kdelibs/khtml

Waldo Bastian bastian at kde.org
Mon May 24 17:51:33 BST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The problem seems to be due to RenderBox::position() that calls detach on the 
InlineBox, however it does not seem to make any attempt to clean up any of 
the pointers in the parent object still pointing to the detached InlineBox.

See RenderBox::position() and RenderBlock::computeVerticalPositionsForLine()

This was all committed in february by Germain.

Germain, how is this supposed to work?

Cheers,
Waldo

On Mon May 24 2004 18:04, Waldo Bastian wrote:
> This is a crash on qt-3.3/doc/html/qworkspace.html with a khtml fresh from
> cvs.
>
> How to reproduce: click in the whitespace behind "~QWorkspace()"
>
> Cheers,
> Waldo
>
>
> ==5026== Invalid read of size 4
> ==5026==    at 0x40365030:
> khtml::CaretBoxLine::addConvertedInlineBox(khtml::InlineBox*,
> khtml::CaretBoxLine::SeekBoxParams&) (kdebug.h:250)
> ==5026==    by 0x40364F4B:
> khtml::CaretBoxLine::addConvertedInlineBox(khtml::InlineBox*,
> khtml::CaretBoxLine::SeekBoxParams&) (render_line.h:159)
> ==5026==    by 0x403674BE:
> khtml::CaretBoxLine::constructCaretBoxLine(khtml::MassDeleter<khtml::CaretB
>oxLine>*, khtml::InlineFlowBox*, khtml::InlineBox*, bool, bool,
> khtml::CaretBoxIterator&, khtml::RenderObject*) (khtml_caret.cpp:827)
> ==5026==    by 0x403680AD: khtml::findCaretBoxLine(DOM::NodeImpl*, long,
> khtml::MassDeleter<khtml::CaretBoxLine>*, khtml::RenderObject*, long&,
> khtml::CaretBoxIterator&) (khtml_caret.cpp:1004)
> ==5026==    by 0x4037CD47: KHTMLView::moveCaretTo(DOM::NodeImpl*, long,
> bool) (khtmlview.cpp:3079)
> ==5026==    by 0x403A2408:
> KHTMLPart::khtmlMousePressEvent(khtml::MousePressEvent*) (qevent.h:187)
> ==5026==    by 0x403A1DCC: KHTMLPart::customEvent(QCustomEvent*)
> (khtml_part.cpp:5190)
> ==5026==    by 0x41457AC5: QObject::event(QEvent*) (qobject.cpp:755)
> ==5026==    by 0x413F7652: QApplication::internalNotify(QObject*, QEvent*)
> (qapplication.cpp:2620)
> ==5026==    by 0x413F6B0F: QApplication::notify(QObject*, QEvent*)
> (qapplication.cpp:2343)
> ==5026==    by 0x40F1AD06: KApplication::notify(QObject*, QEvent*)
> (kapplication.cpp:511)
> ==5026==    by 0x4035A090: KHTMLView::viewportMousePressEvent(QMouseEvent*)
> (khtmlview.cpp:739)
> ==5026==    by 0x4157DD41: QScrollView::eventFilter(QObject*, QEvent*)
> (qscrollview.cpp:1497)
> ==5026==    by 0x4035CE5E: KHTMLView::eventFilter(QObject*, QEvent*)
> (khtmlview.cpp:1566)
> ==5026==    by 0x41457B7B: QObject::activate_filters(QEvent*)
> (qobject.cpp:902)
> ==5026==    by 0x414579ED: QObject::event(QEvent*) (qobject.cpp:735)
> ==5026==    by 0x4149224A: QWidget::event(QEvent*) (qwidget.cpp:4653)
> ==5026==    by 0x413F7652: QApplication::internalNotify(QObject*, QEvent*)
> (qapplication.cpp:2620)
> ==5026==    by 0x413F6E08: QApplication::notify(QObject*, QEvent*)
> (qapplication.cpp:2406)
> ==5026==    by 0x40F1AD06: KApplication::notify(QObject*, QEvent*)
> (kapplication.cpp:511)
> ==5026==    by 0x4138D7BC: QApplication::sendSpontaneousEvent(QObject*,
> QEvent*) (qapplication.h:494)
> ==5026==    by 0x413867BE: QETWidget::translateMouseEvent(_XEvent const*)
> (qapplication_x11.cpp:4257)
> ==5026==    by 0x4138441E: QApplication::x11ProcessEvent(_XEvent*)
> (qapplication_x11.cpp:3408)
> ==5026==    by 0x4139EA3B: QEventLoop::processEvents(unsigned)
> (qeventloop_x11.cpp:192)
> ==5026==    by 0x4140B819: QEventLoop::enterLoop() (qeventloop.cpp:198)
> ==5026==    by 0x4140B735: QEventLoop::exec() (qeventloop.cpp:145)
> ==5026==    by 0x413F77D2: QApplication::exec() (qapplication.cpp:2743)
> ==5026==    by 0x8050AB0: main (testkhtml.cpp:119)
> ==5026==    by 0x41CE4D3D: __libc_start_main (in /lib/libc.so.6)
> ==5026==    by 0x804F720: ??? (start.S:102)
>
> ==5026==    Address 0x484ED264 is 12 bytes inside a block of size 52 free'd
