189201 – Konqueror crash on search (KHTMLFindBar::pattern)

Bug 189201 - Konqueror crash on search (KHTMLFindBar::pattern)

Summary: Konqueror crash on search (KHTMLFindBar::pattern)

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (10):	189461 189564 189857 190346 190851 191541 191581 191688 191946 193084 (view as bug list)
Depends on:
Blocks:

Reported:	2009-04-09 12:17 UTC by Dennis
Modified:	2009-05-18 09:33 UTC (History)
CC List:	14 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Dennis 2009-04-09 12:17:42 UTC

Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

Steps to reproduce:
- Go to http://www.howtoforge.com/how-to-compile-amarok-2-from-svn-on-k-x-ubuntu
- Press "/" (inline search)
- Try to find word "phonon"
Konqueror crashes on letter 'o'

Application: Konqueror (konqueror), signal SIGSEGV
0x00007f41de52ddf1 in nanosleep () from /lib/libc.so.6
[Current thread is 0 (LWP 28918)]

Thread 3 (Thread 0x41f08950 (LWP 28919)):
#0  0x00007f41e0a53c3d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f41e0cc3017 in QWaitCondition::wait (this=<value optimized out>, mutex=0xbe6de0, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  0x00007f41e0cb905b in QThreadPoolThread::run (this=0xacbf10) at concurrent/qthreadpool.cpp:140
#3  0x00007f41e0cc23c0 in QThreadPrivate::start (arg=0xacbf10) at thread/qthread_unix.cpp:189
#4  0x00007f41e0a4f080 in start_thread () from /lib/libpthread.so.0
#5  0x00007f41de55bccd in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x42709950 (LWP 28920)):
#0  0x00007f41e0a53c3d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f41e0cc3017 in QWaitCondition::wait (this=<value optimized out>, mutex=0xbe6de0, time=30000) at thread/qwaitcondition_unix.cpp:85
#2  0x00007f41e0cb905b in QThreadPoolThread::run (this=0x16f0d30) at concurrent/qthreadpool.cpp:140
#3  0x00007f41e0cc23c0 in QThreadPrivate::start (arg=0x16f0d30) at thread/qthread_unix.cpp:189
#4  0x00007f41e0a4f080 in start_thread () from /lib/libpthread.so.0
#5  0x00007f41de55bccd in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f41e3604760 (LWP 28918)):
[KCrash Handler]
#5  KHTMLFindBar::pattern (this=0x0) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/find/khtmlfindbar.cpp:103
#6  0x00007f41d37c93b3 in KHTMLFind::activate (this=0x14f1990) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/find/khtmlfind.cpp:231
#7  0x00007f41d37c941f in KHTMLFind::findTextNext (this=0x7fffeb74d020, reverse=false) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/find/khtmlfind.cpp:277
#8  0x00007f41d3786bcc in KHTMLPart::pFindTextNextInThisFrame (this=<value optimized out>, reverse=false) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/khtml_part.cpp:3051
#9  0x00007f41d37c9b86 in KHTMLFind::findTextNext (this=0xe00ad0, reverse=false) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/find/khtmlfind.cpp:435
#10 0x00007f41d3786c1e in KHTMLPart::findTextNext (this=0xe06f60, reverse=false) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/khtml_part.cpp:3046
#11 0x00007f41d3769a53 in KHTMLView::findAhead (this=0xdfc880, increase=true) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/khtmlview.cpp:1916
#12 0x00007f41d376ecae in KHTMLView::keyPressEvent (this=0xdfc880, _ke=0x7fffeb74e0f0) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/khtmlview.cpp:1705
#13 0x00007f41e00d0f80 in QWidget::event (this=0xdfc880, event=0x7fffeb74e0f0) at kernel/qwidget.cpp:7551
