202705 – BIDI Launching http://brainstorm.forum.kde.org causes Konqueror to crash

Bug 202705 - BIDI Launching http://brainstorm.forum.kde.org causes Konqueror to crash

Summary: BIDI Launching http://brainstorm.forum.kde.org causes Konqueror to crash

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml renderer (show other bugs)
Version:	unspecified
Platform:	Unlisted Binaries Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-08-05 22:24 UTC by Jan Kriho
Modified:	2009-08-17 21:46 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Jan Kriho 2009-08-05 22:24:17 UTC

Application that crashed: konqueror
Version of the application: 4.3.00 (KDE 4.3.0)
KDE Version: 4.3.00 (KDE 4.3.0)
Qt Version: 4.5.2
Operating System: Linux 2.6.27.2 x86_64
Distribution: Debian GNU/Linux testing (squeeze)

What I was doing when the application crashed:
Goto http://brainstorm.forum.kde.org, and wait approx 30 sec for crash

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[KCrash Handler]
#5  khtml::BidiContext::deref (this=0x2000000020) at ../../khtml/rendering/bidi.cpp:206
#6  0x00007f7165a56674 in khtml::RootInlineBox::setLineBreakInfo (this=0x3619f88, obj=0x0, breakPos=<value optimized out>, status=@0x7fff82eadbe0, context=0x0)
    at ../../khtml/rendering/render_line.cpp:1177
#7  0x00007f7165a5674a in khtml::RootInlineBox::childRemoved (this=0x2000000020, box=0x3619ff0) at ../../khtml/rendering/render_line.cpp:1161
#8  0x00007f7165a567c4 in khtml::InlineFlowBox::removeFromLine (this=0x3619e48, child=0x3619ff0) at ../../khtml/rendering/render_line.cpp:226
#9  0x00007f7165a5791d in khtml::InlineBox::detach (this=0x3619ff0, renderArena=0x2153df0, noRemove=40) at ../../khtml/rendering/render_line.cpp:81
#10 0x00007f7165a55778 in khtml::InlineFlowBox::deleteLine (this=0x3619e48, arena=0x2153df0) at ../../khtml/rendering/render_line.cpp:209
#11 0x00007f7165a55778 in khtml::InlineFlowBox::deleteLine (this=0x3619f88, arena=0x2153df0) at ../../khtml/rendering/render_line.cpp:209
#12 0x00007f7165a0a3da in khtml::RenderContainer::removeChildNode (this=0x3694018, oldChild=0x36944f8) at ../../khtml/rendering/render_container.cpp:224
#13 0x00007f71659eeace in khtml::RenderBlock::removeChild (this=0x3694208, oldChild=0x3694b20) at ../../khtml/rendering/render_block.cpp:605
#14 0x00007f7165a00e8e in khtml::RenderObject::detach (this=0x3694b20) at ../../khtml/rendering/render_object.h:847
#15 0x00007f7165a0d7a2 in khtml::RenderBox::detach (this=0x3694b20) at ../../khtml/rendering/render_box.cpp:224
#16 0x00007f716594dcf6 in DOM::NodeImpl::detach (this=0x31af5f0) at ../../khtml/xml/dom_nodeimpl.cpp:975
#17 0x00007f716594e4c8 in DOM::NodeBaseImpl::detach (this=0x31e8950) at ../../khtml/xml/dom_nodeimpl.cpp:1836
#18 0x00007f716594e4c8 in DOM::NodeBaseImpl::detach (this=0x3152bb0) at ../../khtml/xml/dom_nodeimpl.cpp:1836
#19 0x00007f716594e4c8 in DOM::NodeBaseImpl::detach (this=0x337c870) at ../../khtml/xml/dom_nodeimpl.cpp:1836
#20 0x00007f716594e4c8 in DOM::NodeBaseImpl::detach (this=0x33ee220) at ../../khtml/xml/dom_nodeimpl.cpp:1836
#21 0x00007f716594e4c8 in DOM::NodeBaseImpl::detach (this=0x348b4e0) at ../../khtml/xml/dom_nodeimpl.cpp:1836
#22 0x00007f716594e4c8 in DOM::NodeBaseImpl::detach (this=0x3416480) at ../../khtml/xml/dom_nodeimpl.cpp:1836
#23 0x00007f716594e34d in DOM::NodeBaseImpl::removeChildren (this=0x2a67360) at ../../khtml/xml/dom_nodeimpl.cpp:1659
#24 0x00007f71659a69fc in DOM::HTMLElementImpl::setInnerHTML (this=0x2a67360, html=<value optimized out>, exceptioncode=@0x7fff82eadf18) at ../../khtml/html/html_elementimpl.cpp:526
#25 0x00007f7165b03c49 in KJS::HTMLElement::putValueProperty (this=0x7f715e3a8b40, exec=0x7fff82eae9f0, token=348, value=0x7f715ef2df80) at ../../khtml/ecma/kjs_html.cpp:2596
#26 0x00007f7165b05398 in KJS::HTMLElement::put (this=0x7f715e3a8b40, exec=0x7fff82eae9f0, propertyName=@0x27bd438, value=0x7f715ef2df80, attr=0) at ../../kjs/lookup.h:249
#27 0x00007f71654976bd in KJS::Machine::runBlock (exec=0x7fff82eae9f0, codeBlock=<value optimized out>, parentExec=0x26cd740) at codes.def:660
#28 0x00007f716548068c in KJS::FunctionImp::callAsFunction (this=0x7f715fddcec0, exec=0x26cd740, thisObj=<value optimized out>, args=@0x7fff82eaec10) at ../../kjs/function.cpp:144
#29 0x00007f71654840c9 in KJS::JSObject::call (this=0x2000000020, exec=0x0, thisObj=0x28, args=@0x7fff82eadbe0) at ../../kjs/object.cpp:69
#30 0x00007f7165b4f095 in KJS::JSEventListener::handleEvent (this=0x2da0c90, evt=@0x7fff82eaec90) at ../../khtml/ecma/kjs_events.cpp:106
#31 0x00007f7165b5be0a in KJS::XMLHttpRequest::changeState (this=0x7f717acc0f80, newState=<value optimized out>) at ../../khtml/ecma/xmlhttprequest.cpp:348
