335581 – Segmentation fault on http://www.newegg.com

Bug 335581 - Segmentation fault on http://www.newegg.com

Summary: Segmentation fault on http://www.newegg.com

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	kjs (show other bugs)
Version:	4.13.1
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:	drkonqi

Depends on:
Blocks:

Reported:	2014-05-30 10:56 UTC by Graeme Hewson
Modified:	2022-11-21 09:23 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
New crash information added by DrKonqi (13.91 KB, text/plain) 2014-07-02 21:22 UTC, Raúl	Details
Crash valgrind log (5.96 KB, text/plain) 2014-07-02 22:23 UTC, Raúl	Details
New crash information added by DrKonqi (23.73 KB, text/plain) 2015-12-29 09:34 UTC, Joachim Mairböck	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Graeme Hewson 2014-05-30 10:56:08 UTC

Application: konqueror (4.13.0)
KDE Platform Version: 4.13.0
Qt Version: 4.8.6
Operating System: Linux 3.13.0-27-generic x86_64
Distribution: Ubuntu 14.04 LTS

-- Information about the crash:
- What I was doing when the application crashed:

Went to http://www.newegg.com, which redirects to http://www.newegg.com/global/uk/.

The crash happens with both KHTML and WebKit.

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f3ff9a487c0 (LWP 22024))]

