| Summary: | Konuqeror crashes reproducible on certain url | ||
|---|---|---|---|
| Product: | [Applications] konqueror | Reporter: | christian.schrader |
| Component: | khtml | Assignee: | Konqueror Developers <konq-bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | a5a73263, bart, bradh, eyal_bd, f_edemar, gmv22, js, mathpup, michaelperik, mss, murray, ogoffart, oshogg, pfeifle, richard.bos, s, thilo.bangert, yez, zodiak30 |
| Priority: | NOR | ||
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed In: | ||
| Sentry Crash Report: | |||
| Attachments: | Testcase from 80903 | ||
|
Description
christian.schrader
2004-03-22 13:44:27 UTC
*** Bug 78350 has been marked as a duplicate of this bug. *** *** Bug 80903 has been marked as a duplicate of this bug. *** Created attachment 6065 [details]
Testcase from 80903
To reproduce with testcase, you'll have to open it twice.
[New Thread 1024 (LWP 29514)]
0x420b48d9 in wait4 () from /lib/i686/libc.so.6
#0 0x420b48d9 in wait4 () from /lib/i686/libc.so.6
#1 0x4213030c in __DTOR_END__ () from /lib/i686/libc.so.6
#2 0x411bdc33 in waitpid () from /lib/i686/libpthread.so.0
#3 0x40733908 in KCrash::defaultCrashHandler (sig=6) at kcrash.cpp:246
#4 0x411bbf05 in pthread_sighandler () from /lib/i686/libpthread.so.0
#5 <signal handler called>
#6 0x42029331 in kill () from /lib/i686/libc.so.6
#7 0x411bbbdb in raise () from /lib/i686/libpthread.so.0
#8 0x4202a8c2 in abort () from /lib/i686/libc.so.6
#9 0x42022ecb in __assert_fail () from /lib/i686/libc.so.6
#10 0x416f776e in DOM::NodeImpl::attach (this=0x841feb8)
at dom_nodeimpl.cpp:887
#11 0x416f8de3 in DOM::NodeBaseImpl::attach (this=0x841feb8)
at dom_nodeimpl.cpp:1430
#12 0x41728ad7 in DOM::HTMLImageElementImpl::attach (this=0x841feb8)
at html_imageimpl.cpp:184
#13 0x41712cb9 in khtml::KHTMLParser::insertNode (this=0x855ca80, n=0x841feb8,
flat=true) at htmlparser.cpp:329
#14 0x41712b1a in khtml::KHTMLParser::parseToken (this=0x855ca80, t=0x8558d1c)
at htmlparser.cpp:279
#15 0x4171b7e1 in khtml::HTMLTokenizer::processToken (this=0x8558ce8)
at htmltokenizer.cpp:1577
#16 0x41719e9a in khtml::HTMLTokenizer::parseTag (this=0x8558ce8,
src=@0x8558dfc) at htmltokenizer.cpp:1090
#17 0x4171aa03 in khtml::HTMLTokenizer::write (this=0x8558ce8,
str=@0xbfffe0c0, appendData=true) at htmltokenizer.cpp:1345
#18 0x416ae5e8 in KHTMLPart::write (this=0x84d6748,
str=0x85386d0 "<html> \n <body > \n <table style=\"display: block;\"> \n
<tr> \n <td><img src=\"image.png\"></td> \n </tr> \n </table>
\n </body> \n </html> \n", len=150) at khtml_part.cpp:1728
#19 0x416ad04c in KHTMLPart::slotData (this=0x84d6748, kio_job=0x84e4ff0,
data=@0xbfffe7b0) at khtml_part.cpp:1416
#20 0x416c657e in KHTMLPart::qt_invoke (this=0x84d6748, _id=16, _o=0xbfffe4e0)
at khtml_part.moc:470
#21 0x40b8742b in QObject::activate_signal (this=0x84e4ff0, clist=0x84fe108,
o=0xbfffe4e0) at kernel/qobject.cpp:2356
#22 0x401b3fca in KIO::StatJob::permanentRedirection (this=0x84e4ff0,
t0=0x84e4ff0, t1=@0xbfffe7b0, t2=@0x401a3370) at jobclasses.moc:536
#23 0x401a33c9 in KIO::stat (url=@0x84e4ff0, sideIsSource=176, details=16410,
showProgressInfo=85) at job.cpp:752
#24 0x401b474c in KIO::TransferJob::redirection (this=0x84e4ff0, t0=0x12,
t1=@0xbfffe600) at jobclasses.moc:750
#25 0x40b8742b in QObject::activate_signal (this=0x8406ea8, clist=0x8528530,
o=0xbfffe600) at kernel/qobject.cpp:2356
#26 0x4019883e in KIO::SlaveInterface::messageBox (this=0x8406ea8,
type=-1073748048, text=@0x1, _caption=@0x40196dbf, buttonYes=@0x40814ac8,
buttonNo=@0x18) at slaveinterface.cpp:515
#27 0x40196fe6 in KIO::SlaveInterface::calcSpeed (this=0x8406ea8)
at slaveinterface.cpp:220
#28 0x40196ada in operator>> (s=@0x8406ea8, e=@0x4100d7e8)
at slaveinterface.cpp:81
