333519 – Konqueror crashes on a video platform

Bug 333519 - Konqueror crashes on a video platform

Summary: Konqueror crashes on a video platform

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (other bugs)
Version First Reported In:	4.12.3
Platform:	Fedora RPMs Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Bugs

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2014-04-16 21:18 UTC by OsamaK
Modified:	2014-04-17 16:30 UTC (History)
CC List:	0 users

See Also:
Latest Commit:	http://commits.kde.org/kdelibs/a0b4240db558946d8a8064a9734f660521b983af
Version Fixed/Implemented In:	4.12.5
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description OsamaK 2014-04-16 21:18:14 UTC

Application: konqueror (4.12.3)
KDE Platform Version: 4.12.3
Qt Version: 4.8.5
Operating System: Linux 3.13.8-200.fc20.x86_64 x86_64
Distribution (Platform): Fedora RPMs

-- Information about the crash:
- What I was doing when the application crashed:
Opening the following link causes Konqueror to crash, everytime.
- http://www.c-span.org/video/?206133-1/oil-meeting-saudi-arabia

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
81	T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
[Current thread is 1 (Thread 0x7f8c41af98c0 (LWP 16804))]

Thread 3 (Thread 0x7f8c2e74d700 (LWP 16831)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x0000003f4047c8b4 in wait (time=30000, this=0x20e5910) at thread/qwaitcondition_unix.cpp:84
#2  QWaitCondition::wait (this=<optimized out>, mutex=mutex@entry=0x20d19d8, time=30000) at thread/qwaitcondition_unix.cpp:158
#3  0x0000003f4046f99d in QThreadPoolThread::run (this=0x1f8e430) at concurrent/qthreadpool.cpp:141
#4  0x0000003f4047c3af in QThreadPrivate::start (arg=0x1f8e430) at thread/qthread_unix.cpp:338
#5  0x0000003f32c07f33 in start_thread (arg=0x7f8c2e74d700) at pthread_create.c:309
#6  0x0000003f328f4ded in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7f8c2db43700 (LWP 16843)):
#0  pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_timedwait.S:238
#1  0x0000003f4047c8b4 in wait (time=30000, this=0x20e5910) at thread/qwaitcondition_unix.cpp:84
#2  QWaitCondition::wait (this=<optimized out>, mutex=mutex@entry=0x20d19d8, time=30000) at thread/qwaitcondition_unix.cpp:158
#3  0x0000003f4046f99d in QThreadPoolThread::run (this=0x214c7d0) at concurrent/qthreadpool.cpp:141
#4  0x0000003f4047c3af in QThreadPrivate::start (arg=0x214c7d0) at thread/qthread_unix.cpp:338
#5  0x0000003f32c07f33 in start_thread (arg=0x7f8c2db43700) at pthread_create.c:309
#6  0x0000003f328f4ded in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7f8c41af98c0 (LWP 16804)):
[KCrash Handler]
#6  0x00007f8c31916d9b in DOM::CSSImageValueImpl::CSSImageValueImpl (this=0x2cf2da0, url=..., style=0x0) at /usr/src/debug/kdelibs-4.12.3/khtml/css/css_valueimpl.cpp:1376
#7  0x00007f8c319201b0 in DOM::CSSParser::parseBackgroundImage (this=this@entry=0x7fff934087e0, didParse=@0x7fff93406884: true) at /usr/src/debug/kdelibs-4.12.3/khtml/css/cssparser.cpp:1669
