318665 – konqueror crash on http://nnm-club.ru/

Bug 318665 - konqueror crash on http://nnm-club.ru/

Summary: konqueror crash on http://nnm-club.ru/

Status:	RESOLVED DUPLICATE of bug 323127

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml (show other bugs)
Version:	4.11.2
Platform:	Fedora RPMs Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-04-21 12:33 UTC by Suren Karapetyan
Modified:	2014-01-15 09:59 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Suren Karapetyan 2013-04-21 12:33:02 UTC

Application: konqueror (4.10.2)
KDE Platform Version: 4.10.2
Qt Version: 4.8.4
Operating System: Linux 3.8.8-202.fc18.x86_64 x86_64
Distribution: "Fedora release 18 (Spherical Cow)"

-- Information about the crash:
- What I was doing when the application crashed:
I opened the following 3 links in different tabs (while logged in - not sure if will have the same result if not logged in).
http://nnm-club.ru/forum/viewtopic.php?t=537631
http://nnm-club.ru/forum/viewtopic.php?t=537607
http://nnm-club.ru/forum/viewtopic.php?t=537587

Can't reproduce this with webkit rendering engine.
I have flash plugin installed - it may be related.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f7ca0f1d880 (LWP 9475))]

Thread 3 (Thread 0x7f7c931cf700 (LWP 9476)):
#0  0x00000030b300b952 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00000030c087be17 in QWaitCondition::wait(QMutex*, unsigned long) () from /lib64/libQtCore.so.4
#2  0x00000030c086f69f in QThreadPoolThread::run() () from /lib64/libQtCore.so.4
#3  0x00000030c087b95c in QThreadPrivate::start(void*) () from /lib64/libQtCore.so.4
#4  0x00000030b3007d15 in start_thread () from /lib64/libpthread.so.0
#5  0x00000030b28f248d in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f7c91f03700 (LWP 9477)):
#0  0x00000030b300b952 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#1  0x00000030c087be17 in QWaitCondition::wait(QMutex*, unsigned long) () from /lib64/libQtCore.so.4
#2  0x00000030c086f69f in QThreadPoolThread::run() () from /lib64/libQtCore.so.4
#3  0x00000030c087b95c in QThreadPrivate::start(void*) () from /lib64/libQtCore.so.4
#4  0x00000030b3007d15 in start_thread () from /lib64/libpthread.so.0
#5  0x00000030b28f248d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f7ca0f1d880 (LWP 9475)):
[KCrash Handler]
#5  0x00000034a7b50e33 in khtml::RenderText::calcMinMaxWidth() () from /lib64/libkhtml.so.5
#6  0x00000034a7b283a5 in khtml::RenderBlock::insertFloatingObject(khtml::RenderObject*) () from /lib64/libkhtml.so.5
#7  0x00000034a7b1f2a6 in khtml::RenderBlock::findNextLineBreak(khtml::BidiIterator&, khtml::BidiState&) () from /lib64/libkhtml.so.5
#8  0x00000034a7b2248c in khtml::RenderBlock::layoutInlineChildren(bool, int) () from /lib64/libkhtml.so.5
#9  0x00000034a7b2be3d in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#10 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#11 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#12 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#13 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#14 0x00000034a7b5afb7 in khtml::RenderTableCell::layout() () from /lib64/libkhtml.so.5
#15 0x00000034a7b63b44 in khtml::RenderTableRow::layout() () from /lib64/libkhtml.so.5
#16 0x00000034a7b416cc in khtml::RenderContainer::layout() () from /lib64/libkhtml.so.5
#17 0x00000034a7b64b82 in khtml::RenderTable::layout() () from /lib64/libkhtml.so.5
#18 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#19 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#20 0x00000034a7b5afb7 in khtml::RenderTableCell::layout() () from /lib64/libkhtml.so.5
#21 0x00000034a7b63b44 in khtml::RenderTableRow::layout() () from /lib64/libkhtml.so.5
#22 0x00000034a7b416cc in khtml::RenderContainer::layout() () from /lib64/libkhtml.so.5
#23 0x00000034a7b64b82 in khtml::RenderTable::layout() () from /lib64/libkhtml.so.5
#24 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#25 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#26 0x00000034a7b5afb7 in khtml::RenderTableCell::layout() () from /lib64/libkhtml.so.5
#27 0x00000034a7b63b44 in khtml::RenderTableRow::layout() () from /lib64/libkhtml.so.5
#28 0x00000034a7b416cc in khtml::RenderContainer::layout() () from /lib64/libkhtml.so.5
#29 0x00000034a7b64b82 in khtml::RenderTable::layout() () from /lib64/libkhtml.so.5
#30 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#31 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#32 0x00000034a7b5afb7 in khtml::RenderTableCell::layout() () from /lib64/libkhtml.so.5
#33 0x00000034a7b63b44 in khtml::RenderTableRow::layout() () from /lib64/libkhtml.so.5
#34 0x00000034a7b416cc in khtml::RenderContainer::layout() () from /lib64/libkhtml.so.5
#35 0x00000034a7b64b82 in khtml::RenderTable::layout() () from /lib64/libkhtml.so.5
#36 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#37 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#38 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#39 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#40 0x00000034a7b84aaf in khtml::RenderBody::layout() () from /lib64/libkhtml.so.5
#41 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#42 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#43 0x00000034a7b2b51c in khtml::RenderBlock::layoutBlockChildren(bool) () from /lib64/libkhtml.so.5
#44 0x00000034a7b2bc53 in khtml::RenderBlock::layoutBlock(bool) () from /lib64/libkhtml.so.5
#45 0x00000034a7b80c91 in khtml::RenderCanvas::layout() () from /lib64/libkhtml.so.5
#46 0x00000034a79f740b in KHTMLView::layout() () from /lib64/libkhtml.so.5
