251949 – konqueror crashes when running test on page http://dbaron.org/dom/test/two-css/CSSRule

Bug 251949 - konqueror crashes when running test on page http://dbaron.org/dom/test/two-css/CSSRule

Summary: konqueror crashes when running test on page http://dbaron.org/dom/test/two-cs...

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Mandriva RPMs Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-09-21 17:03 UTC by Olivier LAHAYE
Modified:	2010-09-23 18:02 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Olivier LAHAYE 2010-09-21 17:03:14 UTC

Application: konqueror (4.5.68 (4.6 >= 20100912))
KDE Platform Version: 4.5.68 (4.6 >= 20100912)
Qt Version: 4.7.0
Operating System: Linux 2.6.35.4-desktop-1mnb x86_64
Distribution: "Mandriva Linux 2010.1"

-- Information about the crash:
goto http://dbaron.org/dom/test/two-css/CSSRule and click on the test button.
=> Kaboom

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (kdeinit4), signal: Aborted
[Current thread is 1 (Thread 0x7fc7ef290720 (LWP 19606))]

Thread 3 (Thread 0x7fc7d096f710 (LWP 19619)):
#0  0x00007fc7edb8c429 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007fc7ede0fce2 in wait (this=<value optimized out>, mutex=0xf064a0, time=30000) at thread/qwaitcondition_unix.cpp:86
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0xf064a0, time=30000) at thread/qwaitcondition_unix.cpp:160
#3  0x00007fc7ede05ce8 in QThreadPoolThread::run (this=0xf9a670) at concurrent/qthreadpool.cpp:140
#4  0x00007fc7ede0f68e in QThreadPrivate::start (arg=0xf9a670) at thread/qthread_unix.cpp:266
#5  0x00007fc7e2b81953 in ?? () from /usr/lib64/nvidia-current/libGL.so.1
#6  0x00007fc7edb87a5d in start_thread () from /lib64/libpthread.so.0
#7  0x00007fc7ec95f15d in clone () from /lib64/libc.so.6
#8  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7fc7ca77b710 (LWP 19641)):
#0  0x00007fc7edb8c429 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00007fc7ede0fce2 in wait (this=<value optimized out>, mutex=0x160a190, time=30000) at thread/qwaitcondition_unix.cpp:86
#2  QWaitCondition::wait (this=<value optimized out>, mutex=0x160a190, time=30000) at thread/qwaitcondition_unix.cpp:160
#3  0x00007fc7ede05ce8 in QThreadPoolThread::run (this=0x15fc620) at concurrent/qthreadpool.cpp:140
#4  0x00007fc7ede0f68e in QThreadPrivate::start (arg=0x15fc620) at thread/qthread_unix.cpp:266
#5  0x00007fc7e2b81953 in ?? () from /usr/lib64/nvidia-current/libGL.so.1
#6  0x00007fc7edb87a5d in start_thread () from /lib64/libpthread.so.0
#7  0x00007fc7ec95f15d in clone () from /lib64/libc.so.6
#8  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fc7ef290720 (LWP 19606)):
[KCrash Handler]
#6  0x00007fc7ec8b5925 in raise () from /lib64/libc.so.6
#7  0x00007fc7ec8b6f40 in abort () from /lib64/libc.so.6
#8  0x00007fc7ede075d4 in qt_message_output (msgType=<value optimized out>, buf=<value optimized out>) at global/qglobal.cpp:2259
#9  0x00007fc7ede0779d in qt_message(QtMsgType, const char *, typedef __va_list_tag __va_list_tag *) (msgType=QtFatalMsg, msg=0x7fc7edf57d58 "ASSERT failure in %s: \"%s\", file %s, line %d", ap=
    0x7fff5d2ef340) at global/qglobal.cpp:2305
#10 0x00007fc7ede07935 in qFatal (msg=<value optimized out>) at global/qglobal.cpp:2488
#11 0x00007fc7d63fa6af in QList<DOM::StyleBaseImpl*>::at (this=0x122de60, i=4) at /usr/lib/qt4/include/QtCore/qlist.h:455
#12 0x00007fc7d63f99f9 in DOM::StyleListImpl::item (num=<value optimized out>, this=<value optimized out>) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/css/css_base.h:266
