Bug 278017

Summary: Konqueror crash when allowing "send unencrypted form data" from multiple simultaneous requests (from JavaScript on page load)
Product: [Applications] konqueror Reporter: Joachim Mairböck <j.mairboeck>
Component: khtmlAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: crash    
Priority: NOR    
Version First Reported In: 4.6.5   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Joachim Mairböck 2011-07-18 13:35:03 UTC 
Application: konqueror (4.6.5 (4.6.5))
KDE Platform Version: 4.6.5 (4.6.5)
Qt Version: 4.7.3
Operating System: Linux 2.6.37.6-0.5-pae i686
Distribution: "openSUSE 11.4 (i586)"

-- Information about the crash:
- What I was doing when the application crashed:
I was loading some obscure site with some heavy JavaScript on page-load which asked for multiple forms being submitted. I had 3 dialogs open at once from the same page which asked whether to allow unencrypted form data being submitted. I allowed all 3 and Konqueror crashed.

-- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0xb57e2930 (LWP 20652))]

Thread 4 (Thread 0xac903b70 (LWP 23348)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb6c3f105 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb44b1e17 in WTF::TCMalloc_PageHeap::runScavengerThread(void*) () from /opt/kde3/lib/libQtWebKit.so.4
#3  0xb6c3ab05 in start_thread () from /lib/libpthread.so.0
#4  0xb5ff4d5e in clone () from /lib/libc.so.6

