262697 – [CSS 2.1 Conformance] Crash when leaving a dynamic :first-letter testcase

Bug 262697 - [CSS 2.1 Conformance] Crash when leaving a dynamic :first-letter testcase

Summary: [CSS 2.1 Conformance] Crash when leaving a dynamic :first-letter testcase

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	4.12.0
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:	http://test.csswg.org/suites/css2.1/2...
Keywords:	testcase, triaged

Depends on:
Blocks:

Reported:	2011-01-09 21:12 UTC by Gérard Talbot (no longer involved)
Modified:	2021-01-12 04:34 UTC (History)
CC List:	3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
VG log (388.87 KB, text/x-log) 2011-01-09 21:37 UTC, Tommi Tervo	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Gérard Talbot (no longer involved) 2011-01-09 21:12:29 UTC

Version:           unspecified (using KDE 4.5.5) 
OS:                Linux

Application version is Konqueror 4.5.5, i686 (32bits), Linux 2.6.35-24-generic-pae

Reproducible: Always

Steps to Reproduce:
1- Load
http://test.csswg.org/suites/css2.1/20101210/html4/first-letter-dynamic-001.htm

2- a) Then switch (focus away, blur) to another opened tab
or b) click the Back button

Actual Results:  
Application crash

Expected Results:  
a) the other opened tab should load
b) the previous URL should load

Backtrace data coming up.

Comment 1 Gérard Talbot (no longer involved) 2011-01-09 21:16:51 UTC

I clicked the Back button here.

Backtrace data
==============

Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb524b9e0 (LWP 6639))]

