197294 – segfault in KHTMLPart::slotChildStarted

Bug 197294 - segfault in KHTMLPart::slotChildStarted

Summary: segfault in KHTMLPart::slotChildStarted

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Unlisted Binaries Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (4):	182165 195766 197441 202055 (view as bug list)
Depends on:
Blocks:

Reported:	2009-06-20 18:21 UTC by Benoît Jacob
Modified:	2009-08-05 23:22 UTC (History)
CC List:	6 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Benoît Jacob 2009-06-20 18:21:10 UTC

Application that crashed: konqueror
Version of the application: 4.2.91 (KDE 4.2.91 (KDE 4.3 >= 20090609)) "release 1"
KDE Version: 4.2.91 (KDE 4.2.91 (KDE 4.3 >= 20090609)) "release 1"
Qt Version: 4.5.1
Operating System: Linux 2.6.27.23-0.1-default i686

What I was doing when the application crashed:
I was reading OSNews.com and hit the back button (still OSNews.com), that's when the crash occured. Can't reproduce.


 -- Backtrace:
Application: Konqueror (kdeinit), signal: Segmentation fault
[Current thread is 1 (Thread 0xb5f99710 (LWP 3979))]

Thread 3 (Thread 0xac273b90 (LWP 10706)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb7e51f62 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb7eb16fc in QWaitCondition::wait (this=0x8849b58, mutex=0x8849b54, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  0xb7ea6c26 in QThreadPoolThread::run (this=0x88453f0) at concurrent/qthreadpool.cpp:140
#4  0xb7eb070e in QThreadPrivate::start (arg=0x88453f0) at thread/qthread_unix.cpp:189
#5  0xb7e4e1b5 in start_thread () from /lib/libpthread.so.0
#6  0xb66603be in clone () from /lib/libc.so.6

