kdelibs/khtml

Waldo Bastian bastian at kde.org
Mon May 24 17:04:33 BST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed May 5 2004 23:51, Leo Savernik wrote:
> Am Mittwoch 05 Mai 2004 18:03 schrieb David Faure:
> [...]
>
> > As you can see in the attached log file, addConvertedInlineBox is
> > definitely using an inline box that got deleted previously.
>
> Indeed. Then it should actually crash for everyone, not only for some
> people, shouldn't it?
>
> I think <li> is responsible for the crash.
>
> mfg
> 	Leo

This is a crash on qt-3.3/doc/html/qworkspace.html with a khtml fresh from 
cvs.

How to reproduce: click in the whitespace behind "~QWorkspace()"

Cheers,
Waldo


==5026== Invalid read of size 4
==5026==    at 0x40365030: 
khtml::CaretBoxLine::addConvertedInlineBox(khtml::InlineBox*, 
khtml::CaretBoxLine::SeekBoxParams&) (kdebug.h:250)
==5026==    by 0x40364F4B: 
khtml::CaretBoxLine::addConvertedInlineBox(khtml::InlineBox*, 
khtml::CaretBoxLine::SeekBoxParams&) (render_line.h:159)
==5026==    by 0x403674BE: 
khtml::CaretBoxLine::constructCaretBoxLine(khtml::MassDeleter<khtml::CaretBoxLine>*, 
khtml::InlineFlowBox*, khtml::InlineBox*, bool, bool, 
khtml::CaretBoxIterator&, khtml::RenderObject*) (khtml_caret.cpp:827)
==5026==    by 0x403680AD: khtml::findCaretBoxLine(DOM::NodeImpl*, long, 
khtml::MassDeleter<khtml::CaretBoxLine>*, khtml::RenderObject*, long&, 
khtml::CaretBoxIterator&) (khtml_caret.cpp:1004)
==5026==    by 0x4037CD47: KHTMLView::moveCaretTo(DOM::NodeImpl*, long, bool) 
(khtmlview.cpp:3079)
==5026==    by 0x403A2408: 
KHTMLPart::khtmlMousePressEvent(khtml::MousePressEvent*) (qevent.h:187)
==5026==    by 0x403A1DCC: KHTMLPart::customEvent(QCustomEvent*) 
(khtml_part.cpp:5190)
==5026==    by 0x41457AC5: QObject::event(QEvent*) (qobject.cpp:755)
==5026==    by 0x413F7652: QApplication::internalNotify(QObject*, QEvent*) 
(qapplication.cpp:2620)
==5026==    by 0x413F6B0F: QApplication::notify(QObject*, QEvent*) 
(qapplication.cpp:2343)
==5026==    by 0x40F1AD06: KApplication::notify(QObject*, QEvent*) 
(kapplication.cpp:511)
==5026==    by 0x4035A090: KHTMLView::viewportMousePressEvent(QMouseEvent*) 
(khtmlview.cpp:739)
==5026==    by 0x4157DD41: QScrollView::eventFilter(QObject*, QEvent*) 
(qscrollview.cpp:1497)
==5026==    by 0x4035CE5E: KHTMLView::eventFilter(QObject*, QEvent*) 
(khtmlview.cpp:1566)
==5026==    by 0x41457B7B: QObject::activate_filters(QEvent*) 
(qobject.cpp:902)
==5026==    by 0x414579ED: QObject::event(QEvent*) (qobject.cpp:735)
==5026==    by 0x4149224A: QWidget::event(QEvent*) (qwidget.cpp:4653)
==5026==    by 0x413F7652: QApplication::internalNotify(QObject*, QEvent*) 
(qapplication.cpp:2620)
==5026==    by 0x413F6E08: QApplication::notify(QObject*, QEvent*) 
(qapplication.cpp:2406)
==5026==    by 0x40F1AD06: KApplication::notify(QObject*, QEvent*) 
(kapplication.cpp:511)
==5026==    by 0x4138D7BC: QApplication::sendSpontaneousEvent(QObject*, 
QEvent*) (qapplication.h:494)
==5026==    by 0x413867BE: QETWidget::translateMouseEvent(_XEvent const*) 
(qapplication_x11.cpp:4257)
==5026==    by 0x4138441E: QApplication::x11ProcessEvent(_XEvent*) 
(qapplication_x11.cpp:3408)
==5026==    by 0x4139EA3B: QEventLoop::processEvents(unsigned) 
(qeventloop_x11.cpp:192)
==5026==    by 0x4140B819: QEventLoop::enterLoop() (qeventloop.cpp:198)
==5026==    by 0x4140B735: QEventLoop::exec() (qeventloop.cpp:145)
==5026==    by 0x413F77D2: QApplication::exec() (qapplication.cpp:2743)
==5026==    by 0x8050AB0: main (testkhtml.cpp:119)
==5026==    by 0x41CE4D3D: __libc_start_main (in /lib/libc.so.6)
==5026==    by 0x804F720: ??? (start.S:102)