Thread 2 (Thread 0xac85eb70 (LWP 6668)):
#0  0xb78c5424 in __kernel_vsyscall ()
#1  0xb773ddf6 in poll () from /lib/libc.so.6
#2  0xb55faa1b in g_poll () from /lib/libglib-2.0.so.0
#3  0xb55ed43c in ?? () from /lib/libglib-2.0.so.0
#4  0xb55ed848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#5  0xb69f459f in QEventDispatcherGlib::processEvents (this=0x9d6ddc0, flags=...) at kernel/qeventdispatcher_glib.cpp:417
#6  0xb69c4609 in QEventLoop::processEvents (this=0xac85e290, flags=) at kernel/qeventloop.cpp:149
#7  0xb69c4a8a in QEventLoop::exec (this=0xac85e290, flags=...) at kernel/qeventloop.cpp:201
#8  0xb68c0b7e in QThread::exec (this=0x9dd2330) at thread/qthread.cpp:490
#9  0xb69a335b in QInotifyFileSystemWatcherEngine::run (this=0x9dd2330) at io/qfilesystemwatcher_inotify.cpp:248
#10 0xb68c3df9 in QThreadPrivate::start (arg=0x9dd2330) at thread/qthread_unix.cpp:266
#11 0xb58e3cc9 in start_thread () from /lib/libpthread.so.0
#12 0xb774c69e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb524b9e0 (LWP 6639)):
[KCrash Handler]
#7  0xb24b77f6 in khtml::RenderTextFragment::detach (this=0x93780d0) at ../../khtml/rendering/render_text.cpp:1771
#8  0xb24a9d72 in khtml::RenderBox::detachRemainingChildren (this=0x937799c) at ../../khtml/rendering/render_box.cpp:241
#9  0xb24b44d5 in khtml::RenderFlow::detach (this=0x937799c) at ../../khtml/rendering/render_flow.cpp:326
#10 0xb24a9d72 in khtml::RenderBox::detachRemainingChildren (this=0x937788c) at ../../khtml/rendering/render_box.cpp:241
#11 0xb24b44d5 in khtml::RenderFlow::detach (this=0x937788c) at ../../khtml/rendering/render_flow.cpp:326
#12 0xb23dc00c in DOM::NodeImpl::detach (this=0x92f4a10) at ../../khtml/xml/dom_nodeimpl.cpp:901
#13 0xb23e9c6b in DOM::ElementImpl::detach (this=0x92f4a10) at ../../khtml/xml/dom_elementimpl.cpp:913
#14 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0x8e61a80) at ../../khtml/xml/dom_nodeimpl.cpp:1889
#15 0xb23e9c6b in DOM::ElementImpl::detach (this=0x8e61a80) at ../../khtml/xml/dom_elementimpl.cpp:913
#16 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0xa1c3f18) at ../../khtml/xml/dom_nodeimpl.cpp:1889
#17 0xb23e9c6b in DOM::ElementImpl::detach (this=0xa1c3f18) at ../../khtml/xml/dom_elementimpl.cpp:913
#18 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0x9376a30) at ../../khtml/xml/dom_nodeimpl.cpp:1889
#19 0xb23e9c6b in DOM::ElementImpl::detach (this=0x9376a30) at ../../khtml/xml/dom_elementimpl.cpp:913
#20 0xb23dc838 in DOM::NodeBaseImpl::detach (this=0xa6dbae4) at ../../khtml/xml/dom_nodeimpl.cpp:1889
#21 0xb23c9304 in DOM::DocumentImpl::detach (this=0xa6dbad8) at ../../khtml/xml/dom_docimpl.cpp:1544
#22 0xb2351af4 in KHTMLPart::clear (this=0x8dc4ee8) at ../../khtml/khtml_part.cpp:1512
#23 0xb235d5cf in KHTMLPart::restoreState (this=0x8dc4ee8, stream=...) at ../../khtml/khtml_part.cpp:5548
#24 0xb238b5ae in KHTMLPartBrowserExtension::restoreState (this=0x8ec5048, stream=...) at ../../khtml/khtml_ext.cpp:103
#25 0xb7822430 in KonqView::restoreHistory (this=0x8eb93e8) at ../../../../apps/konqueror/src/konqview.cpp:816
