343446 – Kontact crashes when reading HTML E-Mails in KMail

Bug 343446 - Kontact crashes when reading HTML E-Mails in KMail

Summary: Kontact crashes when reading HTML E-Mails in KMail

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	kontact
Classification:	Applications
Component:	mail (show other bugs)
Version:	unspecified
Platform:	Compiled Sources Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Duplicates (15):	340873 342731 343856 349859 349919 349959 350357 350942 351216 352012 352248 353069 359985 360370 381785 (view as bug list)
Depends on:
Blocks:

Reported:	2015-01-28 10:41 UTC by Oliver Maurhart
Modified:	2017-06-29 17:21 UTC (History)
CC List:	15 users (show)

See Also:	https://bugzilla.gnome.org/show_bug.cgi?id=738270
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Oliver Maurhart 2015-01-28 10:41:50 UTC

Open up Kontact and started reading in E-Mail. First change to HTML View and then loading images. While loading, kontact crashes.

Happens all the time.

The crash can be reproduced every time.

-- Backtrace:
Application: Kontact (kontact), signal: Segmentation fault
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f172d44f800 (LWP 13637))]

Thread 5 (Thread 0x7f17130aa700 (LWP 13638)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007f17282d71aa in WTF::TCMalloc_PageHeap::scavengerThread (this=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/JavaScriptCore/wtf/FastMalloc.cpp:2495
#2  0x00007f17282d71e9 in WTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/JavaScriptCore/wtf/FastMalloc.cpp:1618
#3  0x00007f1725288224 in start_thread (arg=0x7f17130aa700) at pthread_create.c:310
#4  0x00007f172aa11c9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 4 (Thread 0x7f17127a9700 (LWP 13639)):
#0  0x00007f172be1bd9b in testAndSetOrdered (newValue=1, expectedValue=0, this=0x185da60) at ../../include/QtCore/../../../qt-everywhere-opensource-src-4.8.6/src/corelib/arch/qatomic_x86_64.h:145
#1  testAndSetAcquire (newValue=1, expectedValue=0, this=0x185da60) at ../../include/QtCore/../../../qt-everywhere-opensource-src-4.8.6/src/corelib/arch/qatomic_x86_64.h:267
#2  tryLockInline (this=0x185da18) at ../../include/QtCore/../../../qt-everywhere-opensource-src-4.8.6/src/corelib/thread/qmutex.h:181
#3  lockInline (this=0x185da18) at ../../include/QtCore/../../../qt-everywhere-opensource-src-4.8.6/src/corelib/thread/qmutex.h:189
#4  QMutexLocker (m=0x185da18, this=<synthetic pointer>) at ../../include/QtCore/../../../qt-everywhere-opensource-src-4.8.6/src/corelib/thread/qmutex.h:109
#5  canWaitLocked (this=0x185d9d0) at ../../include/QtCore/private/../../../../qt-everywhere-opensource-src-4.8.6/src/corelib/thread/qthread_p.h:228
#6  postEventSourcePrepare (s=0x7f170c0012e0, timeout=timeout@entry=0x7f17127a8c24) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventdispatcher_glib.cpp:279
#7  0x00007f1724466fdd in g_main_context_prepare (context=context@entry=0x7f170c0009a0, priority=priority@entry=0x7f17127a8ca8) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3399
#8  0x00007f1724467853 in g_main_context_iterate (context=context@entry=0x7f170c0009a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3761
#9  0x00007f1724467a3c in g_main_context_iteration (context=0x7f170c0009a0, may_block=1) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3842
