Bug 121528 - Crash with dump (starts at date_object.cpp/fillStructuresUsingTimeArgs)
Summary: Crash with dump (starts at date_object.cpp/fillStructuresUsingTimeArgs)
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: kjs (show other bugs)
Version: 3.5
Platform: Gentoo Packages Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 121724 121934 122913 133163 133493 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-02-07 09:49 UTC by Avuton Olrich
Modified: 2007-12-11 20:16 UTC (History)
6 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments
Stacktrace for konqueror crash visiting cbsnews.com (4.49 KB, text/plain)
2006-03-01 15:52 UTC, Eloi Crespillo
Details
Possible Patch (537 bytes, patch)
2006-05-29 18:33 UTC, George Staikos
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Avuton Olrich 2006-02-07 09:49:32 UTC
Version:            (using KDE KDE 3.5.1)
Installed from:    Gentoo Packages
Compiler:          GCC-4.0.2 
OS:                Linux

Hello, this may be a duplicate, though I tried for a while to find it and couldn't.

Here's the dump:
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 46912599836176 (LWP 6206)]
[KCrash handler]
#5  fillStructuresUsingTimeArgs (exec=0x7fffffa7b280, args=@0x7fffffa7ae50, 
    maxArgs=4, ms=0x7fffffa7aa80, t=0x0) at date_object.cpp:221
#6  0x00002aaaac13f00f in KJS::DateProtoFuncImp::call (this=0x12327f0, 
    exec=0x7fffffa7b280, thisObj=@0x7fffffa7ae70, args=@0x7fffffa7ae50)
    at date_object.cpp:548
#7  0x00002aaaac1739e7 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fffffa7b280, thisObj=@0x7fffffa7aa80, args=@0x0) at object.cpp:70
#8  0x00002aaaac143e34 in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fffffa7b280) at nodes.cpp:870
#9  0x00002aaaac147ed3 in KJS::ExprStatementNode::execute (this=0x126be80, 
    exec=0x7fffffa7b280) at nodes.cpp:1980
#10 0x00002aaaac14cc56 in KJS::SourceElementsNode::execute (this=0x0, 
    exec=0x7fffffa7b280) at nodes.cpp:3097
#11 0x00002aaaac147cee in KJS::BlockNode::execute (this=0x1234b50, 
    exec=0x7fffffa7b280) at nodes.cpp:1942
#12 0x00002aaaac1634d6 in KJS::InterpreterImp::evaluate (this=0x110ce40, 
    code=<value optimized out>, thisV=@0x7fffffa7b450) at internal.cpp:904
#13 0x00002aaaac17423d in KJS::Interpreter::evaluate (
    this=<value optimized out>, code=@0x0, thisV=@0x7fffffa7aa80)
    at interpreter.cpp:166
#14 0x00002aaaabe9b9fe in KJS::KJSProxyImpl::evaluate (this=0xf18620, 
    filename=<value optimized out>, baseLine=<value optimized out>, 
    str=@0x7fffffa7b850, n=@0x7fffffa7b6c0, completion=0x7fffffa7b540)
    at kjs_proxy.cpp:154
#15 0x00002aaaabd4959e in KHTMLPart::executeScript (this=0x95e480, 
    filename=@0x7fffffa7b6d0, baseLine=87, n=@0x7fffffa7b6c0, 
    script=@0x7fffffa7b850) at khtml_part.cpp:1155
#16 0x00002aaaabd9fcb4 in khtml::HTMLTokenizer::scriptExecution (
    this=0x11d4e80, str=@0x7fffffa7b850, scriptURL=<value optimized out>, 
    baseLine=86) at htmltokenizer.cpp:441
#17 0x00002aaaabda222d in khtml::HTMLTokenizer::scriptHandler (this=0x11d4e80)
    at htmltokenizer.cpp:413
#18 0x00002aaaabda2c26 in khtml::HTMLTokenizer::parseSpecial (this=0x11d4e80, 
    src=@0x11d5048) at htmltokenizer.cpp:333
#19 0x00002aaaabda3d63 in khtml::HTMLTokenizer::parseTag (this=0x11d4e80, 
    src=@0x11d5048) at htmltokenizer.cpp:1186
#20 0x00002aaaabda4a42 in khtml::HTMLTokenizer::write (this=0x11d4e80, 
    str=<value optimized out>, appendData=<value optimized out>)
    at htmltokenizer.cpp:1425
#21 0x00002aaaabda17fd in khtml::HTMLTokenizer::notifyFinished (this=0x11d4e80)
    at htmltokenizer.cpp:1733
#22 0x00002aaaabe51fa4 in khtml::CachedScript::checkNotify (this=0x1395470)
    at loader.cpp:335
#23 0x00002aaaabe52198 in khtml::CachedScript::data (this=0x1395470, 
    buffer=<value optimized out>, eof=<value optimized out>) at loader.cpp:327
#24 0x00002aaaabe5313d in khtml::Loader::slotFinished (this=0x783470, 
    job=0x1400a70) at loader.cpp:1131
#25 0x00002aaaabe5328e in khtml::Loader::qt_invoke (this=0x783470, _id=2, 
