Bug 91004

Summary: Konqueror crashes when accessing http://www.jyskebank.dk
Product: [Applications] konqueror Reporter: Niels-Holger Pedersen <nhp>
Component: khtmlAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: adasi, aliakc, amitshah, berndzimmer, dawid.ciezarkiewicz, gj, hsanson, jtamate, michaelperik, nl255, yg
Priority: NOR    
Version First Reported In: 3.3   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: valgrind output for project manager .project crash (simillar to this bug crash)
valgrind --num-callers=30 --trace-children=yes --leak-check=full --log-file=/tmp/konqy /opt/kde/bin/konqueror http://www.jyskebank.dk/forside/nykunde/

Description Niels-Holger Pedersen 2004-10-09 14:07:39 UTC 
Version:           3.3 (using KDE 3.3.0, SuSE)
Compiler:          gcc version 3.3.3 (SuSE Linux)
OS:                Linux (i686) release 2.6.5-7.108-default

Every time I visit my banks homepage, http://www.jyskebank.dk, konqueror crashes. It redirects to www.jyskebank.dk/forside/nykunde/, displays a blank page and a spinning wheel for a couple of minutes and then crashes.

I have not compiled KDE myself and cannot provide a backtrack.
Comment 1 Tommi Tervo 2004-10-11 11:44:43 UTC 
Cannot reproduce, site renders fine.
Comment 2 Tommi Tervo 2004-10-25 16:03:48 UTC 
#3  0xb63f5786 in KHTMLView::part (this=0x11) at khtmlview.h:110
#4  0xb64099f5 in DOM::HTMLDocumentImpl::close (this=0x87d0430)
    at html_documentimpl.cpp:285
#5  0xb63984b8 in KHTMLPart::checkEmitLoadEvent (this=0x8490a30)
    at khtml_part.cpp:2175
#6  0xb63974ec in KHTMLPart::slotFinishedParsing (this=0x8490a30)
    at khtml_part.cpp:1918
#7  0xb63af62d in KHTMLPart::qt_invoke (this=0x8490a30, _id=21, _o=0xbfffdc80)
    at khtml_part.moc:489
#8  0xb7180a2c in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#9  0xb7180854 in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#10 0xb63d8378 in DOM::DocumentImpl::finishedParsing (this=0x87d0430)
    at dom_docimpl.moc:86
#11 0xb63d83e9 in DOM::DocumentImpl::qt_emit (this=0x87d0430, _id=2, 
    _o=0xbfffdd90) at dom_docimpl.moc:97
#12 0xb640a4d3 in DOM::HTMLDocumentImpl::qt_emit (this=0x87d0430, _id=2, 
    _o=0xbfffdd90) at html_documentimpl.moc:91
#13 0xb7180a61 in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#14 0xb7180854 in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#15 0xb63ebf04 in khtml::Tokenizer::finishedParsing (this=0x85fc158)
    at xml_tokenizer.moc:82
#16 0xb640005e in khtml::HTMLTokenizer::end (this=0x85fc158)
    at htmltokenizer.cpp:1508
#17 0xb640037e in khtml::HTMLTokenizer::finish (this=0x85fc158)
    at htmltokenizer.cpp:1553
#18 0xb63d2a5f in DOM::DocumentImpl::finishParsing (this=0x87d0430)
    at dom_docimpl.cpp:1215
Comment 3 Tommi Tervo 2004-11-04 10:15:44 UTC 
*** Bug 92664 has been marked as a duplicate of this bug. ***
Comment 4 Stephan Kulow 2004-11-04 16:08:28 UTC 
Hmm, I can't reproduce this. Anything special I need to care for? Do we have a valgrind log from someone who can reproduce it with HEAD? The code looks fine.
Comment 5 Tommi Tervo 2004-11-17 14:56:28 UTC 
Maybe this commit fixes this too?
http://lists.kde.org/?l=kde-cvs&m=110069894521164&w=2
This jyskebank crash is hard to reproduce.
Comment 6 George Staikos 2004-11-17 15:03:03 UTC 
On Wednesday 17 November 2004 08:56, Tommi Tervo wrote:
> ------- Maybe this commit fixes this too?
> http://lists.kde.org/?l=kde-cvs&m=110069894521164&w=2
> This jyskebank crash is hard to reproduce.