#10 0x00007f172be1ba0e in QEventDispatcherGlib::processEvents (this=0x7f170c0008c0, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventdispatcher_glib.cpp:452
#11 0x00007f172bdeceaf in QEventLoop::processEvents (this=this@entry=0x7f17127a8de0, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventloop.cpp:149
#12 0x00007f172bded1a5 in QEventLoop::exec (this=this@entry=0x7f17127a8de0, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventloop.cpp:204
#13 0x00007f172bce6e6f in QThread::exec (this=<optimized out>) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/thread/qthread.cpp:538
#14 0x00007f172bce95df in QThreadPrivate::start (arg=0x185d840) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/thread/qthread_unix.cpp:349
#15 0x00007f1725288224 in start_thread (arg=0x7f17127a9700) at pthread_create.c:310
#16 0x00007f172aa11c9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 3 (Thread 0x7f16c3e05700 (LWP 13651)):
#0  g_private_get_impl (key=key@entry=0x7f1724754b00 <g_thread_specific_private>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gthread-posix.c:1026
#1  g_private_get (key=key@entry=0x7f1724754b00 <g_thread_specific_private>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gthread-posix.c:1057
#2  0x00007f172448cca0 in g_thread_self () at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gthread.c:958
#3  0x00007f17244669ec in g_main_context_acquire (context=0x3310cc0) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3166
#4  0x00007f17244677f5 in g_main_context_iterate (context=0x3310cc0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3731
#5  0x00007f1724467c5a in g_main_loop_run (loop=0x331cf90) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3975
#6  0x00007f16bb9384d6 in gdbus_shared_thread_func (user_data=0x331cfd0) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/gio/gdbusprivate.c:273
#7  0x00007f172448c805 in g_thread_proxy (data=0x32ab0a0) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gthread.c:764
#8  0x00007f1725288224 in start_thread (arg=0x7f16c3e05700) at pthread_create.c:310
#9  0x00007f172aa11c9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 2 (Thread 0x7f16b11e5700 (LWP 13654)):
#0  g_mutex_unlock (mutex=0x33327f0) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gthread-posix.c:1343
#1  0x00007f1724467249 in g_main_context_query (context=context@entry=0x33327f0, max_priority=2147483647, timeout=timeout@entry=0x7f16b11e4ddc, fds=fds@entry=0x7f16ac0008c0, n_fds=n_fds@entry=2) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3536
#2  0x00007f17244678a2 in g_main_context_iterate (context=context@entry=0x33327f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3763
#3  0x00007f1724467a3c in g_main_context_iteration (context=0x33327f0, may_block=may_block@entry=1) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3842
#4  0x00007f1724467a79 in glib_worker_main (data=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:5589
#5  0x00007f172448c805 in g_thread_proxy (data=0x33199e0) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gthread.c:764
#6  0x00007f1725288224 in start_thread (arg=0x7f16b11e5700) at pthread_create.c:310
#7  0x00007f172aa11c9d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109

