123433 – crash while surfing with konqueror (amazon.de)

Bug 123433 - crash while surfing with konqueror (amazon.de)

Summary: crash while surfing with konqueror (amazon.de)

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2006-03-11 15:44 UTC by Stephan Johach
Modified:	2006-03-12 15:35 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Valgrind trace (6.61 KB, text/plain) 2006-03-11 20:09 UTC, Stephan Johach	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Stephan Johach 2006-03-11 15:44:13 UTC

Version:            (using KDE Devel)
Installed from:    Compiled sources
Compiler:          gcc 3.3.3 
OS:                Linux

Since my last update from stable branch (svn branch from today) I experience crashes with konqueror. There was no problem with the previous svn version
(last update about one or two weeks ago).

It happened two or three times today while doing a book order on amazon.de.

Here's a backtrace. I am not sure if it always crashes at the same place,
as I only saved the last backtrace.

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 19092)]
[New Thread 32769 (LWP 19094)]
[KCrash handler]
#7  0x415c5e6d in malloc_consolidate () from /lib/libc.so.6
#8  0x415c5698 in _int_malloc () from /lib/libc.so.6
#9  0x415c4883 in malloc () from /lib/libc.so.6
#10 0x4150072e in operator new () from /usr/lib/./libstdc++.so.5
#11 0x41e9068f in DOM::DOMImplementationImpl::createHTMLDocument (
    this=0x8632ab0, v=0x8bb18d0) at dom_docimpl.cpp:208
#12 0x41e47317 in KHTMLPart::begin (this=0x8ca8118, url=@0x8d64080, xOffset=0, 
    yOffset=0) at khtml_part.cpp:1918
#13 0x41e45747 in KHTMLPart::slotData (this=0x8ca8118, kio_job=0x8dcf518, 
    data=@0xbfffcd80) at khtml_part.cpp:1579
#14 0x41e6310d in KHTMLPart::qt_invoke (this=0x8ca8118, _id=16, _o=0xbfffca80)
    at khtml_part.moc:501
#15 0x40d0035c in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#16 0x401f175c in KIO::TransferJob::data (this=0x8dcf518, t0=0x8dcf518, 
    t1=@0xbfffcd80) at jobclasses.moc:993
#17 0x401dd94e in KIO::TransferJob::slotData (this=0x8dcf518, 
    _data=@0xbfffcd80) at job.cpp:906
#18 0x401f1ddb in KIO::TransferJob::qt_invoke (this=0x8dcf518, _id=18, 
    _o=0xbfffcba0) at jobclasses.moc:1072
#19 0x40d0035c in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#20 0x401ccbbb in KIO::SlaveInterface::data (this=0x8bb01b0, t0=@0xbfffcd80)
    at slaveinterface.moc:194
#21 0x401cb360 in KIO::SlaveInterface::dispatch (this=0x8bb01b0, _cmd=100, 
    rawdata=@0xbfffcd80) at slaveinterface.cpp:234
#22 0x401cb01a in KIO::SlaveInterface::dispatch (this=0x8bb01b0)
    at slaveinterface.cpp:173
#23 0x401c8b3b in KIO::Slave::gotInput (this=0x8bb01b0) at slave.cpp:300
#24 0x401ca51f in KIO::Slave::qt_invoke (this=0x8bb01b0, _id=4, _o=0xbfffcea0)
    at slave.moc:113
#25 0x40d0035c in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#26 0x40d004bd in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#27 0x410317b2 in QSocketNotifier::activated ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#28 0x40d1c720 in QSocketNotifier::event ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#29 0x40ca44cf in QApplication::internalNotify ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#30 0x40ca3adb in QApplication::notify () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#31 0x4081a4e4 in KApplication::notify (this=0xbfffd7b0, receiver=0x8bafa78, 
    event=0xbfffd1c0) at kapplication.cpp:550
#32 0x40c9407a in QEventLoop::activateSocketNotifiers ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#33 0x40c4f2e1 in QEventLoop::processEvents ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#34 0x40cb66d8 in QEventLoop::enterLoop () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#35 0x40cb6588 in QEventLoop::exec () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#36 0x40ca4721 in QApplication::exec () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#37 0x417da30c in kdemain () from /opt/kde-3.5/lib/libkdeinit_konqueror.so
#38 0x409f58a6 in kdeinitmain () from /opt/kde-3.5/lib/kde3/konqueror.so
#39 0x0804e6a3 in launch (argc=2, _name=0x8083184 "konqueror", 
    args=0x8083197 "\001", cwd=0x0, envc=1, envs=0x80831a8 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x80831ac "leviathan;1142085674;624605;19024_TIME172694")
    at kinit.cpp:639
#40 0x0804f9c0 in handle_launcher_request (sock=8) at kinit.cpp:1203
#41 0x080500b3 in handle_requests (waitForPid=0) at kinit.cpp:1406
#42 0x08051653 in main (argc=2, argv=0xbfffde34, envp=0xbfffde40)
    at kinit.cpp:1850

