWP 19750)):
[KCrash Handler]
#7  isAnonymousBlock (this=0x8d1cc30, newChild=0x8d1ce5c, beforeChild=0x8d1b610) at ../../khtml/rendering/render_object.h:321
#8  khtml::RenderFlow::addChildWithContinuation (this=0x8d1cc30, newChild=0x8d1ce5c, beforeChild=0x8d1b610) at ../../khtml/rendering/render_flow.cpp:89
#9  0xb2469975 in DOM::NodeImpl::createRendererIfNeeded (this=0x8c9d7b8) at ../../khtml/xml/dom_nodeimpl.cpp:1017
#10 0xb2474a72 in DOM::ElementImpl::attach (this=0x8c9d7b8) at ../../khtml/xml/dom_elementimpl.cpp:891
#11 0xb2475892 in DOM::ElementImpl::recalcStyle (this=0x8c9d7b8, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:989
#12 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8c9d7b8, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#13 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8c9b6c0, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#14 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8c9b6c0, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#15 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8c9c2b0, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#16 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8c9c2b0, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#17 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8d1d810, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#18 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8d1d810, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#19 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8d1dca8, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#20 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8d1dca8, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#21 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8d66278, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#22 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8d66278, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#23 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8d66160, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#24 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8d66160, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#25 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8ca40a8, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#26 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8ca40a8, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#27 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8ca4f88, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#28 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8ca4f88, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#29 0xb24757bf in DOM::ElementImpl::recalcStyle (this=0x8c6d2f0, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_elementimpl.cpp:1018
#30 0xb24c7989 in DOM::HTMLElementImpl::recalcStyle (this=0x8c6d2f0, ch=DOM::NodeImpl::NoChange) at ../../khtml/html/html_elementimpl.cpp:235
#31 0xb2460aef in DOM::DocumentImpl::recalcStyle (this=0x8ce8d00, change=DOM::NodeImpl::NoChange) at ../../khtml/xml/dom_docimpl.cpp:1439
#32 0xb2452e98 in DOM::DocumentImpl::updateRendering (this=0x8ce8d00) at ../../khtml/xml/dom_docimpl.cpp:1468
#33 0xb24655e0 in DOM::DocumentImpl::updateDocumentsRendering () at ../../khtml/xml/dom_docimpl.cpp:1481
#34 0xb265575c in KJS::Window::afterScriptExecution (this=0xaf3f0000) at ../../khtml/ecma/kjs_window.cpp:1323
#35 0xb268082c in KJS::JSEventListener::handleEvent (this=0x8c94e08, evt=...) at ../../khtml/ecma/kjs_events.cpp:121
#36 0xb24960a7 in DOM::EventTargetImpl::handleLocalEvents (this=0x8ca7108, evt=0x8ddbef8, useCapture=false) at ../../khtml/xml/dom2_eventsimpl.cpp:62