#14 0x00007f41e04526db in QFrame::event (this=0xdfc880, e=0x7fffeb74e0f0) at widgets/qframe.cpp:559
#15 0x00007f41e04d7cdd in QAbstractScrollArea::event (this=0xdfc880, e=0x7fffeb74e0f0) at widgets/qabstractscrollarea.cpp:918
#16 0x00007f41e04dafd3 in QScrollArea::event (this=0xdfc880, e=0x7fffeb74e0f0) at widgets/qscrollarea.cpp:314
#17 0x00007f41d376e786 in KHTMLView::event (this=0xdfc880, e=0x7fffeb74e0f0) at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/khtml/khtmlview.cpp:540
#18 0x00007f41e007f3df in QApplicationPrivate::notify_helper (this=0x6226a0, receiver=0xdfc880, e=0x7fffeb74e0f0) at kernel/qapplication.cpp:4084
#19 0x00007f41e0085ce3 in QApplication::notify (this=<value optimized out>, receiver=0xdfc880, e=0x7fffeb74e0f0) at kernel/qapplication.cpp:3690
#20 0x00007f41e1b65a34 in KApplication::notify (this=0x7fffeb74f1a0, receiver=0xdfc880, event=0x7fffeb74e0f0)
    at /mnt/ram/paludis/kde-base-kdelibs-scm/work/kdelibs-scm/kdeui/kernel/kapplication.cpp:307
#21 0x00007f41e0d9e203 in QCoreApplication::notifyInternal (this=0x7fffeb74f1a0, receiver=0xdfc880, event=0x7fffeb74e0f0) at kernel/qcoreapplication.cpp:598
#22 0x00007f41e007f51c in qt_sendSpontaneousEvent (receiver=0x605044, event=0x1) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216
#23 0x00007f41e0105af2 in QKeyMapper::sendKeyEvent (keyWidget=0xdfc880, grab=<value optimized out>, type=QEvent::KeyPress, code=79, modifiers=@0x7fffeb74e630, text=@0x7fffeb74e620, 
    autorepeat=<value optimized out>, count=1, nativeScanCode=32, nativeVirtualKey=111, nativeModifiers=16) at kernel/qkeymapper_x11.cpp:1675
#24 0x00007f41e0107a9b in QKeyMapperPrivate::translateKeyEvent (this=0x656710, keyWidget=0xdfc880, event=<value optimized out>, grab=false) at kernel/qkeymapper_x11.cpp:1645
#25 0x00007f41e00e422a in QApplication::x11ProcessEvent (this=0x7fffeb74f1a0, event=0x7fffeb74ed20) at kernel/qapplication_x11.cpp:3436
#26 0x00007f41e0108f85 in x11EventSourceDispatch (s=0x625f40, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#27 0x00007f41dcd6b1b3 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#28 0x00007f41dcd6e4a5 in g_main_context_iterate () from /usr/lib/libglib-2.0.so.0
#29 0x00007f41dcd6e97b in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#30 0x00007f41e0dc6cdf in QEventDispatcherGlib::processEvents (this=0x604710, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:323
#31 0x00007f41e0108dbf in QGuiEventDispatcherGlib::processEvents (this=0x7fffeb74d020, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#32 0x00007f41e0d9d4e5 in QEventLoop::processEvents (this=<value optimized out>, flags=@0x7fffeb74eff0) at kernel/qeventloop.cpp:149
#33 0x00007f41e0d9d646 in QEventLoop::exec (this=0x7fffeb74f030, flags=@0x7fffeb74f040) at kernel/qeventloop.cpp:196
#34 0x00007f41e0d9f81c in QCoreApplication::exec () at kernel/qcoreapplication.cpp:880
#35 0x00007f41e32f1047 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at /mnt/ram/paludis/kde-base-konqueror-scm/work/konqueror/apps/konqueror/src/konqmain.cpp:257
#36 0x0000000000400991 in main (argc=-344666080, argv=0x0) at /mnt/ram/paludis/kde-base-konqueror-scm/work/konqueror_build/apps/konqueror/src/konqueror_dummy.cpp:3

Comment 1 Dario Andres 2009-04-09 14:30:17 UTC

Here using:

Qt: 4.5.0 + qt-copy-patches-936035
KDE: 4.2.68 (KDE 4.2.68 (KDE 4.3 >= 20090327))
kdelibs svn rev. 949645 / kdebase svn rev. 949645
on ArchLinux i686 - Kernel 2.6.28.8

I can reproduce the crash.