#13 0x00007fc7d63f9a23 in DOM::CSSRuleListImpl::item (this=<value optimized out>, index=<value optimized out>) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/css/css_ruleimpl.cpp:462
#14 0x00007fc7d64b73b6 in KJS::DOMCSSRuleListFunc::callAsFunction (this=0x7fc7d014f4c0, exec=0x7fff5d2ef970, thisObj=<value optimized out>, args=...)
    at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/ecma/kjs_css.cpp:747
#15 0x00007fc7d5ba69c0 in KJS::Machine::runBlock (exec=0x7fff5d2ef970, codeBlock=..., parentExec=0x7fff5d2effc0) at codes.def:1204
#16 0x00007fc7d5b8751d in KJS::FunctionImp::callAsFunction (this=<value optimized out>, exec=0x7fff5d2effc0, thisObj=<value optimized out>, args=...)
    at /usr/src/debug/kdelibs-4.5.68svn1174542/kjs/function.cpp:172
#17 0x00007fc7d5ba69c0 in KJS::Machine::runBlock (exec=0x7fff5d2effc0, codeBlock=..., parentExec=0x1105d30) at codes.def:1204
#18 0x00007fc7d5b8751d in KJS::FunctionImp::callAsFunction (this=<value optimized out>, exec=0x1105d30, thisObj=<value optimized out>, args=...)
    at /usr/src/debug/kdelibs-4.5.68svn1174542/kjs/function.cpp:172
#19 0x00007fc7d64c5982 in KJS::JSEventListener::handleEvent (this=0x1313df0, evt=...) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/ecma/kjs_events.cpp:106
#20 0x00007fc7d630fb15 in DOM::EventTargetImpl::handleLocalEvents (this=0x1064c60, evt=0x143de60, useCapture=false) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/xml/dom2_eventsimpl.cpp:74
#21 0x00007fc7d62ee43e in DOM::NodeImpl::dispatchGenericEvent (this=0x1064c60, evt=0x143de60) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/xml/dom_nodeimpl.cpp:469
#22 0x00007fc7d62ee7b5 in DOM::NodeImpl::dispatchEvent (this=0x1064c60, evt=0x143de60, exceptioncode=@0x7fff5d2f054c, tempEvent=true)
    at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/xml/dom_nodeimpl.cpp:401
#23 0x00007fc7d625f4f5 in KHTMLView::dispatchMouseEvent (this=0xe5f070, eventId=3, targetNode=0x1064c60, targetNodeNonShared=<value optimized out>, cancelable=true, detail=1, _mouse=0x7fff5d2f0690, 
    setUnder=true, mouseEventType=1, orient=0) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/khtmlview.cpp:3758
#24 0x00007fc7d625fec2 in KHTMLView::mouseReleaseEvent (this=0xe5f070, _mouse=0x7fff5d2f1200) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/khtmlview.cpp:1589
#25 0x00007fc7ed0fd202 in QWidget::event (this=0xe5f070, event=0x7fff5d2f1200) at kernel/qwidget.cpp:8158
#26 0x00007fc7ed4a0f76 in QFrame::event (this=0xe5f070, e=0x7fff5d2f1200) at widgets/qframe.cpp:557
#27 0x00007fc7d62631db in KHTMLView::widgetEvent (this=0xe5f070, e=0x7fff5d2f1200) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/khtmlview.cpp:2363
#28 0x00007fc7d6263627 in KHTMLView::eventFilter (this=0xe5f070, o=0xe67eb0, e=0x7fff5d2f1200) at /usr/src/debug/kdelibs-4.5.68svn1174542/khtml/khtmlview.cpp:2208
#29 0x00007fc7edef88c7 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0xe67eb0, event=0x7fff5d2f1200) at kernel/qcoreapplication.cpp:847
#30 0x00007fc7ed0ab6b1 in QApplicationPrivate::notify_helper (this=0xa92980, receiver=0xe67eb0, e=0x7fff5d2f1200) at kernel/qapplication.cpp:4392
#31 0x00007fc7ed0b09da in QApplication::notify (this=<value optimized out>, receiver=0xe67eb0, e=0x7fff5d2f1200) at kernel/qapplication.cpp:3959
#32 0x00007fc7eec4c766 in KApplication::notify (this=0x7fff5d2f2020, receiver=0xe67eb0, event=0x7fff5d2f1200) at /usr/src/debug/kdelibs-4.5.68svn1174542/kdeui/kernel/kapplication.cpp:310