#29 0x40194a1c in KIO::Slave::hold (this=0x8406ea8, url=@0x4100d7e8)
at slave.cpp:238
#30 0x40196513 in KIO::Slave::holdSlave (protocol=@0x8406ea8, url=@0x4)
at slave.cpp:484
#31 0x40b8742b in QObject::activate_signal (this=0x829fd30, clist=0x833f160,
o=0xbfffe8e0) at kernel/qobject.cpp:2356
#32 0x40b877e2 in QObject::activate_signal (this=0x829fd30, signal=2, param=23)
at kernel/qobject.cpp:2449
#33 0x40ecc074 in QSocketNotifier::activated (this=0x829fd30, t0=23)
at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#34 0x40ba56a6 in QSocketNotifier::event (this=0x829fd30, e=0xbfffeb30)
at kernel/qsocketnotifier.cpp:280
#35 0x40b28442 in QApplication::internalNotify (this=0xbffff090,
receiver=0x829fd30, e=0xbfffeb30) at kernel/qapplication.cpp:2620
#36 0x40b27572 in QApplication::notify (this=0xbffff090, receiver=0x829fd30,
e=0xbfffeb30) at kernel/qapplication.cpp:2343
#37 0x406c8faa in KApplication::notify (this=0xbffff090, receiver=0x829fd30,
event=0xbfffeb30) at kapplication.cpp:507
#38 0x4005386a in QApplication::sendEvent (receiver=0x829fd30,
event=0xbfffeb30) at /opt/qt331post/include/qapplication.h:491
#39 0x40b17a27 in QEventLoop::activateSocketNotifiers (this=0x80a62c0)
at kernel/qeventloop_unix.cpp:580
#40 0x40ad196b in QEventLoop::processEvents (this=0x80a62c0, flags=4)
at kernel/qeventloop_x11.cpp:383
#41 0x40b3af91 in QEventLoop::enterLoop (this=0x80a62c0)
at kernel/qeventloop.cpp:198
#42 0x40b3aeb4 in QEventLoop::exec (this=0x80a62c0)
at kernel/qeventloop.cpp:145
#43 0x40b285db in QApplication::exec (this=0xbffff090)
at kernel/qapplication.cpp:2743
#44 0x41322b12 in kdemain (argc=2, argv=0x8061a88) at konq_main.cc:184
#45 0x408558a1 in kdeinitmain (argc=2, argv=0x8061a88) at konqueror_dummy.cc:2
#46 0x0804e1dc in launch (argc=2, _name=0x8060344 "konqueror",
args=0x8060357 "\001", cwd=0x0, envc=1, envs=0x8060368 "",
reset_env=false, tty=0x0, avoid_loops=false,
startup_id_str=0x806036c
"v10-dhcp-76-190.ntc.nokia.com;1085078432;391442;5698") at kinit.cpp:604
#47 0x0804f5e1 in handle_launcher_request (sock=8) at kinit.cpp:1170
#48 0x0804fd2d in handle_requests (waitForPid=0) at kinit.cpp:1361
#49 0x08051318 in main (argc=3, argv=0xbffff744, envp=0xbffff754)
at kinit.cpp:1798
#50 0x42017589 in __libc_start_main () from /lib/i686/libc.so.6
Ok, running konqueror in a console show me
konqueror: dom_nodeimpl.cpp:910: virtual void DOM::NodeImpl::attach(): Assertion `!attached()' failed.
Here is the place where it crash (we are at #10):
void NodeImpl::attach()
{
assert(!attached());
assert(!m_render || (m_render->style() && m_render->parent()));
[...]
But, on the other hand, by browsing the backtrace up (#12):
void HTMLImageElementImpl::attach()
{
assert(!attached());
assert(!m_render);
assert(parentNode());
RenderStyle* _style = getDocument()->styleSelector()->styleForElement(this);
_style->ref();
if (parentNode()->renderer() && parentNode()->renderer()->childAllowed() && _style->display() != NONE)
{
m_render = new (getDocument()->renderArena()) RenderImage(this);
m_render->setStyle(getDocument()->styleSelector()->styleForElement(this));
parentNode()->renderer()->addChild(m_render, nextRenderer());
m_render->updateFromElement();
}
_style->deref();
NodeBaseImpl::attach();
}
So it seems that attached() switched from false to true between theses two points (because the first assert didn't match).
I added some debug ouput, and it seems that
m_render->updateFromElement();
call itself the parent node to be attached. And in NodeBaseImpl::attach() the original <img> is attached "again"
I wonder also why the crash only happen if you refresh the test case twice.
the first time
m_render->updateFromElement();
does not seems to attach anything.
Anyway, it's late, and i don't understand well khtml structure. I hope this help.