Comment 1 Stephan Johach 2006-03-11 17:25:09 UTC

Ok, now konqueror crashed when trying to get to bugs.kde.org.

A new started konqueror does not crash, as you can see. This seems somehow random. The backtrace is different from the first.

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 16384 (LWP 19594)]
[New Thread 32769 (LWP 19595)]
[KCrash handler]
#7  0x41ea3549 in ~NodeBaseImpl (this=0x87e3910) at dom_nodeimpl.cpp:964
#8  0x41eaa56a in ~ElementImpl (this=0x87e3910) at dom_elementimpl.cpp:328
#9  0x41ed2f8f in ~HTMLElementImpl (this=0x87e3910) at html_elementimpl.cpp:66
#10 0x41ed6903 in ~HTMLFontElementImpl (this=0x87e3910) at dom_nodeimpl.h:39
#11 0x41ea354d in ~NodeBaseImpl (this=0x8784878) at dom_nodeimpl.cpp:964
#12 0x41eaa56a in ~ElementImpl (this=0x8784878) at dom_elementimpl.cpp:328
#13 0x41ed2f8f in ~HTMLElementImpl (this=0x8784878) at html_elementimpl.cpp:66
#14 0x41ed5529 in ~HTMLGenericElementImpl (this=0x8784878)
    at html_elementimpl.cpp:672
#15 0x41ed2b77 in ~HTMLDivElementImpl (this=0x8784878)
    at html_blockimpl.cpp:261
#16 0x41ea354d in ~NodeBaseImpl (this=0x86d3d28) at dom_nodeimpl.cpp:964
#17 0x41eaa56a in ~ElementImpl (this=0x86d3d28) at dom_elementimpl.cpp:328
#18 0x41ed2f8f in ~HTMLElementImpl (this=0x86d3d28) at html_elementimpl.cpp:66
#19 0x41efa4a7 in ~HTMLTablePartElementImpl (this=0x86d3d28)
    at html_tableimpl.h:241
#20 0x41ef9821 in ~HTMLTableCellElementImpl (this=0x86d3d28)
    at html_tableimpl.cpp:848
#21 0x41ea354d in ~NodeBaseImpl (this=0x86d3808) at dom_nodeimpl.cpp:964
#22 0x41eaa56a in ~ElementImpl (this=0x86d3808) at dom_elementimpl.cpp:328
#23 0x41ed2f8f in ~HTMLElementImpl (this=0x86d3808) at html_elementimpl.cpp:66
#24 0x41efa4a7 in ~HTMLTablePartElementImpl (this=0x86d3808)
    at html_tableimpl.h:241
#25 0x41efa537 in ~HTMLTableRowElementImpl (this=0x86d3808)
    at dom_nodeimpl.h:210
#26 0x41ea354d in ~NodeBaseImpl (this=0x86d3850) at dom_nodeimpl.cpp:964
#27 0x41eaa56a in ~ElementImpl (this=0x86d3850) at dom_elementimpl.cpp:328
#28 0x41ed2f8f in ~HTMLElementImpl (this=0x86d3850) at html_elementimpl.cpp:66
#29 0x41efa4a7 in ~HTMLTablePartElementImpl (this=0x86d3850)
    at html_tableimpl.h:241
#30 0x41ef8fa5 in ~HTMLTableSectionElementImpl (this=0x86d3850)
    at html_tableimpl.cpp:673
#31 0x41ea354d in ~NodeBaseImpl (this=0x85c1980) at dom_nodeimpl.cpp:964
#32 0x41eaa56a in ~ElementImpl (this=0x85c1980) at dom_elementimpl.cpp:328
#33 0x41ed2f8f in ~HTMLElementImpl (this=0x85c1980) at html_elementimpl.cpp:66
#34 0x41ef68f7 in ~HTMLTableElementImpl (this=0x85c1980)
    at html_tableimpl.cpp:71
#35 0x41ea354d in ~NodeBaseImpl (this=0x85c1b90) at dom_nodeimpl.cpp:964
#36 0x41eaa56a in ~ElementImpl (this=0x85c1b90) at dom_elementimpl.cpp:328
#37 0x41ed2f8f in ~HTMLElementImpl (this=0x85c1b90) at html_elementimpl.cpp:66
#38 0x41ed55b9 in ~HTMLGenericElementImpl (this=0x85c1b90)
    at html_elementimpl.cpp:672
#39 0x41ea354d in ~NodeBaseImpl (this=0x85cb978) at dom_nodeimpl.cpp:964
#40 0x41eaa56a in ~ElementImpl (this=0x85cb978) at dom_elementimpl.cpp:328