    _o=0x7fffffa7c330) at loader.moc:260
#26 0x00002aaaae621f88 in QObject::activate_signal (this=0x1400a70, 
    clist=0x901070, o=0x7fffffa7c330) at qobject.cpp:2356
#27 0x00002aaaacbcb40a in KIO::Job::result (this=0x1400a70, t0=0x1400a70)
    at jobclasses.moc:162
#28 0x00002aaaacbcb47b in KIO::Job::emitResult (this=0x1400a70) at job.cpp:222
#29 0x00002aaaacbcdcee in KIO::SimpleJob::slotFinished (this=0x1400a70)
    at job.cpp:570
#30 0x00002aaaacbd915f in KIO::TransferJob::slotFinished (this=0x1400a70)
    at job.cpp:940
#31 0x00002aaaacbce712 in KIO::TransferJob::qt_invoke (this=0x1400a70, _id=17, 
    _o=0x7fffffa7c880) at jobclasses.moc:1071
#32 0x00002aaaae621f88 in QObject::activate_signal (this=0x133e5b0, 
    clist=0xb55240, o=0x7fffffa7c880) at qobject.cpp:2356
#33 0x00002aaaae621deb in QObject::activate_signal (this=0x133e5b0, signal=6)
    at qobject.cpp:2325
#34 0x00002aaaacbbdfc5 in KIO::SlaveInterface::dispatch (this=0x133e5b0, 
    _cmd=104, rawdata=@0x7fffffa7cb80) at slaveinterface.cpp:243
#35 0x00002aaaacbbd5c0 in KIO::SlaveInterface::dispatch (this=0x133e5b0)
    at slaveinterface.cpp:173
#36 0x00002aaaacbb9ded in KIO::Slave::gotInput (this=0x133e5b0)
    at slave.cpp:300
#37 0x00002aaaacbba27b in KIO::Slave::qt_invoke (this=0x133e5b0, _id=4, 
    _o=0x7fffffa7cd20) at slave.moc:113
#38 0x00002aaaae621f88 in QObject::activate_signal (this=0x11fd6d0, 
    clist=0x123b660, o=0x7fffffa7cd20) at qobject.cpp:2356
#39 0x00002aaaae622319 in QObject::activate_signal (this=0x11fd6d0, signal=2, 
    param=222) at qobject.cpp:2449
#40 0x00002aaaae9d4866 in QSocketNotifier::activated (this=0x11fd6d0, t0=222)
    at moc_qsocketnotifier.cpp:85
#41 0x00002aaaae645ce5 in QSocketNotifier::event (this=0x11fd6d0, 
    e=0x7fffffa7d160) at qsocketnotifier.cpp:258
#42 0x00002aaaae5b57fb in QApplication::internalNotify (this=0x7fffffa7d460, 
    receiver=0x11fd6d0, e=0x7fffffa7d160) at qapplication.cpp:2635
#43 0x00002aaaae5b4b49 in QApplication::notify (this=0x7fffffa7d460, 
    receiver=0x11fd6d0, e=0x7fffffa7d160) at qapplication.cpp:2358
#44 0x00002aaaad85b08a in KApplication::notify (this=0x7fffffa7d460, 
    receiver=0x11fd6d0, event=0x7fffffa7d160) at kapplication.cpp:550
#45 0x00002aaaabd2e1e0 in QApplication::sendEvent (receiver=0x7fffffa7aa80, 
    event=0x0) at qapplication.h:496
#46 0x00002aaaae5a1c54 in QEventLoop::activateSocketNotifiers (this=0x5d2210)
    at qeventloop_unix.cpp:578
#47 0x00002aaaae552959 in QEventLoop::processEvents (this=0x5d2210, flags=4)
    at qeventloop_x11.cpp:383
#48 0x00002aaaae5cc868 in QEventLoop::enterLoop (this=0x5d2210)
    at qeventloop.cpp:198
#49 0x00002aaaae5cc765 in QEventLoop::exec (this=0x5d2210)
    at qeventloop.cpp:145
#50 0x00002aaaae5b5948 in QApplication::exec (this=0x7fffffa7d460)
    at qapplication.cpp:2758
#51 0x000000000040bd79 in main (argc=<value optimized out>, argv=0x64e450)
    at main.cpp:110
Comment 1 Frank Osterfeld 2006-02-07 10:05:09 UTC
Looks like a KHTML bug to me. Can you provide details when this crash happened (opening the tab, browsing, closing the tab), or even which page made it crash?
Comment 2 Avuton Olrich 2006-02-07 10:21:22 UTC
I believe I was loading a cnn.com page that had been sent in, this one if my memory serves me correct: http://www.cnn.com/rssclick/2006/WORLD/asiapcf/02/06/cartoon.protests/index.html?section=cnn_topstories
Comment 3 Tommi Tervo 2006-02-07 11:28:35 UTC
Cannot reproduce
Comment 4 Avuton Olrich 2006-02-07 12:16:58 UTC
Yes, I guess I should have mentioned that it is non-reproducable.
Comment 5 Tommi Tervo 2006-02-07 12:38:09 UTC
Reopen if you found a working test case.
Comment 6 George Staikos 2006-02-07 12:45:14 UTC
The bug is obvious.  gmtime and/or localtime returns null.
Comment 7 George Staikos 2006-02-07 13:08:16 UTC
Not sure what to do to solve this yet.
Comment 8 Avuton Olrich 2006-02-08 21:31:07 UTC
Absolute, positively reproduces everytime I 'Feeling Lucky' search (from the Location bar) for '60 Minutes'