#33 0x00007fc7edef873c in QCoreApplication::notifyInternal (this=0x7fff5d2f2020, receiver=0xe67eb0, event=0x7fff5d2f1200) at kernel/qcoreapplication.cpp:732
#34 0x00007fc7ed0ac6e5 in sendEvent (receiver=0xe67eb0, event=0x7fff5d2f1200, alienWidget=0xe67eb0, nativeWidget=0xadb8d0, buttonDown=0x7fc7edb7ded8, lastMouseReceiver=..., spontaneous=true)
    at ../../src/corelib/kernel/qcoreapplication.h:215
#35 QApplicationPrivate::sendMouseEvent (receiver=0xe67eb0, event=0x7fff5d2f1200, alienWidget=0xe67eb0, nativeWidget=0xadb8d0, buttonDown=0x7fc7edb7ded8, lastMouseReceiver=..., spontaneous=true)
    at kernel/qapplication.cpp:3058
#36 0x00007fc7ed129eb8 in QETWidget::translateMouseEvent (this=0xadb8d0, event=<value optimized out>) at kernel/qapplication_x11.cpp:4403
#37 0x00007fc7ed128609 in QApplication::x11ProcessEvent (this=0x7fff5d2f2020, event=0x7fff5d2f1b50) at kernel/qapplication_x11.cpp:3536
#38 0x00007fc7ed14fab2 in x11EventSourceDispatch (s=0xa96720, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#39 0x00007fc7e9c34193 in g_main_dispatch (context=0xa94ae0) at gmain.c:2149
#40 g_main_context_dispatch (context=0xa94ae0) at gmain.c:2702
#41 0x00007fc7e9c34970 in g_main_context_iterate (context=0xa94ae0, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2780
#42 0x00007fc7e9c34c0d in g_main_context_iteration (context=0xa94ae0, may_block=1) at gmain.c:2843
#43 0x00007fc7edf2385f in QEventDispatcherGlib::processEvents (this=0x9bdd30, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:415
#44 0x00007fc7ed14f74e in QGuiEventDispatcherGlib::processEvents (this=<value optimized out>, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#45 0x00007fc7edef7ad2 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#46 0x00007fc7edef7d1c in QEventLoop::exec (this=0x7fff5d2f1e60, flags=...) at kernel/qeventloop.cpp:201
#47 0x00007fc7edefc19b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#48 0x00007fc7ddeb838f in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#49 0x0000000000407927 in launch (argc=<value optimized out>, _name=0xa68f18 "konqueror", args=<value optimized out>, cwd=0x7fff5d2f2630 "\300d\245", envc=1, envs=<value optimized out>, reset_env=
    false, tty=0x0, avoid_loops=false, startup_id_str=0x40b3e1 "0") at /usr/src/debug/kdelibs-4.5.68svn1174542/kinit/kinit.cpp:727
#50 0x0000000000408243 in handle_launcher_request (sock=<value optimized out>, who=<value optimized out>) at /usr/src/debug/kdelibs-4.5.68svn1174542/kinit/kinit.cpp:1219
#51 0x00000000004088d1 in handle_requests (waitForPid=0) at /usr/src/debug/kdelibs-4.5.68svn1174542/kinit/kinit.cpp:1412
#52 0x0000000000409158 in main (argc=4, argv=0x7fff5d2f2fd8, envp=0x7fff5d2f3000) at /usr/src/debug/kdelibs-4.5.68svn1174542/kinit/kinit.cpp:1898

Reported using DrKonqi

Comment 1 Maksim Orlovich 2010-09-23 17:55:37 UTC

SVN commit 1178705 by orlovich:

Range check these. 
BUG: 251949


 M  +1 -1      css_base.h  
 M  +1 -1      css_ruleimpl.cpp  
 M  +1 -1      css_valueimpl.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1178705

Comment 2 Maksim Orlovich 2010-09-23 18:02:29 UTC

SVN commit 1178707 by orlovich:

Merged revision:r1178705 | orlovich | 2010-09-23 12:01:48 -0400 (Thu, 23 Sep 2010) | 3 lines

Range check these. 
BUG: 251949

 M  +1 -1      css_base.h  
 M  +1 -1      css_ruleimpl.cpp  
 M  +1 -1      css_valueimpl.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1178707