Thread 2 (Thread 0xae05fb90 (LWP 10707)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb7e51f62 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb7eb16fc in QWaitCondition::wait (this=0x8849b58, mutex=0x8849b54, time=30000) at thread/qwaitcondition_unix.cpp:85
#3  0xb7ea6c26 in QThreadPoolThread::run (this=0x89c1f70) at concurrent/qthreadpool.cpp:140
#4  0xb7eb070e in QThreadPrivate::start (arg=0x89c1f70) at thread/qthread_unix.cpp:189
#5  0xb7e4e1b5 in start_thread () from /lib/libpthread.so.0
#6  0xb66603be in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb5f99710 (LWP 3979)):
[KCrash Handler]
#6  KHTMLPart::slotChildStarted (this=0x962e508, job=0x0) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:4903
#7  0xb27eaab1 in KHTMLPart::qt_metacall (this=0x962e508, _c=QMetaObject::InvokeMetaMethod, _id=64, _a=0xbf9dfe5c) at /usr/src/debug/kdelibs-4.2.91svn979380/build/khtml/khtml_part.moc:316
#8  0xb7fbadc8 in QMetaObject::activate (sender=0xa969068, from_signal_index=7, to_signal_index=7, argv=0xbf9dfe5c) at kernel/qobject.cpp:3120
#9  0xb7fbc552 in QMetaObject::activate (sender=0xa969068, m=0xb7bdf850, local_signal_index=0, argv=0xbf9dfe5c) at kernel/qobject.cpp:3194
#10 0xb7bb7773 in KParts::ReadOnlyPart::started (this=0xa969068, _t1=0x0) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kparts/part.moc:201
#11 0xb27f35ad in KHTMLRun (this=0xa5ea180, part=0xa969068, child=0x8b604e8, url=@0xbf9e019c, args=@0x8b60518, browserArgs=@0x8b6051c, hideErrorDialog=<value optimized out>)
    at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_run.cpp:43
#12 0xb27e831f in KHTMLPart::requestObject (this=0xa969068, child=0x8b604e8, url=@0xbf9e019c, _args=@0xbf9e01bc, browserArgs=@0xbf9e0174)
    at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:4240
#13 0xb27eb36a in KHTMLPart::requestFrame (this=0xa969068, frame=0x9b29c18, url=@0xbf9e0224, frameName=@0xbf9e0220, params=@0xbf9e021c, isIFrame=<value optimized out>)
    at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:4158
#14 0xb28a3e5b in DOM::HTMLIFrameElementImpl::computeContent (this=0x9b29c18) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/html/html_baseimpl.cpp:784
#15 0xb28bf354 in DOM::HTMLPartContainerElementImpl::computeContentIfNeeded (this=0xa5b916c) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/html/html_objectimpl.cpp:90
#16 0xb287c598 in khtml::KHTMLParser::popOneBlock (this=0x87af8d8, delBlock=true) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/html/htmlparser.cpp:1865
#17 0xb287c758 in khtml::KHTMLParser::freeBlock (this=0x87af8d8) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/html/htmlparser.cpp:1898
#18 0xb287caa6 in ~KHTMLParser (this=0x87af8d8) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/html/htmlparser.cpp:191
#19 0xb2885309 in ~HTMLTokenizer (this=0xa5eef70) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/html/htmltokenizer.cpp:2081
#20 0xb282b326 in DOM::DocumentImpl::detach (this=0xa7e32b0) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/xml/dom_docimpl.cpp:1535
#21 0xb27c7ca2 in KHTMLPart::clear (this=0xa969068) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:1557
#22 0xb27e0f4a in ~KHTMLPart (this=0xa969068) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:607
#23 0xb27c7966 in KHTMLPart::clear (this=0x962e508) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:1596
#24 0xb27caabb in KHTMLPart::begin (this=0x962e508, url=@0x880a398, xOffset=0, yOffset=3000) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:2006
#25 0xb27c7e49 in KHTMLPart::slotData (this=0x962e508, kio_job=0xaa63c50, data=@0xbf9e0a24) at /usr/src/debug/kdelibs-4.2.91svn979380/khtml/khtml_part.cpp:1700
#26 0xb27eacdf in KHTMLPart::qt_metacall (this=0x962e508, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbf9e0778) at /usr/src/debug/kdelibs-4.2.91svn979380/build/khtml/khtml_part.moc:271
#27 0xb7fbadc8 in QMetaObject::activate (sender=0xaa63c50, from_signal_index=40, to_signal_index=40, argv=0xbf9e0778) at kernel/qobject.cpp:3120
#28 0xb7fbc552 in QMetaObject::activate (sender=0xaa63c50, m=0xb7a63310, local_signal_index=0, argv=0xbf9e0778) at kernel/qobject.cpp:3194
#29 0xb7880d09 in KIO::TransferJob::data (this=0xaa63c50, _t1=0xaa63c50, _t2=@0xbf9e0a24) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kio/jobclasses.moc:364
#30 0xb7881612 in KIO::TransferJob::slotData (this=0xaa63c50, _data=@0xbf9e0a24) at /usr/src/debug/kdelibs-4.2.91svn979380/kio/kio/job.cpp:903
#31 0xb7888375 in KIO::TransferJob::qt_metacall (this=0xaa63c50, _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbf9e089c) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kio/jobclasses.moc:344
#32 0xb7fbadc8 in QMetaObject::activate (sender=0xa6ce198, from_signal_index=4, to_signal_index=4, argv=0xbf9e089c) at kernel/qobject.cpp:3120
#33 0xb7fbc552 in QMetaObject::activate (sender=0xa6ce198, m=0xb7a65f24, local_signal_index=0, argv=0xbf9e089c) at kernel/qobject.cpp:3194