#41 0x41ed2f8f in ~HTMLElementImpl (this=0x85cb978) at html_elementimpl.cpp:66
#42 0x41ed55b9 in ~HTMLGenericElementImpl (this=0x85cb978)
    at html_elementimpl.cpp:672
#43 0x41ea354d in ~NodeBaseImpl (this=0x87a5bd8) at dom_nodeimpl.cpp:964
#44 0x41eaa56a in ~ElementImpl (this=0x87a5bd8) at dom_elementimpl.cpp:328
#45 0x41ed2f8f in ~HTMLElementImpl (this=0x87a5bd8) at html_elementimpl.cpp:66
#46 0x41efa4a7 in ~HTMLTablePartElementImpl (this=0x87a5bd8)
    at html_tableimpl.h:241
#47 0x41ef9821 in ~HTMLTableCellElementImpl (this=0x87a5bd8)
    at html_tableimpl.cpp:848
#48 0x41ea354d in ~NodeBaseImpl (this=0x85cb8b8) at dom_nodeimpl.cpp:964
#49 0x41eaa56a in ~ElementImpl (this=0x85cb8b8) at dom_elementimpl.cpp:328
#50 0x41ed2f8f in ~HTMLElementImpl (this=0x85cb8b8) at html_elementimpl.cpp:66
#51 0x41efa4a7 in ~HTMLTablePartElementImpl (this=0x85cb8b8)
    at html_tableimpl.h:241
#52 0x41efa537 in ~HTMLTableRowElementImpl (this=0x85cb8b8)
    at dom_nodeimpl.h:210
#53 0x41ea354d in ~NodeBaseImpl (this=0x85cb900) at dom_nodeimpl.cpp:964
#54 0x41eaa56a in ~ElementImpl (this=0x85cb900) at dom_elementimpl.cpp:328
#55 0x41ed2f8f in ~HTMLElementImpl (this=0x85cb900) at html_elementimpl.cpp:66
#56 0x41efa4a7 in ~HTMLTablePartElementImpl (this=0x85cb900)
    at html_tableimpl.h:241
#57 0x41ef8fa5 in ~HTMLTableSectionElementImpl (this=0x85cb900)
    at html_tableimpl.cpp:673
#58 0x41ea354d in ~NodeBaseImpl (this=0x85cbd90) at dom_nodeimpl.cpp:964
#59 0x41eaa56a in ~ElementImpl (this=0x85cbd90) at dom_elementimpl.cpp:328
#60 0x41ed2f8f in ~HTMLElementImpl (this=0x85cbd90) at html_elementimpl.cpp:66
#61 0x41ef68f7 in ~HTMLTableElementImpl (this=0x85cbd90)
    at html_tableimpl.cpp:71
#62 0x41ea354d in ~NodeBaseImpl (this=0x86c0180) at dom_nodeimpl.cpp:964
#63 0x41eaa56a in ~ElementImpl (this=0x86c0180) at dom_elementimpl.cpp:328
#64 0x41ed2f8f in ~HTMLElementImpl (this=0x86c0180) at html_elementimpl.cpp:66
#65 0x41ed5529 in ~HTMLGenericElementImpl (this=0x86c0180)
    at html_elementimpl.cpp:672
#66 0x41ed2b77 in ~HTMLDivElementImpl (this=0x86c0180)
    at html_blockimpl.cpp:261
#67 0x41ea354d in ~NodeBaseImpl (this=0x85fd328) at dom_nodeimpl.cpp:964
#68 0x41eaa56a in ~ElementImpl (this=0x85fd328) at dom_elementimpl.cpp:328
#69 0x41ed2f8f in ~HTMLElementImpl (this=0x85fd328) at html_elementimpl.cpp:66
#70 0x41eda0f5 in ~HTMLBodyElementImpl (this=0x85fd328) at html_baseimpl.cpp:60
#71 0x41ea354d in ~NodeBaseImpl (this=0x86662c0) at dom_nodeimpl.cpp:964
#72 0x41eaa56a in ~ElementImpl (this=0x86662c0) at dom_elementimpl.cpp:328
#73 0x41ed2f8f in ~HTMLElementImpl (this=0x86662c0) at html_elementimpl.cpp:66
#74 0x41edd5dd in ~HTMLHtmlElementImpl (this=0x86662c0) at dom_nodeimpl.h:131
#75 0x41ea354d in ~NodeBaseImpl (this=0x87881fc) at dom_nodeimpl.cpp:964
#76 0x41e91c77 in ~DocumentImpl (this=0x87881d0) at dom_docimpl.cpp:398
#77 0x41ed736d in ~HTMLDocumentImpl (this=0x87881d0)
    at html_documentimpl.cpp:91
#78 0x41e328ce in khtml::TreeShared<DOM::NodeImpl>::deref (this=0x8788200)
    at shared.h:38
#79 0x41e44c55 in KHTMLPart::clear (this=0x831d188) at khtml_part.cpp:1424