#26 0xb7867b98 in KonqMainWindow::slotGoHistoryDelayed (this=0x87b1868) at ../../../../apps/konqueror/src/konqmainwindow.cpp:2790
#27 0xb787d4a4 in KonqMainWindow::qt_metacall (this=0x87b1868, _c=QMetaObject::InvokeMetaMethod, _id=105, _a=0xa37f328) at ./konqmainwindow.moc:441
#28 0xb69cb8ca in QMetaObject::metacall (object=0x87b1868, cl=181009976, idx=155, argv=0xa37f328) at kernel/qmetaobject.cpp:237
#29 0xb69d6df6 in QMetaCallEvent::placeMetaCall (this=0x9722280, object=0x87b1868) at kernel/qobject.cpp:534
#30 0xb69d86a2 in QObject::event (this=0x87b1868, e=0x0) at kernel/qobject.cpp:1219
#31 0xb5ea6936 in QWidget::event (this=0x87b1868, event=0x9722280) at kernel/qwidget.cpp:8646
#32 0xb62e7917 in QMainWindow::event (this=0x87b1868, event=0x9722280) at widgets/qmainwindow.cpp:1417
#33 0xb7051164 in KMainWindow::event (this=0x87b1868, ev=0x9722280) at ../../kdeui/widgets/kmainwindow.cpp:1100
#34 0xb7099a4f in KXmlGuiWindow::event (this=0x87b1868, ev=0x9722280) at ../../kdeui/xmlgui/kxmlguiwindow.cpp:132
#35 0xb787e6dd in KonqMainWindow::event (this=0x87b1868, e=0x9722280) at ../../../../apps/konqueror/src/konqmainwindow.cpp:5602
#36 0xb5e48fdc in QApplicationPrivate::notify_helper (this=0x86885b0, receiver=0x87b1868, e=0x9722280) at kernel/qapplication.cpp:4396
#37 0xb5e4f0e9 in QApplication::notify (this=0xbfba6c10, receiver=0x87b1868, e=0x9722280) at kernel/qapplication.cpp:4361
#38 0xb6f59d8a in KApplication::notify (this=0xbfba6c10, receiver=0x87b1868, event=0x9722280) at ../../kdeui/kernel/kapplication.cpp:310
#39 0xb69c5b3b in QCoreApplication::notifyInternal (this=0xbfba6c10, receiver=0x87b1868, event=0x9722280) at kernel/qcoreapplication.cpp:732
#40 0xb69c8d8b in sendEvent (receiver=0x0, event_type=0, data=0x8670eb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#41 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x8670eb0) at kernel/qcoreapplication.cpp:1373
#42 0xb69c8f4d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1266
#43 0xb69f4a74 in sendPostedEvents (s=0x868a910) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#44 postEventSourceDispatch (s=0x868a910) at kernel/qeventdispatcher_glib.cpp:277
#45 0xb55e9855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#46 0xb55ed668 in ?? () from /lib/libglib-2.0.so.0
#47 0xb55ed848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#48 0xb69f4565 in QEventDispatcherGlib::processEvents (this=0x8670b70, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#49 0xb5f0abe5 in QGuiEventDispatcherGlib::processEvents (this=0x8670b70, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#50 0xb69c4609 in QEventLoop::processEvents (this=0xbfba6a54, flags=) at kernel/qeventloop.cpp:149
#51 0xb69c4a8a in QEventLoop::exec (this=0xbfba6a54, flags=...) at kernel/qeventloop.cpp:201
#52 0xb69c900f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#53 0xb5e47e07 in QApplication::exec () at kernel/qapplication.cpp:3672
#54 0xb78aa592 in kdemain (argc=1, argv=0xbfba6ef4) at ../../../../apps/konqueror/src/konqmain.cpp:234
#55 0x080485ab in main (argc=1, argv=0xbfba6ef4) at konqueror_dummy.cpp:3

