Version: (using KDE 4.4.3) OS: Linux Installed from: Ubuntu Packages Testcase -------- http://jhop.me/tests/bugs/ie8/importantkeyword-pseudoelements.html Steps to reproduce ------------------ 1- Load provided testcase 2- Click on the first (topmost) big bright green "X" (or try to select it) Actual results in Konqueror 4.4.3 --------------------------------- application crash My system --------- KDE platform: 4.4.3 Qt: 4.6.2 Linux 2.6.31-19-generic i686 (32bits) Notes ----- - I search for a duplicate and did not find any. - I am reading "How to create useful crash reports" http://techbase.kde.org/Development/Tutorials/Debugging/How_to_create_useful_crash_reports and am trying to figure out how to paste backtrace data in this bug report ... which I believe is available, accessible from the "KDE Crash Dialog". regards, Gérard
Backtrace data -------------- Application: Konqueror (kdeinit4), signal: Segmentation fault [Current thread is 1 (Thread 0xb7842aa0 (LWP 6006))] Thread 2 (Thread 0xae105b70 (LWP 6016)): #0 0x04c58e16 in *__GI_clock_gettime (clock_id=80072692, tp=0xae104fb8) at ../sysdeps/unix/clock_gettime.c:100 #1 0x00f376fb in ?? () from /usr/lib/libQtCore.so.4 #2 0x00f3c825 in ?? () from /usr/lib/libQtCore.so.4 #3 0x00f3c86a in ?? () from /usr/lib/libQtCore.so.4 #4 0x00f3a818 in ?? () from /usr/lib/libQtCore.so.4 #5 0x00f3a8a5 in ?? () from /usr/lib/libQtCore.so.4 #6 0x02ea6aca in g_main_context_prepare () from /lib/libglib-2.0.so.0 #7 0x02ea6ee9 in ?? () from /lib/libglib-2.0.so.0 #8 0x02ea74b8 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #9 0x00f3a60f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #10 0x00f0d059 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #11 0x00f0d4aa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #12 0x00e095a8 in QThread::exec() () from /usr/lib/libQtCore.so.4 #13 0x00eecc1b in ?? () from /usr/lib/libQtCore.so.4 #14 0x00e0c32e in ?? () from /usr/lib/libQtCore.so.4 #15 0x0037196e in start_thread (arg=0xae105b70) at pthread_create.c:300 #16 0x0638da0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 Thread 1 (Thread 0xb7842aa0 (LWP 6006)): [KCrash Handler] #6 0x0295a679 in ?? () from /usr/lib/libkhtml.so.5 #7 0x028bfd41 in ?? () from /usr/lib/libkhtml.so.5 #8 0x028bfec0 in ?? () from /usr/lib/libkhtml.so.5 #9 0x028bffff in ?? () from /usr/lib/libkhtml.so.5 #10 0x028054e9 in KHTMLPart::selectionLayoutChanged() () from /usr/lib/libkhtml.so.5 #11 0x02815b75 in KHTMLPart::notifySelectionChanged(bool) () from /usr/lib/libkhtml.so.5 #12 0x02815c80 in KHTMLPart::setCaret(DOM::Selection const&, bool) () from /usr/lib/libkhtml.so.5 #13 0x0281618d in KHTMLPart::handleMousePressEventSingleClick(khtml::MousePressEvent*) () from /usr/lib/libkhtml.so.5 #14 0x02820bca in KHTMLPart::khtmlMousePressEvent(khtml::MousePressEvent*) () from /usr/lib/libkhtml.so.5 #15 0x0280448f in KHTMLPart::customEvent(QEvent*) () from /usr/lib/libkhtml.so.5 #16 0x00f1f45c in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4 #17 0x011594dc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #18 0x0116005e in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #19 0x00bcef5a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5 #20 0x00f0ea3b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #21 0x027fe539 in KHTMLView::mousePressEvent(QMouseEvent*) () from /usr/lib/libkhtml.so.5 #22 0x011b77dc in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4 #23 0x015b3fd3 in QFrame::event(QEvent*) () from /usr/lib/libQtGui.so.4 #24 0x027f78ac in KHTMLView::widgetEvent(QEvent*) () from /usr/lib/libkhtml.so.5 #25 0x027f7ba5 in KHTMLView::eventFilter(QObject*, QEvent*) () from /usr/lib/libkhtml.so.5 #26 0x00f0dcda in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #27 0x011594b9 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #28 0x011609f7 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4 #29 0x00bcef5a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5 #30 0x00f0ea3b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4 #31 0x0115f952 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/libQtGui.so.4 #32 0x011eb088 in ?? () from /usr/lib/libQtGui.so.4 #33 0x011ea511 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libQtGui.so.4 #34 0x0121960a in ?? () from /usr/lib/libQtGui.so.4 #35 0x02ea35e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #36 0x02ea72d8 in ?? () from /lib/libglib-2.0.so.0 #37 0x02ea74b8 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #38 0x00f3a5d5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #39 0x01219135 in ?? () from /usr/lib/libQtGui.so.4 #40 0x00f0d059 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #41 0x00f0d4aa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4 #42 0x00f1169f in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4 #43 0x01159577 in QApplication::exec() () from /usr/lib/libQtGui.so.4 #44 0x01f9e23e in kdemain () from /usr/lib/libkdeinit4_konqueror.so #45 0x0804e133 in _start () regards, Gérard
Just in case the provided testcase disappears... Relevant CSS code involved ========================== .test { font-size: 100px; color: red; } .test.one:first-letter, .test.two:first-line { color:lime !important; } (...) <div class="test one">X</div> The necessary code to trigger application crash could be even furthermore reduced: remove :first-line and remove one of the 2 classes. regards, Gérard