Thread 2 (Thread 0x7f3fe138a700 (LWP 22025)):
#0  0x00007f3ff26c47ee in __pthread_mutex_unlock_usercnt (decr=1, mutex=0x7f3fdc000a60) at pthread_mutex_unlock.c:57
#1  __GI___pthread_mutex_unlock (mutex=0x7f3fdc000a60) at pthread_mutex_unlock.c:310
#2  0x00007f3ff22239c1 in g_mutex_unlock () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007f3ff21e1680 in g_main_context_prepare () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007f3ff21e1f03 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007f3ff21e20ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#6  0x00007f3ff5f0c7be in QEventDispatcherGlib::processEvents (this=0x7f3fdc0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:436
#7  0x00007f3ff5ede0af in QEventLoop::processEvents (this=this@entry=0x7f3fe1389de0, flags=...) at kernel/qeventloop.cpp:149
#8  0x00007f3ff5ede3a5 in QEventLoop::exec (this=this@entry=0x7f3fe1389de0, flags=...) at kernel/qeventloop.cpp:204
#9  0x00007f3ff5ddac5f in QThread::exec (this=this@entry=0x346e380) at thread/qthread.cpp:537
#10 0x00007f3ff5ebf823 in QInotifyFileSystemWatcherEngine::run (this=0x346e380) at io/qfilesystemwatcher_inotify.cpp:265
#11 0x00007f3ff5ddd32f in QThreadPrivate::start (arg=0x346e380) at thread/qthread_unix.cpp:349
#12 0x00007f3ff26c1182 in start_thread (arg=0x7f3fe138a700) at pthread_create.c:312
#13 0x00007f3ff92c530d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7f3ff9a487c0 (LWP 22024)):
[KCrash Handler]
#6  add (r=0x1) at ../../kjs/identifier.h:114
#7  Identifier (rep=0x1, this=0x7fff10913c30) at ../../kjs/identifier.h:50
#8  KJS::PropertyMap::getPropertyNames (this=this@entry=0x7f3fe0111c88, propertyNames=..., mode=mode@entry=KJS::PropertyMap::IncludeDontEnumProperties) at ../../kjs/property_map.cpp:684
#9  0x00007f3fe4ff3cd0 in KJS::JSObject::getOwnPropertyNames (this=0x7f3fe0111c80, propertyNames=..., mode=KJS::PropertyMap::IncludeDontEnumProperties) at ../../kjs/object.cpp:680
#10 0x00007f3fe4feaaa3 in KJS::ObjectObjectFuncImp::callAsFunction (this=<optimized out>, exec=0x7fff10915f30, args=...) at ../../kjs/object_object.cpp:391
#11 0x00007f3fe500b9cd in call (args=..., thisObj=<optimized out>, exec=<optimized out>, this=<optimized out>) at ../../kjs/object.h:632
#12 KJS::Machine::runBlock (exec=0x7fff10915f30, codeBlock=..., parentExec=0x365a840, parentExec@entry=0x7fff10916210) at codes.def:1233
#13 0x00007f3fe4feff71 in KJS::FunctionImp::callAsFunction (this=0x7f3fe01113c0, exec=0x7fff10916210, thisObj=<optimized out>, args=...) at ../../kjs/function.cpp:171
#14 0x00007f3fe500b9cd in call (args=..., thisObj=<optimized out>, exec=<optimized out>, this=<optimized out>) at ../../kjs/object.h:632
#15 KJS::Machine::runBlock (exec=0x7fff10916210, codeBlock=..., parentExec=0x365a840, parentExec@entry=0x7fff109165a0) at codes.def:1233
#16 0x00007f3fe4feff71 in KJS::FunctionImp::callAsFunction (this=0x7f3fe0101240, exec=0x7fff109165a0, thisObj=<optimized out>, args=...) at ../../kjs/function.cpp:171
#17 0x00007f3fe500b9cd in call (args=..., thisObj=<optimized out>, exec=<optimized out>, this=<optimized out>) at ../../kjs/object.h:632
#18 KJS::Machine::runBlock (exec=0x7fff109165a0, codeBlock=..., parentExec=0x365a840, parentExec@entry=0x0) at codes.def:1233
#19 0x00007f3fe4fc4834 in KJS::FunctionBodyNode::execute (this=this@entry=0x3d2f8e0, exec=exec@entry=0x7fff109165a0) at ../../kjs/nodes.cpp:927
#20 0x00007f3fe4ff835b in KJS::Interpreter::evaluate (this=0x3659b00, sourceURL=..., startingLineNumber=startingLineNumber@entry=0, code=<optimized out>, codeLength=<optimized out>, thisV=thisV@entry=0x7f3fe6d50000) at ../../kjs/interpreter.cpp:567
#21 0x00007f3fe4ff84d4 in KJS::Interpreter::evaluate (this=<optimized out>, sourceURL=..., startingLineNumber=startingLineNumber@entry=0, code=..., thisV=thisV@entry=0x7f3fe6d50000) at ../../kjs/interpreter.cpp:507
#22 0x00007f3fe5ba2c03 in KJSProxy::evaluate (this=this@entry=0x34b10a0, filename=..., baseLine=baseLine@entry=0, str=..., n=..., completion=completion@entry=0x7fff109168f0) at ../../khtml/ecma/kjs_proxy.cpp:126
#23 0x00007f3fe5955202 in KHTMLPart::executeScript (this=0x19dcad0, filename=..., baseLine=baseLine@entry=0, n=..., script=...) at ../../khtml/khtml_part.cpp:1292
#24 0x00007f3fe5a0bc52 in khtml::HTMLTokenizer::scriptExecution (this=this@entry=0x3672850, str=..., scriptURL=..., baseLine=baseLine@entry=0) at ../../khtml/html/htmltokenizer.cpp:517
#25 0x00007f3fe5a11e8f in khtml::HTMLTokenizer::notifyFinished (this=0x3672850, finishedObj=<optimized out>) at ../../khtml/html/htmltokenizer.cpp:2114
