Bug 255818 - Crashes on http://gr8.fi/salmisaari/etusivu.php
Summary: Crashes on http://gr8.fi/salmisaari/etusivu.php
Status: RESOLVED DUPLICATE of bug 238600
Alias: None
Product: konqueror
Classification: Applications
Component: general (other bugs)
Version First Reported In: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-01 16:02 UTC by Tommi Tervo
Modified: 2010-11-01 16:18 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Tommi Tervo 2010-11-01 16:02:46 UTC 
Application: konqueror (4.5.70 (4.6 >= 20100927))
KDE Platform Version: 4.5.70 (4.6 >= 20100927) (Compiled from sources)
Qt Version: 4.7.0
Operating System: Linux 2.6.34.7-0.5-default i686
Distribution: "openSUSE 11.3 (i586)"

-- Information about the crash:
Just open http://gr8.fi/salmisaari/etusivu.php -> crash:
BT w/o arena-alloc:

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb4fde710 (LWP 6825))]

Thread 2 (Thread 0xafa50b70 (LWP 6837)):
#0  0xffffe430 in __kernel_vsyscall ()
#1  0xb6794452 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb680a90c in wait (this=0x86e5934, mutex=0x86e5930, time=30000) at thread/qwaitcondition_unix.cpp:86
#3  QWaitCondition::wait (this=0x86e5934, mutex=0x86e5930, time=30000) at thread/qwaitcondition_unix.cpp:160
#4  0xb67ffcd4 in QThreadPoolThread::run (this=0x822c490) at concurrent/qthreadpool.cpp:140
#5  0xb680a27a in QThreadPrivate::start (arg=0x822c490) at thread/qthread_unix.cpp:266
#6  0xb678fb25 in start_thread () from /lib/libpthread.so.0
#7  0xb58d746e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb4fde710 (LWP 6825)):
[KCrash Handler]
#7  0x08a8accd in ?? ()
#8  0xb21eb9b7 in khtml::RenderBlock::findNextLineBreak (this=0x89f85d0, start=..., bidi=...) at /home/teve/kde/kdelibs/khtml/rendering/bidi.cpp:1898
#9  0xb21ea370 in khtml::RenderBlock::layoutInlineChildren (this=0x89f85d0, relayoutChildren=false, breakBeforeLine=0) at /home/teve/kde/kdelibs/khtml/rendering/bidi.cpp:1506
#10 0xb21f2c91 in khtml::RenderBlock::layoutBlock (this=0x89f85d0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:835
#11 0xb21f25f1 in khtml::RenderBlock::layout (this=0x89f85d0) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#12 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x89f85d0) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#13 0xb21f5f79 in khtml::RenderBlock::layoutBlockChildren (this=0x89f91a0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:1558
#14 0xb21f2ca9 in khtml::RenderBlock::layoutBlock (this=0x89f91a0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:837
#15 0xb21f25f1 in khtml::RenderBlock::layout (this=0x89f91a0) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#16 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x89f91a0) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#17 0xb21f5f79 in khtml::RenderBlock::layoutBlockChildren (this=0x89f8ca0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:1558
#18 0xb21f2ca9 in khtml::RenderBlock::layoutBlock (this=0x89f8ca0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:837
#19 0xb21f25f1 in khtml::RenderBlock::layout (this=0x89f8ca0) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#20 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x89f8ca0) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#21 0xb21e9e51 in khtml::RenderBlock::layoutInlineChildren (this=0x8a26198, relayoutChildren=false, breakBeforeLine=0) at /home/teve/kde/kdelibs/khtml/rendering/bidi.cpp:1410
#22 0xb21f2c91 in khtml::RenderBlock::layoutBlock (this=0x8a26198, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:835
#23 0xb21f25f1 in khtml::RenderBlock::layout (this=0x8a26198) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#24 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x8a26198) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#25 0xb21f5f79 in khtml::RenderBlock::layoutBlockChildren (this=0x8a835f0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:1558
#26 0xb21f2ca9 in khtml::RenderBlock::layoutBlock (this=0x8a835f0, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:837
#27 0xb21f25f1 in khtml::RenderBlock::layout (this=0x8a835f0) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#28 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x8a835f0) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#29 0xb21f5f79 in khtml::RenderBlock::layoutBlockChildren (this=0x8a82f90, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:1558
#30 0xb21f2ca9 in khtml::RenderBlock::layoutBlock (this=0x8a82f90, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:837
#31 0xb21f25f1 in khtml::RenderBlock::layout (this=0x8a82f90) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#32 0xb2276c35 in khtml::RenderBody::layout (this=0x8a82f90) at /home/teve/kde/kdelibs/khtml/rendering/render_body.cpp:91
#33 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x8a82f90) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#34 0xb21f5f79 in khtml::RenderBlock::layoutBlockChildren (this=0x8727b98, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:1558
#35 0xb21f2ca9 in khtml::RenderBlock::layoutBlock (this=0x8727b98, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:837
#36 0xb21f25f1 in khtml::RenderBlock::layout (this=0x8727b98) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:738