  No, unrelated.
Comment 7 Allan Sandfeld 2005-01-10 00:17:27 UTC 
It happens here:
#4  DOM::HTMLDocumentImpl::close (this=0x93aa820) at qstring.h:653
#5  0xb6d4fe4d in KHTMLPart::checkEmitLoadEvent (this=0x934e710)
    at ../../khtml/khtml_part.cpp:2235
#6  0xb6d4f0bf in KHTMLPart::slotFinishedParsing (this=0x934e710)
    at ../../khtml/khtml_part.cpp:1972
#7  0xb6d6c4b9 in KHTMLPart::qt_invoke (this=0x934e710, _id=20, _o=0xbfffd330)
    at khtml_part.moc:491
Comment 8 Andrew Coles 2005-05-24 15:48:16 UTC 
Valgrind trace from SVN head:

==21694==
==21694== Invalid read of size 4
==21694==    at 0x1DFCFAE8: DOM::DocumentImpl::view() const (dom_docimpl.h:225)
==21694==    by 0x1DF7E429: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2288)
==21694==    by 0x1DF7D56F: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2025)
==21694==    by 0x1DF9787E: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:497)
==21694==    by 0x1C8531AC: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2355)
==21694==    by 0x1C85304C: QObject::activate_signal(int) (qobject.cpp:2324)
==21694==    by 0x1DFCD7A5: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==21694==    by 0x1DFCD816: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==21694==    by 0x1E005644: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==21694==    by 0x1C853180: QObject::activate_signal(QConnectionList*, QUObject*) (qobject.cpp:2353)
==21694==    by 0x1C85304C: QObject::activate_signal(int) (qobject.cpp:2324)
==21694==    by 0x1DFE87AD: khtml::Tokenizer::finishedParsing() (xml_tokenizer.moc:82)
==21694==    by 0x1DFF8875: khtml::HTMLTokenizer::end() (htmltokenizer.cpp:1529)
==21694==    by 0x1DFF8BE3: khtml::HTMLTokenizer::finish() (htmltokenizer.cpp:1578)
==21694==    by 0x1DFC79A8: DOM::DocumentImpl::finishParsing() (dom_docimpl.cpp:1227)
==21694==    by 0x1DF7D10E: KHTMLPart::end() (khtml_part.cpp:1963)
==21694==  Address 0x1E96D11C is 92 bytes inside a block of size 760 free'd
==21694==    at 0x1B906CA8: operator delete(void*) (vg_replace_malloc.c:155)
==21694==    by 0x1E00368B: DOM::HTMLDocumentImpl::~HTMLDocumentImpl() (html_documentimpl.cpp:92)
==21694==    by 0x1DF68871: khtml::TreeShared<DOM::NodeImpl>::deref() (shared.h:38)
==21694==    by 0x1DF7A53A: KHTMLPart::clear() (khtml_part.cpp:1409)
==21694==    by 0x1DF7C7A1: KHTMLPart::begin(KURL const&, int, int) (khtml_part.cpp:1835)
==21694==    by 0x1DF89B34: KHTMLPart::processObjectRequest(khtml::ChildFrame*, KURL const&, QString const&) (khtml_part.cpp:4497)
==21694==    by 0x1DF88DDA: KHTMLPart::requestObject(khtml::ChildFrame*, KURL const&, KParts::URLArgs const&) (khtml_part.cpp:4302)
==21694==    by 0x1DF881B7: KHTMLPart::requestFrame(khtml::RenderPart*, QString const&, QString const&, QStringList const&, bool) (khtml_part.cpp:4222)
==21694==    by 0x1E08AD5E: khtml::RenderPartObject::updateWidget() (render_frames.cpp:603)
==21694==    by 0x1E0093BE: DOM::HTMLIFrameElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_baseimpl.cpp:636)
==21694==    by 0x1DFDBA90: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:582)
==21694==    by 0x1E00026D: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:262)
==21694==    by 0x1DFDBA90: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:582)
==21694==    by 0x1E00026D: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:262)
==21694==    by 0x1DFDBA90: DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (dom_elementimpl.cpp:582)
==21694==    by 0x1E00026D: DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange) (html_elementimpl.cpp:262)
Comment 9 Tommi Tervo 2005-06-03 12:01:15 UTC 
*** Bug 106694 has been marked as a duplicate of this bug. ***
Comment 10 Grzegorz Jaskiewicz 2005-06-05 04:34:21 UTC 
Created attachment 11331 [details]
valgrind output for project manager .project crash (simillar to this bug crash)
Comment 11 Grzegorz Jaskiewicz 2005-06-05 04:51:51 UTC 
Created attachment 11332 [details]
 valgrind --num-callers=30 --trace-children=yes --leak-check=full  --log-file=/tmp/konqy /opt/kde/bin/konqueror  http://www.jyskebank.dk/forside/nykunde/
Comment 12 Thiago Macieira 2005-06-20 13:39:36 UTC 
*** Bug 102975 has been marked as a duplicate of this bug. ***
Comment 13 Thiago Macieira 2005-06-20 13:41:48 UTC 
Bug #102975 has backtraces with line numbers and valgrind outputs. Maybe they can be of help.
Comment 14 Thiago Macieira 2005-06-20 13:42:01 UTC 
*** Bug 107769 has been marked as a duplicate of this bug. ***
Comment 15 Tommi Tervo 2005-07-25 15:36:19 UTC 
*** Bug 109561 has been marked as a duplicate of this bug. ***
Comment 16 Henk Poley 2005-07-25 16:09:57 UTC 
Just a datapoint: Contrairy to the http://virtualearth.msn.com/ crash (Bug 109561) I can not reproduce a crash on http://www.jyskebank.dk/, http://www.prensa.com/ does give me crash.
Comment 17 Tommi Tervo 2005-07-26 13:54:14 UTC 
*** Bug 107097 has been marked as a duplicate of this bug. ***
Comment 18 Tommi Tervo 2005-07-28 10:32:30 UTC 
*** Bug 109714 has been marked as a duplicate of this bug. ***
Comment 19 Tommi Tervo 2005-09-23 19:50:38 UTC 
*** Bug 112484 has been marked as a duplicate of this bug. ***
Comment 20 Tommi Tervo 2005-10-03 22:10:52 UTC 
*** Bug 113793 has been marked as a duplicate of this bug. ***
Comment 21 Ali Akcaagac 2005-11-15 16:22:46 UTC 
Hello, Someone from #kde just informed me about this bug (the dupe to 112484) and I must say, that I am getting this bug myself even with SVN 3.5 branch (compiled 2 days ago). I would like to urge a fix before final 3.5 release. Here my backtrace.