It seems to be fixed, I cannot reproduce it anymore with the testcase in KDE 3.3 Great job! CVS commit by coolo: works fine CCMAIL: 78205-done@bugs.kde.org A 78205.html 1.1 *** Bug 88217 has been marked as a duplicate of this bug. *** Euhm.. i'm using KDE 3.3, and my original bug still crashes for me.. So it doesn't seem like it's a duplicate of this bug.... *** Bug 88235 has been marked as a duplicate of this bug. *** *** Bug 88472 has been marked as a duplicate of this bug. *** *** Bug 88701 has been marked as a duplicate of this bug. *** Konqueror 3.3 on gentoo linux, clicking on the second link and following the directions provided by Bart Verwilst, it goes on SIGABRT with this debug info: Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 18107)] 0x414b6818 in waitpid () from /lib/libpthread.so.0 #0 0x414b6818 in waitpid () from /lib/libpthread.so.0 #1 0x40a5e624 in ?? () from /usr/kde/3.3/lib/libkdecore.so.4 #2 0x4095fe01 in KCrash::defaultCrashHandler () from /usr/kde/3.3/lib/libkdecore.so.4 #3 0x000046bb in ?? () #4 0x00000000 in ?? () #5 0x08847c80 in ?? () #6 0x41da35cb in DOM::HTMLElementImpl::recalcStyle () from /usr/kde/3.3/lib/libkhtml.so.4 #7 0x086c7e90 in ?? () #8 0x00000000 in ?? () #9 0x40a6c700 in kde_malloc_is_used () from /usr/kde/3.3/lib/libkdecore.so.4 #10 0x4107e7ee in qt_check_pointer () from /usr/qt/3/lib/libqt-mt.so.3 Portage 2.0.51_rc6 (default-x86-2004.0, gcc-3.4.2, glibc-2.3.4.20040808-r0, 2.6.9-rc1-nitro4 i686) ================================================================= System uname: 2.6.9-rc1-nitro4 i686 AMD Athlon(tm) XP 2000+ Gentoo Base System version 1.5.3 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.15.90.0.1.1-r3 Headers: sys-kernel/linux26-headers-2.6.8.1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -falign-functions=64 -falign-jumps=16 -pipe -ftracer -fprefetch-loop-arrays" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -fomit-frame-pointer -falign-functions=64 -falign-jumps=16 -pipe -ftracer -fprefetch-loop-arrays -fvisibility-inlines-hidden " here are some system specs: same problem on page www.runescape.com. Gavrila: Second link crash is dupe of bug #88778. Cannot reproduce www.runescape.com crash. Tommi, first time i went to runescape.com it worked fine, then I clicked on create account button, and sinc then, everytime I go there the page loads the banner on left-top corner, and when it tries (I guess) to render the page it crashes with the same debugging output I posted above Anyway it's not a dupe of bug #88778, since I cannot reproduce it. Please reopen the bug. With KDE 3.3.1 (selfcompiled/Debian Sarge) Konqueror crashes with the Ikea link. And with the link of comment #15 it also crashes. For me Konqueror 3.3.1 also crashs on ikea.de's product search site. The debug output is: Using host libthread_db library "/lib/libthread_db.so.1". [KCrash handler] #34 0xb6a531b1 in kill () from /lib/libc.so.6 #35 0xb6c5c9c1 in pthread_kill () from /lib/libpthread.so.0 #36 0xb6c5cccb in raise () from /lib/libpthread.so.0 #37 0xb6a52df4 in raise () from /lib/libc.so.6 #38 0xb6a545a8 in abort () from /lib/libc.so.6 #39 0xb6a4c56c in __assert_fail () from /lib/libc.so.6 #40 0xb6b52ee0 in _IO_2_1_stdout_ () from /lib/libc.so.6 #41 0xbffffc7b in ?? () #42 0xb6b4bfe6 in in6addr_loopback () from /lib/libc.so.6 #43 0xb6624cbe in typeinfo name for KStaticDeleter<QPtrList<DOM::DocumentImpl> > () from /opt/kde/lib/libkhtml.so.4 #44 0x00000348 in ?? () #45 0xb6624c80 in typeinfo name for KStaticDeleter<QPtrList<DOM::DocumentImpl> > () from /opt/kde/lib/libkhtml.so.4 #46 0xb6b4bfe6 in in6addr_loopback () from /lib/libc.so.6 #47 0xb66241db in typeinfo name for KHTMLInfoDlg () from /opt/kde/lib/libkhtml.so.4 #48 0xb6b560a0 in __after_morecore_hook () from /lib/libc.so.6 #49 0xbfffde08 in ?? () #50 0x0876d960 in ?? () #51 0xb669f4ac in ?? () from /opt/kde/lib/libkhtml.so.4 #52 0x0876cbe0 in ?? () #53 0xbfffde18 in ?? () #54 0xb648c27f in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter () from /opt/kde/lib/libkhtml.so.4 works for me on gentoo linux kde 3.3.1 gcc-3.4.2 glibc-2.3.4 with nptl and kernel 2.9.6-rc4-mm1 and sun-jdk-1.4.2 KDE 3.3.89 (CVS >= 20040820), Gentoo Linux (i686) release 2.6.8-gentoo-r3 gcc version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) eehh dohh ... worx for me, can't get the thing down :)
> KDE 3.3.89 (CVS >= 20040820), Gentoo Linux (i686) release 2.6.8-gentoo-r3
> gcc version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