Thread 1 (Thread 0x7f172d44f800 (LWP 13637)):
[KCrash Handler]
#6  IA__gdk_display_open (display_name=<optimized out>) at /var/tmp/portage/x11-libs/gtk+-2.24.25-r1/work/gtk+-2.24.25/gdk/x11/gdkdisplay-x11.c:173
#7  0x00007f16a963e67d in IA__gdk_display_open_default_libgtk_only () at /var/tmp/portage/x11-libs/gtk+-2.24.25-r1/work/gtk+-2.24.25/gdk/gdk.c:324
#8  0x00007f16a99fcb64 in IA__gtk_init_check (argc=argc@entry=0x0, argv=argv@entry=0x0) at /var/tmp/portage/x11-libs/gtk+-2.24.25-r1/work/gtk+-2.24.25/gtk/gtkmain.c:995
#9  0x00007f16a99fcb89 in IA__gtk_init (argc=argc@entry=0x0, argv=argv@entry=0x0) at /var/tmp/portage/x11-libs/gtk+-2.24.25-r1/work/gtk+-2.24.25/gtk/gtkmain.c:1042
#10 0x00007f1727fe043b in WebCore::initializeGtk (module=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/qt/PluginPackageQt.cpp:115
#11 0x00007f1727fe06c2 in WebCore::PluginPackage::load (this=this@entry=0x7f171280c040) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/qt/PluginPackageQt.cpp:175
#12 0x00007f1727fe0706 in WebCore::PluginPackage::fetchInfo (this=this@entry=0x7f171280c040) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/qt/PluginPackageQt.cpp:40
#13 0x00007f1727eb21c6 in WebCore::PluginPackage::createPackage (path=..., lastModified=@0x7fff39b4d750: 1422296013) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/PluginPackage.cpp:162
#14 0x00007f1727eafe51 in WebCore::PluginDatabase::refresh (this=0x7f16c435cc80) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/PluginDatabase.cpp:141
#15 0x00007f1727eb09b6 in WebCore::PluginDatabase::installedPlugins (populate=160, populate@entry=true) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/PluginDatabase.cpp:71
#16 0x00007f1727a820c0 in WebCore::FrameLoaderClientQt::objectContentType (this=0x2da6ea0, url=..., mimeTypeIn=..., shouldPreferPlugInsForImages=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1382
#17 0x00007f1727ce9763 in WebCore::HTMLPlugInImageElement::isImageType (this=this@entry=0x310ce70) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/HTMLPlugInImageElement.cpp:63
#18 0x00007f1727ce2c92 in WebCore::HTMLObjectElement::parseMappedAttribute (this=0x310ce70, attr=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/HTMLObjectElement.cpp:92
#19 0x00007f17281d49ef in WebCore::StyledElement::attributeChanged (this=0x310ce70, attr=0x7f16c09e0ea0, preserveDecls=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/dom/StyledElement.cpp:188
#20 0x00007f1727bcf4ba in WebCore::Element::setAttributeMap (this=this@entry=0x310ce70, list=..., scriptingPermission=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/dom/Element.cpp:851
#21 0x00007f17282174cb in WebCore::HTMLConstructionSite::createHTMLElement (this=this@entry=0x7f16c4289f08, token=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:379
#22 0x00007f1728218e4e in WebCore::HTMLConstructionSite::insertHTMLElement (this=this@entry=0x7f16c4289f08, token=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:289
#23 0x00007f1727d349a7 in WebCore::HTMLTreeBuilder::processStartTagForInBody (this=this@entry=0x7f16c4289ee0, token=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:881
#24 0x00007f1727d35b9a in WebCore::HTMLTreeBuilder::processStartTag (this=0x7f16c4289ee0, token=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:1248
#25 0x00007f1727d36e5d in WebCore::HTMLTreeBuilder::processToken (this=this@entry=0x7f16c4289ee0, token=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:479
#26 0x00007f1727d36e8e in WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken (this=this@entry=0x7f16c4289ee0, token=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:460
#27 0x00007f1727d370b4 in WebCore::HTMLTreeBuilder::constructTreeFromToken (this=0x7f16c4289ee0, rawToken=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:450
#28 0x00007f1727d182d0 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7f17127f6000, mode=WebCore::HTMLDocumentParser::AllowYield) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:276
#29 0x00007f1727d19499 in WebCore::HTMLDocumentParser::append (this=0x7f17127f6000, source=...) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:367