#47 0x00000034a7a84df2 in DOM::DocumentImpl::updateLayout() () from /lib64/libkhtml.so.5
#48 0x00000034a7c20fa3 in KJS::DOMNode::getValueProperty(KJS::ExecState*, int) const () from /lib64/libkhtml.so.5
#49 0x0000003370461918 in KJS::JSObject::get(KJS::ExecState*, KJS::Identifier const&) const () from /lib64/libkjs.so.4
#50 0x00000033704733b7 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#51 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#52 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#53 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#54 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#55 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#56 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#57 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#58 0x0000003370448020 in KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#59 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#60 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#61 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#62 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#63 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#64 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#65 0x0000003370448020 in KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#66 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#67 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#68 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#69 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#70 0x000000337047970a in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /lib64/libkjs.so.4
#71 0x000000337045dd18 in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /lib64/libkjs.so.4
#72 0x00000034a7c7ae2a in KJS::JSEventListener::handleEvent(DOM::Event&) () from /lib64/libkhtml.so.5
#73 0x00000034a7ab1bad in DOM::EventTargetImpl::handleLocalEvents(DOM::EventImpl*, bool) () from /lib64/libkhtml.so.5
#74 0x00000034a7a8db90 in DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) () from /lib64/libkhtml.so.5
#75 0x00000034a7a8ddee in DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) () from /lib64/libkhtml.so.5
#76 0x00000034a7a8f63a in DOM::NodeImpl::dispatchHTMLEvent(int, bool, bool) () from /lib64/libkhtml.so.5
#77 0x00000034a7a1348b in KHTMLPart::slotFinishedParsing() () from /lib64/libkhtml.so.5
#78 0x00000034a7a2c5cc in KHTMLPart::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () from /lib64/libkhtml.so.5
#79 0x00000030c098ceef in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib64/libQtCore.so.4
#80 0x00000030c098ceef in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib64/libQtCore.so.4
#81 0x00000034a7ad1229 in khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) () from /lib64/libkhtml.so.5
#82 0x00000034a7ad22fe in khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) () from /lib64/libkhtml.so.5
#83 0x00000034a7be65ff in khtml::CachedScript::checkNotify() () from /lib64/libkhtml.so.5
#84 0x00000034a7be67a4 in khtml::CachedScript::data(QBuffer&, bool) () from /lib64/libkhtml.so.5
#85 0x00000034a7be881e in khtml::Loader::slotFinished(KJob*) () from /lib64/libkhtml.so.5
#86 0x00000030c098ceef in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib64/libQtCore.so.4
#87 0x0000003499734232 in KJob::result(KJob*) () from /lib64/libkdecore.so.5
#88 0x0000003499734270 in KJob::emitResult() () from /lib64/libkdecore.so.5
#89 0x000000349b8f72d5 in KIO::SimpleJob::slotFinished() () from /lib64/libkio.so.5
#90 0x000000349b8fe7e2 in KIO::TransferJob::slotFinished() () from /lib64/libkio.so.5
#91 0x00000030c098ceef in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib64/libQtCore.so.4
#92 0x000000349b99a2b1 in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /lib64/libkio.so.5
#93 0x000000349b99738a in KIO::SlaveInterface::dispatch() () from /lib64/libkio.so.5
#94 0x000000349b98b8ee in KIO::Slave::gotInput() () from /lib64/libkio.so.5
#95 0x00000030c098ceef in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /lib64/libQtCore.so.4
#96 0x000000349b8cc222 in KIO::ConnectionPrivate::dequeue() () from /lib64/libkio.so.5
#97 0x00000030c098c3ce in QObject::event(QEvent*) () from /lib64/libQtCore.so.4
#98 0x00000030c35ca5cc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQtGui.so.4
#99 0x00000030c35cea4a in QApplication::notify(QObject*, QEvent*) () from /lib64/libQtGui.so.4
#100 0x000000349a246f16 in KApplication::notify(QObject*, QEvent*) () from /lib64/libkdeui.so.5
#101 0x00000030c0977abe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /lib64/libQtCore.so.4
#102 0x00000030c097b571 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /lib64/libQtCore.so.4
#103 0x00000030c09a5f73 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQtCore.so.4
#104 0x00000030b5047a55 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#105 0x00000030b5047d88 in g_main_context_iterate.isra.24 () from /lib64/libglib-2.0.so.0
#106 0x00000030b5047e44 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#107 0x00000030c09a6106 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#108 0x00000030c366a73e in QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtGui.so.4
#109 0x00000030c097680f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#110 0x00000030c0976a98 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQtCore.so.4
#111 0x00000030c097b888 in QCoreApplication::exec() () from /lib64/libQtCore.so.4
#112 0x000000349c6b3e22 in kdemain () from /lib64/libkdeinit4_konqueror.so
#113 0x00000030b2821a05 in __libc_start_main () from /lib64/libc.so.6
#114 0x00000000004008d1 in _start ()