so isn't it fixed? No, konqueror from cvs head crashes still. I recompiled kdelibs and kdebase with --enable-debug=full. Here is the backtrace. Hope that helps. Using host libthread_db library "/lib/tls/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 1097846688 (LWP 27396)] [KCrash handler] #3 0x414c1f19 in raise () from /lib/tls/libc.so.6 #4 0x415cfebc in ?? () from /lib/tls/libc.so.6 #5 0xbffff020 in ?? () #6 0x414c3771 in abort () from /lib/tls/libc.so.6 #7 0x00000000 in ?? () #8 0x00000020 in ?? () #9 0x00000000 in ?? () #10 0x00000000 in ?? () #11 0x00000000 in ?? () #12 0x00000000 in ?? () #13 0x00000000 in ?? () #14 0x00000000 in ?? () #15 0x00000000 in ?? () #16 0x00000000 in ?? () #17 0x00000000 in ?? () #18 0x00000000 in ?? () #19 0x00000000 in ?? () #20 0x00000000 in ?? () #21 0x00000000 in ?? () #22 0x00000000 in ?? () #23 0x00000000 in ?? () #24 0x00000000 in ?? () #25 0x00000000 in ?? () #26 0x00000000 in ?? () #27 0x00000000 in ?? () #28 0x00000000 in ?? () #29 0x00000000 in ?? () #30 0x00000000 in ?? () #31 0x00000000 in ?? () #32 0x00000000 in ?? () #33 0x00000000 in ?? () #34 0x00000000 in ?? () #35 0x00000000 in ?? () #36 0x00000000 in ?? () #37 0x00000000 in ?? () #38 0x00000000 in ?? () #39 0x00000000 in ?? () #40 0x415073e9 in _IO_file_write () from /lib/tls/libc.so.6 #41 0x4150660f in _IO_do_write () from /lib/tls/libc.so.6 #42 0x41507567 in _IO_file_xsputn () from /lib/tls/libc.so.6 #43 0x415cfebc in ?? () from /lib/tls/libc.so.6 #44 0x415d0840 in __after_morecore_hook () from /lib/tls/libc.so.6 #45 0x08850070 in ?? () #46 0xbfffeb48 in ?? () #47 0x4150c2a0 in free () from /lib/tls/libc.so.6 #48 0x415d0840 in __after_morecore_hook () from /lib/tls/libc.so.6 #49 0x08850070 in ?? () #50 0x415cfebc in ?? () from /lib/tls/libc.so.6 #51 0x415cfebc in ?? () from /lib/tls/libc.so.6 #52 0x08850070 in ?? () #53 0x414bb473 in __assert_fail () from /lib/tls/libc.so.6 #54 0xbffffdb4 in ?? () #55 0x415c1bd4 in in6addr_loopback () from /lib/tls/libc.so.6 #56 0x41e9d22e in DOM::NodeImpl::dispatchUIEvent(int, int)::__PRETTY_FUNCTION__ () from /opt/kde/lib/libkhtml.so.4 #57 0x00000348 in ?? () #58 0x41e9d340 in DOM::NodeImpl::closeRenderer()::__PRETTY_FUNCTION__ () from /opt/kde/lib/libkhtml.so.4 #59 0x415c1bd4 in in6addr_loopback () from /lib/tls/libc.so.6 #60 0x41e9d365 in DOM::NodeImpl::attach()::__PRETTY_FUNCTION__ () from /opt/kde/lib/libkhtml.so.4 #61 0x08850070 in ?? () #62 0x41f192f4 in __JCR_LIST__ () from /opt/kde/lib/libkhtml.so.4 #63 0x00000000 in ?? () #64 0x41cedf91 in DOM::NodeImpl::attach (this=0x0) at dom_nodeimpl.cpp:840 *** Bug 92735 has been marked as a duplicate of this bug. *** *** Bug 88778 has been marked as a duplicate of this bug. *** *** Bug 93415 has been marked as a duplicate of this bug. *** Backtrace with HEAD:
#0 0x4177b6b1 in kill () from /lib/libc.so.6
#1 0x4153a771 in pthread_kill () from /lib/libpthread.so.0
#2 0x4153aa7b in raise () from /lib/libpthread.so.0
#3 0x4177b444 in raise () from /lib/libc.so.6
#4 0x4177c978 in abort () from /lib/libc.so.6
#5 0x41774b3f in __assert_fail () from /lib/libc.so.6
#6 0x41ecd099 in DOM::NodeImpl::attach (this=0x8624ec8) at dom_nodeimpl.cpp:843
#7 0x41ece4c1 in DOM::NodeBaseImpl::attach (this=0x8624ec8) at dom_nodeimpl.cpp:1333
#8 0x41eff981 in DOM::HTMLImageElementImpl::attach (this=0x8624ec8) at html_imageimpl.cpp:184
#9 0x41ee64d6 in khtml::KHTMLParser::insertNode (this=0x8296210, n=0x8624ec8, flat=true)
at htmlparser.cpp:328
#10 0x41ee6359 in khtml::KHTMLParser::parseToken (this=0x8296210, t=0x831fcf4) at htmlparser.cpp:278
#11 0x41eeed57 in khtml::HTMLTokenizer::processToken (this=0x831fcc0) at htmltokenizer.cpp:1612
#12 0x41eed75f in khtml::HTMLTokenizer::parseTag (this=0x831fcc0, src=@0x831fdd4) at htmltokenizer.cpp:1125
#13 0x41eee13d in khtml::HTMLTokenizer::write (this=0x831fcc0, str=@0xbfffc940, appendData=false)
at htmltokenizer.cpp:1380
#14 0x41eef390 in khtml::HTMLTokenizer::notifyFinished (this=0x831fcc0) at htmltokenizer.cpp:1681
#15 0x41fa9cb9 in khtml::CachedScript::checkNotify (this=0x830eac0) at loader.cpp:328
#16 0x41fa9c3d in khtml::CachedScript::data (this=0x830eac0, buffer=@0x830ebd4, eof=true) at loader.cpp:320
#17 0x41fad6e2 in khtml::Loader::slotFinished (this=0x82853f0, job=0x857b4e0) at loader.cpp:1100
#18 0x41faf417 in khtml::Loader::qt_invoke (this=0x82853f0, _id=2, _o=0xbfffcb80) at loader.moc:260
#19 0x40eeba21 in QObject::activate_signal (this=0x857b4e0, clist=0x8325d98, o=0xbfffcb80)
at kernel/qobject.cpp:2357