#26 0x00007f3fe5b2105f in khtml::CachedScript::checkNotify (this=0x3704490) at ../../khtml/misc/loader.cpp:397
#27 0x00007f3fe5b211bc in khtml::CachedScript::data (this=0x3704490, buffer=..., eof=64) at ../../khtml/misc/loader.cpp:389
#28 0x00007f3fe5b26ca9 in khtml::Loader::slotFinished (this=0x1a01d20, job=0x34c7230) at ../../khtml/misc/loader.cpp:1273
#29 0x00007f3ff5ef387a in QMetaObject::activate (sender=sender@entry=0x34c7230, m=m@entry=0x7f3ff66f9600 <KJob::staticMetaObject>, local_signal_index=local_signal_index@entry=3, argv=argv@entry=0x7fff10916e00) at kernel/qobject.cpp:3539
#30 0x00007f3ff6369622 in KJob::result (this=this@entry=0x34c7230, _t1=_t1@entry=0x34c7230) at ./kjob.moc:207
#31 0x00007f3ff6369660 in KJob::emitResult (this=this@entry=0x34c7230) at ../../kdecore/jobs/kjob.cpp:318
#32 0x00007f3ff7d3739a in KIO::SimpleJob::slotFinished (this=this@entry=0x34c7230) at ../../kio/kio/job.cpp:496
#33 0x00007f3ff7d384ee in KIO::TransferJob::slotFinished (this=0x34c7230) at ../../kio/kio/job.cpp:1110
#34 0x00007f3ff5ef387a in QMetaObject::activate (sender=0x3631700, m=m@entry=0x7f3ff80e0580 <KIO::SlaveInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x0) at kernel/qobject.cpp:3539
#35 0x00007f3ff7dd5263 in KIO::SlaveInterface::finished (this=<optimized out>) at ./slaveinterface.moc:184
#36 0x00007f3ff7dd67a6 in KIO::SlaveInterface::dispatch (this=<optimized out>, _cmd=104, rawdata=...) at ../../kio/kio/slaveinterface.cpp:176
#37 0x00007f3ff7dd429e in KIO::SlaveInterface::dispatch (this=0x3631700) at ../../kio/kio/slaveinterface.cpp:92
#38 0x00007f3ff7dc8f16 in KIO::Slave::gotInput (this=0x3631700) at ../../kio/kio/slave.cpp:344
#39 0x00007f3ff5ef387a in QMetaObject::activate (sender=0x3759050, m=m@entry=0x7f3ff80d9aa0 <KIO::Connection::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at kernel/qobject.cpp:3539
#40 0x00007f3ff7d04b40 in KIO::Connection::readyRead (this=<optimized out>) at ./connection.moc:105
#41 0x00007f3ff7d05231 in KIO::ConnectionPrivate::dequeue (this=0x373a500) at ../../kio/kio/connection.cpp:82
#42 0x00007f3ff5ef7c1e in QObject::event (this=0x3759050, e=<optimized out>) at kernel/qobject.cpp:1194
#43 0x00007f3ff68d1e2c in QApplicationPrivate::notify_helper (this=this@entry=0x1192bc0, receiver=receiver@entry=0x3759050, e=e@entry=0x371c990) at kernel/qapplication.cpp:4567
#44 0x00007f3ff68d84a0 in QApplication::notify (this=this@entry=0x7fff10917c30, receiver=receiver@entry=0x3759050, e=e@entry=0x371c990) at kernel/qapplication.cpp:4353
#45 0x00007f3ff75dcbaa in KApplication::notify (this=0x7fff10917c30, receiver=0x3759050, event=0x371c990) at ../../kdeui/kernel/kapplication.cpp:311
#46 0x00007f3ff5edf4dd in QCoreApplication::notifyInternal (this=0x7fff10917c30, receiver=receiver@entry=0x3759050, event=event@entry=0x371c990) at kernel/qcoreapplication.cpp:953
#47 0x00007f3ff5ee2b3d in sendEvent (event=0x371c990, receiver=0x3759050) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#48 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x1152670) at kernel/qcoreapplication.cpp:1577
#49 0x00007f3ff5ee2fe3 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at kernel/qcoreapplication.cpp:1470
#50 0x00007f3ff5f0cf83 in sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:236
#51 postEventSourceDispatch (s=0x1198a50) at kernel/qeventdispatcher_glib.cpp:287
#52 0x00007f3ff21e1e04 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#53 0x00007f3ff21e2048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#54 0x00007f3ff21e20ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#55 0x00007f3ff5f0c7a1 in QEventDispatcherGlib::processEvents (this=0x1153b50, flags=...) at kernel/qeventdispatcher_glib.cpp:434
#56 0x00007f3ff6973bb6 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#57 0x00007f3ff5ede0af in QEventLoop::processEvents (this=this@entry=0x7fff10917a50, flags=...) at kernel/qeventloop.cpp:149
#58 0x00007f3ff5ede3a5 in QEventLoop::exec (this=this@entry=0x7fff10917a50, flags=...) at kernel/qeventloop.cpp:204
#59 0x00007f3ff5ee3b79 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#60 0x00007f3ff68d037c in QApplication::exec () at kernel/qapplication.cpp:3828
#61 0x00007f3ff9641dee in kdemain (argc=<optimized out>, argv=<optimized out>) at ../../../konqueror/src/konqmain.cpp:227
#62 0x00007f3ff91ebec5 in __libc_start_main (main=0x4006d0 <main(int, char**)>, argc=1, argv=0x7fff10917dd8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fff10917dc8) at libc-start.c:287
#63 0x00000000004006fe in _start ()