Reported using DrKonqi

Comment 1 Tommi Tervo 2013-04-21 17:59:05 UTC

==29169== Conditional jump or move depends on uninitialised value(s)
==29169==    at 0xB49BD7A: khtml::RenderBlock::findNextLineBreak(khtml::BidiIterator&, khtml::BidiSta
te&) (bidi.cpp:1829)
==29169==    by 0xEA4DC8F: ???
==29169== 
==29169== Invalid read of size 4
==29169==    at 0xB49BF15: khtml::RenderBlock::findNextLineBreak(khtml::BidiIterator&, khtml::BidiState&) (bidi.cpp:2504)
==29169==    by 0xEA4DC8F: ???
==29169==  Address 0x5 is not stack'd, malloc'd or (recently) free'd
==29169== 


#0  0xb356a4b6 in khtml::RenderObject::isWordBreak (this=0x96e5ee0)
    at /usr/src/debug/kdelibs-4.10.2/khtml/rendering/render_object.cpp:258
#1  0xb35539d9 in khtml::RenderBlock::findNextLineBreak (this=this@entry=0x96e5830, start=..., bidi=
    ...) at /usr/src/debug/kdelibs-4.10.2/khtml/rendering/bidi.cpp:2030
#2  0xb3555cf3 in khtml::RenderBlock::layoutInlineChildren (this=0x96e5830, relayoutChildren=false, 
    breakBeforeLine=0) at /usr/src/debug/kdelibs-4.10.2/khtml/rendering/bidi.cpp:1506
#3  0x00000000 in ?? ()

Comment 2 Suren Karapetyan 2013-10-14 19:42:34 UTC

I'm still getting this with 4.10.5 and qt-4.8.5-10.fc18.x86_64

Comment 3 Andrea Iacovitti 2014-01-15 09:59:20 UTC


*** This bug has been marked as a duplicate of bug 323127 ***