#20 0x403c8b11 in KIO::Job::result (this=0x857b4e0, t0=0x857b4e0) at jobclasses.moc:156
#21 0x403b4342 in KIO::Job::emitResult (this=0x857b4e0) at job.cpp:216
#22 0x403b592c in KIO::SimpleJob::slotFinished (this=0x857b4e0) at job.cpp:533
#23 0x403b7c75 in KIO::TransferJob::slotFinished (this=0x857b4e0) at job.cpp:893
#24 0x403cb2a6 in KIO::TransferJob::qt_invoke (this=0x857b4e0, _id=17, _o=0xbfffce50) at jobclasses.moc:1050
#25 0x40eeba21 in QObject::activate_signal (this=0x8366528, clist=0x82eee28, o=0xbfffce50)
at kernel/qobject.cpp:2357
#26 0x40eeb8c1 in QObject::activate_signal (this=0x8366528, signal=6) at kernel/qobject.cpp:2326
#27 0x403a7129 in KIO::SlaveInterface::finished (this=0x8366528) at slaveinterface.moc:226
#28 0x403a57d8 in KIO::SlaveInterface::dispatch (this=0x8366528, _cmd=104, rawdata=@0xbfffd020)
---Type <return> to continue, or q <return> to quit---
at slaveinterface.cpp:237
#29 0x403a547a in KIO::SlaveInterface::dispatch (this=0x8366528) at slaveinterface.cpp:173
#30 0x403a2f9b in KIO::Slave::gotInput (this=0x8366528) at slave.cpp:300
#31 0x403a497f in KIO::Slave::qt_invoke (this=0x8366528, _id=4, _o=0xbfffd150) at slave.moc:113
#32 0x40eeba21 in QObject::activate_signal (this=0x835f4e8, clist=0x82f7180, o=0xbfffd150)
at kernel/qobject.cpp:2357
#33 0x40eebd74 in QObject::activate_signal (this=0x835f4e8, signal=2, param=25) at kernel/qobject.cpp:2450
#34 0x4124dbed in QSocketNotifier::activated (this=0x835f4e8, t0=25)
at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#35 0x40f0bcf3 in QSocketNotifier::event (this=0x835f4e8, e=0xbfffd400) at kernel/qsocketnotifier.cpp:280
#36 0x40e885f1 in QApplication::internalNotify (this=0xbfffd7f0, receiver=0x835f4e8, e=0xbfffd400)
at kernel/qapplication.cpp:2635
#37 0x40e87b29 in QApplication::notify (this=0xbfffd7f0, receiver=0x835f4e8, e=0xbfffd400)
at kernel/qapplication.cpp:2358
#38 0x409bd5ef in KApplication::notify (this=0xbfffd7f0, receiver=0x835f4e8, event=0xbfffd400)
at kapplication.cpp:516
#39 0x4008ada2 in QApplication::sendEvent (receiver=0x835f4e8, event=0xbfffd400) at qapplication.h:491
#40 0x40e76e0d in QEventLoop::activateSocketNotifiers (this=0x809d728) at kernel/qeventloop_unix.cpp:580
#41 0x40e2f7eb in QEventLoop::processEvents (this=0x809d728, flags=4) at kernel/qeventloop_x11.cpp:383
#42 0x40e9cbd1 in QEventLoop::enterLoop (this=0x809d728) at kernel/qeventloop.cpp:198
#43 0x40e9caea in QEventLoop::exec (this=0x809d728) at kernel/qeventloop.cpp:145
#44 0x40e8875d in QApplication::exec (this=0xbfffd7f0) at kernel/qapplication.cpp:2758
#45 0x400758d7 in kdemain (argc=1, argv=0xbfffd944) at konq_main.cc:204
#46 0x080486b6 in main (argc=1, argv=0xbfffd944) at konqueror.la.cc:2
I can't make Konq crash. My system: Qt: 3.3.3 KDE: 3.3.1 Konqueror: 3.3.1 gcc (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) The above URL's work here too.. Qt: 3.3.3 KDE: 3.3.1 Fedora Core 3, ( kde-redhat apt repo ) I could only get it to crash using the second method, i.e. going to: http://www.ikea.de/webapp/wcs/stores/servlet/CategoryDisplay?catalogId=10101&storeId=5&categoryId=10411&langId=-3&parentCats=10104*10173*10411&chapterId=10437&cattype=sub and clicking on "IVAR Seitenteil 6,00". *** Bug 94642 has been marked as a duplicate of this bug. *** *** Bug 95043 has been marked as a duplicate of this bug. *** *** Bug 94960 has been marked as a duplicate of this bug. *** *** Bug 83272 has been marked as a duplicate of this bug. *** Using konqueror 3.3.91 compiled from CVS Head. I just got a konqueror crash which to me resembles this bug. I provide my backtrace and the konsole output, showing the web I was visiting: Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1220036800 (LWP 9462)] [KCrash handler] #4 0xffffe410 in __kernel_vsyscall () #5 0x4f94d805 in raise () from /lib/tls/i686/cmov/libc.so.6 #6 0x4f94ef82 in abort () from /lib/tls/i686/cmov/libc.so.6 #7 0x4f9472a8 in __assert_fail () from /lib/tls/i686/cmov/libc.so.6 #8 0xb6dbf25e in DOM::NodeImpl::attach () from /home/pleira/big/build/lib/libkhtml.so.4 #9 0xb6dc010a in DOM::NodeBaseImpl::attach () from /home/pleira/big/build/lib/libkhtml.so.4 #10 0xb6df0cb5 in DOM::HTMLImageElementImpl::attach () from /home/pleira/big/build/lib/libkhtml.so.4 #11 0xb6dbf9cf in DOM::NodeBaseImpl::insertBefore () from /home/pleira/big/build/lib/libkhtml.so.4 #12 0xb6f43d72 in DOM::Node::insertBefore () from /home/pleira/big/build/lib/libkhtml.so.4 #13 0xb6eafe1a in KJS::DOMNodeProtoFunc::tryCall () from /home/pleira/big/build/lib/libkhtml.so.4 #14 0xb6eaa30e