#30 0x00007f17281c9e3c in WebCore::DecodedDataDocumentParser::appendBytes (this=0x7f17127f6000, writer=<optimized out>, data=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=3952, shouldFlush=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:54
#31 0x00007f1727dabec1 in WebCore::DocumentLoader::commitData (this=this@entry=0x7f16c0a25000, bytes=bytes@entry=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=length@entry=3952) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/loader/DocumentLoader.cpp:321
#32 0x00007f1727a7f30d in WebCore::FrameLoaderClientQt::committedLoad (this=0x2da6ea0, loader=0x7f16c0a25000, data=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=3952) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:901
#33 0x00007f1727dac68c in WebCore::DocumentLoader::commitLoad (this=0x7f16c0a25000, data=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=3952) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/loader/DocumentLoader.cpp:307
#34 0x00007f1727de1cd5 in WebCore::ResourceLoader::didReceiveData (this=0x7f17127f3d80, data=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=3952, encodedDataLength=-1, allAtOnce=<optimized out>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/loader/ResourceLoader.cpp:279
#35 0x00007f1727dd25e0 in WebCore::MainResourceLoader::didReceiveData (this=0x7f17127f3d80, data=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=3952, encodedDataLength=-1, allAtOnce=false) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/loader/MainResourceLoader.cpp:463
#36 0x00007f1727de0376 in WebCore::ResourceLoader::didReceiveData (this=0x7f17127f3d80, data=0x312e4c8 "Child(e)}}function r(){\"complete\"===c.readyState&&o()}function o(){a(\"mark\",[\"domContent\",i()])}function i(){return(new Date).getTime()}var a=t(\"handle\"),s=window,c=s.document,f=\"addEventListener\",u=\""..., length=3952, encodedDataLength=-1) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/loader/ResourceLoader.cpp:433
#37 0x00007f1727fc3d71 in WebCore::QNetworkReplyHandler::forwardData (this=0x2da7220) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:586
#38 0x00007f1727fc5ddc in WebCore::QNetworkReplyHandlerCallQueue::flush (this=this@entry=0x2da7258) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:195
#39 0x00007f1727fc5e2b in flush (this=0x2da7258) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:189
#40 WebCore::QNetworkReplyHandlerCallQueue::push (this=0x2da7258, method=(void (WebCore::QNetworkReplyHandler::*)(WebCore::QNetworkReplyHandler * const)) 0x7f1727fc3d10 <WebCore::QNetworkReplyHandler::forwardData()>) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:164
#41 0x00007f1727fc5e6c in WebCore::QNetworkReplyWrapper::didReceiveReadyRead (this=0x30bfe40) at /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:342
#42 0x00007f172be024da in QMetaObject::activate (sender=0x2b08980, m=<optimized out>, local_signal_index=<optimized out>, argv=0x0) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qobject.cpp:3567
#43 0x00007f172be024da in QMetaObject::activate (sender=sender@entry=0x310f650, m=m@entry=0x7f172a6c0820 <KIO::TransferJob::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fff39b4e260) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qobject.cpp:3567
#44 0x00007f172a31dc74 in KIO::TransferJob::data (this=this@entry=0x310f650, _t1=_t1@entry=0x310f650, _t2=...) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kio/jobclasses.moc:446
#45 0x00007f172a320559 in KIO::TransferJob::slotData (this=0x310f650, _data=...) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kio/kio/job.cpp:999
#46 0x00007f172be024da in QMetaObject::activate (sender=0x312b670, m=m@entry=0x7f172a6c4be0 <KIO::SlaveInterface::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7fff39b4e410) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qobject.cpp:3567
#47 0x00007f172a3bf672 in KIO::SlaveInterface::data (this=<optimized out>, _t1=...) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kio/slaveinterface.moc:159
#48 0x00007f172a3c0fd0 in KIO::SlaveInterface::dispatch (this=<optimized out>, _cmd=100, rawdata=...) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kio/kio/slaveinterface.cpp:164
#49 0x00007f172a3be74e in KIO::SlaveInterface::dispatch (this=0x312b670) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kio/kio/slaveinterface.cpp:92