==6905== Invalid read of size 2 ==6905== at 0xD1FBBC5: khtml::RenderText::caretPos(int, int, int&, int&, int&, int&) const (render_text.cpp:1098) ==6905== by 0xD150DFF: DOM::Selection::layoutCaret() (dom_selection.cpp:484) ==6905== by 0xD150F5D: DOM::Selection::getRepaintRect() const (dom_selection.cpp:496) ==6905== by 0xD15109C: DOM::Selection::needsCaretRepaint() (dom_selection.cpp:521) ==6905== by 0xD088560: KHTMLPart::selectionLayoutChanged() (khtml_part.cpp:3329) ==6905== by 0xD088644: KHTMLPart::notifySelectionChanged(bool) (khtml_part.cpp:3347) ==6905== by 0xD0886F6: KHTMLPart::setCaret(DOM::Selection const&, bool) (khtml_part.cpp:3217) ==6905== by 0xD08938A: KHTMLPart::handleMousePressEventSingleClick(khtml::MousePressEvent*) (khtml_part.cpp:6097) ==6905== by 0xD089785: KHTMLPart::khtmlMousePressEvent(khtml::MousePressEvent*) (khtml_part.cpp:6136) ==6905== by 0xD07E9FA: KHTMLPart::customEvent(QEvent*) (khtml_part.cpp:5898) ==6905== by 0x54AC880: QObject::event(QEvent*) (qobject.cpp:1279) ==6905== by 0x59EE1B9: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4304) ==6905== by 0x59EBA79: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3708) ==6905== by 0x4CA9C62: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302) ==6905== by 0x5497129: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704) ==6905== by 0x40A8BBD: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:215) ==6905== by 0xD069D5F: KHTMLView::mousePressEvent(QMouseEvent*) (khtmlview.cpp:1252) ==6905== by 0x5A513D8: QWidget::event(QEvent*) (qwidget.cpp:7994) ==6905== by 0x5E80C59: QFrame::event(QEvent*) (qframe.cpp:557) ==6905== by 0xD065A4B: KHTMLView::widgetEvent(QEvent*) (khtmlview.cpp:2363) ==6905== by 0xD06A58F: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2208) ==6905== by 0x54973D2: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:819) ==6905== by 0x59EE195: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4300) ==6905== by 0x59EC39C: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3869) ==6905== by 0x4CA9C62: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:302) ==6905== by 0x5497129: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:704) ==6905== by 0x59F07D6: QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (qcoreapplication.h:218) ==6905== by 0x59EAAD1: QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (qapplication.cpp:2967) ==6905== by 0x5A83CD5: QETWidget::translateMouseEvent(_XEvent const*) (qapplication_x11.cpp:4368) ==6905== by 0x5A80A30: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:3379) ==6905== by 0x5AB3BD4: x11EventSourceDispatch(_GSource*, int (*)(void*), void*) (qguieventdispatcher_glib.cpp:146) ==6905== by 0x6A76C8D: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.2400.0) ==6905== by 0x6A7A9C7: ??? (in /usr/lib/libglib-2.0.so.0.2400.0) ==6905== by 0x6A7AB6D: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.2400.0) ==6905== by 0x54CA31F: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:412) ==6905== by 0x5AB40FF: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204) ==6905== by 0x5494ACA: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149) ==6905== by 0x5494C0E: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:197) ==6905== by 0x54977CF: QCoreApplication::exec() (qcoreapplication.cpp:981) ==6905== by 0x59EB687: QApplication::exec() (qapplication.cpp:3583) ==6905== by 0x412E04A: kdemain (konqmain.cpp:228) ==6905== by 0x804872A: main (konqueror_dummy.cpp:3) ==6905== Address 0x0 is not stack'd, malloc'd or (recently) free'd
Dynamic :first-letter testcase http://test.csswg.org/suites/css2.1/20101210/html4/first-letter-dynamic-001.htm also causes consistently application crash (Konqueror 4.5.5): clicking the back button or switching to another tab will cause crash. I'll create another bug report for this. Gérard
> I'll create another bug report for this bug 262697
I still crash. I am using KDE Platform Version: 4.8.4 Konqueror version: 4.8.4 (with KHTML rendering engine) Qt Version: 4.8.1 Operating System: Linux 3.2.0-25-generic-pae i686 (32bits) Distribution: Kubuntu 12.04 LTS here. Version field, URL field and Keywords field have been updated. Gérard
*** Bug 207113 has been marked as a duplicate of this bug. ***
Created attachment 78364 [details] New crash information added by DrKonqi konqueror (4.10.60) on KDE Platform 4.10.60 using Qt 4.8.4 - What I was doing when the application crashed: Just follow the instruction given in bug 237652 -- Backtrace (Reduced): #7 0xb249ded2 in khtml::RenderText::caretPos (this=0x9b6a154, offset=0, flags=1, _x=@0x9a5aafc: 69, _y=@0x9a5ab00: 0, width=@0xbfe821ac: 1, height=@0x9a5ab04: 117) at /mnt/personal/build/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/rendering/render_text.cpp:1098 #8 0xb2400e84 in DOM::Selection::layoutCaret (this=0x9a5aad4) at /mnt/personal/build/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/xml/dom_selection.cpp:483 #9 0xb2401031 in DOM::Selection::getRepaintRect (this=this@entry=0x9a5aad4) at /mnt/personal/build/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/xml/dom_selection.cpp:495 #10 0xb2401174 in DOM::Selection::needsCaretRepaint (this=0x9a5aad4) at /mnt/personal/build/portage/kde-base/kdelibs-9999/work/kdelibs-9999/khtml/xml/dom_selection.cpp:520 [...]
Thank you for the crash reports. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!