Reported using DrKonqi

Comment 1 Andrea Iacovitti 2014-05-30 18:10:47 UTC

Reduction:

<html>
  <head>
    <script type="text/javascript"
            src="http://images10.newegg.com/WebResource/Scripts/USA/NeweggJS/NEG.0.2.1.js">
    </script>
  </head>
</html>

Comment 2 Raúl 2014-07-02 21:22:36 UTC

Created attachment 87520 [details]
New crash information added by DrKonqi

konqueror (4.12.4) on KDE Platform 4.13.1 using Qt 4.8.6

- What I was doing when the application crashed:

I can reproduced the crash with the reduction explained in the above comment. 4.13.1 here. Regards,

-- Backtrace (Reduced):
#6  add (r=0x1) at ../../kjs/identifier.h:114
#7  Identifier (rep=0x1, this=0x7fff8b982830) at ../../kjs/identifier.h:50
#8  KJS::PropertyMap::getPropertyNames (this=this@entry=0x7fc0a8f06408, propertyNames=..., mode=mode@entry=KJS::PropertyMap::IncludeDontEnumProperties) at ../../kjs/property_map.cpp:684
#9  0x00007fc1157964d0 in KJS::JSObject::getOwnPropertyNames (this=0x7fc0a8f06400, propertyNames=..., mode=KJS::PropertyMap::IncludeDontEnumProperties) at ../../kjs/object.cpp:680
#10 0x00007fc11578d2a3 in KJS::ObjectObjectFuncImp::callAsFunction (this=<optimized out>, exec=0x7fff8b984b30, args=...) at ../../kjs/object_object.cpp:391

Comment 3 Raúl 2014-07-02 22:23:11 UTC

Created attachment 87521 [details]
Crash valgrind log

Comment 4 Joachim Mairböck 2015-12-29 09:34:08 UTC

Created attachment 96353 [details]
New crash information added by DrKonqi

konqueror (4.14.10) on KDE Platform 4.14.10 using Qt 4.8.6

- What I was doing when the application crashed:
the crash also happens on https://www.codeschool.com/ using KHTML (when logged in)

-- Backtrace (Reduced):
#6  0x00007f1b79343a08 in KJS::PropertyMap::getPropertyNames(KJS::PropertyNameArray&, KJS::PropertyMap::PropertyMode) const (r=0x1) at /usr/src/debug/kdelibs-4.14.10/kjs/identifier.h:114
#7  0x00007f1b79343a08 in KJS::PropertyMap::getPropertyNames(KJS::PropertyNameArray&, KJS::PropertyMap::PropertyMode) const (rep=0x1, this=0x7ffec200a490) at /usr/src/debug/kdelibs-4.14.10/kjs/identifier.h:50
#8  0x00007f1b79343a08 in KJS::PropertyMap::getPropertyNames(KJS::PropertyNameArray&, KJS::PropertyMap::PropertyMode) const (this=this@entry=0x7f1ae9c091c8, propertyNames=..., mode=mode@entry=KJS::PropertyMap::IncludeDontEnumProperties) at /usr/src/debug/kdelibs-4.14.10/kjs/property_map.cpp:684
#9  0x00007f1b7933cc90 in KJS::JSObject::getOwnPropertyNames(KJS::ExecState*, KJS::PropertyNameArray&, KJS::PropertyMap::PropertyMode) (this=0x7f1ae9c091c0, propertyNames=..., mode=KJS::PropertyMap::IncludeDontEnumProperties) at /usr/src/debug/kdelibs-4.14.10/kjs/object.cpp:680
#10 0x00007f1b793333c9 in KJS::ObjectObjectFuncImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (this=0x7f1ac18e6f00, exec=0x7ffec200c790, args=...) at /usr/src/debug/kdelibs-4.14.10/kjs/object_object.cpp:319

Comment 5 Justin Zobel 2020-12-17 05:23:12 UTC

Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.

Comment 6 Graeme Hewson 2020-12-18 10:32:52 UTC

I tested using the reduction in comment 1. There's no crash using WebEngine, but there's still a segmentation exception using KHTML.

This is not a problem for me as I no longer use Konqueror.

Comment 7 Justin Zobel 2022-11-21 08:11:53 UTC

Thank you for reporting this issue in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the issue with a recent software version?

If you can reproduce the issue, please change the status to "REPORTED" when replying. Thank you!

Comment 8 Graeme Hewson 2022-11-21 09:14:21 UTC

The situation is unchanged since my comment 6.

Now on KDE 22.10, Konqueror 21.12.3.

Comment 9 Graeme Hewson 2022-11-21 09:15:19 UTC

Kubuntu 22.10, I mean.

Comment 10 Stefano Crocco 2022-11-21 09:23:51 UTC

(In reply to Graeme Hewson from comment #8)
> The situation is unchanged since my comment 6.
> 
> Now on KDE 22.10, Konqueror 21.12.3.

Sorry for not acting on your previous answer. As KHTML is deprecated, I'll close the bug.