Bug 159915 - nspluginviewer crash [Testcase attached]
Summary: nspluginviewer crash [Testcase attached]
Status: RESOLVED DUPLICATE of bug 159116
Alias: None
Product: konqueror
Classification: Applications
Component: nspluginviewer (other bugs)
Version First Reported In: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-03-26 21:00 UTC by Oliver Putz
Modified: 2008-06-13 19:24 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Putz 2008-03-26 21:00:51 UTC 
Version:            (using Devel)
Installed from:    Compiled sources
Compiler:          gcc version 4.1.2 20070214 
OS:                Linux

Steps to reproduce:

1) Create a *.html file from the code given below
2) Open that *.html file in konqueror
3) Refresh the page (perhaps you need to do so multiple times)
4) See konqueror crash

I could narrow down the problematic code to the following:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<head>
</head>
<body>

<img src="http://ad.zanox.com/ppv/?6845681C651289823" align="bottom" width="1" height="1" border="0" hspace="1"><script type="text/javascript" src="http://www.zanox-affiliate.de/ppv/images/programs/3631/pagepeel/pagepeel_v2.js"></script>
<script type="text/javascript">	
writePeel("http://ad.zanox.com/ppc/?6845681C651289823&ULP=");
</script>

</body>
</html>

The problem is: If I run konqueror from within GDB or valgrind, the nspluginviewer does not crash. However, on the other hand, the backtrace seems to be of little use eiter, so I hope some developers can reproduce this crash with the testcase above. The (useless?) Backtrace is:

Application: nspluginviewer (nspluginviewer), signal SIGSEGV
Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0xb5fe46d0 (LWP 16606)]
[New Thread 0xb1c1db90 (LWP 16612)]
[New Thread 0xb24afb90 (LWP 16611)]
[New Thread 0xb2cb0b90 (LWP 16610)]
[KCrash handler]
#6  0xb75705eb in XtRemoveTimeOut () from /usr/lib/libXt.so.6
#7  0xb4364db1 in ?? () from /opt/netscape/plugins/libflashplayer.so
#8  0xb435a338 in ?? () from /opt/netscape/plugins/libflashplayer.so
#9  0xb4353181 in ?? () from /opt/netscape/plugins/libflashplayer.so
#10 0xb4357937 in ?? () from /opt/netscape/plugins/libflashplayer.so
#11 0x081281b8 in ?? ()
#12 0xbf843d6c in ?? ()
#13 0xbf843d18 in ?? ()
#14 0xbf843d78 in ?? ()
#15 0xbf843d5c in ?? ()
#16 0xbf843d78 in ?? ()
#17 0xbf843d88 in ?? ()
#18 0x080550ac in NSPluginInstance::destroy (this=0x81281b8)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase-9999.4/apps/nsplugins/viewer/nsplugin.cpp:690
Backtrace stopped: frame did not save the PC
#0  0xffffe410 in __kernel_vsyscall ()
Comment 1 A. Spehr 2008-05-03 05:18:34 UTC 
What version flash are you running? 32bit or 64bit? And what version KDE? 
I suspect this is a duplicate of Bug #132138 maybe, and most likely of Bug #159116 and #158012.
Comment 2 Lubos Lunak 2008-06-13 19:24:58 UTC 

*** This bug has been marked as a duplicate of 159116 ***