Thread 3 (Thread 0xa5042b70 (LWP 29938)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb6c3f432 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb6cb800c in wait (this=0x83539d4, mutex=0x83539d0, time=30000) at thread/qwaitcondition_unix.cpp:86
#3  QWaitCondition::wait (this=0x83539d4, mutex=0x83539d0, time=30000) at thread/qwaitcondition_unix.cpp:160
#4  0xb6cabe44 in QThreadPoolThread::run (this=0x82d5fe8) at concurrent/qthreadpool.cpp:140
#5  0xb6cb7993 in QThreadPrivate::start (arg=0x82d5fe8) at thread/qthread_unix.cpp:320
#6  0xb6c3ab05 in start_thread () from /lib/libpthread.so.0
#7  0xb5ff4d5e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xac102b70 (LWP 29942)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb6c3f432 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb6cb800c in wait (this=0x83539d4, mutex=0x83539d0, time=30000) at thread/qwaitcondition_unix.cpp:86
#3  QWaitCondition::wait (this=0x83539d4, mutex=0x83539d0, time=30000) at thread/qwaitcondition_unix.cpp:160
#4  0xb6cabe44 in QThreadPoolThread::run (this=0x83aa420) at concurrent/qthreadpool.cpp:140
#5  0xb6cb7993 in QThreadPrivate::start (arg=0x83aa420) at thread/qthread_unix.cpp:320
#6  0xb6c3ab05 in start_thread () from /lib/libpthread.so.0
#7  0xb5ff4d5e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb57e2930 (LWP 20652)):
[KCrash Handler]
#7  0xaea0562f in KHTMLPart::checkLinkSecurity (this=0xcd59da0, linkURL=..., message=..., button=...) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:6786
#8  0xaea21dc5 in KHTMLPart::submitForm (this=0xcd59da0, action=0xaedffb6b "get", url=..., formData=..., _target=..., contentType=..., boundary=...) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:4764
#9  0xaeb1ebda in DOM::HTMLFormElementImpl::submit (this=0xd7b1db8) at /usr/src/debug/kdelibs-4.6.5/khtml/html/html_formimpl.cpp:702
#10 0xaec739f0 in KJS::HTMLElementFunction::callAsFunction (this=0xbf912bc0, exec=0xbf912fec, thisObj=0x7, args=...) at /usr/src/debug/kdelibs-4.6.5/khtml/ecma/kjs_html.cpp:2187
#11 0xae87151a in call (exec=0xbf912fec, codeBlock=..., parentExec=0x0) at /usr/src/debug/kdelibs-4.6.5/kjs/object.h:626
#12 KJS::Machine::runBlock (exec=0xbf912fec, codeBlock=..., parentExec=0x0) at codes.def:1223
#13 0xae82505c in KJS::FunctionBodyNode::execute (this=0x120b7210, exec=0xbf912fec) at /usr/src/debug/kdelibs-4.6.5/kjs/nodes.cpp:927
#14 0xae8581b0 in KJS::Interpreter::evaluate (this=0x10b8d530, sourceURL=..., startingLineNumber=0, code=0x12508660, codeLength=26, thisV=0xab8f05c0) at /usr/src/debug/kdelibs-4.6.5/kjs/interpreter.cpp:564
#15 0xae85836a in KJS::Interpreter::evaluate (this=0x10b8d530, sourceURL=..., startingLineNumber=0, code=..., thisV=0xab8f05c0) at /usr/src/debug/kdelibs-4.6.5/kjs/interpreter.cpp:504
#16 0xaec9f3f3 in KJSProxy::evaluate (this=0xd3de0d0, filename=..., baseLine=1, str=..., n=..., completion=0xbf9131ec) at /usr/src/debug/kdelibs-4.6.5/khtml/ecma/kjs_proxy.cpp:126
#17 0xaea0cb33 in KHTMLPart::executeScript (this=0xcd59da0, filename=..., baseLine=0, n=..., script=...) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:1279
#18 0xaeae1ad3 in khtml::HTMLTokenizer::scriptExecution (this=0xd30bea8, str=..., scriptURL=..., baseLine=1) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:517
#19 0xaeae5322 in khtml::HTMLTokenizer::scriptHandler (this=0xd30bea8) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:470
#20 0xaeae6db1 in khtml::HTMLTokenizer::parseRawContent (this=0xd30bea8, src=...) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:379
#21 0xaeae9eb5 in khtml::HTMLTokenizer::parseTag (this=0xd30bea8, src=...) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:1527
#22 0xaeaea756 in khtml::HTMLTokenizer::write (this=0xd30bea8, str=..., appendData=true) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:1798
#23 0xaea0d4fb in KHTMLPart::write (this=0xcd59da0, data=0xdcd51b0 "<html><head></head><body><form name='tracker' method='get' action='http://www.whiteboardsearch.com/'><input type='hidden' name='keyword' value='arizona custody lawyer'><input type='submit' value='Cont"..., len=<value optimized out>) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:2093
#24 0xaea0315e in KHTMLPart::slotData (this=0xcd59da0, kio_job=0x12401008, data=...) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:1741
#25 0xaea30474 in KHTMLPart::qt_metacall (this=0xcd59da0, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbf913984) at /usr/src/debug/kdelibs-4.6.5/build/khtml/khtml_part.moc:278
#26 0xb6dbb07d in QMetaObject::metacall (object=0xcd59da0, cl=QMetaObject::InvokeMetaMethod, idx=34, argv=0xbf913984) at kernel/qmetaobject.cpp:237
#27 0xb6dca4cc in QMetaObject::activate (sender=0x12401008, m=0xb567a25c, local_signal_index=0, argv=0xbf913984) at kernel/qobject.cpp:3278
#28 0xb54a410d in KIO::TransferJob::data (this=0x12401008, _t1=0x12401008, _t2=...) at /usr/src/debug/kdelibs-4.6.5/build/kio/jobclasses.moc:388
#29 0xb54a417e in KIO::TransferJob::slotData (this=0x12401008, _data=...) at /usr/src/debug/kdelibs-4.6.5/kio/kio/job.cpp:1012
#30 0xb559e7d3 in KIO::TransferJob::qt_metacall (this=0x12401008, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbf913b28) at /usr/src/debug/kdelibs-4.6.5/build/kio/jobclasses.moc:368