#37 0xb20a8131 in khtml::RenderObject::layoutIfNeeded (this=0x8727b98) at /home/teve/kde/kdelibs/khtml/rendering/render_object.h:480
#38 0xb21f5f79 in khtml::RenderBlock::layoutBlockChildren (this=0x872f580, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:1558
#39 0xb21f2ca9 in khtml::RenderBlock::layoutBlock (this=0x872f580, relayoutChildren=false) at /home/teve/kde/kdelibs/khtml/rendering/render_block.cpp:837
#40 0xb226f6b1 in khtml::RenderCanvas::layout (this=0x872f580) at /home/teve/kde/kdelibs/khtml/rendering/render_canvas.cpp:191
#41 0xb2093b6f in KHTMLView::layout (this=0x83e1140) at /home/teve/kde/kdelibs/khtml/khtmlview.cpp:1007
#42 0xb213920b in DOM::DocumentImpl::updateLayout (this=0x86f14b0) at /home/teve/kde/kdelibs/khtml/xml/dom_docimpl.cpp:1501
#43 0xb23242dc in KJS::DOMNode::getValueProperty (this=0xaf0d6e40, exec=0xbff2f8ac, token=57) at /home/teve/kde/kdelibs/khtml/ecma/kjs_dom.cpp:376
#44 0xb2334bed in KJS::JSValue* KJS::staticValueGetter<KJS::DOMNode>(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) () from /opt/kdetrunk/lib/libkhtml.so.5
#45 0xb1bf7b94 in KJS::PropertySlot::getValue (this=0xbff2e390, exec=0xbff2f8ac, originalObject=0xaf0d6e40, propertyName=...) at /home/teve/kde/kdelibs/kjs/property_slot.h:46
#46 0xb1bf6514 in KJS::JSObject::get (this=0xaf0d6e40, exec=0xbff2f8ac, propertyName=...) at /home/teve/kde/kdelibs/kjs/object.cpp:89
#47 0xb1c12970 in KJS::Machine::runBlock (exec=0xbff2f8ac, codeBlock=..., parentExec=0xbff30eac) at codes.def:685
#48 0xb1befc72 in KJS::FunctionImp::callAsFunction (this=0xaf0e4c40, exec=0xbff30eac, thisObj=0xaf0e4c00, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:172
#49 0xb2366793 in KJS::JSObject::call (this=0xaf0e4c40, exec=0xbff30eac, thisObj=0xaf0e4c00, args=...) at /home/teve/kde/kdelibs/kjs/object.h:626
#50 0xb1c1b962 in KJS::Machine::runBlock (exec=0xbff30eac, codeBlock=..., parentExec=0xbff32544) at codes.def:1204
#51 0xb1befc72 in KJS::FunctionImp::callAsFunction (this=0xaf0e4c80, exec=0xbff32544, thisObj=0xaf0e4c00, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:172
#52 0xb2366793 in KJS::JSObject::call (this=0xaf0e4c80, exec=0xbff32544, thisObj=0xaf0e4c00, args=...) at /home/teve/kde/kdelibs/kjs/object.h:626
#53 0xb1c1b962 in KJS::Machine::runBlock (exec=0xbff32544, codeBlock=..., parentExec=0x0) at codes.def:1204
#54 0xb1bc0996 in KJS::FunctionBodyNode::execute (this=0x8cdcdd0, exec=0xbff32544) at /home/teve/kde/kdelibs/kjs/nodes.cpp:927
#55 0xb1bfb3d2 in KJS::Interpreter::evaluate (this=0x86f0bb0, sourceURL=..., startingLineNumber=1, code=0x8d18478, codeLength=29, thisV=0xafaa0000) at /home/teve/kde/kdelibs/kjs/interpreter.cpp:556
#56 0xb1bfaf37 in KJS::Interpreter::evaluate (this=0x86f0bb0, sourceURL=..., startingLineNumber=1, code=..., thisV=0xafaa0000) at /home/teve/kde/kdelibs/kjs/interpreter.cpp:496
#57 0xb236fa81 in KJSProxy::evaluate (this=0x872a090, filename=..., baseLine=1, str=..., n=..., completion=0xbff32764) at /home/teve/kde/kdelibs/khtml/ecma/kjs_proxy.cpp:126
#58 0xb20bafd9 in KHTMLPart::executeScript (this=0x83c2300, n=..., script=...) at /home/teve/kde/kdelibs/khtml/khtml_part.cpp:1327
#59 0xb2362d49 in KJS::ScheduledAction::execute (this=0x89a80e0, window=0xafaa0000) at /home/teve/kde/kdelibs/khtml/ecma/kjs_window.cpp:2286
#60 0xb2363997 in KJS::WindowQObject::timerEvent (this=0x86e58b0) at /home/teve/kde/kdelibs/khtml/ecma/kjs_window.cpp:2451
#61 0xb691e4e4 in QObject::event (this=0x86e58b0, e=0xbff32d40) at kernel/qobject.cpp:1175
#62 0xb5d8d1a4 in QApplicationPrivate::notify_helper (this=0x8069ba8, receiver=0x86e58b0, e=0xbff32d40) at kernel/qapplication.cpp:4396
#63 0xb5d95dd7 in QApplication::notify (this=0xbff330c8, receiver=0x86e58b0, e=0xbff32d40) at kernel/qapplication.cpp:3798
#64 0xb6ef88fa in KApplication::notify (this=0xbff330c8, receiver=0x86e58b0, event=0xbff32d40) at /home/teve/kde/kdelibs/kdeui/kernel/kapplication.cpp:311
#65 0xb690912e in QCoreApplication::notifyInternal (this=0xbff330c8, receiver=0x86e58b0, event=0xbff32d40) at kernel/qcoreapplication.cpp:732
#66 0xb693a4b4 in sendEvent (this=0x806cd34) at kernel/qcoreapplication.h:215
#67 QTimerInfoList::activateTimers (this=0x806cd34) at kernel/qeventdispatcher_unix.cpp:617
#68 0xb6937132 in timerSourceDispatch (source=0x806cd00) at kernel/qeventdispatcher_glib.cpp:184
#69 0xb538ab49 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#70 0xb538b350 in ?? () from /usr/lib/libglib-2.0.so.0
#71 0xb538b60e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#72 0xb693785b in QEventDispatcherGlib::processEvents (this=0x8051e48, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#73 0xb5e4219a in QGuiEventDispatcherGlib::processEvents (this=0x8051e48, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#74 0xb690840d in QEventLoop::processEvents (this=0xbff32fe4, flags=...) at kernel/qeventloop.cpp:149
#75 0xb6908639 in QEventLoop::exec (this=0xbff32fe4, flags=...) at kernel/qeventloop.cpp:201
#76 0xb690d090 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#77 0xb5d8aed4 in QApplication::exec () at kernel/qapplication.cpp:3672
#78 0xb787950f in kdemain (argc=1, argv=0xbff33354) at /home/teve/kde/kdebase/apps/konqueror/src/konqmain.cpp:219
#79 0x080487d9 in main (argc=1, argv=0xbff33354) at /home/teve/kde/kbb/apps/konqueror/src/konqueror_dummy.cpp:3