#32 0x00007f7165b5d705 in KJS::XMLHttpRequest::slotFinished (this=0x7f717acc0f80) at ../../khtml/ecma/xmlhttprequest.cpp:719
#33 0x00007f7165b5e541 in KJS::XMLHttpRequestQObject::qt_metacall (this=0x3446a10, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff82eaee40) at ../../khtml/ecma/xmlhttprequest.cpp:93
#34 0x00007f717a9b5602 in QMetaObject::activate (sender=0x2ef3650, from_signal_index=<value optimized out>, to_signal_index=7, argv=0x7fff82eadbe0) at kernel/qobject.cpp:3112
#35 0x00007f717a4c2af2 in KJob::result (this=0x2000000020, _t1=0x2ef3650) at ./kjob.moc:188
#36 0x00007f717a4c2e6f in KJob::emitResult (this=0x2ef3650) at ../../kdecore/jobs/kjob.cpp:304
#37 0x00007f7179a7abe0 in KIO::SimpleJob::slotFinished (this=0x2ef3650) at ../../kio/kio/job.cpp:477
#38 0x00007f7179a7b0a3 in KIO::TransferJob::slotFinished (this=0x2ef3650) at ../../kio/kio/job.cpp:948
#39 0x00007f7179a75dbd in KIO::TransferJob::qt_metacall (this=0x2ef3650, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff82eaf240) at ./jobclasses.moc:343
#40 0x00007f717a9b5602 in QMetaObject::activate (sender=0x1bc9860, from_signal_index=<value optimized out>, to_signal_index=8, argv=0x7fff82eadbe0) at kernel/qobject.cpp:3112
#41 0x00007f7179b37f31 in KIO::SlaveInterface::dispatch (this=0x1bc9860, _cmd=104, rawdata=<value optimized out>) at ../../kio/kio/slaveinterface.cpp:175
#42 0x00007f7179b349c2 in KIO::SlaveInterface::dispatch (this=0x1bc9860) at ../../kio/kio/slaveinterface.cpp:91
#43 0x00007f7179b2742e in KIO::Slave::gotInput (this=0x1bc9860) at ../../kio/kio/slave.cpp:322
#44 0x00007f7179b29758 in KIO::Slave::qt_metacall (this=0x1bc9860, _c=QMetaObject::InvokeMetaMethod, _id=41, _a=0x7fff82eaf660) at ./slave.moc:76
#45 0x00007f717a9b5602 in QMetaObject::activate (sender=0x1b2e970, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x7fff82eadbe0) at kernel/qobject.cpp:3112
#46 0x00007f7179a44381 in KIO::ConnectionPrivate::dequeue (this=0x22989b0) at ../../kio/kio/connection.cpp:82
#47 0x00007f7179a447da in KIO::Connection::qt_metacall (this=0x1b2e970, _c=QMetaObject::InvokeMetaMethod, _id=41, _a=0x3a3f0a0) at ./connection.moc:73
#48 0x00007f717a9afee8 in QObject::event (this=0x1b2e970, e=0x4b55d80) at kernel/qobject.cpp:1110
#49 0x00007f717892e7ad in QApplicationPrivate::notify_helper (this=0x1536e60, receiver=0x1b2e970, e=0x4b55d80) at kernel/qapplication.cpp:4056
#50 0x00007f717893680a in QApplication::notify (this=0x7fff82eb0280, receiver=0x1b2e970, e=0x4b55d80) at kernel/qapplication.cpp:4021
#51 0x00007f7179587b2b in KApplication::notify (this=0x7fff82eb0280, receiver=0x1b2e970, event=0x4b55d80) at ../../kdeui/kernel/kapplication.cpp:302
#52 0x00007f717a9a049c in QCoreApplication::notifyInternal (this=0x7fff82eb0280, receiver=0x1b2e970, event=0x4b55d80) at kernel/qcoreapplication.cpp:610
#53 0x00007f717a9a10e4 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x148edb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#54 0x00007f717a9c8ef3 in postEventSourceDispatch (s=<value optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218
#55 0x00007f7177847f7a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#56 0x00007f717784b640 in ?? () from /usr/lib/libglib-2.0.so.0
#57 0x00007f717784b7dc in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#58 0x00007f717a9c8b7f in QEventDispatcherGlib::processEvents (this=0x1536530, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#59 0x00007f71789c55ef in QGuiEventDispatcherGlib::processEvents (this=0x2000000020, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#60 0x00007f717a99ed62 in QEventLoop::processEvents (this=<value optimized out>, flags={i = -2098528288}) at kernel/qeventloop.cpp:149
#61 0x00007f717a99f134 in QEventLoop::exec (this=0x7fff82eb0020, flags={i = -2098528208}) at kernel/qeventloop.cpp:201
#62 0x00007f717a9a13a4 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#63 0x00007f716c1bf909 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at ../../../../apps/konqueror/src/konqmain.cpp:257
#64 0x0000000000407264 in launch (argc=2, _name=0x14efee8 "/usr/bin/konqueror", args=<value optimized out>, cwd=0x0, envc=0, envs=0x14eff0c "", reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x14eff14 "tsukasa;1249499959;319028;11452_TIME116725816") at ../../kinit/kinit.cpp:676
#65 0x0000000000407a28 in handle_launcher_request (sock=7, who=<value optimized out>) at ../../kinit/kinit.cpp:1168
#66 0x0000000000407fae in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1361
#67 0x000000000040863b in main (argc=2, argv=0x7fff82eb1868, envp=0x7fff82eb1880) at ../../kinit/kinit.cpp:1788

