Invalid CSS selector crashes KHTML

Malte Starostik malte at kde.org
Tue Feb 25 18:19:02 GMT 2003 

Hi,

Invalid CSS selectors can crash KHTML with the below bt.
Test pages: http://malte.homeip.net/ (valid, no crash), 
http://malte.homeip.net/crash.html (syntax error in style sheet => crash)

The problematic snippet is:
.foo.#bar { ... }, note the bogus dot before #bar
.#bar { ... } is ignored w/o a crash.

Regards,
-Malte

[New Thread 16384 (LWP 457)]
0x4124a539 in wait4 () from /lib/i686/libc.so.6
#0  0x4124a539 in wait4 () from /lib/i686/libc.so.6
#1  0x412ca910 in sys_sigabbrev () from /lib/i686/libc.so.6
#2  0x4104dfc3 in waitpid () from /lib/i686/libpthread.so.0
#3  0x40700e79 in KCrash::defaultCrashHandler(int) (sig=11)
    at /home/malte/src/kde/kdelibs/kdecore/kcrash.cpp:235
#4  0x411c5838 in sigaction () from /lib/i686/libc.so.6
#5  0x42040898 in DOM::CSSParser::parseSheet(DOM::CSSStyleSheetImpl*, 
DOM::DOMString const&) (this=0xbfffdcf0, sheet=0x82e6700, string=@0xbfffdd90)
    at /home/malte/src/kde/kdelibs/khtml/css/cssparser.cpp:146
#6  0x420366d5 in DOM::CSSStyleSheetImpl::parseString(DOM::DOMString const&, 
bool) (this=0x82e6700, string=@0xbfffdd90, strict=true)
    at /home/malte/src/kde/kdelibs/khtml/css/css_stylesheetimpl.cpp:206
#7  0x41fcd2b7 in DOM::HTMLStyleElementImpl::childrenChanged() 
(this=0x82da658)
    at /home/malte/src/kde/kdelibs/khtml/html/html_headimpl.cpp:395
#8  0x41fa9d26 in DOM::NodeBaseImpl::addChild(DOM::NodeImpl*) (this=0x82da658, 
    newChild=0x8326488)
    at /home/malte/src/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:1359
#9  0x41fc12f1 in khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (
    this=0x83ba8e0, n=0x8326488, flat=true)
    at /home/malte/src/kde/kdelibs/khtml/html/htmlparser.cpp:300
#10 0x41fc124c in khtml::KHTMLParser::parseToken(khtml::Token*) (
    this=0x83ba8e0, t=0x83ba7e4)
    at /home/malte/src/kde/kdelibs/khtml/html/htmlparser.cpp:268
#11 0x41fc98ec in khtml::HTMLTokenizer::processToken() (this=0x83ba7b0)
    at /home/malte/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1579
#12 0x41fc4f99 in khtml::HTMLTokenizer::parseSpecial(khtml::DOMStringIt&) (
    this=0x83ba7b0, src=@0x83ba8bc)
    at /home/malte/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:342
#13 0x41fc8099 in khtml::HTMLTokenizer::parseTag(khtml::DOMStringIt&) (
    this=0x83ba7b0, src=@0x83ba8bc)
    at /home/malte/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1120
#14 0x41fc89f5 in khtml::HTMLTokenizer::write(QString const&, bool) (
    this=0x83ba7b0, str=@0xbfffe410, appendData=true)
    at /home/malte/src/kde/kdelibs/khtml/html/htmltokenizer.cpp:1352
#15 0x41f66571 in KHTMLPart::write(char const*, int) (this=0x833f198, 
    str=0x83cc8c0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 
Strict//EN\"\n", ' ' <repeats 22 times>, 
"\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n<html>\n    <head>\n        
<title>KHTML Test Page</title>\n        <me"..., len=627) at 
/home/malte/src/kde/kdelibs/khtml/khtml_part.cpp:1541
#16 0x41f65157 in KHTMLPart::slotData(KIO::Job*, QMemArray<char> const&) (
    this=0x833f198, kio_job=0x83c6488, data=@0xbfffeb10)
    at /home/malte/src/kde/kdelibs/khtml/khtml_part.cpp:1254
#17 0x41f7a409 in KHTMLPart::qt_invoke(int, QUObject*) (this=0x833f198, 
    _id=10, _o=0xbfffe830) at khtml_part.moc:357