#80 0x41e46fcb in KHTMLPart::begin (this=0x831d188, url=@0x8329d88, xOffset=0, 
    yOffset=0) at khtml_part.cpp:1881
#81 0x41e45747 in KHTMLPart::slotData (this=0x831d188, kio_job=0x813f3f0, 
    data=@0xbfffcd80) at khtml_part.cpp:1579
#82 0x41e6310d in KHTMLPart::qt_invoke (this=0x831d188, _id=16, _o=0xbfffca80)
    at khtml_part.moc:501
#83 0x40d0035c in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#84 0x401f175c in KIO::TransferJob::data (this=0x813f3f0, t0=0x813f3f0, 
    t1=@0xbfffcd80) at jobclasses.moc:993
#85 0x401dd94e in KIO::TransferJob::slotData (this=0x813f3f0, 
    _data=@0xbfffcd80) at job.cpp:906
#86 0x401f1ddb in KIO::TransferJob::qt_invoke (this=0x813f3f0, _id=18, 
    _o=0xbfffcba0) at jobclasses.moc:1072
#87 0x40d0035c in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#88 0x401ccbbb in KIO::SlaveInterface::data (this=0x8174518, t0=@0xbfffcd80)
    at slaveinterface.moc:194
#89 0x401cb360 in KIO::SlaveInterface::dispatch (this=0x8174518, _cmd=100, 
    rawdata=@0xbfffcd80) at slaveinterface.cpp:234
#90 0x401cb01a in KIO::SlaveInterface::dispatch (this=0x8174518)
    at slaveinterface.cpp:173
#91 0x401c8b3b in KIO::Slave::gotInput (this=0x8174518) at slave.cpp:300
#92 0x401ca51f in KIO::Slave::qt_invoke (this=0x8174518, _id=4, _o=0xbfffcea0)
    at slave.moc:113
#93 0x40d0035c in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#94 0x40d004bd in QObject::activate_signal ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#95 0x410317b2 in QSocketNotifier::activated ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#96 0x40d1c720 in QSocketNotifier::event ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#97 0x40ca44cf in QApplication::internalNotify ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#98 0x40ca3adb in QApplication::notify () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#99 0x4081a4e4 in KApplication::notify (this=0xbfffd7b0, receiver=0x8176068, 
    event=0xbfffd1c0) at kapplication.cpp:550
#100 0x40c9407a in QEventLoop::activateSocketNotifiers ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#101 0x40c4f2e1 in QEventLoop::processEvents ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#102 0x40cb66d8 in QEventLoop::enterLoop ()
   from /opt/qt-3.3.3/lib/libqt-mt.so.3
#103 0x40cb6588 in QEventLoop::exec () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#104 0x40ca4721 in QApplication::exec () from /opt/qt-3.3.3/lib/libqt-mt.so.3
#105 0x417da30c in kdemain () from /opt/kde-3.5/lib/libkdeinit_konqueror.so
#106 0x409f58a6 in kdeinitmain () from /opt/kde-3.5/lib/kde3/konqueror.so
#107 0x0804e6a3 in launch (argc=2, _name=0x80836d4 "konqueror", 
    args=0x80836e7 "\001", cwd=0x0, envc=1, envs=0x80836f8 "", 
    reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x80836fc "leviathan;1142088625;808322;19024_TIME3123834")
    at kinit.cpp:639
#108 0x0804f9c0 in handle_launcher_request (sock=8) at kinit.cpp:1203
#109 0x080500b3 in handle_requests (waitForPid=0) at kinit.cpp:1406
#110 0x08051653 in main (argc=2, argv=0xbfffde34, envp=0xbfffde40)
    at kinit.cpp:1850

