Bug 228255 - konqueror crash when closing popup via click in an image preview
Summary: konqueror crash when closing popup via click in an image preview
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR crash (vote)
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
: 218866 221758 222333 223739 226170 227360 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-02-24 00:56 UTC by Sébastien LOSS
Modified: 2010-02-25 16:59 UTC (History)
7 users (show)

See Also:
Latest Commit:
Version Fixed In:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sébastien LOSS 2010-02-24 00:56:28 UTC
Application: konqueror (4.4.00 (KDE 4.4.0))
KDE Platform Version: 4.4.00 (KDE 4.4.0)
Qt Version: 4.6.1
Operating System: Linux 2.6.32-14-generic x86_64
Distribution: Ubuntu lucid (development branch)

-- Information about the crash:
On this website : http://www.pcworld.fr/produit/test-pcworld-msi-big-bang-trinergy-300-euros-p55-prix-justifie/473831/ click on any thumbnail picture --> a popup appear with the full picture size --> click in to close this popup (classic feature and rather convenient I think ) --> konqueror crash (segfault 11).

Note : On Blender website (www.blender.org) the gallery run on same mecanic but no crash.

The crash can be reproduced every time.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f4855f23800 (LWP 3075))]

Thread 4 (Thread 0x7f4833fff710 (LWP 3128)):
#0  0x00007f4852f1bbc3 in poll () from /lib/libc.so.6
#1  0x00007f484f6dba49 in ?? () from /lib/libglib-2.0.so.0
#2  0x00007f484f6dbe1c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#3  0x00007f485451f196 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#4  0x00007f48544f4582 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#5  0x00007f48544f495c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#6  0x00007f48543fed39 in QThread::exec() () from /usr/lib/libQtCore.so.4
#7  0x00007f48544d4dc8 in ?? () from /usr/lib/libQtCore.so.4
#8  0x00007f4854401755 in ?? () from /usr/lib/libQtCore.so.4
#9  0x00007f4854171b14 in start_thread () from /lib/libpthread.so.0
#10 0x00007f4852f2807d in clone () from /lib/libc.so.6
#11 0x0000000000000000 in ?? ()

Thread 3 (Thread 0x7f483350f710 (LWP 3146)):
#0  0x00007f4854176a39 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f4854402672 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f48543f7a29 in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f4854401755 in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f4854171b14 in start_thread () from /lib/libpthread.so.0
#5  0x00007f4852f2807d in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f4832d0e710 (LWP 3147)):
#0  0x00007f4854176a39 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f4854402672 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f48543f7a29 in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f4854401755 in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f4854171b14 in start_thread () from /lib/libpthread.so.0
#5  0x00007f4852f2807d in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f4855f23800 (LWP 3075)):
[KCrash Handler]
#5  0x0000000002bc5648 in ?? ()
#6  0x00007f483f5fc001 in KHTMLPart::removeJSErrorExtension() () from /usr/lib/libkhtml.so.5
#7  0x00007f483f60f40d in KHTMLPart::~KHTMLPart() () from /usr/lib/libkhtml.so.5
#8  0x00007f48545059bd in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#9  0x00007f485369407c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#10 0x00007f485369a66b in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#11 0x00007f4854a3d1d6 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#12 0x00007f48544f5c5c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#13 0x00007f48544f83d7 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#14 0x00007f485451f603 in ?? () from /usr/lib/libQtCore.so.4
#15 0x00007f484f6d7df2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#16 0x00007f484f6dbc38 in ?? () from /lib/libglib-2.0.so.0
#17 0x00007f484f6dbe1c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#18 0x00007f485451f143 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#19 0x00007f485374388e in ?? () from /usr/lib/libQtGui.so.4
#20 0x00007f48544f4582 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#21 0x00007f48544f495c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#22 0x00007f48544f869b in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#23 0x00007f484688bcd6 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#24 0x0000000000406fe8 in _start ()

This bug may be a duplicate of or related to bug 223739.

Possible duplicates by query: bug 227360, bug 226170, bug 223739.

Reported using DrKonqi
Comment 1 Maksim Orlovich 2010-02-24 01:06:14 UTC
Can't reproduce, though there are many reports with this bt. 
Any chance you could produce a valgrind trace?
Comment 2 David Faure 2010-02-24 01:17:58 UTC
Confirmed. Valgrind log:

==9251== Invalid read of size 8                                                                                                              
==9251==    at 0x178A2DAF: KHTMLPart::removeJSErrorExtension() (khtml_part.cpp:1276)                                                         
==9251==    by 0x1789DE24: KHTMLPart::~KHTMLPart() (khtml_part.cpp:593)                                                                      
==9251==    by 0x790F114: qDeleteInEventHandler(QObject*) (qobject.cpp:3991)                                                                 
==9251==    by 0x7909124: QObject::event(QEvent*) (qobject.cpp:1223)                                                                         
==9251==    by 0x83736D5: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4300)                                      
==9251==    by 0x8370BEC: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3704)                                                    
==9251==    by 0x6AF1892: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302)                                                     
==9251==    by 0x78EEF0B: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704)                                     
==9251==    by 0x78F3316: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:215)                                            
==9251==    by 0x78F05A1: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1369)                 
==9251==    by 0x78F01BC: QCoreApplication::sendPostedEvents(QObject*, int) (qcoreapplication.cpp:1262)                                      
==9251==    by 0x792CB82: QCoreApplication::sendPostedEvents() (qcoreapplication.h:220)                                                      
==9251==  Address 0x1054ecf0 is 0 bytes inside a block of size 48 free'd                                                                     
==9251==    at 0x4C24E54: operator delete(void*) (vg_replace_malloc.c:387)                                                                   
==9251==    by 0x6C35B85: KUrlLabel::~KUrlLabel() (kurllabel.cpp:109)                                                                        
==9251==    by 0x790A5A3: QObjectPrivate::deleteChildren() (qobject.cpp:1978)                                                                
==9251==    by 0x83D4598: QWidget::~QWidget() (qwidget.cpp:1472)                                                                             
==9251==    by 0x894571F: QStatusBar::~QStatusBar() (qstatusbar.cpp:300)                                                                     
==9251==    by 0x6C1AF9E: KStatusBar::~KStatusBar() (kstatusbar.cpp:92)                                                                      
==9251==    by 0x4EA236E: KonqFrameStatusBar::~KonqFrameStatusBar() (konqframestatusbar.cpp:131)                                             
==9251==    by 0x790A5A3: QObjectPrivate::deleteChildren() (qobject.cpp:1978)                                                                
==9251==    by 0x83D4598: QWidget::~QWidget() (qwidget.cpp:1472)                                                                             
==9251==    by 0x4EA06F9: KonqFrame::~KonqFrame() (konqframe.cpp:109)                                                                        
==9251==    by 0x4EAA5A0: void qDeleteAll<QList<KonqFrameBase*>::const_iterator>(QList<KonqFrameBase*>::const_iterator, QList<KonqFrameBase*>::const_iterator) (qalgorithms.h:322)                                                                                                        
==9251==    by 0x4EAA157: void qDeleteAll<QList<KonqFrameBase*> >(QList<KonqFrameBase*> const&) (qalgorithms.h:330)                          
==9251==    by 0x4EA6657: KonqFrameTabs::~KonqFrameTabs() (konqtabs.cpp:142)                                                                 
==9251==    by 0x4E94088: KonqViewManager::clear() (konqviewmanager.cpp:704)                                                                 
==9251==    by 0x4E939C9: KonqViewManager::removePart(KParts::Part*) (konqviewmanager.cpp:638)                                               
==9251==    by 0x1789DDED: KHTMLPart::~KHTMLPart() (khtml_part.cpp:588)                                                                      
==9251==    by 0x790F114: qDeleteInEventHandler(QObject*) (qobject.cpp:3991)                                                                 
==9251==    by 0x7909124: QObject::event(QEvent*) (qobject.cpp:1223)                                                                         
==9251==    by 0x83736D5: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4300)                                      
==9251==    by 0x8370BEC: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3704)                                                    
==9251==    by 0x6AF1892: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302)                                                     
==9251==    by 0x78EEF0B: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704)                                     
==9251==    by 0x78F3316: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:215)                                            
==9251==    by 0x78F05A1: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1369)                 
==9251==    by 0x78F01BC: QCoreApplication::sendPostedEvents(QObject*, int) (qcoreapplication.cpp:1262)                                      
==9251==    by 0x792CB82: QCoreApplication::sendPostedEvents() (qcoreapplication.h:220)
Comment 3 David Faure 2010-02-25 14:34:51 UTC
SVN commit 1096006 by dfaure:

Fix crash when closing a window (via javascript, i.e. self-destruct) that has a JSError statusbar label.
Fixed for: 4.4.1
BUG: 228255


 M  +15 -0     kdebase/apps/konqueror/src/tests/konqhtmltest.cpp  
 M  +5 -5      kdelibs/khtml/khtml_part.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1096006
Comment 4 David Faure 2010-02-25 15:04:04 UTC
*** Bug 218866 has been marked as a duplicate of this bug. ***
Comment 5 Maksim Orlovich 2010-02-25 16:42:18 UTC
*** Bug 227360 has been marked as a duplicate of this bug. ***
Comment 6 Maksim Orlovich 2010-02-25 16:42:45 UTC
*** Bug 226170 has been marked as a duplicate of this bug. ***
Comment 7 Maksim Orlovich 2010-02-25 16:43:29 UTC
*** Bug 223739 has been marked as a duplicate of this bug. ***
Comment 8 Maksim Orlovich 2010-02-25 16:58:36 UTC
*** Bug 222333 has been marked as a duplicate of this bug. ***
Comment 9 Maksim Orlovich 2010-02-25 16:59:21 UTC
*** Bug 221758 has been marked as a duplicate of this bug. ***