I'm not 100% sure this is the same bug, but here's another dump for it:
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 46912569752880 (LWP 6306)]
[KCrash handler]
#5  fillStructuresUsingTimeArgs (exec=0x7fffffbf41e0, args=@0x7fffffbf3db0, 
    maxArgs=4, ms=0x7fffffbf39e0, t=0x0) at date_object.cpp:221
#6  0x00002aaab05b900f in KJS::DateProtoFuncImp::call (this=0x387f770, 
    exec=0x7fffffbf41e0, thisObj=@0x7fffffbf3dd0, args=@0x7fffffbf3db0)
    at date_object.cpp:548
#7  0x00002aaab05ed9e7 in KJS::Object::call (this=<value optimized out>, 
    exec=0x7fffffbf41e0, thisObj=@0x7fffffbf39e0, args=@0x0) at object.cpp:70
#8  0x00002aaab05bde34 in KJS::FunctionCallNode::evaluate (
    this=<value optimized out>, exec=0x7fffffbf41e0) at nodes.cpp:870
#9  0x00002aaab05c1ed3 in KJS::ExprStatementNode::execute (this=0x3be6560, 
    exec=0x7fffffbf41e0) at nodes.cpp:1980
#10 0x00002aaab05c6c56 in KJS::SourceElementsNode::execute (this=0x0, 
    exec=0x7fffffbf41e0) at nodes.cpp:3097
#11 0x00002aaab05c1cee in KJS::BlockNode::execute (this=0x3be6370, 
    exec=0x7fffffbf41e0) at nodes.cpp:1942
#12 0x00002aaab05dd4d6 in KJS::InterpreterImp::evaluate (this=0x11278e0, 
    code=<value optimized out>, thisV=@0x7fffffbf43b0) at internal.cpp:904
#13 0x00002aaab05ee23d in KJS::Interpreter::evaluate (
    this=<value optimized out>, code=@0x0, thisV=@0x7fffffbf39e0)
    at interpreter.cpp:166
#14 0x00002aaab03169fe in KJS::KJSProxyImpl::evaluate (this=0x1c571f0, 
    filename=<value optimized out>, baseLine=<value optimized out>, 
    str=@0x7fffffbf47b0, n=@0x7fffffbf4620, completion=0x7fffffbf44a0)
    at kjs_proxy.cpp:154
#15 0x00002aaab01c459e in KHTMLPart::executeScript (this=0x3d25730, 
    filename=@0x7fffffbf4630, baseLine=101, n=@0x7fffffbf4620, 
    script=@0x7fffffbf47b0) at khtml_part.cpp:1155
#16 0x00002aaab021acb4 in khtml::HTMLTokenizer::scriptExecution (
    this=0x48f1980, str=@0x7fffffbf47b0, scriptURL=<value optimized out>, 
    baseLine=100) at htmltokenizer.cpp:441
#17 0x00002aaab021d22d in khtml::HTMLTokenizer::scriptHandler (this=0x48f1980)
    at htmltokenizer.cpp:413
#18 0x00002aaab021dc26 in khtml::HTMLTokenizer::parseSpecial (this=0x48f1980, 
    src=@0x48f1b48) at htmltokenizer.cpp:333
#19 0x00002aaab021ed63 in khtml::HTMLTokenizer::parseTag (this=0x48f1980, 
    src=@0x48f1b48) at htmltokenizer.cpp:1186
#20 0x00002aaab021fa42 in khtml::HTMLTokenizer::write (this=0x48f1980, 
    str=<value optimized out>, appendData=<value optimized out>)
    at htmltokenizer.cpp:1425
#21 0x00002aaab021c7fd in khtml::HTMLTokenizer::notifyFinished (this=0x48f1980)
    at htmltokenizer.cpp:1733
#22 0x00002aaab02ccfa4 in khtml::CachedScript::checkNotify (this=0x3d0b800)
    at loader.cpp:335
#23 0x00002aaab02cd198 in khtml::CachedScript::data (this=0x3d0b800, 
    buffer=<value optimized out>, eof=<value optimized out>) at loader.cpp:327
#24 0x00002aaab02ce13d in khtml::Loader::slotFinished (this=0x9f1510, 
    job=0x3128100) at loader.cpp:1131
#25 0x00002aaab02ce28e in khtml::Loader::qt_invoke (this=0x9f1510, _id=2, 
    _o=0x7fffffbf5290) at loader.moc:260
#26 0x00002aaaac86af88 in QObject::activate_signal (this=0x3128100, 
    clist=0x3a81710, o=0x7fffffbf5290) at qobject.cpp:2356
#27 0x00002aaaaaf1d40a in KIO::Job::result (this=0x3128100, t0=0x3128100)
    at jobclasses.moc:162
#28 0x00002aaaaaf1d47b in KIO::Job::emitResult (this=0x3128100) at job.cpp:222
#29 0x00002aaaaaf1fcee in KIO::SimpleJob::slotFinished (this=0x3128100)
