177309 – [testcase] opening certain svg from a html page crashes konqueror

Bug 177309 - [testcase] opening certain svg from a html page crashes konqueror

Summary: [testcase] opening certain svg from a html page crashes konqueror

Status:	CLOSED DUPLICATE of bug 185555

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-12-09 15:43 UTC by David Palacio
Modified:	2009-12-09 19:58 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description David Palacio 2008-12-09 15:43:42 UTC

Version:           unknown (using 4.1.82 (KDE 4.1.82 (KDE 4.2 >= 20081204)), compiled sources)
Compiler:          gcc
OS:                Linux (x86_64) release 2.6.26-1-amd64

Testcase:
1. Open http://techbase.kde.org/Image:Kopete.svg in Konqueror
2. Click on the Kopete logo or the 27 October 2008 revision.
3. Crash with the following backtrace:

Application: Konqueror (konqueror), signal SIGABRT
0x00007fcd4ccb8ff1 in nanosleep () from /lib/libc.so.6

Thread 1 (Thread 0x7fcd522db6f0 (LWP 5838)):
[KCrash Handler]
#5  0x00007fcd4cc4ced5 in raise () from /lib/libc.so.6
#6  0x00007fcd4cc4e3f3 in abort () from /lib/libc.so.6
#7  0x00007fcd4cc45dc9 in __assert_fail () from /lib/libc.so.6
#8  0x00007fcd426fc422 in WebCore::SVGUseElement::buildShadowTree (this=0x229c720, target=0x1f64f60, targetInstance=0x26b2c20) at /home/kde/src/KDE/kdelibs/khtml/svg/SVGUseElement.cpp:551
#9  0x00007fcd426fd47c in WebCore::SVGUseElement::buildPendingResource (this=0x229c720) at /home/kde/src/KDE/kdelibs/khtml/svg/SVGUseElement.cpp:330
#10 0x00007fcd426fb993 in WebCore::SVGUseElement::insertedIntoDocument (this=0x229c720) at /home/kde/src/KDE/kdelibs/khtml/svg/SVGUseElement.cpp:119
#11 0x00007fcd4236654f in DOM::NodeBaseImpl::addChild (this=0x2172cd0, newChild=0x229c720) at /home/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:1708
#12 0x00007fcd4238fe19 in khtml::XMLHandler::startElement (this=0x2311468, namespaceURI=@0x7fff5a414f00, qName=@0x1d228f0, atts=@0x21dedd8)
    at /home/kde/src/KDE/kdelibs/khtml/xml/xml_tokenizer.cpp:210
#13 0x00007fcd509ea542 in QXmlSimpleReaderPrivate::processElementEmptyTag (this=0x21ded50) at sax/qxml.cpp:3980
#14 0x00007fcd509f2689 in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3948
#15 0x00007fcd509f1b10 in QXmlSimpleReaderPrivate::parseContent (this=0x21ded50) at sax/qxml.cpp:4401
#16 0x00007fcd509f2600 in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3927
#17 0x00007fcd509f1b10 in QXmlSimpleReaderPrivate::parseContent (this=0x21ded50) at sax/qxml.cpp:4401
#18 0x00007fcd509f2600 in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3927
#19 0x00007fcd509f1b10 in QXmlSimpleReaderPrivate::parseContent (this=0x21ded50) at sax/qxml.cpp:4401
#20 0x00007fcd509f246a in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3840
#21 0x00007fcd509f17bf in QXmlSimpleReaderPrivate::parseContent (this=0x21ded50) at sax/qxml.cpp:4205
#22 0x00007fcd509f246a in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3840
#23 0x00007fcd509f17bf in QXmlSimpleReaderPrivate::parseContent (this=0x21ded50) at sax/qxml.cpp:4205
#24 0x00007fcd509f246a in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3840
#25 0x00007fcd509f17bf in QXmlSimpleReaderPrivate::parseContent (this=0x21ded50) at sax/qxml.cpp:4205
#26 0x00007fcd509f246a in QXmlSimpleReaderPrivate::parseElement (this=0x21ded50) at sax/qxml.cpp:3840
#27 0x00007fcd509f52c8 in QXmlSimpleReaderPrivate::parseBeginOrContinue (this=0x21ded50, state=<value optimized out>, incremental=true) at sax/qxml.cpp:3472
#28 0x00007fcd4238df65 in khtml::XMLTokenizer::write (this=0x2311430, str=@0x7fff5a416700, appendData=true) at /home/kde/src/KDE/kdelibs/khtml/xml/xml_tokenizer.cpp:458
#29 0x00007fcd422e17e1 in KHTMLPart::write (this=0x1e65d80, 
    data=0x20e02d8 "43,122.49809 105.30704,117.31933 109.68951,111.36973 C 118.86965,109.43607 127.72831,106.2784 135.89933,101.95499 C 162.92796,87.661665 182.81921,59.056073 178.23779,28.29242 z \" /><path\n         tran"..., len=1448) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:2060
#30 0x00007fcd422e5664 in KHTMLPart::slotData (this=0x1e65d80, kio_job=0x24fdaf0, data=@0x7fff5a417130) at /home/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1745
#31 0x00007fcd422ef40f in KHTMLPart::qt_metacall (this=0x1e65d80, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0x7fff5a416cf0) at /home/kde/build/KDE/kdelibs/khtml/khtml_part.moc:264
#32 0x00007fcd4f7566d4 in QMetaObject::activate (sender=0x24fdaf0, from_signal_index=<value optimized out>, to_signal_index=40, argv=0xffffffffffffffff) at kernel/qobject.cpp:3031
#33 0x00007fcd50ffb719 in KIO::TransferJob::data (this=0x24fdaf0, _t1=0x24fdaf0, _t2=@0x7fff5a417130) at /home/kde/build/KDE/kdelibs/kio/jobclasses.moc:356
#34 0x00007fcd50ffbffa in KIO::TransferJob::slotData (this=0x24fdaf0, _data=@0x7fff5a417130) at /home/kde/src/KDE/kdelibs/kio/kio/job.cpp:917
#35 0x00007fcd51005fb9 in KIO::TransferJob::qt_metacall (this=0x24fdaf0, _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0x7fff5a416e80) at /home/kde/build/KDE/kdelibs/kio/jobclasses.moc:337
#36 0x00007fcd4f7566d4 in QMetaObject::activate (sender=0x1f13ba0, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xffffffffffffffff) at kernel/qobject.cpp:3031
#37 0x00007fcd510a5c9d in KIO::SlaveInterface::data (this=0x1f13ba0, _t1=@0x7fff5a417130) at /home/kde/build/KDE/kdelibs/kio/slaveinterface.moc:138
#38 0x00007fcd510a7628 in KIO::SlaveInterface::dispatch (this=0x1f13ba0, _cmd=100, rawdata=@0x7fff5a417130) at /home/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:163
#39 0x00007fcd510a7551 in KIO::SlaveInterface::dispatch (this=0x1f13ba0) at /home/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:91
#40 0x00007fcd5109b133 in KIO::Slave::gotInput (this=0x1f13ba0) at /home/kde/src/KDE/kdelibs/kio/kio/slave.cpp:322
#41 0x00007fcd5109c351 in KIO::Slave::qt_metacall (this=0x1f13ba0, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0x7fff5a417290) at /home/kde/build/KDE/kdelibs/kio/slave.moc:75
#42 0x00007fcd4f7566d4 in QMetaObject::activate (sender=0x1f48170, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xffffffffffffffff) at kernel/qobject.cpp:3031
#43 0x00007fcd50fd1a4a in KIO::Connection::readyRead (this=0x1f48170) at /home/kde/build/KDE/kdelibs/kio/connection.moc:84
#44 0x00007fcd50fd2852 in KIO::ConnectionPrivate::dequeue (this=0x1f48330) at /home/kde/src/KDE/kdelibs/kio/kio/connection.cpp:82
#45 0x00007fcd50fd36e8 in KIO::Connection::qt_metacall (this=0x1f48170, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x19c1660) at /home/kde/build/KDE/kdelibs/kio/connection.moc:72
#46 0x00007fcd4f751345 in QObject::event (this=0x1f48170, e=0x221f1b0) at kernel/qobject.cpp:1155
#47 0x00007fcd4ea4aa5d in QApplicationPrivate::notify_helper (this=0x18c0310, receiver=0x1f48170, e=0x221f1b0) at kernel/qapplication.cpp:3803
#48 0x00007fcd4ea527da in QApplication::notify (this=0x7fff5a417f80, receiver=0x1f48170, e=0x221f1b0) at kernel/qapplication.cpp:3768
#49 0x00007fcd5058cf52 in KApplication::notify (this=0x7fff5a417f80, receiver=0x1f48170, event=0x221f1b0) at /home/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:307
#50 0x00007fcd4f742381 in QCoreApplication::notifyInternal (this=0x7fff5a417f80, receiver=0x1f48170, event=0x221f1b0) at kernel/qcoreapplication.cpp:587
#51 0x00007fcd4f74301a in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x18a8e90) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:209
#52 0x00007fcd4eadd30a in QEventDispatcherX11::processEvents (this=0x18bfae0, flags={i = 1514241552}) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:214
#53 0x00007fcd4f740ca2 in QEventLoop::processEvents (this=<value optimized out>, flags={i = 1514241600}) at kernel/qeventloop.cpp:143
#54 0x00007fcd4f740e2d in QEventLoop::exec (this=0x7fff5a417e80, flags={i = 1514241680}) at kernel/qeventloop.cpp:194
#55 0x00007fcd4f7432dd in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845
#56 0x00007fcd51fc18d3 in kdemain (argc=2, argv=0x7fff5a418bd8) at /home/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257
#57 0x0000000000400897 in main (argc=2, argv=0x7fff5a418bd8) at /home/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3