Comment 2 Tommi Tervo 2011-01-09 21:37:54 UTC

Created attachment 55784 [details]
VG log

Comment 3 Gérard Talbot (no longer involved) 2011-01-10 02:45:15 UTC

Also somewhat related (another crash with :first-letter pseudo-element): 
bug 237652

Comment 4 Gérard Talbot (no longer involved) 2011-01-10 02:59:21 UTC

Also triggering an application crash when clicking the Back button:

http://test.csswg.org/suites/css2.1/20101210/html4/before-first-letter-selector-001.htm (RC4)

Comment 5 Gérard Talbot (no longer involved) 2011-01-25 01:22:03 UTC

http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-005.htm
will cause Konqueror 4.5.5 application crash

and

http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-009.htm
when leaving the page, will cause Konqueror 4.5.5 application crash

Gérard

Comment 6 Maksim Orlovich 2011-02-21 20:18:31 UTC

Can't reproduce with trunk and looks vg clean-too. Pretty weird since the only relevant fix I can think of is in 4.5.5 already.

Comment 7 Gérard Talbot (no longer involved) 2011-02-22 00:35:38 UTC

Maksim,

Please do me a favor: load this precise URL:

http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-dynamic-001-ref.htm

I crashed 3 times just a few min. ago when using Konqueror 4.6. 
Backtrace signature appended below.

The code is 

<style type="text/css">
  span:before { content: '"'; }
  span:after { content: '"'; }
  :after { border: 3px solid green; }
  :first-letter { color: green; }
</style>
</head>
<body>

<p><span>Foo</span></p>

<p id="p2"><span id="q2"></span></p>


--------------

I no longer crash when trying

http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-005.htm

and

http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-selector-009.htm

--------------------

{
Debugging info may not be sufficient: 
A warning/notification message tells me that I need to install kdebase-dbg and libqt4-dbg debugging packages .. I will do this.
}


Application: Konqueror (konqueror), signal: Segmentation fault
[Current thread is 1 (Thread 0xb4f06930 (LWP 12936))]

