Bug 86973

Summary: [test case] crash in khtml::renderBlock::makeChildrenNonInline on immonet.de
Product: [Applications] konqueror Reporter: Oswald Buddenhagen <ossi>
Component: khtml rendererAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: kde-bugs, s.carstens
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: testcase attached

Description Oswald Buddenhagen 2004-08-11 13:52:04 UTC 
Version:            (using KDE Devel)
Installed from:    Compiled sources

go to http://www.immonet.de/search.do?objecttype=1&marketingtype=2&city=87372&department=1094 , then click "weiter >>" ... boom.

kdeinit: konqueror --preload: khtml/rendering/render_block.cpp:293: void khtml::RenderBlock::makeChildrenNonInline(khtml::RenderObject*): Assertion `isReplacedBlock() || !isInline()' failed.

#10 0x3becab3f in __assert_fail () from /lib/libc.so.6
#11 0x3c65082e in khtml::RenderBlock::makeChildrenNonInline (this=0x92b9fe8, 
    insertionPoint=0x0) at khtml/rendering/render_block.cpp:293
#12 0x3c650226 in khtml::RenderBlock::addChildToFlow (this=0x92b9fe8, 
    newChild=0x9588384, beforeChild=0x0)
    at khtml/rendering/render_block.cpp:189
#13 0x3c670a90 in khtml::RenderFlow::addChild (this=0x92b9fe8, 
    newChild=0x9588384, beforeChild=0x0) at khtml/rendering/render_flow.cpp:126
#14 0x3c60819b in DOM::ElementImpl::attach (this=0x91c7510)
    at khtml/xml/dom_elementimpl.cpp:479
#15 0x3c648549 in DOM::HTMLTableElementImpl::attach (this=0x91c7510)
    at khtml/html/html_tableimpl.cpp:510
#16 0x3c6027aa in DOM::NodeBaseImpl::attach (this=0x930fe50)
    at khtml/xml/dom_nodeimpl.cpp:1295
#17 0x3c62f1e7 in DOM::HTMLBodyElementImpl::attach (this=0x930fe50)
    at khtml/html/html_baseimpl.cpp:215
#18 0x3c608348 in DOM::ElementImpl::recalcStyle (this=0x930fe50, 
    change=NoChange) at khtml/xml/dom_elementimpl.cpp:520
#19 0x3c628b0a in DOM::HTMLElementImpl::recalcStyle (this=0x930fe50, 
    ch=NoChange) at khtml/html/html_elementimpl.cpp:262
#20 0x3c608459 in DOM::ElementImpl::recalcStyle (this=0x9579718, 
    change=NoChange) at khtml/xml/dom_elementimpl.cpp:547
#21 0x3c628b0a in DOM::HTMLElementImpl::recalcStyle (this=0x9579718, 
    ch=NoChange) at khtml/html/html_elementimpl.cpp:262
#22 0x3c5f4f6f in DOM::DocumentImpl::recalcStyle (this=0x959b900, 
    change=NoChange) at khtml/xml/dom_docimpl.cpp:992
#23 0x3c5f507a in DOM::DocumentImpl::updateRendering (this=0x959b900)
    at khtml/xml/dom_docimpl.cpp:1025
#24 0x3c5f50fa in DOM::DocumentImpl::updateDocumentsRendering ()
    at khtml/xml/dom_docimpl.cpp:1039
#25 0x3c724a42 in KJS::Window::afterScriptExecution (this=0x93310a8)
    at khtml/ecma/kjs_window.cpp:941
#26 0x3c73bfdd in KJS::KJSProxyImpl::evaluate (this=0x9302a10, filename=
      {static null = {static null = <same as static member of an already seen type>, d = 0x8056808, static shared_null = 0x8056808}, d = 0x942cf68, static shared_null = 0x8056808}, baseLine=1, str=@0xafffe590, n=@0xafffe4b0, 
    completion=0xafffe460) at khtml/ecma/kjs_proxy.cpp:164
#27 0x3c5b21a0 in KHTMLPart::executeScript (this=0x9085540, n=@0xafffe4b0, 
    script=@0xafffe590) at khtml/khtml_part.cpp:1024
#28 0x3c5b14fa in KHTMLPart::crossFrameExecuteScript (this=0x9085540, 
    target=@0xafffe5c0, script=@0xafffe590) at khtml/khtml_part.cpp:897
#29 0x3c5bcbcd in KHTMLPart::urlSelected (this=0x9085540, url=@0xafffe6c0, 