Comment 2 Maksim Orlovich 2006-03-11 17:38:39 UTC

Probably something, somewhere is corrupting memory :-(. Undebuggable unless you somehow manage to get a valgrind signature of the cause

Comment 3 Stephan Johach 2006-03-11 20:09:55 UTC

Created attachment 15063 [details]
Valgrind trace

I got this valgrind trace when starting konqueror, surfing to amazon.de. But
after a view clicks on my wishlist valgrind suddenly exits due to an assert
when I hit the "back" button.

But there are some traces which look like corrupted memory. I am not sure if I
somehow broke my kdelibs/kdebase build. So if this doesn't point to a real
problem I will do a complete rebuild of kdelibs/kdebase now.

Comment 4 Maksim Orlovich 2006-03-12 15:11:08 UTC

Yes, can see that, thanks for the report, will investigate

Comment 5 Maksim Orlovich 2006-03-12 15:35:38 UTC

SVN commit 517900 by orlovich:

Quick fix #123433. Ivor has a better fix than this code, but IMHO it's too 
intrusive this close to 3.5.2 release.
BUG:123433


 M  +1 -1      htmlparser.cpp  


--- branches/KDE/3.5/kdelibs/khtml/html/htmlparser.cpp #517899:517900
@@ -1393,7 +1393,7 @@
         // Re-register form elements with currently active form, step 1 will have removed them
         if (form)
         {
-            HTMLGenericFormElementImpl *e = static_cast<HTMLGenericFormElementImpl *>(currNode);
+            HTMLGenericFormElementImpl *e = dynamic_cast<HTMLGenericFormElementImpl *>(currNode);
             if (e)
                 form->registerFormElement(e);
         }