Thread 6 (Thread 0xaf41eb70 (LWP 12942)):
#0  0xb7736424 in __kernel_vsyscall ()
#1  0xb75b7371 in select () from /lib/libc.so.6
#2  0xb67a3bb8 in ?? () from /usr/lib/libQtCore.so.4
#3  0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4
#4  0xb54dccc9 in start_thread () from /lib/libpthread.so.0
#5  0xb75be69e in clone () from /lib/libc.so.6

Thread 5 (Thread 0xaea7fb70 (LWP 12947)):
#0  0xb7736424 in __kernel_vsyscall ()
#1  0xb54e1884 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb75cbdf4 in pthread_cond_timedwait () from /lib/libc.so.6
#3  0xb66c794f in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#4  0xb66bb5b3 in ?? () from /usr/lib/libQtCore.so.4
#5  0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4
#6  0xb54dccc9 in start_thread () from /lib/libpthread.so.0
#7  0xb75be69e in clone () from /lib/libc.so.6

Thread 4 (Thread 0xae27eb70 (LWP 12948)):
#0  0xb7736424 in __kernel_vsyscall ()
#1  0xb54e1884 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb75cbdf4 in pthread_cond_timedwait () from /lib/libc.so.6
#3  0xb66c794f in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#4  0xb66bb5b3 in ?? () from /usr/lib/libQtCore.so.4
#5  0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4
#6  0xb54dccc9 in start_thread () from /lib/libpthread.so.0
#7  0xb75be69e in clone () from /lib/libc.so.6

Thread 3 (Thread 0xac684b70 (LWP 12949)):
#0  0xb54df3eb in pthread_mutex_lock () from /lib/libpthread.so.0
#1  0xb75cbf66 in pthread_mutex_lock () from /lib/libc.so.6
#2  0xb5439d0f in g_main_context_prepare () from /lib/libglib-2.0.so.0
#3  0xb543a279 in ?? () from /lib/libglib-2.0.so.0
#4  0xb543a848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#5  0xb67f759f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#6  0xb67c7609 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#7  0xb67c7a8a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#8  0xb66c3b7e in QThread::exec() () from /usr/lib/libQtCore.so.4
#9  0xb67a635b in ?? () from /usr/lib/libQtCore.so.4
#10 0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4
#11 0xb54dccc9 in start_thread () from /lib/libpthread.so.0
#12 0xb75be69e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xabe83b70 (LWP 12951)):
#0  0xb7736424 in __kernel_vsyscall ()
#1  0xb54e1884 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb75cbdf4 in pthread_cond_timedwait () from /lib/libc.so.6
#3  0xb66c794f in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#4  0xb66bb5b3 in ?? () from /usr/lib/libQtCore.so.4
#5  0xb66c6df9 in ?? () from /usr/lib/libQtCore.so.4
#6  0xb54dccc9 in start_thread () from /lib/libpthread.so.0
#7  0xb75be69e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb4f06930 (LWP 12936)):
[KCrash Handler]
#7  0xb2148336 in ?? () from /usr/lib/libkhtml.so.5
#8  0xb213cb4f in ?? () from /usr/lib/libkhtml.so.5
#9  0xb2145015 in ?? () from /usr/lib/libkhtml.so.5
#10 0xb213cb4f in ?? () from /usr/lib/libkhtml.so.5
#11 0xb2145015 in ?? () from /usr/lib/libkhtml.so.5
#12 0xb206b64c in ?? () from /usr/lib/libkhtml.so.5
#13 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5
#14 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5
#15 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5
#16 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5
#17 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5
#18 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5
#19 0xb20792fb in ?? () from /usr/lib/libkhtml.so.5
#20 0xb206be78 in ?? () from /usr/lib/libkhtml.so.5
#21 0xb2058424 in ?? () from /usr/lib/libkhtml.so.5
#22 0xb1fe034c in KHTMLPart::clear() () from /usr/lib/libkhtml.so.5
#23 0xb1fe1b46 in KHTMLPart::begin(KUrl const&, int, int) () from /usr/lib/libkhtml.so.5
#24 0xb1fdcb77 in KHTMLPart::slotData(KIO::Job*, QByteArray const&) () from /usr/lib/libkhtml.so.5
#25 0xb1ffbee6 in KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkhtml.so.5
#26 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#27 0xb67e16ad in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#28 0xb709d6d9 in KIO::TransferJob::data(KIO::Job*, QByteArray const&) () from /usr/lib/libkio.so.5
#29 0xb70a0522 in KIO::TransferJob::slotData(QByteArray const&) () from /usr/lib/libkio.so.5
#30 0xb70a4315 in KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#31 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#32 0xb67e16ad in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#33 0xb7161d33 in KIO::SlaveInterface::data(QByteArray const&) () from /usr/lib/libkio.so.5
#34 0xb716546e in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /usr/lib/libkio.so.5
#35 0xb71620d3 in KIO::SlaveInterface::dispatch() () from /usr/lib/libkio.so.5
#36 0xb7154a28 in KIO::Slave::gotInput() () from /usr/lib/libkio.so.5
#37 0xb7154c33 in KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#38 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#39 0xb67e16ad in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#40 0xb706bef7 in KIO::Connection::readyRead() () from /usr/lib/libkio.so.5
#41 0xb706e25e in ?? () from /usr/lib/libkio.so.5
#42 0xb706e38e in KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#43 0xb67ce8ca in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#44 0xb67d9df6 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/libQtCore.so.4
#45 0xb67db6a2 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#46 0xb5c4bfdc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#47 0xb5c5204e in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#48 0xb6dadf7a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#49 0xb67c8b3b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#50 0xb67cbd8b in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#51 0xb67cbf4d in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4
#52 0xb67f7a74 in ?? () from /usr/lib/libQtCore.so.4
#53 0xb5436855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#54 0xb543a668 in ?? () from /lib/libglib-2.0.so.0
#55 0xb543a848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#56 0xb67f7565 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#57 0xb5d0dbe5 in ?? () from /usr/lib/libQtGui.so.4
#58 0xb67c7609 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#59 0xb67c7a8a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#60 0xb67cc00f in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#61 0xb5c4ae07 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#62 0xb771be42 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_konqueror.so
#63 0x080485ab in _start ()