#8  0x00007f8c31922ba2 in DOM::CSSParser::parseBackgroundProperty (this=this@entry=0x7fff934087e0, propId=propId@entry=2, propId1=@0x7fff93406928: 2, propId2=@0x7fff9340692c: 2, retValue1=@0x7fff93406940: 0x0, retValue2=@0x7fff93406948: 0x0) at /usr/src/debug/kdelibs-4.12.3/khtml/css/cssparser.cpp:1861
#9  0x00007f8c31923111 in DOM::CSSParser::parseBackgroundShorthand (this=this@entry=0x7fff934087e0, important=important@entry=false) at /usr/src/debug/kdelibs-4.12.3/khtml/css/cssparser.cpp:1311
#10 0x00007f8c31927315 in DOM::CSSParser::parseValue (this=this@entry=0x7fff934087e0, propId=120, important=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/khtml/css/cssparser.cpp:1117
#11 0x00007f8c31946874 in cssyyparse (parser=parser@entry=0x7fff934087e0) at /usr/src/debug/kdelibs-4.12.3/khtml/css/parser.cpp:3065
#12 0x00007f8c319250cc in DOM::CSSParser::runParser (this=this@entry=0x7fff934087e0) at /usr/src/debug/kdelibs-4.12.3/khtml/css/cssparser.cpp:151
#13 0x00007f8c31925472 in DOM::CSSParser::parseDeclaration (this=this@entry=0x7fff934087e0, declaration=declaration@entry=0x2cc8990, string=...) at /usr/src/debug/kdelibs-4.12.3/khtml/css/cssparser.cpp:281
#14 0x00007f8c31917d2d in DOM::CSSStyleDeclarationImpl::setCssText (this=this@entry=0x2cc8990, text=...) at /usr/src/debug/kdelibs-4.12.3/khtml/css/css_valueimpl.cpp:875
#15 0x00007f8c319e4667 in KJS::DOMCSSStyleDeclaration::put (this=0x7f8c2ceb2400, exec=0x7fff93408b20, propertyName=..., value=0x7f8c2d2ba480, attr=0) at /usr/src/debug/kdelibs-4.12.3/khtml/ecma/kjs_css.cpp:242
#16 0x0000003dff682727 in KJS::Machine::runBlock (exec=0x7fff93408b20, codeBlock=..., parentExec=0x0, parentExec@entry=0x7fff93408e10) at codes.def:682
#17 0x0000003dff66a151 in KJS::FunctionImp::callAsFunction (this=0x7f8c2ceb3340, exec=0x7fff93408e10, thisObj=<optimized out>, args=...) at /usr/src/debug/kdelibs-4.12.3/kjs/function.cpp:171
#18 0x0000003dff68651d in call (args=..., thisObj=<optimized out>, exec=<optimized out>, this=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/kjs/object.h:632
#19 KJS::Machine::runBlock (exec=0x7fff93408e10, codeBlock=..., parentExec=0x0, parentExec@entry=0x7fff934091b0) at codes.def:1233
#20 0x0000003dff66a151 in KJS::FunctionImp::callAsFunction (this=0x7f8c2ceb1f00, exec=0x7fff934091b0, thisObj=<optimized out>, args=...) at /usr/src/debug/kdelibs-4.12.3/kjs/function.cpp:171
#21 0x0000003dff68651d in call (args=..., thisObj=<optimized out>, exec=<optimized out>, this=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/kjs/object.h:632
#22 KJS::Machine::runBlock (exec=0x7fff934091b0, codeBlock=..., parentExec=parentExec@entry=0x0) at codes.def:1233
#23 0x0000003dff63dca4 in KJS::FunctionBodyNode::execute (this=this@entry=0x2ef10b0, exec=exec@entry=0x7fff934091b0) at /usr/src/debug/kdelibs-4.12.3/kjs/nodes.cpp:927
#24 0x0000003dff672a8b in KJS::Interpreter::evaluate (this=0x20cd6e0, sourceURL=..., startingLineNumber=startingLineNumber@entry=0, code=<optimized out>, codeLength=<optimized out>, thisV=thisV@entry=0x7f8c35c00000) at /usr/src/debug/kdelibs-4.12.3/kjs/interpreter.cpp:567
#25 0x0000003dff672c04 in KJS::Interpreter::evaluate (this=<optimized out>, sourceURL=..., startingLineNumber=startingLineNumber@entry=0, code=..., thisV=thisV@entry=0x7f8c35c00000) at /usr/src/debug/kdelibs-4.12.3/kjs/interpreter.cpp:507