Possible duplicates by query: bug 253814, bug 238600, bug 233703, bug 229441, bug 213272.

Reported using DrKonqi
Comment 1 Tommi Tervo 2010-11-01 16:05:42 UTC 
VG log

==6685== Invalid read of size 1
==6685==    at 0xB20BF2C: khtml::RenderObject::isFloating() const (render_object.h:324)
==6685==    by 0xB2D21FE: khtml::RenderObject::isFloatingOrPositioned() const (in /opt/kdetrunk/lib/libkhtml.so.5.6.0)
==6685==    by 0xB367460: khtml::requiresLineBox(khtml::BidiIterator&) (bidi.cpp:1827)
==6685==    by 0xB3679B6: khtml::RenderBlock::findNextLineBreak(khtml::BidiIterator&, khtml::BidiState&) (bidi.cpp:1898)
==6685==    by 0xB36636F: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1506)
==6685==    by 0xB36EC90: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==6685==    by 0xB36E5F0: khtml::RenderBlock::layout() (render_block.cpp:738)
==6685==    by 0xB224130: khtml::RenderObject::layoutIfNeeded() (in /opt/kdetrunk/lib/libkhtml.so.5.6.0)
==6685==    by 0xB371F78: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1558)
==6685==    by 0xB36ECA8: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:837)
==6685==    by 0xB36E5F0: khtml::RenderBlock::layout() (render_block.cpp:738)
==6685==    by 0xB224130: khtml::RenderObject::layoutIfNeeded() (in /opt/kdetrunk/lib/libkhtml.so.5.6.0)
==6685==  Address 0x8fa8cfa is 34 bytes inside a block of size 68 free'd
==6685==    at 0x4026996: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==6685==    by 0xB3B0B2B: khtml::RenderArena::free(unsigned int, void*) (render_arena.cpp:122)
==6685==    by 0xB393AA9: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void*) (render_object.cpp:2408)
==6685==    by 0xB3939DC: khtml::RenderObject::detach() (render_object.cpp:2384)
==6685==    by 0xB3ACA3C: khtml::RenderText::detach() (render_text.cpp:729)
==6685==    by 0xB2C75D9: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:901)
==6685==    by 0xB2C99B0: DOM::NodeBaseImpl::removeChild(DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1674)
==6685==    by 0xB2C96AD: DOM::NodeBaseImpl::replaceChild(DOM::NodeImpl*, DOM::NodeImpl*, int&) (dom_nodeimpl.cpp:1599)
==6685==    by 0xB4A1CFF: DOMNodeProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (kjs_dom.cpp:654)
==6685==    by 0xB4E2792: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.h:626)
==6685==    by 0xBCE8961: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1204)
==6685==    by 0xBCBCC71: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:172)
Comment 2 Tommi Tervo 2010-11-01 16:18:14 UTC 

*** This bug has been marked as a duplicate of bug 238600 ***