    at job.cpp:570
#30 0x00002aaaaaf2b15f in KIO::TransferJob::slotFinished (this=0x3128100)
    at job.cpp:940
#31 0x00002aaaaaf20712 in KIO::TransferJob::qt_invoke (this=0x3128100, _id=17, 
    _o=0x7fffffbf57e0) at jobclasses.moc:1071
#32 0x00002aaaac86af88 in QObject::activate_signal (this=0x1678060, 
    clist=0x26cbd80, o=0x7fffffbf57e0) at qobject.cpp:2356
#33 0x00002aaaac86adeb in QObject::activate_signal (this=0x1678060, signal=6)
    at qobject.cpp:2325
#34 0x00002aaaaaf0ffc5 in KIO::SlaveInterface::dispatch (this=0x1678060, 
    _cmd=104, rawdata=@0x7fffffbf5ae0) at slaveinterface.cpp:243
#35 0x00002aaaaaf0f5c0 in KIO::SlaveInterface::dispatch (this=0x1678060)
    at slaveinterface.cpp:173
#36 0x00002aaaaaf0bded in KIO::Slave::gotInput (this=0x1678060)
    at slave.cpp:300
#37 0x00002aaaaaf0c27b in KIO::Slave::qt_invoke (this=0x1678060, _id=4, 
    _o=0x7fffffbf5c80) at slave.moc:113
#38 0x00002aaaac86af88 in QObject::activate_signal (this=0x15ecee0, 
    clist=0x3ec4960, o=0x7fffffbf5c80) at qobject.cpp:2356
#39 0x00002aaaac86b319 in QObject::activate_signal (this=0x15ecee0, signal=2, 
    param=20) at qobject.cpp:2449
#40 0x00002aaaacc1d866 in QSocketNotifier::activated (this=0x15ecee0, t0=20)
    at moc_qsocketnotifier.cpp:85
#41 0x00002aaaac88ece5 in QSocketNotifier::event (this=0x15ecee0, 
    e=0x7fffffbf60c0) at qsocketnotifier.cpp:258
#42 0x00002aaaac7fe7fb in QApplication::internalNotify (this=0x7fffffbf6480, 
    receiver=0x15ecee0, e=0x7fffffbf60c0) at qapplication.cpp:2635
#43 0x00002aaaac7fdb49 in QApplication::notify (this=0x7fffffbf6480, 
    receiver=0x15ecee0, e=0x7fffffbf60c0) at qapplication.cpp:2358
#44 0x00002aaaabaa508a in KApplication::notify (this=0x7fffffbf6480, 
    receiver=0x15ecee0, event=0x7fffffbf60c0) at kapplication.cpp:550
#45 0x00002aaaaac06830 in QApplication::sendEvent (receiver=0x7fffffbf39e0, 
    event=0x0) at qapplication.h:496
#46 0x00002aaaac7eac54 in QEventLoop::activateSocketNotifiers (this=0x608c20)
    at qeventloop_unix.cpp:578
#47 0x00002aaaac79b959 in QEventLoop::processEvents (this=0x608c20, flags=4)
    at qeventloop_x11.cpp:383
#48 0x00002aaaac815868 in QEventLoop::enterLoop (this=0x608c20)
    at qeventloop.cpp:198
#49 0x00002aaaac815765 in QEventLoop::exec (this=0x608c20)
    at qeventloop.cpp:145
#50 0x00002aaaac7fe948 in QApplication::exec (this=0x7fffffbf6480)
    at qapplication.cpp:2758
#51 0x00002aaaaf42d500 in kdemain (argc=<value optimized out>, 
    argv=<value optimized out>) at konq_main.cc:206
#52 0x0000000000408781 in launch (argc=3, _name=0x5ce768 "konqueror", 
    args=0x5ce7b3 "", cwd=0x0, envc=0, envs=0x5ce7bb "", reset_env=false, 
    tty=0x0, avoid_loops=false, startup_id_str=0x40b4d7 "0") at kinit.cpp:637
#53 0x0000000000408eb9 in handle_launcher_request (sock=8) at kinit.cpp:1203
#54 0x0000000000409501 in handle_requests (waitForPid=0) at kinit.cpp:1404
#55 0x0000000000409b8e in main (argc=2, argv=<value optimized out>, 
    envp=0x7fffffbf7580) at kinit.cpp:1848
Comment 9 George Staikos 2006-02-14 02:00:53 UTC
*** Bug 121934 has been marked as a duplicate of this bug. ***
Comment 10 Maksim Orlovich 2006-02-14 02:02:42 UTC
*** Bug 121934 has been marked as a duplicate of this bug. ***
Comment 11 Maksim Orlovich 2006-02-14 14:49:50 UTC
*** Bug 121724 has been marked as a duplicate of this bug. ***
Comment 12 Eloi Crespillo 2006-03-01 15:52:11 UTC
Created attachment 14917 [details]
Stacktrace for konqueror crash visiting cbsnews.com