> ==5026==    at 0x4002A029: free (vg_replace_malloc.c:231)
> ==5026==    by 0x4043E1F3: khtml::RenderArena::free(unsigned, void*)
> (render_arena.cpp:114)
> ==5026==    by 0x40468F2F: khtml::InlineBox::detach(khtml::RenderArena*)
> (render_line.cpp:59)
> ==5026==    by 0x40435F33: khtml::RenderBox::position(khtml::InlineBox*,
> int, int, bool) (render_box.cpp:554)
> ==5026==    by 0x40418F5C:
> khtml::RenderBlock::computeVerticalPositionsForLine(khtml::InlineFlowBox*)
> (bidi.cpp:653)
> ==5026==    by 0x4041A4B0: khtml::RenderBlock::layoutInlineChildren(bool)
> (bidi.cpp:1214)
> ==5026==    by 0x4041D982: khtml::RenderBlock::layoutBlock(bool)
> (render_block.cpp:501)
> ==5026==    by 0x4041D79D: khtml::RenderBlock::layout()
> (render_block.cpp:420) ==5026==    by 0x4041EB1F:
> khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:825)
> ==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool)
> (render_block.cpp:503)
> ==5026==    by 0x4041D79D: khtml::RenderBlock::layout()
> (render_block.cpp:420) ==5026==    by 0x4045EBE2:
> khtml::RenderListItem::layout()
> (render_list.cpp:244)
> ==5026==    by 0x4041EB1F: khtml::RenderBlock::layoutBlockChildren(bool)
> (render_block.cpp:825)
> ==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool)
> (render_block.cpp:503)
> ==5026==    by 0x4041D79D: khtml::RenderBlock::layout()
> (render_block.cpp:420) ==5026==    by 0x4041EB1F:
> khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:825)
> ==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool)
> (render_block.cpp:503)
> ==5026==    by 0x4041D79D: khtml::RenderBlock::layout()
> (render_block.cpp:420) ==5026==    by 0x4046742D:
> khtml::RenderBody::layout() (render_body.cpp:91) ==5026==    by 0x4041EB1F:
> khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:825)
> ==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool)
> (render_block.cpp:503)
> ==5026==    by 0x4041D79D: khtml::RenderBlock::layout()
> (render_block.cpp:420) ==5026==    by 0x4041EB1F:
> khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:825)
> ==5026==    by 0x4041DB42: khtml::RenderBlock::layoutBlock(bool)
> (render_block.cpp:503)
> ==5026==    by 0x4041D79D: khtml::RenderBlock::layout()
> (render_block.cpp:420) ==5026==    by 0x404604BE:
> khtml::RenderCanvas::layout()
> (render_canvas.cpp:170)
> ==5026==    by 0x40359825: KHTMLView::layout() (khtmlview.cpp:632)
> ==5026==    by 0x403626DE: KHTMLView::timerEvent(QTimerEvent*)
> (khtmlview.cpp:2467)
> ==5026==    by 0x41457A47: QObject::event(QEvent*) (qobject.cpp:741)
> ==5026==    by 0x4149224A: QWidget::event(QEvent*) (qwidget.cpp:4653)
> ==5026==    by 0x413F7652: QApplication::internalNotify(QObject*, QEvent*)
> (qapplication.cpp:2620)
> ==5026==    by 0x413F7282: QApplication::notify(QObject*, QEvent*)
> (qapplication.cpp:2508)
> ==5026==    by 0x40F1AD06: KApplication::notify(QObject*, QEvent*)
> (kapplication.cpp:511)
> ==5026==    by 0x4138D750: QApplication::sendEvent(QObject*, QEvent*)
> (qapplication.h:491)
> ==5026==    by 0x413E5921: QEventLoop::activateTimers()
> (qeventloop_unix.cpp:558)
> ==5026==    by 0x4139F4F3: QEventLoop::processEvents(unsigned)
> (qeventloop_x11.cpp:389)
> ==5026==    by 0x4140B819: QEventLoop::enterLoop() (qeventloop.cpp:198)
> ==5026==    by 0x4140B735: QEventLoop::exec() (qeventloop.cpp:145)
> ==5026==    by 0x413F77D2: QApplication::exec() (qapplication.cpp:2743)
> ==5026==    by 0x8050AB0: main (testkhtml.cpp:119)

- -- 
bastian at kde.org  |   Novell BrainShare Europe 2004   |  bastian at suse.com
bastian at kde.org  | 12-18 September, Barcelona, Spain |  bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFAsigVN4pvrENfboIRAsjgAKCLm9jczCfq99UN6rGt49Vvlyv26ACdEA2j
sezqo0jiNhVbiuJNEBfi4pI=
=zjaa
-----END PGP SIGNATURE-----

More information about the kfm-devel mailing list