in KJS::DOMFunction::call () from /home/pleira/big/build/lib/libkhtml.so.4 #15 0xb6c76e7e in KJS::Object::call () from /home/pleira/big/build/lib/libkjs.so.1 #16 0xb6c40f43 in KJS::FunctionCallNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #17 0xb6c4541a in KJS::ExprStatementNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #18 0xb6c45755 in KJS::IfNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #19 0xb6c4bbbc in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #20 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #21 0xb6c4b073 in KJS::FunctionBodyNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #22 0xb6c71ecc in KJS::DeclaredFunctionImp::execute () from /home/pleira/big/build/lib/libkjs.so.1 #23 0xb6c712dc in KJS::FunctionImp::call () from /home/pleira/big/build/lib/libkjs.so.1 #24 0xb6c76e7e in KJS::Object::call () from /home/pleira/big/build/lib/libkjs.so.1 #25 0xb6c40f43 in KJS::FunctionCallNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #26 0xb6c438b4 in KJS::AssignNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #27 0xb6c4541a in KJS::ExprStatementNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #28 0xb6c4bbbc in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #29 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #30 0xb6c45755 in KJS::IfNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #31 0xb6c4bbbc in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #32 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #33 0xb6c461a3 in KJS::WhileNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #34 0xb6c4bbbc in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #35 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #36 0xb6c4b073 in KJS::FunctionBodyNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #37 0xb6c71ecc in KJS::DeclaredFunctionImp::execute () from /home/pleira/big/build/lib/libkjs.so.1 #38 0xb6c712dc in KJS::FunctionImp::call () from /home/pleira/big/build/lib/libkjs.so.1 #39 0xb6c76e7e in KJS::Object::call () from /home/pleira/big/build/lib/libkjs.so.1 #40 0xb6c40f43 in KJS::FunctionCallNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #41 0xb6c438b4 in KJS::AssignNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #42 0xb6c4541a in KJS::ExprStatementNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #43 0xb6c4bbbc in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #44 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #45 0xb6c45755 in KJS::IfNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #46 0xb6c4bb46 in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #47 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #48 0xb6c4b073 in KJS::FunctionBodyNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #49 0xb6c71ecc in KJS::DeclaredFunctionImp::execute () from /home/pleira/big/build/lib/libkjs.so.1 #50 0xb6c712dc in KJS::FunctionImp::call () from /home/pleira/big/build/lib/libkjs.so.1 #51 0xb6c76e7e in KJS::Object::call () from /home/pleira/big/build/lib/libkjs.so.1 #52 0xb6c40f43 in KJS::FunctionCallNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #53 0xb6c4541a in KJS::ExprStatementNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #54 0xb6c45755 in KJS::IfNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #55 0xb6c4bbbc in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #56 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #57 0xb6c4b073 in KJS::FunctionBodyNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #58 0xb6c71ecc in KJS::DeclaredFunctionImp::execute () from /home/pleira/big/build/lib/libkjs.so.1 #59 0xb6c712dc in KJS::FunctionImp::call () from /home/pleira/big/build/lib/libkjs.so.1 #60 0xb6c76e7e in KJS::Object::call () from /home/pleira/big/build/lib/libkjs.so.1 #61 0xb6c40f43 in KJS::FunctionCallNode::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #62 0xb6c4541a in KJS::ExprStatementNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #63 0xb6c4bb46 in KJS::SourceElementsNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #64 0xb6c4523d in KJS::BlockNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #65 0xb6c4b073 in KJS::FunctionBodyNode::execute () from /home/pleira/big/build/lib/libkjs.so.1 #66 0xb6c6585d in KJS::InterpreterImp::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #67 0xb6c78dba in KJS::Interpreter::evaluate () from /home/pleira/big/build/lib/libkjs.so.1 #68 0xb6f052ed in KJS::KJSProxyImpl::evaluate () from /home/pleira/big/build/lib/libkhtml.so.4 #69 0xb6d67c37 in