Patch: Crash: blocking JS alert and deleting a window

Koos Vriezen koos.vriezen at xs4all.nl
Mon Oct 21 21:52:34 BST 2002 

On Sat, 19 Oct 2002, Koos Vriezen wrote:

> On Sat, 19 Oct 2002, Koos Vriezen wrote:
>
> > On Sat, 19 Oct 2002, Dirk Mueller wrote:
> >
> > > On Sam, 19 Okt 2002, Koos Vriezen wrote:
> > >
> > > > Ok reverted that. Indeed I get an do-you-want-to-download-xxx message
> > > > box, but only one and clicking no doesn't make it crash.
> > >
> > > I believe you only see it in valgrind :)
> > >
> >
> > Looking at the bt (http://bugs.kde.org/show_bug.cgi?id=44547), I only see
> > one 'enter_loop()'. Probably not related to crashes causes by blocking JS
> > on a message box.
>
> Uhm, the crash always occurs when coming back to the first loop. Could be
> related still...

Ok, this is the stack when the message box is still shown:
KMessageBox::questionYesNo(QWidget*, ....)
khtml::RenderPartObject::slotPartLoadingErrorNotify()
khtml::RenderPartObject::partLoadingErrorNotify(khtml::ChildFrame*, ....)
KHTMLPart::processObjectRequest(khtml::ChildFrame*, KURL const&, QString const&)
KHTMLPart::requestObject(khtml::ChildFrame*, KURL const&, KParts::URLArgs const&)
khtml::RenderPartObject::partLoadingErrorNotify(khtml::ChildFrame*, ....)
KHTMLPart::processObjectRequest(khtml::ChildFrame*, KURL const&, QString const&)
KHTMLRun::foundMimeType(QString const&)
KParts::BrowserRun::slotBrowserMimetype(KIO::Job*, QString const&)
KParts::BrowserRun::qt_invoke(int, QUObject*)
KHTMLRun::qt_invoke(int, QUObject*)
QObject::activate_signal(QConnectionList*, QUObject*)
KIO::TransferJob::mimetype(KIO::Job*, QString const&)

Didn't debug it, but looking at the source KHTMLPart::requestObject(...)
does a child->m_run->abort(), which schedules a 'delete this'. The timer
event will occur in the dialog message loop, so a crash occurs in
KParts::BrowserRun after it returns there.

Yes, this seems related. But how to fix this? (Well, none really needed
with your workaround). But maybe KHTMLPart::requestObject could check if
child->m_run is onHold before aborting?....Don't see how though, no
Job::isOnHold or similar available.

Koos

More information about the kfm-devel mailing list