#50 0x00007f172a3b3426 in KIO::Slave::gotInput (this=0x312b670) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kio/kio/slave.cpp:344
#51 0x00007f172be024da in QMetaObject::activate (sender=0x312d9f0, m=m@entry=0x7f172a6be100 <KIO::Connection::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x0) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qobject.cpp:3567
#52 0x00007f172a2ef630 in KIO::Connection::readyRead (this=<optimized out>) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3_build/kio/connection.moc:105
#53 0x00007f172a2efd20 in KIO::ConnectionPrivate::dequeue (this=0x28f7880) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kio/kio/connection.cpp:82
#54 0x00007f172be0695e in QObject::event (this=0x312d9f0, e=<optimized out>) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qobject.cpp:1222
#55 0x00007f172b19a97c in QApplicationPrivate::notify_helper (this=this@entry=0x169e6b0, receiver=receiver@entry=0x312d9f0, e=e@entry=0x1692f60) at /var/tmp/portage/dev-qt/qtgui-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/gui/kernel/qapplication.cpp:4565
#56 0x00007f172b1a104d in QApplication::notify (this=this@entry=0x7fff39b4ee70, receiver=receiver@entry=0x312d9f0, e=e@entry=0x1692f60) at /var/tmp/portage/dev-qt/qtgui-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/gui/kernel/qapplication.cpp:4351
#57 0x00007f172c8653ba in KApplication::notify (this=0x7fff39b4ee70, receiver=0x312d9f0, event=0x1692f60) at /var/tmp/portage/kde-base/kdelibs-4.14.3-r1/work/kdelibs-4.14.3/kdeui/kernel/kapplication.cpp:311
#58 0x00007f172bdee30d in QCoreApplication::notifyInternal (this=0x7fff39b4ee70, receiver=receiver@entry=0x312d9f0, event=event@entry=0x1692f60) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qcoreapplication.cpp:953
#59 0x00007f172bdf152a in sendEvent (event=0x1692f60, receiver=0x312d9f0) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qcoreapplication.h:231
#60 QCoreApplicationPrivate::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0, data=0x16522e0) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qcoreapplication.cpp:1577
#61 0x00007f172bdf19c3 in QCoreApplication::sendPostedEvents (receiver=receiver@entry=0x0, event_type=event_type@entry=0) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qcoreapplication.cpp:1470
#62 0x00007f172be1c21e in sendPostedEvents () at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qcoreapplication.h:236
#63 postEventSourceDispatch (s=0x16916f0) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventdispatcher_glib.cpp:300
#64 0x00007f1724467754 in g_main_dispatch (context=0x169ea00) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3111
#65 g_main_context_dispatch (context=context@entry=0x169ea00) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3710
#66 0x00007f1724467998 in g_main_context_iterate (context=context@entry=0x169ea00, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3781
#67 0x00007f1724467a3c in g_main_context_iteration (context=0x169ea00, may_block=1) at /var/tmp/portage/dev-libs/glib-2.42.1/work/glib-2.42.1/glib/gmain.c:3842
#68 0x00007f172be1b9ee in QEventDispatcherGlib::processEvents (this=0x1653be0, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventdispatcher_glib.cpp:450
#69 0x00007f172b238b66 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at /var/tmp/portage/dev-qt/qtgui-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/gui/kernel/qguieventdispatcher_glib.cpp:204
#70 0x00007f172bdeceaf in QEventLoop::processEvents (this=this@entry=0x7fff39b4ed70, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventloop.cpp:149
#71 0x00007f172bded1a5 in QEventLoop::exec (this=this@entry=0x7fff39b4ed70, flags=...) at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qeventloop.cpp:204
#72 0x00007f172bdf25f9 in QCoreApplication::exec () at /var/tmp/portage/dev-qt/qtcore-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/corelib/kernel/qcoreapplication.cpp:1225
#73 0x00007f172b198fcc in QApplication::exec () at /var/tmp/portage/dev-qt/qtgui-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/gui/kernel/qapplication.cpp:3823
#74 0x00000000004035f2 in main (argc=1, argv=0x7fff39b4efb8) at /var/tmp/portage/kde-base/kontact-4.14.3/work/kontact-4.14.3/kontact/src/main.cpp:219