#37 0xb246d187 in DOM::NodeImpl::dispatchGenericEvent (this=0x8c96190, evt=0x8ddbef8) at ../../khtml/xml/dom_nodeimpl.cpp:481
#38 0xb246d696 in DOM::NodeImpl::dispatchEvent (this=0x8c96190, evt=0x8ddbef8, exceptioncode=@0xbfefcf2c, tempEvent=true) at ../../khtml/xml/dom_nodeimpl.cpp:401
#39 0xb23b6c54 in KHTMLView::dispatchMouseEvent (this=0x84e4118, eventId=7, targetNode=0x8ca4f88, targetNodeNonShared=0x8ca4f88, cancelable=false, detail=0, _mouse=0xbfefd958, setUnder=true, mouseEventType=4, orient=0) at ../../khtml/khtmlview.cpp:3551
#40 0xb23bd39c in KHTMLView::mouseMoveEvent (this=0x84e4118, _mouse=0xbfefd958) at ../../khtml/khtmlview.cpp:1350
#41 0xb5f1448b in QWidget::event (this=0x84e4118, event=0xbfefd958) at kernel/qwidget.cpp:8244
#42 0xb6315605 in QFrame::event (this=0x84e4118, e=0xbfefd958) at widgets/qframe.cpp:557
#43 0xb23bed94 in KHTMLView::widgetEvent (this=0x84e4118, e=0xbfefd958) at ../../khtml/khtmlview.cpp:2208
#44 0xb23bf122 in KHTMLView::eventFilter (this=0x84e4118, o=0x8289628, e=0xbfefd958) at ../../khtml/khtmlview.cpp:2053
#45 0xb6a0a116 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x81980c8, receiver=0x8289628, event=0xbfefd958) at kernel/qcoreapplication.cpp:846
#46 0xb5eb9fb2 in notify_helper (this=0x81980c8, receiver=0x8289628, e=0xbfefd958) at kernel/qapplication.cpp:4458
#47 QApplicationPrivate::notify_helper (this=0x81980c8, receiver=0x8289628, e=0xbfefd958) at kernel/qapplication.cpp:4434
#48 0xb5ebfdfb in QApplication::notify (this=0x81980c8, receiver=0x8289628, e=0xbfefd958) at kernel/qapplication.cpp:4023
#49 0xb6fbeb2a in KApplication::notify (this=0xbfefe220, receiver=0x8289628, event=0xbfefd958) at ../../kdeui/kernel/kapplication.cpp:311
#50 0xb6a09f7e in QCoreApplication::notifyInternal (this=0xbfefe220, receiver=0x8289628, event=0xbfefd958) at kernel/qcoreapplication.cpp:731
#51 0xb5ebafa0 in sendEvent (receiver=0x8289628, event=0xbfefd958, alienWidget=0x8289628, nativeWidget=0x84ba6e8, buttonDown=0xb681dab4, lastMouseReceiver=..., spontaneous=true) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#52 QApplicationPrivate::sendMouseEvent (receiver=0x8289628, event=0xbfefd958, alienWidget=0x8289628, nativeWidget=0x84ba6e8, buttonDown=0xb681dab4, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3122
#53 0xb5f44b5f in QETWidget::translateMouseEvent (this=0x84ba6e8, event=0xbfefdd30) at kernel/qapplication_x11.cpp:4461
#54 0xb5f43af7 in QApplication::x11ProcessEvent (this=0xbfefe220, event=0xbfefdd30) at kernel/qapplication_x11.cpp:3587
#55 0xb5f6f3fc in x11EventSourceDispatch (s=0x819b4a8, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#56 0xb565f252 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#57 0xb565fa30 in ?? () from /lib/libglib-2.0.so.0
#58 0xb565fce4 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#59 0xb6a382b7 in QEventDispatcherGlib::processEvents (this=0x817a1f0, flags=...) at kernel/qeventdispatcher_glib.cpp:422
#60 0xb5f6f01a in QGuiEventDispatcherGlib::processEvents (this=0x817a1f0, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#61 0xb6a08f9d in QEventLoop::processEvents (this=0xbfefe054, flags=...) at kernel/qeventloop.cpp:149
#62 0xb6a091e1 in QEventLoop::exec (this=0xbfefe054, flags=...) at kernel/qeventloop.cpp:201
#63 0xb6a0d94a in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008
#64 0xb5eb7e44 in QApplication::exec () at kernel/qapplication.cpp:3736
#65 0xb78c6015 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_konqueror.so
#66 0x0804860b in _start ()

Reported using DrKonqi
Comment 1 Richard Hartmann 2011-05-14 08:08:34 UTC 
Created attachment 59982 [details]
konqueror_crash.html
Comment 2 Tommi Tervo 2011-05-14 08:38:57 UTC 
Maybe dupe (203241)