    button=1, state=0, _target=@0xafffe6d0, args=<incomplete type>)
    at khtml/khtml_part.cpp:3389
#30 0x3c62aa4c in DOM::HTMLAnchorElementImpl::defaultEventHandler (
    this=0x9299910, evt=0x9083e78) at khtml/html/html_inlineimpl.cpp:154
#31 0x3c600474 in DOM::NodeImpl::dispatchGenericEvent (this=0x92c5b08, 
    evt=0x9083e78) at khtml/xml/dom_nodeimpl.cpp:452
#32 0x3c6000f7 in DOM::NodeImpl::dispatchEvent (this=0x92c5b08, evt=0x9083e78, 
    exceptioncode=@0xafffe898, tempEvent=true)
    at khtml/xml/dom_nodeimpl.cpp:396
#33 0x3c59b6a3 in KHTMLView::dispatchMouseEvent (this=0x9095398, eventId=4, 
    targetNode=0x92c5b08, targetNodeNonShared=0x92c5b08, cancelable=true, 
    detail=1, _mouse=0xafffe950, setUnder=true, mouseEventType=1)
    at khtml/khtmlview.cpp:2467
#34 0x3c595697 in KHTMLView::viewportMouseReleaseEvent (this=0x9095398, 
    _mouse=0xafffeee0) at khtml/khtmlview.cpp:1024
#35 0x3b8a8944 in QScrollView::eventFilter (this=0x9095398, obj=0x9078e60, 
    e=0xafffeee0) at widgets/qscrollview.cpp:1502
#36 0x3c59783f in KHTMLView::eventFilter (this=0x9095398, o=0x9078e60, 
    e=0xafffeee0) at khtml/khtmlview.cpp:1650
#37 0x3b7801ab in QObject::activate_filters (this=0x9078e60, e=0xafffeee0)
    at kernel/qobject.cpp:902
#38 0x3b780029 in QObject::event (this=0x9078e60, e=0xafffeee0)
    at kernel/qobject.cpp:735
#39 0x3b7bb3ad in QWidget::event (this=0x9078e60, e=0xafffeee0)
    at kernel/qwidget.cpp:4653
#40 0x3b71ee5a in QApplication::internalNotify (this=0xaffff500, 
    receiver=0x9078e60, e=0xafffeee0) at kernel/qapplication.cpp:2620
#41 0x3b71e67c in QApplication::notify (this=0xaffff500, receiver=0x9078e60, 
    e=0xafffeee0) at kernel/qapplication.cpp:2406
#42 0x3b267855 in KApplication::notify (this=0xaffff500, receiver=0x9078e60, 
    event=0xafffeee0) at kdecore/kapplication.cpp:495
#43 0x3b6b2146 in QApplication::sendSpontaneousEvent (receiver=0x9078e60, 
    event=0xafffeee0) at qapplication.h:494
#44 0x3b6aaf83 in QETWidget::translateMouseEvent (this=0x9078e60, 
    event=0xaffff290) at kernel/qapplication_x11.cpp:4270
#45 0x3b6a8a80 in QApplication::x11ProcessEvent (this=0xaffff500, 
    event=0xaffff290) at kernel/qapplication_x11.cpp:3421
#46 0x3b6c3e64 in QEventLoop::processEvents (this=0x8170e30, flags=4)
    at kernel/qeventloop_x11.cpp:192
#47 0x3b73360e in QEventLoop::enterLoop (this=0x8170e30)
    at kernel/qeventloop.cpp:198
#48 0x3b733526 in QEventLoop::exec (this=0x8170e30)
    at kernel/qeventloop.cpp:145
#49 0x3b71efc5 in QApplication::exec (this=0xaffff500)
    at kernel/qapplication.cpp:2743
#50 0x3c16b459 in kdemain (argc=2, argv=0x8071c48)
    at konqueror/konq_main.cc:204
#51 0x0804e2c7 in launch (argc=2, _name=0x8071fcc "konqueror", 
    args=0x8071fe0 "\001", cwd=0x0, envc=1, envs=0x8071ff1 "", 
    reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x8053007 "0")
    at kinit/kinit.cpp:599
#52 0x0804f5e8 in handle_launcher_request (sock=8) at kinit/kinit.cpp:1163
#53 0x0804fce0 in handle_requests (waitForPid=0) at kinit/kinit.cpp:1364
#54 0x08051363 in main (argc=3, argv=0xaffffb64, envp=0xaffffb74)
    at kinit/kinit.cpp:1817
Comment 1 Stephan Kulow 2004-08-11 14:18:16 UTC 
Hmm, no bang for me.
Comment 2 Gardner Bell 2004-08-12 16:37:37 UTC 
Crashes here as well cvs HEAD from 2 or 3 days

