Bug 89277

Summary: [test case] konqueror crash viewing tv.seznam.cz
Product: [Applications] konqueror Reporter: Pavel Troller <patrol>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: VERIFIED FIXED    
Severity: crash CC: glux, gschintgen, huelyn, lukas, pink
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Pavel Troller 2004-09-11 06:46:41 UTC 
Version:            (using KDE KDE 3.3.0)
Installed from:    Compiled From Sources
Compiler:          gcc-3.3.3 
OS:                Linux

When accessing tv.seznam.cz, the page starts to render with visible errors (text overtyped, wrongly placed etc.) and after a short while, before the rendering is finalized, konq crashes with SIGABRT. Because it's compiled for a production system, I don't have full debug info/bt available, but the partial bt shows that it's an assert in QPtrDict<QWidget>::deleteItem (), called from khtml::RenderBlock (). The crash is 100% reproducible here. Mozilla renders the same page OK. Using the latest CVS (updated 11.09.04) from KDE_3_3_BRANCH.
Comment 1 Dik Takken 2004-09-12 22:16:53 UTC 
Confirmed on KDE 3.3.0.
Comment 2 Tommi Tervo 2004-09-13 12:22:02 UTC 
#5  0x41618b3f in __assert_fail () from /lib/libc.so.6
#6  0x41cb45ee in DOM::ElementImpl::attach (this=0x83b76d0)
    at dom_elementimpl.cpp:468
#7  0x41caf552 in DOM::NodeBaseImpl::attach (this=0x8315828)
    at dom_nodeimpl.cpp:1295
#8  0x41cb4763 in DOM::ElementImpl::attach (this=0x8315828)
    at dom_elementimpl.cpp:485
#9  0x41caf22f in DOM::NodeBaseImpl::appendChild (this=0x840fe70,
    newChild=0x8315828, exceptioncode=@0xbfffd9fc) at dom_nodeimpl.cpp:1203
#10 0x41e2e17e in DOM::Node::appendChild (this=0xbfffdb30,
    newChild=@0xbfffdad0) at dom_node.cpp:292
#11 0x41d93f24 in KJS::DOMNodeProtoFunc::tryCall (this=0x83d8e68,
    exec=0xbfffe1e0, thisObj=@0xbfffdcb0, args=@0xbfffdd00) at kjs_dom.cpp:481
#12 0x41d8ee48 in KJS::DOMFunction::call (this=0x83d8e68, exec=0xbfffe1e0,
    thisObj=@0xbfffdcb0, args=@0xbfffdd00) at kjs_binding.cpp:109
#13 0x41f4c5bc in KJS::Object::call (this=0xbfffdce0, exec=0xbfffe1e0,
    thisObj=@0xbfffdcb0, args=@0xbfffdd00) at object.cpp:70
#14 0x41f1bc64 in KJS::FunctionCallNode::evaluate (this=0x8570980,
    exec=0xbfffe1e0) at nodes.cpp:850
Comment 3 lexual 2004-11-27 09:49:03 UTC 
kde 3.3.1: loaded page without crashing
Comment 4 Pavel Troller 2004-11-27 10:25:14 UTC 
It's true, but because they changed the pages. http://tv.seznam.cz is a link to http://www.novinky.cz/tv_program and http://www.novinky.cz still crashes because  they still contain the bug invoking code. Please try to reload the page if it doesn't crash for the first time, it seems to be a bit dynamic (maybe the page differs from case to case depending on the ads shown etc). The problem is definitely not solved even in the current 3_3_BRANCH CVS. Regards, Pavel Troller
Comment 5 Niels 2004-11-27 17:20:05 UTC 
On my 3.3.1:

http://www.novinky.cz/tv_program doesn't crash, but has overlapping text. Doesn't validate at w3c.

http://www.novinky.cz/ doesn't crash and renders correctly.
Comment 6 Pavel Troller 2004-11-28 06:54:14 UTC 
You're the happy one. www.novinky.cz crashes here. Tested on a 3_3_BRANCH snapshot taken 041128 at 5:30. Crashed for the first time. The page seems to be fully loaded and then it crashes with SIGABRT. More people willing to test ? Regards, Pavel Troller
Comment 7 Tommi Tervo 2004-11-29 09:24:11 UTC 
I'd to first go to  http://tv.seznam.cz and then to http://www.novinky.cz/
to reproduce this crash. CVS HEAD from last friday.
Comment 8 Stephan Kulow 2004-11-29 12:00:11 UTC 
it might not crash for Niels because he didn't compile with --enable-debug - i.e. doesn't have assert calls killing application
Comment 9 Niels 2004-11-30 03:45:05 UTC 
Indeed. I'll go stand in the corner.
Comment 10 Tommi Tervo 2005-03-15 10:19:19 UTC 
*** Bug 101512 has been marked as a duplicate of this bug. ***
Comment 11 Tommi Tervo 2005-03-15 10:23:10 UTC 
*** Bug 99480 has been marked as a duplicate of this bug. ***
Comment 12 Tommi Tervo 2005-03-15 10:25:30 UTC 
Testcase from #99854
http://bugs.kde.org/attachment.cgi?id=9740&action=view
Comment 13 Stephan Kulow 2005-04-13 19:25:28 UTC 
*** Bug 103808 has been marked as a duplicate of this bug. ***
Comment 14 Tommi Tervo 2005-05-23 10:44:10 UTC 
*** Bug 106113 has been marked as a duplicate of this bug. ***
Comment 15 George Staikos 2005-06-15 14:37:53 UTC 
Apparently I just fixed this in HEAD. :-)
Comment 16 Thiago Macieira 2006-01-24 19:09:18 UTC 
*** Bug 120649 has been marked as a duplicate of this bug. ***
Comment 17 Lukáš Tinkl 2006-01-25 00:13:31 UTC 
Verified for 3.5 branch