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 1202)]
[KCrash handler]
#5  0xb5ffbaa4 in DOM::HTMLDocumentImpl::close (this=0x98272d8)
    at html_documentimpl.cpp:279
#6  0xb5f80278 in KHTMLPart::checkEmitLoadEvent (this=0x9843e80)
    at khtml_part.cpp:2324
#7  0xb5f81ac6 in KHTMLPart::slotFinishedParsing (this=0x9843e80)
    at khtml_part.cpp:2061
#8  0xb5f91036 in KHTMLPart::qt_invoke (this=0x9843e80, _id=20, _o=0xbfdc4e5c)
    at khtml_part.moc:505
#9  0xb743463f in QObject::activate_signal (this=0x98272d8, clist=0x9654430, 
    o=0xbfdc4e5c) at kernel/qobject.cpp:2356
#10 0xb74350d0 in QObject::activate_signal (this=0x98272d8, signal=2)
    at kernel/qobject.cpp:2325
#11 0xb5fbfc86 in DOM::DocumentImpl::finishedParsing (this=0x98272d8)
    at dom_docimpl.moc:86
#12 0xb5fbfcd7 in DOM::DocumentImpl::qt_emit (this=0x98272d8, _id=2, 
    _o=0xbfdc4f5c) at dom_docimpl.moc:97
#13 0xb5ffca7b in DOM::HTMLDocumentImpl::qt_emit (this=0x98272d8, _id=2, 
    _o=0xbfdc4f5c) at html_documentimpl.moc:91
#14 0xb7434613 in QObject::activate_signal (this=0x89b77c8, clist=0x89b7610, 
    o=0xbfdc4f5c) at kernel/qobject.cpp:2354
#15 0xb74350d0 in QObject::activate_signal (this=0x89b77c8, signal=2)
    at kernel/qobject.cpp:2325
#16 0xb5fde474 in khtml::Tokenizer::finishedParsing (this=0x89b77c8)
    at xml_tokenizer.moc:82
#17 0xb5feb14a in khtml::HTMLTokenizer::end (this=0x89b77c8)
    at htmltokenizer.cpp:1562
#18 0xb5fedcf8 in khtml::HTMLTokenizer::finish (this=0x89b77c8)
    at htmltokenizer.cpp:1611
#19 0xb5fbcffe in DOM::DocumentImpl::finishParsing (this=0x98272d8)
    at dom_docimpl.cpp:1315
#20 0xb5f6c69d in KHTMLPart::end (this=0x9843e80) at khtml_part.cpp:1999
#21 0xb5f818d9 in KHTMLPart::processObjectRequest (this=0x8c62d00, 
    child=0x8ee0778, _url=@0xbfdc5320, mimetype=@0xbfdc51b8)
    at khtml_part.cpp:4593
#22 0xb5f8e91a in KHTMLPart::requestObject (this=0x8c62d00, child=0x8ee0778, 
    url=@0xbfdc5320, _args=@0xbfdc5378) at khtml_part.cpp:4385
#23 0xb5f8f55f in KHTMLPart::requestFrame (this=0x8c62d00, frame=0x94d90a0, 
    url=@0xbfdc540c, frameName=@0xbfdc5418, params=@0xbfdc5414, isIFrame=true)
    at khtml_part.cpp:4305
#24 0xb6086297 in khtml::RenderPartObject::updateWidget (this=0x94d90a0)
    at render_frames.cpp:603
#25 0xb6000027 in DOM::HTMLIFrameElementImpl::attach (this=0x9671d48)
    at html_baseimpl.cpp:630
#26 0xb5fe75fb in khtml::KHTMLParser::insertNode (this=0x93bc968, n=0x9671d48, 
    flat=false) at htmlparser.cpp:337
#27 0xb5fea3c4 in khtml::KHTMLParser::parseToken (this=0x93bc968, t=0x98059b4)
    at htmlparser.cpp:289
#28 0xb5feb007 in khtml::HTMLTokenizer::processToken (this=0x9805980)
    at htmltokenizer.cpp:1671
#29 0xb5ff03bc in khtml::HTMLTokenizer::parseTag (this=0x9805980, 
    src=@0x9805ab0) at htmltokenizer.cpp:1171
#30 0xb5ff0aa6 in khtml::HTMLTokenizer::write (this=0x9805980, 
    str=@0xbfdc5a90, appendData=false) at htmltokenizer.cpp:1430
#31 0xb5fecb6e in khtml::HTMLTokenizer::notifyFinished (this=0x9805980)
    at htmltokenizer.cpp:1738
#32 0xb60c3a40 in khtml::CachedScript::checkNotify (this=0x97f97e8)
    at loader.cpp:335
#33 0xb60c3c75 in khtml::CachedScript::data (this=0x97f97e8, 
    buffer=@0x91f736c, eof=true) at loader.cpp:327
#34 0xb60c4de6 in khtml::Loader::slotFinished (this=0x8292368, job=0x8ee1b88)
    at loader.cpp:1133
#35 0xb60c4ffb in khtml::Loader::qt_invoke (this=0x8292368, _id=2, 
    _o=0xbfdc5c5c) at loader.moc:260
#36 0xb743463f in QObject::activate_signal (this=0x8ee1b88, clist=0x8f9f0b0, 