#26 0x00007f8c319e3056 in KJSProxy::evaluate (this=this@entry=0x1fe05b0, filename=..., baseLine=baseLine@entry=0, str=..., n=..., completion=completion@entry=0x7fff93409500) at /usr/src/debug/kdelibs-4.12.3/khtml/ecma/kjs_proxy.cpp:126
#27 0x00007f8c317841f5 in KHTMLPart::executeScript (this=0x1dc8190, filename=..., baseLine=baseLine@entry=0, n=..., script=...) at /usr/src/debug/kdelibs-4.12.3/khtml/khtml_part.cpp:1292
#28 0x00007f8c31840785 in khtml::HTMLTokenizer::scriptExecution (this=this@entry=0x1c5db20, str=..., scriptURL=..., baseLine=baseLine@entry=0) at /usr/src/debug/kdelibs-4.12.3/khtml/html/htmltokenizer.cpp:517
#29 0x00007f8c31846ae6 in khtml::HTMLTokenizer::notifyFinished (this=0x1c5db20, finishedObj=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/khtml/html/htmltokenizer.cpp:2114
#30 0x00007f8c3195cedf in khtml::CachedScript::checkNotify (this=this@entry=0x22bf420) at /usr/src/debug/kdelibs-4.12.3/khtml/misc/loader.cpp:397
#31 0x00007f8c3195d06c in khtml::CachedScript::data (this=0x22bf420, buffer=..., eof=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/khtml/misc/loader.cpp:389
#32 0x00007f8c31962fa1 in khtml::Loader::slotFinished (this=0x1dd2130, job=0x1cac790) at /usr/src/debug/kdelibs-4.12.3/khtml/misc/loader.cpp:1273
#33 0x0000003f40598cf8 in QMetaObject::activate (sender=sender@entry=0x1cac790, m=m@entry=0x339d8d24a0 <KJob::staticMetaObject>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7fff93409a40) at kernel/qobject.cpp:3547
#34 0x000000339d539ad2 in KJob::result (this=this@entry=0x1cac790, _t1=_t1@entry=0x1cac790) at /usr/src/debug/kdelibs-4.12.3/x86_64-redhat-linux-gnu/kdecore/kjob.moc:207
#35 0x000000339d539b20 in KJob::emitResult (this=this@entry=0x1cac790) at /usr/src/debug/kdelibs-4.12.3/kdecore/jobs/kjob.cpp:318
#36 0x0000003806301c0a in KIO::SimpleJob::slotFinished (this=this@entry=0x1cac790) at /usr/src/debug/kdelibs-4.12.3/kio/kio/job.cpp:496
#37 0x0000003806302fe1 in KIO::TransferJob::slotFinished (this=0x1cac790) at /usr/src/debug/kdelibs-4.12.3/kio/kio/job.cpp:1107
#38 0x0000003f40598cf8 in QMetaObject::activate (sender=0x20eab40, m=m@entry=0x38066b9460 <KIO::SlaveInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3547
#39 0x00000038063a7883 in KIO::SlaveInterface::finished (this=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/x86_64-redhat-linux-gnu/kio/slaveinterface.moc:184
#40 0x00000038063a94d6 in KIO::SlaveInterface::dispatch (this=<optimized out>, _cmd=104, rawdata=...) at /usr/src/debug/kdelibs-4.12.3/kio/kio/slaveinterface.cpp:176
#41 0x00000038063a680e in KIO::SlaveInterface::dispatch (this=0x20eab40) at /usr/src/debug/kdelibs-4.12.3/kio/kio/slaveinterface.cpp:92
#42 0x000000380639a58e in KIO::Slave::gotInput (this=0x20eab40) at /usr/src/debug/kdelibs-4.12.3/kio/kio/slave.cpp:344
#43 0x0000003f40598cf8 in QMetaObject::activate (sender=0x1fe56c0, m=m@entry=0x38066b2980 <KIO::Connection::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3547
#44 0x00000038062ccc90 in KIO::Connection::readyRead (this=<optimized out>) at /usr/src/debug/kdelibs-4.12.3/x86_64-redhat-linux-gnu/kio/connection.moc:105