#31 0xb6dbb07d in QMetaObject::metacall (object=0x12401008, cl=QMetaObject::InvokeMetaMethod, idx=48, argv=0xbf913b28) at kernel/qmetaobject.cpp:237
#32 0xb6dca4cc in QMetaObject::activate (sender=0xd44c6c8, m=0xb567a54c, local_signal_index=0, argv=0xbf913b28) at kernel/qobject.cpp:3278
#33 0xb54b7fa5 in KIO::SlaveInterface::data (this=0xd44c6c8, _t1=...) at /usr/src/debug/kdelibs-4.6.5/build/kio/slaveinterface.moc:146
#34 0xb55d9ce8 in KIO::SlaveInterface::dispatch (this=0xd44c6c8, _cmd=100, rawdata=...) at /usr/src/debug/kdelibs-4.6.5/kio/kio/slaveinterface.cpp:161
#35 0xb5570f2a in KIO::SlaveInterface::dispatch (this=0xd44c6c8) at /usr/src/debug/kdelibs-4.6.5/kio/kio/slaveinterface.cpp:89
#36 0xb556fec8 in KIO::Slave::gotInput (this=0xd44c6c8) at /usr/src/debug/kdelibs-4.6.5/kio/kio/slave.cpp:348
#37 0xb557567c in KIO::Slave::qt_metacall (this=0xd44c6c8, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbf913e0c) at /usr/src/debug/kdelibs-4.6.5/build/kio/slave.moc:82
#38 0xb6dbb07d in QMetaObject::metacall (object=0xd44c6c8, cl=QMetaObject::InvokeMetaMethod, idx=30, argv=0xbf913e0c) at kernel/qmetaobject.cpp:237
#39 0xb6dca4cc in QMetaObject::activate (sender=0x1189a5f0, m=0xb567a14c, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3278
#40 0xb549ae35 in KIO::Connection::readyRead (this=0x1189a5f0) at /usr/src/debug/kdelibs-4.6.5/build/kio/connection.moc:92
#41 0xb55753ea in KIO::ConnectionPrivate::dequeue (this=0xe3accc0) at /usr/src/debug/kdelibs-4.6.5/kio/kio/connection.cpp:82
#42 0xb55754bf in KIO::Connection::qt_metacall (this=0x1189a5f0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xfa5efb8) at /usr/src/debug/kdelibs-4.6.5/build/kio/connection.moc:79
#43 0xb6dbb07d in QMetaObject::metacall (object=0x1189a5f0, cl=QMetaObject::InvokeMetaMethod, idx=5, argv=0xfa5efb8) at kernel/qmetaobject.cpp:237
#44 0xb6dc5b55 in QMetaCallEvent::placeMetaCall (this=0xd8256d8, object=0x1189a5f0) at kernel/qobject.cpp:535
#45 0xb6dc9dbf in QObject::event (this=0x1189a5f0, e=0xd8256d8) at kernel/qobject.cpp:1217
#46 0xb62bc684 in QApplicationPrivate::notify_helper (this=0x80e9ad8, receiver=0x1189a5f0, e=0xd8256d8) at kernel/qapplication.cpp:4462
#47 0xb62c5427 in QApplication::notify (this=0xbf914830, receiver=0x1189a5f0, e=0xd8256d8) at kernel/qapplication.cpp:3862
#48 0xb7410c61 in KApplication::notify (this=0xbf914830, receiver=0x1189a5f0, event=0xd8256d8) at /usr/src/debug/kdelibs-4.6.5/kdeui/kernel/kapplication.cpp:311
#49 0xb6db478e in QCoreApplication::notifyInternal (this=0xbf914830, receiver=0x1189a5f0, event=0xd8256d8) at kernel/qcoreapplication.cpp:731
#50 0xb6db851c in sendEvent (receiver=0x0, event_type=0, data=0x80582a0) at kernel/qcoreapplication.h:215
#51 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x80582a0) at kernel/qcoreapplication.cpp:1372
#52 0xb6db866c in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1265
#53 0xb6de2df4 in sendPostedEvents (s=0x80ebe88) at kernel/qcoreapplication.h:220
#54 postEventSourceDispatch (s=0x80ebe88) at kernel/qeventdispatcher_glib.cpp:277
#55 0xb5a4b509 in g_main_dispatch (context=0x80ebc00) at gmain.c:2440
#56 g_main_context_dispatch (context=0x80ebc00) at gmain.c:3013
#57 0xb5a4bd10 in g_main_context_iterate (context=0x80ebc00, block=1, dispatch=1, self=0x805cda0) at gmain.c:3091
#58 0xb5a4bfce in g_main_context_iteration (context=0x80ebc00, may_block=1) at gmain.c:3154
#59 0xb6de2f7b in QEventDispatcherGlib::processEvents (this=0x80bbdc8, flags=...) at kernel/qeventdispatcher_glib.cpp:422
#60 0xb63731da in QGuiEventDispatcherGlib::processEvents (this=0x80bbdc8, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#61 0xb6db3a6d in QEventLoop::processEvents (this=0xbf914664, flags=...) at kernel/qeventloop.cpp:149
#62 0xb6db3c99 in QEventLoop::exec (this=0xbf914664, flags=...) at kernel/qeventloop.cpp:201
#63 0xb6db8740 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1008
#64 0xb62ba3d4 in QApplication::exec () at kernel/qapplication.cpp:3736
#65 0xb244450f in kdemain (argc=2, argv=0x80c1360) at /usr/src/debug/kdebase-4.6.5/konqueror/src/konqmain.cpp:219
#66 0x0804e514 in launch (argc=2, _name=0x80c92fc "konqueror", args=<value optimized out>, cwd=0x80c9327 "/home/joachim/Documents", envc=85, envs=<value optimized out>, reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x80c9df6 "0") at /usr/src/debug/kdelibs-4.6.5/kinit/kinit.cpp:734
#67 0x0804f02f in handle_launcher_request (sock=13, who=<value optimized out>) at /usr/src/debug/kdelibs-4.6.5/kinit/kinit.cpp:1226
#68 0x0804f69e in handle_requests (waitForPid=<value optimized out>) at /usr/src/debug/kdelibs-4.6.5/kinit/kinit.cpp:1410
#69 0x08050559 in main (argc=-1603250384, argv=0x0, envp=0xbf9127f0) at /usr/src/debug/kdelibs-4.6.5/kinit/kinit.cpp:1907

Reported using DrKonqi
Comment 1 Andrew Crouthamel 2018-10-29 22:29:36 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 2 Joachim Mairböck 2018-10-30 18:15:00 UTC 
I don't use Konqueror 4 any more. I also don't remember the site where this crash originally occured. I think it can savely be closed, given the age of the bug. I don't remember it happening again somewhere else. If it occurs any time later with a current version of Konqueror, it can be reopened again (or recreated as a new bug).