Possible duplicates by query: bug 341530.

Report to https://bugs.kde.org/

Reproducible: Always

Comment 1 Laurent Montel 2015-01-30 08:00:02 UTC

it's for each html mail ? or a specific html mail ?

Comment 2 Oliver Maurhart 2015-01-30 08:11:49 UTC

Mhm, it has been for a specific HTML mail. But for this certain E-Mail all the time.

It turned off HTML E-Mail rendering in general. For this E-Mail I turned it on. But still images were not loaded. So in a seconds step I clicked on Loading Images and it is this when after some seconds KMail crashed.

But it was not an important mail. More actually an ad. I also lost interest and I kicked the mail already. Sorry. 

But maybe the backtrace is still of interest ... if  Webkit - gtk+-2.24.25/gdk/x11/gdkdisplay-x11.c:173 is in some sense really of interest to KDE. I mean: why does KMail HTML rendering refer to Webkit gtk+ in the first place? Isn't Qt Webkit sufficiant? Then again I lack deeper knowledge on how webkit qt/gtk do relate to each other and Qt/KDE rendering.

Comment 3 Laurent Montel 2015-01-30 08:34:47 UTC

It's in qwebkit
But without specific email we can't report bug to qt
I close as bug as upstream.

Comment 4 Wolfgang Bauer 2015-01-31 15:39:14 UTC

FYI, the backtrace looks quite similar to the one in this openSUSE bugreport:
https://bugzilla.opensuse.org/show_bug.cgi?id=901006

There the crash is caused by the evince-browser-plugin (that's also the reason why GTK is involved).
Do you have that installed?

Apparently this plugin also causes problems with Firefox (therefore it is being removed from openSUSE's evince package), so I'm not sure this is a QtWebKit bug.

Comment 5 Oliver Maurhart 2015-02-01 09:28:14 UTC

Mhm, yes I do have evince installed. 

$ eix -e evince
[I] app-text/evince
     Available versions:  3.12.2(0/evd3.4-evv3.3)^t (~)3.12.2-r1(0/evd3.4-evv3.3)^t (~)3.14.1(0/evd3.4-evv3.3)^t (~)3.14.1-r1(0/evd3.4-evv3.3) [m]**9999(0/evd3.4-evv3.3)^t[1] {debug djvu doc dvi gnome +introspection libsecret nautilus +postscript t1lib tiff xps}
     Installed versions:  3.14.1-r1(11:15:31 AM 01/26/2015)(introspection postscript tiff -debug -djvu -dvi -gnome -libsecret -nautilus -t1lib -xps)
     Homepage:            https://wiki.gnome.org/Apps/Evince
     Description:         Simple document viewer for GNOME


How do I check if on my system (Gentoo) the series KMail -> qwebkit -> webkit-gtk -> evince holds?

Comment 6 Wolfgang Bauer 2015-02-03 10:32:45 UTC

(In reply to dyle from comment #5)
> How do I check if on my system (Gentoo) the series KMail -> qwebkit ->
> webkit-gtk -> evince holds?

Well, if you have an EMail with which you can reproduce the crash, you could try to remove the plugin and see if it still crashes. It should be /usr/lib(64)/browser-plugins/libevbrowserplugin.so or similar.

You have 3.14.1 installed, that's the same version that crashed for me (I mainly experienced the crashes with Konqueror, but could reproduce them with rekonq and qt4-browser which all use QtWebKit, like Akregator does as well). Since I removed evince-browser-plugin (it's a separate package in openSUSE), I had no more crashes.

You can compile evince without the browser plugin, just add the option "--disable-browser-plugin" to your call of configure.

Comment 7 Wolfgang Bauer 2015-02-03 10:36:05 UTC

Btw, you keep mentioning webkit-gtk, but this is not at all involved here.

It's the evince-browser-plugin that loads/uses GTK, as evince is a GNOME/GTK application.

Comment 8 Oliver Maurhart 2015-02-04 07:31:19 UTC

Ok, Now you've raised the attention of my "Sportsgeist".

The error is clearly found in gtk+, involving any Plugin, not particular evince. It keeps me wondering why my HTML rendering should wind up in evince, since I coded QtWebKit Apps already and didn't find any need to include other stuff. But then again, you are right in the general principle.

Basically QtWebKit inits Gtk for some modules. This may be evince, but reading the source this may also be Adobe Flash or any other plugin. So, unlinking evince dependencies may resolve the problem, but this is a) a hack and b) only sufficient if the module/plugin in question is actually evince. In other module/plugin might crash as well.