Comment 8 Gérard Talbot (no longer involved) 2011-02-22 00:46:30 UTC

Maksim,

I still can crash in a very reliable manner. 

Steps:
After clearing history and cache, I load
http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-dynamic-001.htm
and then type-append in the address bar "-ref" string so that I can go to
http://test.csswg.org/suites/css2.1/20110111/html4/first-letter-dynamic-001-ref.htm
and then the webpage never loads, Konqueror 4.6 crashes.

Gérard

Comment 9 Maksim Orlovich 2011-02-22 01:24:44 UTC

Thanks. Can confirm with the 001/001-ref. Looks like something quite different than the original stuff, though:
#7  DOM::Position::Position (this=0xbfeb5890, o=...) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_position.cpp:144
#8  0xb199e87c in DOM::Selection::extent (this=0x10) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_selection.h:89
#9  0xb1998e56 in DOM::Selection::Selection (this=0x998b2b0, o=...) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_selection.cpp:103
#10 0xb1b171cc in khtml::EditCommandImpl::startingSelection (this=0x0) at /store/maksim/kde-dev/src/kdelibs/khtml/editing/htmlediting_impl.h:113
#11 0xb1a3af2c in khtml::RenderTextFragment::detach (this=0x99a4a98) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_text.cpp:1771
#12 0xb1a2f1eb in khtml::RenderBox::detachRemainingChildren (this=0x99a19d0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_box.cpp:241
#13 0xb1a386b5 in khtml::RenderFlow::detach (this=0x99a19d0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_flow.cpp:326
#14 0xb1a2f1eb in khtml::RenderBox::detachRemainingChildren (this=0x99589e0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_box.cpp:241
#15 0xb1a386b5 in khtml::RenderFlow::detach (this=0x99589e0) at /store/maksim/kde-dev/src/kdelibs/khtml/rendering/render_flow.cpp:326
#16 0xb1963c1c in DOM::NodeImpl::detach (this=0x998b010) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:908
#17 0xb1963c97 in DOM::NodeBaseImpl::detach (this=0x998b010) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1898
#18 0xb1976645 in DOM::ElementImpl::detach (this=0x998b010) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913
#19 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x9834f40) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896
#20 0xb1976645 in DOM::ElementImpl::detach (this=0x9834f40) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913
#21 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x97fd018) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896
#22 0xb1976645 in DOM::ElementImpl::detach (this=0x97fd018) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913
#23 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x9842990) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896
#24 0xb1976645 in DOM::ElementImpl::detach (this=0x9842990) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_elementimpl.cpp:913
#25 0xb1963c88 in DOM::NodeBaseImpl::detach (this=0x97bdbb4) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:1896
#26 0xb1956cf4 in DOM::DocumentImpl::detach (this=0x97bdba8) at /store/maksim/kde-dev/src/kdelibs/khtml/xml/dom_docimpl.cpp:1544
#27 0xb18f938d in KHTMLPart::clear (this=0x8eb1248) at /store/maksim/kde-dev/src/kdelibs/khtml/khtml_part.cpp:1514

Comment 10 Maksim Orlovich 2011-02-22 01:29:54 UTC

Actually, no, the bt is just misleading. 

==5121== Invalid read of size 4
==5121==    at 0xBDE5F21: khtml::RenderTextFragment::detach() (render_text.cpp:1771)
==5121==    by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241)
==5121==    by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326)
==5121==    by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241)
==5121==    by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326)
==5121==    by 0xBD0EC1B: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:908)
==5121==  Address 0x7063d40 is 8 bytes inside a block of size 84 free'd
==5121==    at 0x4023EB3: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5121==    by 0xBDC73A2: khtml::RenderObject::arenaDelete(khtml::RenderArena*, void*) (render_object.cpp:2408)
==5121==    by 0xBDCEE57: khtml::RenderObject::detach() (render_object.cpp:2384)
==5121==    by 0xBDE5EF2: khtml::RenderText::detach() (render_text.cpp:729)
==5121==    by 0xBDE5F33: khtml::RenderTextFragment::detach() (render_text.cpp:1773)
==5121==    by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241)
==5121==    by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326)
==5121==    by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241)
==5121==    by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326)
==5121==    by 0xBDDA1EA: khtml::RenderBox::detachRemainingChildren() (render_box.cpp:241)
==5121==    by 0xBDE36B4: khtml::RenderFlow::detach() (render_flow.cpp:326)
==5121==    by 0xBD0EC1B: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:908)

Comment 11 Gérard Talbot (no longer involved) 2012-06-21 02:51:15 UTC

Steps to reproduce:
After clearing history and cache, I load
http://test.csswg.org/suites/css2.1/20110323/html4/first-letter-dynamic-001.htm
and then type-append in the address bar "-ref" string and press "Enter" key so that I can go to
http://test.csswg.org/suites/css2.1/20110323/html4/first-letter-dynamic-001-ref.htm
and then the webpage never loads, Konqueror 4.8.4 crashes immediately.


I am using
KDE Platform Version: 4.8.4
Konqueror version: 4.8.4 (with KHTML rendering engine)
Qt Version: 4.8.1
Operating System: Linux 3.2.0-25-generic-pae i686 (32bits)
Distribution: Kubuntu 12.04 LTS
here.

Version field, URL field and Keywords field have been updated.

Gérard

Comment 12 Justin Zobel 2020-12-13 04:24:00 UTC

Thank you for the crash reports.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.

Comment 13 Bug Janitor Service 2020-12-28 04:34:32 UTC

Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!

Comment 14 Bug Janitor Service 2021-01-12 04:34:08 UTC

This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!