#18 0x40aac65e in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#19 0x401ac536 in KIO::TransferJob::data(KIO::Job*, QMemArray<char> const&) (
    this=0x83c6488, t0=0x83c6488, t1=@0xbfffeb10) at jobclasses.moc:709
#20 0x4019cdcf in KIO::TransferJob::slotData(QMemArray<char> const&) (
    this=0x83c6488, _data=@0xbfffeb10)
    at /home/malte/src/kde/kdelibs/kio/kio/job.cpp:754
#21 0x401acbde in KIO::TransferJob::qt_invoke(int, QUObject*) (this=0x83c6488, 
    _id=18, _o=0xbfffe950) at jobclasses.moc:788
#22 0x40aac65e in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#23 0x4018c452 in KIO::SlaveInterface::data(QMemArray<char> const&) (
    this=0x82eec58, t0=@0xbfffeb10) at slaveinterface.moc:194
#24 0x4018ad4d in KIO::SlaveInterface::dispatch(int, QMemArray<char> const&) (
    this=0x82eec58, _cmd=100, rawdata=@0xbfffeb10)
    at /home/malte/src/kde/kdelibs/kio/kio/slaveinterface.cpp:247
#25 0x4018aa1a in KIO::SlaveInterface::dispatch() (this=0x82eec58)
    at /home/malte/src/kde/kdelibs/kio/kio/slaveinterface.cpp:192
#26 0x40188577 in KIO::Slave::gotInput() (this=0x82eec58)
    at /home/malte/src/kde/kdelibs/kio/kio/slave.cpp:294
#27 0x40189f31 in KIO::Slave::qt_invoke(int, QUObject*) (this=0x82eec58, 
    _id=4, _o=0xbfffec40) at slave.moc:113
#28 0x40aac65e in QObject::activate_signal(QConnectionList*, QUObject*) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#29 0x40aac73d in QObject::activate_signal(int, int) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#30 0x40df8b7c in QSocketNotifier::activated(int) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#31 0x40acb91e in QSocketNotifier::event(QEvent*) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#32 0x40a459b4 in QApplication::internalNotify(QObject*, QEvent*) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#33 0x40a4552d in QApplication::notify(QObject*, QEvent*) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#34 0x40683ca7 in KApplication::notify(QObject*, QEvent*) (this=0xbffff380, 
    receiver=0x832fc48, event=0xbfffef60)
    at /home/malte/src/kde/kdelibs/kdecore/kapplication.cpp:458
#35 0x40a1806c in QEventLoop::activateSocketNotifiers() ()
   from /usr/local/qt/lib/libqt-mt.so.3
#36 0x409f5906 in QEventLoop::processEvents(unsigned) ()
   from /usr/local/qt/lib/libqt-mt.so.3
#37 0x40a5a2c2 in QEventLoop::enterLoop() ()
   from /usr/local/qt/lib/libqt-mt.so.3
#38 0x40a5a168 in QEventLoop::exec() () from /usr/local/qt/lib/libqt-mt.so.3
#39 0x40a45cc8 in QApplication::exec() () from /usr/local/qt/lib/libqt-mt.so.3
#40 0x41a3b5e5 in main (argc=4, argv=0x8065e58)
    at /home/malte/src/kde/kdebase/konqueror/konq_main.cc:155
#41 0x0804df57 in launch (argc=4, _name=0x80609a4 "konqueror", 
    args=0x80609e5 "/home/malte", cwd=0x80609e5 "/home/malte", envc=48, 
    envs=0x8060f55 "", reset_env=true, tty=0x0, avoid_loops=false, 
    startup_id_str=0x8060f59 "anarchy.home.lan;1046196821;569587;13453")
    at /home/malte/src/kde/kdelibs/kinit/kinit.cpp:564
#42 0x0804ee65 in handle_launcher_request (sock=4)
    at /home/malte/src/kde/kdelibs/kinit/kinit.cpp:1015
#43 0x0804f406 in handle_requests (waitForPid=0)
    at /home/malte/src/kde/kdelibs/kinit/kinit.cpp:1173
#44 0x080505e8 in main (argc=3, argv=0xbffffa04, envp=0xbffffa14)
    at /home/malte/src/kde/kdelibs/kinit/kinit.cpp:1541
#45 0x411b2b17 in __libc_start_main () from /lib/i686/libc.so.6

More information about the kfm-devel mailing list