Reported using DrKonqi

Comment 1 FiNeX 2009-08-05 22:59:44 UTC

Fortunatly I cannot reproduce using current trunk (r1007390)

Comment 2 Dario Andres 2009-08-06 04:17:39 UTC

This looks related to bug 193717 / 193177. Thanks

Comment 3 Dario Andres 2009-08-17 19:49:06 UTC

I can't reproduce the crash using 4.4trunk nor 4.3branch neither. (I wonder if the brainstorming site changes are related to this)

Comment 4 Dario Andres 2009-08-17 20:07:45 UTC

Closing as WORKSFORME. Reopen if you experience this in KDE>=4.3.1
Thanks

Comment 5 Jan Kriho 2009-08-17 21:40:34 UTC

(In reply to comment #3)
> I can't reproduce the crash using 4.4trunk nor 4.3branch neither. (I wonder if
> the brainstorming site changes are related to this)

Probably are, I cannot reproduce the bug anymore with the same KDE version.

(In reply to comment #4)
> Closing as WORKSFORME. Reopen if you experience this in KDE>=4.3.1
> Thanks

However, this does not resolve the original bug...

Comment 6 Dario Andres 2009-08-17 21:46:02 UTC

There are other 3 reports with a similar/same backtrace. I have tested the ones which had a testcase site and they didn't crashed for me.
Even when the issue is not fixed properly, the report should be closed as we don't have a testcase site anymore (the site changed and web.archive.org is not providing an old version)
- Could you test this with another section of forums.kde.org ?
Thanks