==4554==                                                                                                                           
==4554== Invalid read of size 4                                                                                                    
==4554==    at 0x9E89E3D: KHTMLFindBar::pattern() const (khtmlfindbar.cpp:103)                                                     
==4554==    by 0x9E86AAA: KHTMLFind::activate() (khtmlfind.cpp:231)                                                                
==4554==    by 0x9E88EE4: KHTMLFind::findTextNext(bool) (khtmlfind.cpp:277)                                                        
==4554==    by 0x9E1CE1C: KHTMLPart::pFindTextNextInThisFrame(bool) (khtml_part.cpp:3051)                                          
==4554==    by 0x9E88A84: KHTMLFind::findTextNext(bool) (khtmlfind.cpp:435)                                                        
==4554==    by 0x9E1CEA0: KHTMLPart::findTextNext(bool) (khtml_part.cpp:3046)                                                      
==4554==    by 0x9E0B493: KHTMLView::findAhead(bool) (khtmlview.cpp:1916)                                                          
==4554==    by 0x9E0BBDD: KHTMLView::keyPressEvent(QKeyEvent*) (khtmlview.cpp:1705)                                                
==4554==    by 0x4F67B7A: QWidget::event(QEvent*) (qwidget.cpp:7551)                                                               
==4554==    by 0x5328AB2: QFrame::event(QEvent*) (qframe.cpp:559)                                                                  
==4554==    by 0x53C1DCC: QAbstractScrollArea::event(QEvent*) (qabstractscrollarea.cpp:918)                                        
==4554==    by 0x53C6A5C: QScrollArea::event(QEvent*) (qscrollarea.cpp:314)

Comment 2 Dario Andres 2009-04-09 14:43:44 UTC

Just wondering, the "/" shortcut ("Find as you type"), is disabled on the menu. But you can call it manually pressing the "/" key

Comment 3 Dario Andres 2009-04-12 15:51:41 UTC

*** Bug 189461 has been marked as a duplicate of this bug. ***

Comment 4 Hermann Schwarting 2009-04-12 22:29:43 UTC

I experienced the same problem under 4.2.2 installed from Debian unstable.

Comment 5 Allan Sandfeld 2009-04-14 21:02:17 UTC

Maybe inline '/' search should just be removed, since ordinary ctrl+f search is also incremental now. The duplicate code is just a source of bugs, and if we tie '/' to ordinary search the functionality is still there.

Comment 6 Tommi Tervo 2009-04-17 10:32:40 UTC

*** Bug 189857 has been marked as a duplicate of this bug. ***

Comment 7 Frank Reininghaus 2009-04-22 21:01:34 UTC

*** Bug 190346 has been marked as a duplicate of this bug. ***

Comment 8 Dario Andres 2009-04-28 00:03:21 UTC

*** Bug 189564 has been marked as a duplicate of this bug. ***

Comment 9 Dario Andres 2009-04-28 00:03:41 UTC

*** Bug 190851 has been marked as a duplicate of this bug. ***

Comment 10 Germain Garand 2009-04-30 02:08:05 UTC

SVN commit 961356 by ggarand:

.fix crashes happening with the "/" gui less find-as-you-type
.harden the findbar code to prevent possible access to deleted bar

BUG: 189201


 M  +27 -20    khtmlfind.cpp  
 M  +7 -3      khtmlfind_p.h  
 M  +1 -1      khtmlfindbar.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=961356

Comment 11 Germain Garand 2009-04-30 02:16:36 UTC

SVN commit 961362 by ggarand:

automatically merged revision 961356:
.fix crashes happening with the "/" gui less find-as-you-type
.harden the findbar code to prevent possible access to deleted bar

BUG: 189201

 M  +27 -20    khtmlfind.cpp  
 M  +7 -3      khtmlfind_p.h  
 M  +1 -1      khtmlfindbar.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=961362

Comment 12 gerlos 2009-05-04 00:58:51 UTC

*** Bug 191541 has been marked as a duplicate of this bug. ***

Comment 13 Tommi Tervo 2009-05-04 15:09:08 UTC

*** Bug 191581 has been marked as a duplicate of this bug. ***

Comment 14 Pino Toscano 2009-05-05 16:29:56 UTC

*** Bug 191688 has been marked as a duplicate of this bug. ***

Comment 15 Pino Toscano 2009-05-07 21:03:36 UTC

*** Bug 191946 has been marked as a duplicate of this bug. ***

Comment 16 Tommi Tervo 2009-05-18 09:33:32 UTC

*** Bug 193084 has been marked as a duplicate of this bug. ***