==5026==    Address 0x484ED264 is 12 bytes inside a block of size 52 free'd
==5026==    at 0x4002A029: free (vg_replace_malloc.c:231)
==5026==    by 0x4043E1F3: khtml::RenderArena::free(unsigned, void*) 
(render_arena.cpp:114)
==5026==    by 0x40468F2F: khtml::InlineBox::detach(khtml::RenderArena*) 
(render_line.cpp:59)
==5026==    by 0x40435F33: khtml::RenderBox::position(khtml::InlineBox*, int, 
int, bool) (render_box.cpp:554)
==5026==    by 0x40418F5C: 
khtml::RenderBlock::computeVerticalPositionsForLine(khtml::InlineFlowBox*) 
(bidi.cpp:653)
==5026==    by 0x4041A4B0: khtml::RenderBlock::layoutInlineChildren(bool) 
(bidi.cpp:1214)
==5026==    by 0x4041D982: khtml::RenderBlock::layoutBlock(bool) 
(render_block.cpp:501)
==5026==    by 0x4041D79D: khtml::RenderBlock::layout() (render_block.cpp:420)
==5026==    by 0x4041EB1F: khtml::RenderBlock::layoutBlockChildren(bool) 
(render_block.cpp:825)
==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool) 
(render_block.cpp:503)
==5026==    by 0x4041D79D: khtml::RenderBlock::layout() (render_block.cpp:420)
==5026==    by 0x4045EBE2: khtml::RenderListItem::layout() 
(render_list.cpp:244)
==5026==    by 0x4041EB1F: khtml::RenderBlock::layoutBlockChildren(bool) 
(render_block.cpp:825)
==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool) 
(render_block.cpp:503)
==5026==    by 0x4041D79D: khtml::RenderBlock::layout() (render_block.cpp:420)
==5026==    by 0x4041EB1F: khtml::RenderBlock::layoutBlockChildren(bool) 
(render_block.cpp:825)
==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool) 
(render_block.cpp:503)
==5026==    by 0x4041D79D: khtml::RenderBlock::layout() (render_block.cpp:420)
==5026==    by 0x4046742D: khtml::RenderBody::layout() (render_body.cpp:91)
==5026==    by 0x4041EB1F: khtml::RenderBlock::layoutBlockChildren(bool) 
(render_block.cpp:825)
==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool) 
(render_block.cpp:503)
==5026==    by 0x4041D79D: khtml::RenderBlock::layout() (render_block.cpp:420)
==5026==    by 0x4041EB1F: khtml::RenderBlock::layoutBlockChildren(bool) 
(render_block.cpp:825)
==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool) 
(render_block.cpp:503)
==5026==    by 0x4041D79D: khtml::RenderBlock::layout() (render_block.cpp:420)
==5026==    by 0x404604BE: khtml::RenderCanvas::layout() 
(render_canvas.cpp:170)
==5026==    by 0x40359825: KHTMLView::layout() (khtmlview.cpp:632)
==5026==    by 0x403626DE: KHTMLView::timerEvent(QTimerEvent*) 
(khtmlview.cpp:2467)
==5026==    by 0x41457A47: QObject::event(QEvent*) (qobject.cpp:741)
==5026==    by 0x4149224A: QWidget::event(QEvent*) (qwidget.cpp:4653)
==5026==    by 0x413F7652: QApplication::internalNotify(QObject*, QEvent*) 
(qapplication.cpp:2620)
==5026==    by 0x413F7282: QApplication::notify(QObject*, QEvent*) 
(qapplication.cpp:2508)
==5026==    by 0x40F1AD06: KApplication::notify(QObject*, QEvent*) 
(kapplication.cpp:511)
==5026==    by 0x4138D750: QApplication::sendEvent(QObject*, QEvent*) 
(qapplication.h:491)
==5026==    by 0x413E5921: QEventLoop::activateTimers() 
(qeventloop_unix.cpp:558)
==5026==    by 0x4139F4F3: QEventLoop::processEvents(unsigned) 
(qeventloop_x11.cpp:389)
==5026==    by 0x4140B819: QEventLoop::enterLoop() (qeventloop.cpp:198)
==5026==    by 0x4140B735: QEventLoop::exec() (qeventloop.cpp:145)
==5026==    by 0x413F77D2: QApplication::exec() (qapplication.cpp:2743)
==5026==    by 0x8050AB0: main (testkhtml.cpp:119)

- -- 
bastian at kde.org  |   Novell BrainShare Europe 2004   |  bastian at suse.com
bastian at kde.org  | 12-18 September, Barcelona, Spain |  bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAsh0RN4pvrENfboIRAuZmAJ495uRIEErjN5Rn16cWJmbFTXOKEgCfVDEN
RCLVZfazjn61/Hy8TvGG+W4=
=k8mK
-----END PGP SIGNATURE-----

More information about the kfm-devel mailing list