    o=0xbfdc5c5c) at kernel/qobject.cpp:2356
#37 0xb7d8e425 in KIO::Job::result (this=0x8ee1b88, t0=0x8ee1b88)
    at jobclasses.moc:162
#38 0xb7d8e4c9 in KIO::Job::emitResult (this=0x8ee1b88) at job.cpp:222
#39 0xb7d916fa in KIO::SimpleJob::slotFinished (this=0x8ee1b88) at job.cpp:570
#40 0xb7d9dee2 in KIO::TransferJob::slotFinished (this=0x8ee1b88)
    at job.cpp:938
#41 0xb7d8ffe4 in KIO::TransferJob::qt_invoke (this=0x8ee1b88, _id=17, 
    _o=0xbfdc5f6c) at jobclasses.moc:1071
#42 0xb743463f in QObject::activate_signal (this=0x88db190, clist=0x85e2158, 
    o=0xbfdc5f6c) at kernel/qobject.cpp:2356
#43 0xb74350d0 in QObject::activate_signal (this=0x88db190, signal=6)
    at kernel/qobject.cpp:2325
#44 0xb7d7d2f5 in KIO::SlaveInterface::finished (this=0x88db190)
    at slaveinterface.moc:226
#45 0xb7d7f132 in KIO::SlaveInterface::dispatch (this=0x88db190, _cmd=104, 
    rawdata=@0xbfdc616c) at slaveinterface.cpp:243
#46 0xb7d7ea44 in KIO::SlaveInterface::dispatch (this=0x88db190)
    at slaveinterface.cpp:173
#47 0xb7d7af50 in KIO::Slave::gotInput (this=0x88db190) at slave.cpp:300
#48 0xb7d7b41b in KIO::Slave::qt_invoke (this=0x88db190, _id=4, _o=0xbfdc6288)
    at slave.moc:113
#49 0xb743463f in QObject::activate_signal (this=0x9002190, clist=0x91462d0, 
    o=0xbfdc6288) at kernel/qobject.cpp:2356
#50 0xb7434f46 in QObject::activate_signal (this=0x9002190, signal=2, param=14)
    at kernel/qobject.cpp:2449
#51 0xb77bec1f in QSocketNotifier::activated (this=0x9002190, t0=14)
    at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#52 0xb7454862 in QSocketNotifier::event (this=0x9002190, e=0xbfdc6580)
    at kernel/qsocketnotifier.cpp:258
#53 0xb73cb538 in QApplication::internalNotify (this=0xbfdc6814, 
    receiver=0x9002190, e=0xbfdc6580) at kernel/qapplication.cpp:2635
#54 0xb73cb724 in QApplication::notify (this=0xbfdc6814, receiver=0x9002190, 
    e=0xbfdc6580) at kernel/qapplication.cpp:2358
#55 0xb7a4132c in KApplication::notify (this=0xbfdc6814, receiver=0x9002190, 
    event=0xbfdc6580) at kapplication.cpp:550
#56 0xb7f9760b in QApplication::sendEvent (receiver=0x9002190, 
    event=0xbfdc6580) at qapplication.h:496
#57 0xb73bd179 in QEventLoop::activateSocketNotifiers (this=0x8101c08)
    at kernel/qeventloop_unix.cpp:578
#58 0xb737142a in QEventLoop::processEvents (this=0x8101c08, flags=4)
    at kernel/qeventloop_x11.cpp:383
#59 0xb73e398d in QEventLoop::enterLoop (this=0x8101c08)
    at kernel/qeventloop.cpp:198
#60 0xb73e38b2 in QEventLoop::exec (this=0x8101c08)
    at kernel/qeventloop.cpp:145
#61 0xb73ca1cf in QApplication::exec (this=0xbfdc6814)
    at kernel/qapplication.cpp:2758
#62 0xb6607c2c in kdemain (argc=2, argv=0x806b060) at konq_main.cc:206
#63 0xb7064524 in kdeinitmain (argc=2, argv=0x806b060) at konqueror_dummy.cc:3
#64 0x0804f8bb in launch (argc=2, _name=0x806a2b4 "konqueror", 
    args=0x806a2c7 "\001", cwd=0x0, envc=1, envs=0x806a2d8 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x806a2dc "ulixys;1131997005;452235;11434_TIME35730846")
    at kinit.cpp:637
#65 0x08050237 in handle_launcher_request (sock=8) at kinit.cpp:1203
#66 0x0805093f in handle_requests (waitForPid=0) at kinit.cpp:1404
#67 0x080512e0 in main (argc=2, argv=0xbfdc7264, envp=0xbfdc7270)
    at kinit.cpp:1848
Comment 22 Tommi Tervo 2005-11-19 16:24:43 UTC 
*** Bug 116671 has been marked as a duplicate of this bug. ***
Comment 23 George Staikos 2005-11-19 18:10:54 UTC 
Well that's odd, I did a search before posting and it didn't find this bug.  Is our bugzilla search broken?