Nevertheless at line 115 in QtWebKit Plugin Loader gtkInit() is invoked (for any module).

# nl -ba /var/tmp/portage/dev-qt/qtwebkit-4.8.6-r1/work/qt-everywhere-opensource-src-4.8.6/src/3rdparty/webkit/Source/WebCore/plugins/qt/PluginPackageQt.cpp | grep -C 14 '^ *115'
   101  static void initializeGtk(QLibrary* module = 0)
   102  {
   103      // Ensures missing Gtk initialization in some versions of Adobe's flash player
   104      // plugin do not cause crashes. See BR# 40567, 44324, and 44405 for details.  
   105      if (module) {
   106          typedef void *(*gtk_init_ptr)(int*, char***);
   107          gtk_init_ptr gtkInit = (gtk_init_ptr)module->resolve("gtk_init");
   108          if (gtkInit) {
   109              // Prevent gtk_init() from replacing the X error handlers, since the Gtk
   110              // handlers abort when they receive an X error, thus killing the viewer.
   111  #ifdef Q_WS_X11
   112              int (*old_error_handler)(Display*, XErrorEvent*) = XSetErrorHandler(0);
   113              int (*old_io_error_handler)(Display*) = XSetIOErrorHandler(0);
   114  #endif
   115              gtkInit(0, 0);
   116  #ifdef Q_WS_X11
   117              XSetErrorHandler(old_error_handler);
   118              XSetIOErrorHandler(old_io_error_handler);
   119  #endif
   120              return;
   121          }
   122      }
   123
   124      QLibrary library(QLatin1String("libgtk-x11-2.0.so.0"));
   125      if (library.load()) {
   126          typedef void *(*gtk_init_check_ptr)(int*, char***);
   127          gtk_init_check_ptr gtkInitCheck = (gtk_init_check_ptr)library.resolve("gtk_init_check");
   128          // NOTE: We're using gtk_init_check() since gtk_init() calls exit() on failure.
   129          if (gtkInitCheck)

This winds up finally in gtk+ at line 173 crashing:

# nl -ba /var/tmp/portage/x11-libs/gtk+-2.24.25-r1/work/gtk+-2.24.25/gdk/x11/gdkdisplay-x11.c | grep -C 4 '^ *173'                                                                                                                                                                                         
   169    
   170    display = g_object_new (GDK_TYPE_DISPLAY_X11, NULL);
   171    display_x11 = GDK_DISPLAY_X11 (display);
   172
   173    display_x11->use_xshm = TRUE;
   174    display_x11->xdisplay = xdisplay;
   175
   176  #ifdef HAVE_X11R6  
   177    /* Set up handlers for Xlib internal connections */

Simply because the GTK+ devs take it for granted, that "display_x11 = GDK_DISPLAY_X11 (display);" must return a non-NULL pointer. Why it doesn't in my case, I cannot say (yet).

However, I consider forgetting to check a pointer for NULL value before dereferencing (line 173) not to be a good programming practice. This is not a good sign of code quality. =(

It's clearly upstream at the gtk+. IMHO if gtk+ fails to open up a x11 display it should return with a proper error message (e.g. "Failed to init X11 Display") but must not crash the calling application (which might anything finally utilizing gtk+).

But, sadly, I currently lack the requirements - the specific email causing the trouble - to retry and to find out why my "display_x11 = GDK_DISPLAY_X11 (display);" fails. Maybe it's a race condition on threads (if multi-threading is an option here), maybe it got to do something with my nvidia-driver, maybe something totally else. Don't know.

Comment 9 Wolfgang Bauer 2015-02-04 11:13:38 UTC

Well, I only had this crash with evince-browser-plugin.
And I'm using radeon here, so this is definitely not related to the nvidia driver... ;)

It's unconditionally reproducible here (on two different systems), so I don't think it's a race-condition either.

