Bug 326001 - Akregator crashes when displaying arstechnica.com (in KJS::UString::Rep::computeHash)
Summary: Akregator crashes when displaying arstechnica.com (in KJS::UString::Rep::comp...
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: kjs (show other bugs)
Version: 4.11.2
Platform: Kubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL: http://arstechnica.com
Keywords:
: 326000 (view as bug list)
Depends on:
Blocks:
 
Reported: 2013-10-14 09:17 UTC by Jonathan Verner
Modified: 2018-10-31 10:49 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Bzipped full backtrace (1.80 MB, application/octet-stream)
2013-10-14 09:19 UTC, Jonathan Verner 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Jonathan Verner 2013-10-14 09:17:56 UTC 
Browsing the arstechnica.com website in akregator crashes it relibly. The crash is a segmentation fault in KJS::UString::Rep::computeHash. The backtrace is huge (93Mb),
the top of the backtrace is:

#0  KJS::UString::Rep::computeHash (s=0x7f01a433c0b8 "[[NodeConstructor.constructor]]") at ../../kjs/ustring.cpp:325
#1  0x00007f019da63538 in hash (c=0x7f01a433c0b8 "[[NodeConstructor.constructor]]") at ../../kjs/identifier.cpp:67
#2  hash (key=<optimized out>) at ../../kjs/wtf/HashSet.h:105
#3  fullLookupForWriting<char const*, WTF::HashSetTranslatorAdapter<KJS::UString::Rep*, WTF::HashTraits<KJS::UString::Rep*>, char const*, KJS::CStringTranslator> > (key=<synthetic pointer>, this=0x25cd540) at ../../kjs/wtf/HashTable.h:564
#4  addPassingHashCode<char const*, char const*, WTF::HashSetTranslatorAdapter<KJS::UString::Rep*, WTF::HashTraits<KJS::UString::Rep*>, char const*, KJS::CStringTranslator> > (extra=<synthetic pointer>, key=<synthetic pointer>, this=0x25cd540) at ../../kjs/wtf/HashTable.h:702
#5  add<char const*, KJS::CStringTranslator> (value=<synthetic pointer>, this=<optimized out>) at ../../kjs/wtf/HashSet.h:217
#6  KJS::Identifier::add (c=0x7f01a433c0b8 "[[NodeConstructor.constructor]]") at ../../kjs/identifier.cpp:103
#7  0x00007f01a4174a27 in Identifier (s=0x7f01a433c0b8 "[[NodeConstructor.constructor]]", this=0x7fffaf8c00a0) at ../../kjs/identifier.h:48
#8  KJS::NodeConstructor::NodeConstructor (this=0x7f017550d140, exec=0x7fffb18b66b0) at ../../khtml/ecma/kjs_dom.cpp:1916
#9  0x00007f01a41747d8 in cacheGlobalObject<KJS::NodeConstructor> (propertyName=..., exec=0x7fffb18b66b0) at ../../kjs/lookup.h:331

Reproducible: Always




I filed this bug against akregator (bug 326000) first, before realizing I should probably have filed it against konqueror.
Comment 1 Jonathan Verner 2013-10-14 09:19:47 UTC 
Created attachment 82840 [details]
Bzipped full backtrace

Bzipped using the command cat test.txt | bzip2 > t.bz2
Comment 2 Raúl 2013-11-07 19:55:45 UTC 
I think I bumped into this, in my case on konqueror 4.10.5.
I think what I got was a stack overflow since DrKonqui didn't appear. Manually attaching gdb before the crash I have tons of frames like this in the backtrace:
[...]
#5024 0x00007ff70ba88b78 in cacheGlobalObject<KJS::NodeConstructor> (propertyName=..., exec=0x7fff92797e50) at ../../kjs/lookup.h:331
#5025 KJS::NodeConstructor::self (exec=exec@entry=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:1872
#5026 0x00007ff70ba88c78 in KJS::DOMNodeProto::DOMNodeProto (this=0x7ff6a7cf2ec0, exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:121
#5027 0x00007ff70ba88a3a in cacheGlobalObject<KJS::DOMNodeProto> (propertyName=..., exec=0x7fff92797e50) at ../../kjs/lookup.h:331
#5028 self (exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:113
#5029 KJS::NodeConstructor::NodeConstructor (this=0x7ff6a7cf2e40, exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:1872
#5030 0x00007ff70ba88b78 in cacheGlobalObject<KJS::NodeConstructor> (propertyName=..., exec=0x7fff92797e50) at ../../kjs/lookup.h:331
#5031 KJS::NodeConstructor::self (exec=exec@entry=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:1872
#5032 0x00007ff70ba88c78 in KJS::DOMNodeProto::DOMNodeProto (this=0x7ff6a7cf2dc0, exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:121
#5033 0x00007ff70ba88a3a in cacheGlobalObject<KJS::DOMNodeProto> (propertyName=..., exec=0x7fff92797e50) at ../../kjs/lookup.h:331
#5034 self (exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:113
#5035 KJS::NodeConstructor::NodeConstructor (this=0x7ff6a7cf2d40, exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:1872
#5036 0x00007ff70ba88b78 in cacheGlobalObject<KJS::NodeConstructor> (propertyName=..., exec=0x7fff92797e50) at ../../kjs/lookup.h:331
#5037 KJS::NodeConstructor::self (exec=exec@entry=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:1872
#5038 0x00007ff70ba88c78 in KJS::DOMNodeProto::DOMNodeProto (this=0x7ff6a7cf2cc0, exec=0x7fff92797e50) at ../../khtml/ecma/kjs_dom.cpp:121

In order to reproduce visit: http://ccaa.elpais.com/ccaa/2013/11/05/album/1383639718_997266.html#1383639718_997266_1383657199 on a new konqueror instance and keep clicking on the right arrow above the picture. Picture gallery will slide till the crash happens.

HTH,
Comment 3 cattynebulart 2014-03-19 16:23:40 UTC 
getting the same kind of crash on arstechnica.com.
Comment 4 Christophe Marin 2015-03-01 18:46:31 UTC 
*** Bug 326000 has been marked as a duplicate of this bug. ***
Comment 5 Andrew Crouthamel 2018-10-31 04:08:43 UTC 
Dear Bug Submitter,

This bug has been stagnant for a long time. Could you help us out and re-test if the bug is valid in the latest version? I am setting the status to NEEDSINFO pending your response, please change the Status back to REPORTED when you respond.

Thank you for helping us make KDE software even better for everyone!
Comment 6 Jonathan Verner 2018-10-31 10:49:54 UTC 
The bug doesn't seem to happen anymore with Akregator 5.9.2 or Konqueror 5.0.97, therefore I am marking this bug as fixed (although they currently seem to use webkit instead of khtml...)