If the SVG is opened directly there is not a crash.

The SVG image is badly rendered too. Is it related to this bug or should another bug be filled?

Comment 1 Dario Andres 2008-12-26 16:44:08 UTC

I can reproduce this crash here using:

Qt: 4.4.3
KDE: 4.1.86 (KDE 4.1.86 (KDE 4.2 >= 20081221))
kdelibs svn rev. 901624 / kdebase svn rev. 901624
on ArchLinux x86_64 - Kernel 2.6.27.10

Comment 2 Dario Andres 2009-02-21 15:58:50 UTC

I can't reproduce the crash anymore here using:

Qt: 4.5.0-rc1
KDE: 4.2.63 (KDE 4.2.63 (KDE 4.3 >= 20090212))
kdelibs svn rev. 927117 / kdebase svn rev. 927117
on ArchLinux i686 - Kernel 2.6.28.4

Can anyone else reproduce the crash with an updated KDE version ?

Comment 3 David Palacio 2009-03-19 14:34:48 UTC

Can reproduce:

Qt: 4.5.0
KDE: 4.2.67 (r941100)

Comment 4 Maksim Orlovich 2009-03-27 17:06:08 UTC

The problem is that cloneNode on XML elements screws up the namespace... I have a patch, but I don't like it.

Comment 5 Maksim Orlovich 2009-05-23 20:02:17 UTC


*** This bug has been marked as a duplicate of bug 185555 ***