Anyhow, CNN also causes this crash on video links.
Comment 24 Maksim Orlovich 2005-12-04 16:02:10 UTC 
*** Bug 117653 has been marked as a duplicate of this bug. ***
Comment 25 Maksim Orlovich 2005-12-07 03:40:49 UTC 
SVN commit 486202 by orlovich:

Mark ourselves as updated as soon as we initiate the update, so we don't reenter processObjectRequest willy-nilly for 
no good reason whatsoever. Should fix #91004.
BUG:91004


 M  +2 -2      html_baseimpl.cpp  


--- branches/KDE/3.5/kdelibs/khtml/html/html_baseimpl.cpp #486201:486202
@@ -626,16 +626,16 @@
         if(w && (name.isEmpty() || w->part()->frameExists( name.string() )))
             name = DOMString(w->part()->requestFrameName());
 
+        needWidgetUpdate = false;
         static_cast<RenderPartObject*>(m_render)->updateWidget();
-        needWidgetUpdate = false;
     }
 }
 
 void HTMLIFrameElementImpl::recalcStyle( StyleChange ch )
 {
     if (needWidgetUpdate) {
+        needWidgetUpdate = false;
         if(m_render)  static_cast<RenderPartObject*>(m_render)->updateWidget();
-        needWidgetUpdate = false;
     }
     HTMLElementImpl::recalcStyle( ch );
 }