Using host libthread_db library "/lib/libthread_db.so.1".
[KCrash handler]
#34 0x414f71b1 in kill () from /lib/libc.so.6
#35 0x4138a9c1 in pthread_kill () from /lib/libpthread.so.0
#36 0x4138accb in raise () from /lib/libpthread.so.0
#37 0x414f6df4 in raise () from /lib/libc.so.6
#38 0x414f85a8 in abort () from /lib/libc.so.6
#39 0x414f056c in __assert_fail () from /lib/libc.so.6
#40 0x415f6ee0 in _IO_2_1_stdout_ () from /lib/libc.so.6
#41 0xbffff7e0 in ?? ()
#42 0x415effe6 in in6addr_loopback () from /lib/libc.so.6
#43 0x424e03e0 in khtml::RenderBlock::calcMinMaxWidth()::__PRETTY_FUNCTION__ ()
   from /home/gdcb04/kde-cvs/lib/libkhtml.so.4
#44 0x00000125 in ?? ()
#45 0x424e0140 in khtml::RenderBlock::addChildToFlow(khtml::RenderObject*, khtml::RenderObject*)::__PRETTY_FUNCTION__ ()
   from /home/gdcb04/kde-cvs/lib/libkhtml.so.4
#46 0x415effe6 in in6addr_loopback () from /lib/libc.so.6
#47 0x424e04a0 in khtml::RenderBlock::calcMinMaxWidth()::__PRETTY_FUNCTION__ ()
   from /home/gdcb04/kde-cvs/lib/libkhtml.so.4
#48 0xffffffff in ?? ()
#49 0x087210d8 in ?? ()
#50 0x086e6880 in ?? ()
#51 0x42555728 in __JCR_LIST__ () from /home/gdcb04/kde-cvs/lib/libkhtml.so.4
#52 0x08780770 in ?? ()
#53 0xbfffd608 in ?? ()
#54 0x4238edab in khtml::RenderBlock::makeChildrenNonInline (this=0x620032, 
    insertionPoint=0x72657571)
    at /home/gdcb04/src/kde/kdelibs/khtml/rendering/render_block.cpp:325
Comment 3 Stephan Binner 2004-08-12 18:15:11 UTC 
And you would think that developers are able to file to the right component? :-)
Comment 4 Tommi Tervo 2004-11-05 09:54:15 UTC 
*** Bug 92726 has been marked as a duplicate of this bug. ***
Comment 5 Tommi Tervo 2004-11-05 09:55:37 UTC 
Created attachment 8177 [details]
testcase attached

Testcase from #92726
Comment 6 Tommi Tervo 2004-11-19 13:27:31 UTC 
*** Bug 93573 has been marked as a duplicate of this bug. ***
Comment 7 Allan Sandfeld 2005-01-01 16:23:56 UTC 
I think the crash happens because the container is inline, but gets a tries to noninline its children.
Comment 8 Germain Garand 2005-03-16 22:51:06 UTC 
CVS commit by ggarand: 

fix crashes for fancy body displays

BUG: 86973, 98975


  M +5 -1      html_baseimpl.cpp   1.204


--- kdelibs/khtml/html/html_baseimpl.cpp  #1.203:1.204
@@ -207,5 +207,9 @@ void HTMLBodyElementImpl::attach()
     style->ref();
     if (parentNode()->renderer() && style->display() != NONE) {
+        if (style->display() == BLOCK)
+            // only use the quirky class for block display
         m_render = new (getDocument()->renderArena()) RenderBody(this);
+        else
+            m_render = RenderObject::createObject(this, style);
         m_render->setStyle(style);
         parentNode()->renderer()->addChild(m_render, nextRenderer());
Comment 9 Germain Garand 2005-03-18 17:31:23 UTC 
CVS commit by ggarand: 

backport crash fix
CCBUG: 86973, 98975


  M +5 -1      html_baseimpl.cpp   1.203.2.1


--- kdelibs/khtml/html/html_baseimpl.cpp  #1.203:1.203.2.1
@@ -207,5 +207,9 @@ void HTMLBodyElementImpl::attach()
     style->ref();
     if (parentNode()->renderer() && style->display() != NONE) {
+        if (style->display() == BLOCK)
+            // only use the quirky class for block display
         m_render = new (getDocument()->renderArena()) RenderBody(this);
+        else
+            m_render = RenderObject::createObject(this, style);
         m_render->setStyle(style);
         parentNode()->renderer()->addChild(m_render, nextRenderer());