At my office Konqueror also crashes when visiting cbsnews.com.
Stacktrace appended, just in case is useful to detect the source of this bug.
System: two computers with debian-sid x64 (one dist-upgraded 1-3-2006).
Konqueror 3.5.0-4 / 3.5.1-1
Comment 13 George Staikos 2006-03-01 16:06:37 UTC
  There is only one thing we need to know: Why does this function return null?  
And why only on x86-64?  It sounds like an OS-level bug.
Comment 14 Tommi Tervo 2006-03-01 19:59:06 UTC
*** Bug 122913 has been marked as a duplicate of this bug. ***
Comment 15 Daniel Richard G. 2006-04-30 10:12:28 UTC
I get this crash reliably with

    http://www.cbsnews.com/stories/2006/04/30/world/main1561624.shtml

(Konqueror 3.5.2 on x86-64)
Comment 16 George Staikos 2006-05-29 18:33:54 UTC
Created attachment 16333 [details]
Possible Patch

Does this patch help?  This bug is specific to 64-bit and a similar patch fixed
the same bug in another application for me.
Comment 17 Maksim Orlovich 2006-08-30 14:40:42 UTC
*** Bug 133163 has been marked as a duplicate of this bug. ***
Comment 18 Andreas Kling 2006-09-03 19:11:04 UTC
SVN commit 580498 by kling:

If an attempt is made to modify an invalid date object, simply return NaN.

BUG: 121528


 M  +8 -0      date_object.cpp  


--- branches/KDE/3.5/kdelibs/kjs/date_object.cpp #580497:580498
@@ -417,6 +417,14 @@
     case GetSeconds:
     case GetMilliSeconds:
     case GetTimezoneOffset:
+    case SetTime:
+    case SetMilliSeconds:
+    case SetSeconds:
+    case SetMinutes:
+    case SetHours:
+    case SetDate:
+    case SetMonth:
+    case SetFullYear:
       return Number(NaN);
     }
   }
Comment 19 Andreas Kling 2006-09-03 19:44:31 UTC
*** Bug 133493 has been marked as a duplicate of this bug. ***