#34 0xb7952a83 in KIO::SlaveInterface::data (this=0xa6ce198, _t1=@0xbf9e0a24) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kio/slaveinterface.moc:140
#35 0xb79567cc in KIO::SlaveInterface::dispatch (this=0xa6ce198, _cmd=100, rawdata=@0xbf9e0a24) at /usr/src/debug/kdelibs-4.2.91svn979380/kio/kio/slaveinterface.cpp:163
#36 0xb7952e47 in KIO::SlaveInterface::dispatch (this=0xa6ce198) at /usr/src/debug/kdelibs-4.2.91svn979380/kio/kio/slaveinterface.cpp:91
#37 0xb7944bbd in KIO::Slave::gotInput (this=0xa6ce198) at /usr/src/debug/kdelibs-4.2.91svn979380/kio/kio/slave.cpp:322
#38 0xb7947053 in KIO::Slave::qt_metacall (this=0xa6ce198, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbf9e0b38) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kio/slave.moc:76
#39 0xb7fbadc8 in QMetaObject::activate (sender=0xa4967b8, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3120
#40 0xb7fbc552 in QMetaObject::activate (sender=0xa4967b8, m=0xb7a62860, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3194
#41 0xb7850087 in KIO::Connection::readyRead (this=0xa4967b8) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kio/connection.moc:86
#42 0xb78519f3 in KIO::ConnectionPrivate::dequeue (this=0x9d9c730) at /usr/src/debug/kdelibs-4.2.91svn979380/kio/kio/connection.cpp:82
#43 0xb7851dd6 in KIO::Connection::qt_metacall (this=0xa4967b8, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x9641b90) at /usr/src/debug/kdelibs-4.2.91svn979380/build/kio/connection.moc:73
#44 0xb7fb3a1b in QMetaCallEvent::placeMetaCall (this=0x8ad7fb8, object=0xa4967b8) at kernel/qobject.cpp:489
#45 0xb7fb54b0 in QObject::event (this=0xa4967b8, e=0x8ad7fb8) at kernel/qobject.cpp:1118
#46 0xb694469c in QApplicationPrivate::notify_helper (this=0x80b0260, receiver=0xa4967b8, e=0x8ad7fb8) at kernel/qapplication.cpp:4057
#47 0xb694c99e in QApplication::notify (this=0xbf9e1498, receiver=0xa4967b8, e=0x8ad7fb8) at kernel/qapplication.cpp:3604
#48 0xb7462bfd in KApplication::notify (this=0xbf9e1498, receiver=0xa4967b8, event=0x8ad7fb8) at /usr/src/debug/kdelibs-4.2.91svn979380/kdeui/kernel/kapplication.cpp:302
#49 0xb7fa4adb in QCoreApplication::notifyInternal (this=0xbf9e1498, receiver=0xa4967b8, event=0x8ad7fb8) at kernel/qcoreapplication.cpp:610
#50 0xb7fa5725 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x805a990) at kernel/qcoreapplication.h:213
#51 0xb7fa591d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1140
#52 0xb7fd090f in postEventSourceDispatch (s=0x80b2520) at kernel/qcoreapplication.h:218
#53 0xb64dd9c8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#54 0xb64e1083 in ?? () from /usr/lib/libglib-2.0.so.0
#55 0xb64e1241 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#56 0xb7fd0558 in QEventDispatcherGlib::processEvents (this=0x80b0240, flags={i = -1080159800}) at kernel/qeventdispatcher_glib.cpp:324
#57 0xb69e4975 in QGuiEventDispatcherGlib::processEvents (this=0x80b0240, flags={i = -1080159752}) at kernel/qguieventdispatcher_glib.cpp:202
#58 0xb7fa30fa in QEventLoop::processEvents (this=0xbf9e1270, flags={i = -1080159688}) at kernel/qeventloop.cpp:149
#59 0xb7fa353a in QEventLoop::exec (this=0xbf9e1270, flags={i = -1080159624}) at kernel/qeventloop.cpp:200
#60 0xb7fa59e9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#61 0xb6944517 in QApplication::exec () at kernel/qapplication.cpp:3526
#62 0xb49f244f in kdemain (argc=2, argv=0x8088de8) at /usr/src/debug/kdebase-4.2.91svn979380/apps/konqueror/src/konqmain.cpp:257
#63 0x0804e2b0 in launch (argc=2, _name=0x8088f7c "/usr/bin/konqueror", args=0x8088f97 "", cwd=0x0, envc=0, envs=0x8088f9c "", reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x8088fa0 "kiwi;1245511404;202859;3470_TIME93115") at /usr/src/debug/kdelibs-4.2.91svn979380/kinit/kinit.cpp:672
#64 0x0804ea8d in handle_launcher_request (sock=7, who=<value optimized out>) at /usr/src/debug/kdelibs-4.2.91svn979380/kinit/kinit.cpp:1164
#65 0x0804ef23 in handle_requests (waitForPid=0) at /usr/src/debug/kdelibs-4.2.91svn979380/kinit/kinit.cpp:1357
#66 0x0804fbca in main (argc=2, argv=0xbf9e1e44, envp=0xbf9e1e50) at /usr/src/debug/kdelibs-4.2.91svn979380/kinit/kinit.cpp:1784

Reported using DrKonqi

Comment 1 Maksim Orlovich 2009-06-20 23:55:47 UTC

SVN commit 984511 by orlovich:

Fix crashes when part is clear with an object element on the parser stack

BUG:190008
BUG:197294
BUG:188871


 M  +5 -0      khtml_part.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=984511

Comment 2 Dario Andres 2009-06-28 16:41:02 UTC

@Maksim: does that diff also fixes bug 198179 / bug 197441 / bug 195766 ?
Thanks

Comment 3 Tommi Tervo 2009-07-31 18:09:16 UTC

*** Bug 202055 has been marked as a duplicate of this bug. ***

Comment 4 A. Spehr 2009-08-03 04:45:11 UTC

*** Bug 197441 has been marked as a duplicate of this bug. ***

Comment 5 A. Spehr 2009-08-05 23:19:13 UTC

*** Bug 195766 has been marked as a duplicate of this bug. ***

Comment 6 A. Spehr 2009-08-05 23:22:16 UTC

*** Bug 182165 has been marked as a duplicate of this bug. ***