KHTMLPart::executeScript () from /home/pleira/big/build/lib/libkhtml.so.4 #70 0xb6ef6fb9 in KJS::ScheduledAction::execute () from /home/pleira/big/build/lib/libkhtml.so.4 #71 0xb6ef83ee in KJS::WindowQObject::timerEvent () from /home/pleira/big/build/lib/libkhtml.so.4 #72 0x42adc633 in QObject::event () from /usr/share/qt3/lib/libqt-mt.so.3 #73 0x42a8245f in QApplication::internalNotify () from /usr/share/qt3/lib/libqt-mt.so.3 #74 0x42a81a5e in QApplication::notify () from /usr/share/qt3/lib/libqt-mt.so.3 #75 0xb759fc92 in KApplication::notify () from /home/pleira/big/build/lib/libkdecore.so.4 #76 0x42a71c85 in QEventLoop::activateTimers () from /usr/share/qt3/lib/libqt-mt.so.3 #77 0x42a2b4cb in QEventLoop::processEvents () from /usr/share/qt3/lib/libqt-mt.so.3 #78 0x42a947b8 in QEventLoop::enterLoop () from /usr/share/qt3/lib/libqt-mt.so.3 #79 0x42a94668 in QEventLoop::exec () from /usr/share/qt3/lib/libqt-mt.so.3 #80 0x42a826b1 in QApplication::exec () from /usr/share/qt3/lib/libqt-mt.so.3 #81 0xb7f666a8 in kdemain () from /home/pleira/big/build/lib/libkdeinit_konqueror.so #82 0x0804866b in main () The output in the konsole shows: libkonq: ## addToHistory: http://www.spasa.es/contenidos/content.asp?contentid=251&nodeid=239 Typed URL: http://www.spasa.es/contenidos/content.asp?contentid=251&nodeid=239, Title: konqueror: KonqMainWindow::openView ok=true bOthersFollowed=false returning true kio (Scheduler): Resume metadata is '' kio (Scheduler): HOLD: Reusing held slave for http://www.spasa.es/contenidos/content.asp?contentid=251&nodeid=239 konqueror: KonqMainWindow::slotRunFinished() khtml (html): using compatibility parseMode konqueror: KonqMainWindow::setCaption(Web del Grupo Aciturri - Procesos de Automatización y Robotización) khtml (jscript): WARNING: Script threw exception: TypeError: Attempted to access 'pixelLeft' property on undefined object (result of expression this.css.pixelLeft) khtml (part): saveState this=0x8cf09b0 '' saving URL http://www.spasa.es/contenidos/content.asp?contentid=251&nodeid=239 libkonq: ## addToHistory: http://www.spasa.es/contenidos/content.asp?contentid=251&nodeid=239 Typed URL: , Title: Web del Grupo Aciturri - Procesos de Automatización y Robotización konqueror: /home/pleira/big/kdecvs/kdelibs/khtml/xml/dom_nodeimpl.cpp:851: virtual void DOM::NodeImpl::attach(): La declaración `!attached()' no se cumple. KCrash: crashing... crashRecursionCounter = 2 KCrash: Application Name = konqueror path = <unknown> pid = 8206 *** Bug 98584 has been marked as a duplicate of this bug. *** I can obtain a crash too with this url http://www.radio404.org It seems that Kaffeine player is involved in the crash, I have konqueror 3.3.2 Console output : konqueror: KaffeinePart: Creating new KaffeinePart... konqueror: KaffeinePart: Argument: align="center" konqueror: KaffeinePart: Argument: height="25" konqueror: KaffeinePart: Argument: src="http://www.erreur404.org/html2/real.rpm" konqueror: KaffeinePart: Argument: width="100" konqueror: KaffeinePart: Argument: autostart="false" konqueror: KaffeinePart: Found parameter autoStart=false, disable autostart konqueror: KaffeinePart: Argument: controls="ControlPanel" konqueror: KaffeinePart: Not an ImageWindow object konqueror: KaffeinePart: Argument: __KHTML__PLUGINEMBED="YES" konqueror: KaffeinePart: Argument: __KHTML__PLUGINBASEURL="http://www.erreur404.org/html2/radio.php3" KCrash: Application 'konqueror' crashing... Stack call (no debugging symbols found) Using host libthread_db library "/lib/tls/libthread_db.so.1". (no debugging symbols found) ... (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1232087360 (LWP 2538)] (no debugging symbols found) ... (no debugging symbols found) [KCrash handler] #7 0xb623d526 in khtml::RenderPart::setWidget () from /opt/kde/lib/libkhtml.so.4 #8 0xb618146b in KHTMLPart::processObjectRequest () from /opt/kde/lib/libkhtml.so.4 #9 0xb61822dc in KHTMLRun::foundMimeType () from /opt/kde/lib/libkhtml.so.4 #10 0xb7e8333d in KParts::BrowserRun::slotBrowserMimetype () from /opt/kde/lib/libkparts.so.2 #11 0xb7e854a9 in KParts::BrowserRun::qt_invoke () from /opt/kde/lib/libkparts.so.2 #12 0xb615783b in KHTMLRun::qt_invoke () from /opt/kde/lib/libkhtml.so.4 #13 0xb70a6f44 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3 #14 0xb7c44a39 in KIO::TransferJob::mimetype () from /opt/kde/lib/libkio.so.4 #15 0xb7c44ab2 in KIO::TransferJob::slotMimetype () from /opt/kde/lib/libkio.so.4 #16 0xb7c6d38e in KIO::TransferJob::qt_invoke () from /opt/kde/lib/libkio.so.4 #17 0xb70a6f44 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3 #18 0xb70a722b in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3 #19 0xb7c3e5e3 in KIO::SlaveInterface::mimeType () from /opt/kde/lib/libkio.so.4 #20 0xb7c8b3dc in KIO::SlaveInterface::dispatch () from /opt/kde/lib/libkio.so.4 #21 0xb7c6b703 in KIO::SlaveInterface::dispatch () from /opt/kde/lib/libkio.so.4 #22 0xb7c6228b in KIO::Slave::gotInput () from /opt/kde/lib/libkio.so.4 #23 0xb7c69ea8 in KIO::Slave::qt_invoke () from /opt/kde/lib/libkio.so.4 #24 0xb70a6f44 in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3 #25 0xb70a756b in QObject::activate_signal () from /opt/qt/lib/libqt-mt.so.3 #26 0xb73fcfb0 in QSocketNotifier::activated () from /opt/qt/lib/libqt-mt.so.3 #27 0xb70c3f70 in QSocketNotifier::event () from /opt/qt/lib/libqt-mt.so.3 #28 0xb704353f in QApplication::internalNotify () from /opt/qt/lib/libqt-mt.so.3 #29 0xb7043732 in QApplication::notify () from /opt/qt/lib/libqt-mt.so.3 #30 0xb7784b15 in KApplication::notify () from /opt/kde/lib/libkdecore.so.4 #31 0xb7036ce3 in QEventLoop::activateSocketNotifiers () from /opt/qt/lib/libqt-mt.so.3 #32 0xb6fefce2 in QEventLoop::processEvents () from /opt/qt/lib/libqt-mt.so.3 #33 0xb7059bb1 in QEventLoop::enterLoop () from /opt/qt/lib/libqt-mt.so.3 #34 0xb7059b06 in QEventLoop::exec () from /opt/qt/lib/libqt-mt.so.3 #35 0xb70426af in QApplication::exec () from /opt/qt/lib/libqt-mt.so.3 #36 0xb7fc3acc in kdemain () from /opt/kde/lib/libkdeinit_konqueror.so #37 0x080486be in ?? () #38 0x00000001 in ?? () #39 0xbffff774 in ?? () #40 0x080497b8 in ?? () #41 0xb6a6dff8 in __elf_set___libc_thread_subfreeres_element___rpc_thread_destroy__ () from /lib/tls/libc.so.6 #42 0x00000000 in ?? () #43 0xb8000440 in __stack_prot () from /lib/ld-linux.so.2 #44 0xbffff748 in ?? () #45 0xb696d19d in __libc_start_main () from /lib/tls/libc.so.6 #46 0xb696d19d in __libc_start_main () from /lib/tls/libc.so.6 #47 0x08048601 in ?? () *** Bug 100199 has been marked as a duplicate of this bug. *** *** Bug 95547 has been marked as a duplicate of this bug. *** *** Bug 95469 has been marked as a duplicate of this bug. *** *** Bug 77250 has been marked as a duplicate of this bug. *** *** Bug 89038 has been marked as a duplicate of this bug. *** CVS commit by ggarand:
fix crashes
BUG: 78205
CCBUG: 84173
M +7 -5 html_imageimpl.cpp 1.150
--- kdelibs/khtml/html/html_imageimpl.cpp #1.149:1.150
@@ -182,7 +182,6 @@ void HTMLImageElementImpl::attach()
{
m_render = new (getDocument()->renderArena()) RenderImage(this);
- m_render->setStyle(getDocument()->styleSelector()->styleForElement(this));
+ m_render->setStyle(_style);
parentNode()->renderer()->addChild(m_render, nextRenderer());
- m_render->updateFromElement();
}
_style->deref();
@@ -187,6 +186,7 @@ void HTMLImageElementImpl::attach()
}
_style->deref();
-
NodeBaseImpl::attach();
+ if (m_render)
+ m_render->updateFromElement();
}
@@ -202,5 +202,6 @@ long HTMLImageElementImpl::width() const
}
- return m_render->contentWidth();
+ return m_render ? m_render->contentWidth() :
+ getAttribute(ATTR_WIDTH).toInt();
}
@@ -216,5 +217,6 @@ long HTMLImageElementImpl::height() cons
}
- return m_render->contentHeight();
+ return m_render ? m_render->contentHeight() :
+ getAttribute(ATTR_HEIGHT).toInt();
}
CVS commit by ggarand:
backport crash fix
CCBUG: 78205, 84173
M +7 -5 html_imageimpl.cpp 1.149.2.1
--- kdelibs/khtml/html/html_imageimpl.cpp #1.149:1.149.2.1
@@ -182,7 +182,6 @@ void HTMLImageElementImpl::attach()
{
m_render = new (getDocument()->renderArena()) RenderImage(this);
- m_render->setStyle(getDocument()->styleSelector()->styleForElement(this));
+ m_render->setStyle(_style);
parentNode()->renderer()->addChild(m_render, nextRenderer());
- m_render->updateFromElement();
}
_style->deref();
@@ -187,6 +186,7 @@ void HTMLImageElementImpl::attach()
}
_style->deref();
-
NodeBaseImpl::attach();
+ if (m_render)
+ m_render->updateFromElement();
}
@@ -202,5 +202,6 @@ long HTMLImageElementImpl::width() const
}
- return m_render->contentWidth();
+ return m_render ? m_render->contentWidth() :
+ getAttribute(ATTR_WIDTH).toInt();
}
@@ -216,5 +217,6 @@ long HTMLImageElementImpl::height() cons
}
- return m_render->contentHeight();
+ return m_render ? m_render->contentHeight() :
+ getAttribute(ATTR_HEIGHT).toInt();
}
*** Bug 111062 has been marked as a duplicate of this bug. *** I have just recently run into a similar problem. Starting today, anytime I go to Yahoo to check my mail, I get a SIGSEGV seg fault. |