#45 0x00000038062cd3e1 in KIO::ConnectionPrivate::dequeue (this=0x1fe4fa0) at /usr/src/debug/kdelibs-4.12.3/kio/kio/connection.cpp:82
#46 0x0000003f4059d27e in QObject::event (this=0x1fe56c0, e=<optimized out>) at kernel/qobject.cpp:1194
#47 0x0000003083dc9d8c in QApplicationPrivate::notify_helper (this=this@entry=0x1972e10, receiver=receiver@entry=0x1fe56c0, e=e@entry=0x2103da0) at kernel/qapplication.cpp:4562
#48 0x0000003083dd0725 in QApplication::notify (this=this@entry=0x7fff9340a960, receiver=receiver@entry=0x1fe56c0, e=e@entry=0x2103da0) at kernel/qapplication.cpp:4348
#49 0x000000339dc4ab0a in KApplication::notify (this=0x7fff9340a960, receiver=0x1fe56c0, event=0x2103da0) at /usr/src/debug/kdelibs-4.12.3/kdeui/kernel/kapplication.cpp:311
#50 0x0000003f4058439d in QCoreApplication::notifyInternal (this=0x7fff9340a960, receiver=receiver@entry=0x1fe56c0, event=event@entry=0x2103da0) at kernel/qcoreapplication.cpp:949
#51 0x0000003f40587485 in sendEvent (event=0x2103da0, receiver=0x1fe56c0) at kernel/qcoreapplication.h:231
#52 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x19410c0) at kernel/qcoreapplication.cpp:1573
#53 0x0000003f40587923 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1466
#54 0x0000003f405b3623 in sendPostedEvents () at kernel/qcoreapplication.h:236
#55 postEventSourceDispatch (s=s@entry=0x1971720) at kernel/qeventdispatcher_glib.cpp:280
#56 0x0000003f354492a6 in g_main_dispatch (context=0x1973810) at gmain.c:3066
#57 g_main_context_dispatch (context=context@entry=0x1973810) at gmain.c:3642
#58 0x0000003f35449628 in g_main_context_iterate (context=context@entry=0x1973810, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713
#59 0x0000003f354496dc in g_main_context_iteration (context=0x1973810, may_block=1) at gmain.c:3774
#60 0x0000003f405b2ea5 in QEventDispatcherGlib::processEvents (this=0x1942a20, flags=...) at kernel/qeventdispatcher_glib.cpp:425
#61 0x0000003083e6bca6 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:207
#62 0x0000003f40582edf in QEventLoop::processEvents (this=this@entry=0x7fff9340a770, flags=...) at kernel/qeventloop.cpp:149
#63 0x0000003f4058322d in QEventLoop::exec (this=this@entry=0x7fff9340a770, flags=...) at kernel/qeventloop.cpp:204
#64 0x0000003f40588749 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1221
#65 0x00000038074b7616 in kdemain () from /lib64/libkdeinit4_konqueror.so
#66 0x0000003f32821d65 in __libc_start_main (main=0x4008a0 <main>, argc=2, argv=0x7fff9340ab08, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff9340aaf8) at libc-start.c:285
#67 0x00000000004008d1 in _start ()

Possible duplicates by query: bug 332888, bug 325930, bug 324101.

Reported using DrKonqi

Comment 1 Andrea Iacovitti 2014-04-17 16:30:03 UTC

Git commit a0b4240db558946d8a8064a9734f660521b983af by Andrea Iacovitti.
Committed on 17/04/2014 at 16:24.
Pushed by aiacovitti into branch 'KDE/4.12'.

Fix a null pointer dereference crash.
FIXED-IN: 4.12.5

M  +4    -4    khtml/css/cssparser.cpp

http://commits.kde.org/kdelibs/a0b4240db558946d8a8064a9734f660521b983af