==27793== Invalid read of size 1
==27793==    at 0xBC5F5A6: khtml::RenderObject::isAnonymous() const (render_object.h:319)
==27793==    by 0xBDB7BD2: khtml::RenderObject::isAnonymousBlock() const (in /opt/kdetrunk/lib/libkhtml.so.5.7.0)
==27793==    by 0xBDE5AFF: khtml::RenderFlow::addChildWithContinuation(khtml::RenderObject*, khtml::RenderObject*) (render_flow.cpp:89)
==27793==    by 0xBDE5C9F: khtml::RenderFlow::addChild(khtml::RenderObject*, khtml::RenderObject*) (render_flow.cpp:128)
==27793==    by 0xBD04552: DOM::NodeImpl::createRendererIfNeeded() (dom_nodeimpl.cpp:1017)
==27793==    by 0xBD1271E: DOM::ElementImpl::attach() (dom_elementimpl.cpp:891)
==27793==    by 0xBD12B91: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:989)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBD12CBB: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:1018)
==27793==    by 0xBD607BB: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:235)
==27793==    by 0xBCF18C3: DOM::DocumentImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_docimpl.cpp:1439)
==27793==    by 0xBCF1A30: DOM::DocumentImpl::updateRendering() (dom_docimpl.cpp:1468)
==27793==    by 0xBCF1A9A: DOM::DocumentImpl::updateDocumentsRendering() (dom_docimpl.cpp:1481)
==27793==    by 0xBF16FDB: KJS::Window::afterScriptExecution() (kjs_window.cpp:1323)
==27793==    by 0xBF3CDFE: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:121)
==27793==    by 0xBF3D0C1: KJS::JSLazyEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:161)
==27793==    by 0xBD2A910: DOM::EventTargetImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom2_eventsimpl.cpp:62)
==27793==    by 0xBD02AB0: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:481)
==27793==    by 0xBD02673: DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) (dom_nodeimpl.cpp:401)
==27793==    by 0xBC58D48: KHTMLView::dispatchMouseEvent(int, DOM::NodeImpl*, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int, int) (khtmlview.cpp:3549)
==27793==    by 0xBC4D52B: KHTMLView::mouseMoveEvent(QMouseEvent*) (khtmlview.cpp:1350)
==27793==    by 0x53FCC3B: QWidget::event(QEvent*) (qwidget.cpp:8244)
==27793==    by 0x5816B44: QFrame::event(QEvent*) (qframe.cpp:557)
==27793==    by 0xBC512D7: KHTMLView::widgetEvent(QEvent*) (khtmlview.cpp:2206)
==27793==    by 0xBC50CA0: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2051)
==27793==    by 0x508CEF5: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:846)
==27793==    by 0x53A16B3: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4458)
==27793==    by 0x53AAFFF: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4023)
==27793==    by 0x4A5BC21: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311)
==27793==    by 0x508CD5D: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:731)
==27793==    by 0x53A278B: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (qcoreapplication.h:218)
==27793==    by 0x542EBEB: QETWidget::translateMouseEvent(_XEvent const*) (qapplication_x11.cpp:4461)
==27793==    by 0x542DD0D: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3465)
==27793==    by 0x54585CF: x11EventSourceDispatch(_GSource*, int (*)(void*), void*) (qguieventdispatcher_glib.cpp:146)
==27793==  Address 0x1b is not stack'd, malloc'd or (recently) free'd
Comment 3 Tommi Tervo 2011-05-14 08:56:59 UTC 
yep, vg traces are similar.

*** This bug has been marked as a duplicate of bug 203241 ***
Comment 4 Richard Hartmann 2011-05-14 09:11:18 UTC 
K. thanks for triaging :)
Comment 5 Tommi Tervo 2011-12-01 19:40:48 UTC 
Reopening, I've had some mistake on bug number.
Comment 6 Dawit Alemayehu 2012-01-27 21:18:35 UTC 

*** This bug has been marked as a duplicate of bug 204241 ***