If you want to reproduce it, run Konqueror (with the WebKit engine) or rekonq and browse to one of the sites I mentioned in the openSUSE bugreport, in particular  http://build.opensuse.org/ (just opening that site should cause the crash).

If you want to follow this up, there's this GNOME bugreport e.g. (which status is RESOLVED NOTGNOME :-( ):
https://bugzilla.gnome.org/show_bug.cgi?id=738270

Comment 10 Oliver Maurhart 2015-02-04 11:26:37 UTC

Huh! You are right! Opening up http://build.opensuse.org/ in konqueror crashes at the exact same place! o.O

I don't know if "RESOLVED NOTGNOME" is the right choice. It's clearly a gtk+ bug to me. And as such it might not be Gnome per se - when one defines "Gnome" not to be confused with "Gimp Toolkit". 

That's like filing a bug report for Qt on the kde.bugzilla and then resolving it as "NOTKDE". Which is true then.

However, the gtk+ devs *do* refer to the gnome bugzilla ... what a mess.

Ok, I'll attach myself to the correct bug report at the gnome site and give the devs a nudge again.

Comment 11 Wolfgang Bauer 2015-02-04 11:47:31 UTC

(In reply to dyle from comment #10)
> Ok, I'll attach myself to the correct bug report at the gnome site and give
> the devs a nudge again.

Thanks!
I was thinking the same right now .

Actually I forgot about this bug since I uninstalled evince-browser-plugin, because I didn't see any more crashes. (I did contemplate to investigate it further back then)
And as I mentioned, openSUSE's GNOME team decided to just remove evince-browser-plugin from the distribution (unrelated to QtWebKit), because of the upstream bug's status, so I didn't care either any more...

But it definitely would be better to solve this problem at the source, I think.

Comment 12 Wolfgang Bauer 2015-02-04 18:07:25 UTC

*** Bug 340873 has been marked as a duplicate of this bug. ***

Comment 13 Wolfgang Bauer 2015-02-06 21:07:54 UTC

*** Bug 343856 has been marked as a duplicate of this bug. ***

Comment 14 Wolfgang Bauer 2015-02-06 21:10:24 UTC

*** Bug 342731 has been marked as a duplicate of this bug. ***

Comment 15 Christoph Feck 2015-07-18 21:46:48 UTC

*** Bug 349859 has been marked as a duplicate of this bug. ***

Comment 16 Christoph Feck 2015-09-04 08:26:44 UTC

*** Bug 352248 has been marked as a duplicate of this bug. ***

Comment 17 Christoph Feck 2015-09-04 08:28:37 UTC

*** Bug 349919 has been marked as a duplicate of this bug. ***

Comment 18 Christoph Feck 2015-09-04 08:29:07 UTC

*** Bug 349959 has been marked as a duplicate of this bug. ***

Comment 19 Christoph Feck 2015-09-04 08:29:32 UTC

*** Bug 350357 has been marked as a duplicate of this bug. ***

Comment 20 Christoph Feck 2015-09-04 08:29:53 UTC

*** Bug 350942 has been marked as a duplicate of this bug. ***

Comment 21 Christoph Feck 2015-09-04 08:30:20 UTC

*** Bug 351216 has been marked as a duplicate of this bug. ***

Comment 22 Christoph Feck 2015-09-04 08:30:43 UTC

*** Bug 352012 has been marked as a duplicate of this bug. ***

Comment 23 Christoph Feck 2015-09-23 10:50:05 UTC

*** Bug 353069 has been marked as a duplicate of this bug. ***

Comment 24 Christoph Feck 2016-10-26 00:02:41 UTC

*** Bug 359985 has been marked as a duplicate of this bug. ***

Comment 25 Christoph Feck 2016-10-26 00:03:04 UTC

*** Bug 360370 has been marked as a duplicate of this bug. ***

Comment 26 Wolfgang Bauer 2017-06-29 17:21:21 UTC

*** Bug 381785 has been marked as a duplicate of this bug. ***