Patch for 68523

Allan Sandfeld Jensen kde at carewolf.com
Wed Sep 29 19:10:24 BST 2004 

On Wednesday 29 September 2004 18:48, Germain Garand wrote:
> Le Mercredi 29 Septembre 2004 14:03, Allan Sandfeld Jensen a écrit :
> > Hi
> >
> > I have a possible patch for bug 68523
> > <http://bugs.kde.org/show_bug.cgi?id=68523>, and would like to have it
> > reviewed.
> >
> > Basically the crash happens when a subcall of the
> > htmltokenizer::executeScript ends up deleting the tokenizer itself. This
> > can create crashes several different places.
>
> mmh indeed, but this should not be possible because if it is executing a
> script, then it is parsing. And when it is parsing, it can't be deleted,
> there are safeguards everywhere for that.
>
> I see that the incriminated script calls document.close()...
> if it does close the document, then it can only mean parsing() is false at
> this moment, and that is the real bug.
>
Ah, that makes more sense. 

Unfortunately your patch doesnt solve all instances of this bug. The link in 
bug 89040 still makes konqueror crash with your patch. Here's the new 
backtrace:

#8  0xb6b2ff79 in khtml::HTMLTokenizer::reset (this=0x8526cd0)
    at ../../../khtml/html/htmltokenizer.cpp:165
#9  0xb6b35796 in ~HTMLTokenizer (this=0x8526cd0)
    at ../../../khtml/html/htmltokenizer.cpp:1592
#10 0xb6b0c217 in DOM::DocumentImpl::close (this=0x8774de0) at khtmlview.h:110
#11 0xb6b3ff8c in DOM::HTMLDocumentImpl::close (this=0x8774de0)
    at ../../../khtml/html/html_documentimpl.cpp:296
#12 0xb6c8a3a1 in DOM::HTMLDocument::close (this=0x0)
    at ../../../khtml/dom/html_document.cpp:201
#13 0xb6c0e66c in KJS::HTMLDocFunction::tryCall (this=0x8780138, 
    exec=0xbfffdec4, thisObj=@0xbfffd9e4, args=@0xbfffda44)
    at ../../../khtml/ecma/kjs_html.cpp:102
#14 0xb6bf53a7 in KJS::DOMFunction::call (this=0x6, exec=0xbfffdec4, 
    thisObj=@0x0, args=@0x0) at ../../../khtml/ecma/kjs_binding.cpp:111
#15 0xb69d423e in KJS::Object::call (this=0x0, exec=0xbfffdec4, thisObj=@0x0, 
    args=@0x0) at ../../kjs/object.cpp:70
#16 0xb69a1694 in KJS::FunctionCallNode::evaluate (this=0x0, exec=0xbfffdec4)
    at ../../kjs/nodes.cpp:850
#17 0xb69a5c7a in KJS::ExprStatementNode::execute (this=0x8484bc8, 
    exec=0xbfffdec4) at ../../kjs/nodes.cpp:1953
#18 0xb69ac5c4 in KJS::SourceElementsNode::execute (this=0x86d9028, 
    exec=0xbfffdec4) at ../../kjs/nodes.cpp:3067
#19 0xb69a5a9d in KJS::BlockNode::execute (this=0x857ee78, exec=0xbfffdec4)
    at ../../kjs/nodes.cpp:1915
#20 0xb69a5f94 in KJS::IfNode::execute (this=0x8765508, exec=0xbfffdec4)
    at ../../kjs/nodes.cpp:2001
#21 0xb69ac63c in KJS::SourceElementsNode::execute (this=0x1, exec=0xbfffdec4)
    at ../../kjs/nodes.cpp:3073
#22 0xb69a5a9d in KJS::BlockNode::execute (this=0x8760648, exec=0xbfffdec4)
    at ../../kjs/nodes.cpp:1915
#23 0xb69abae3 in KJS::FunctionBodyNode::execute (this=0x8760648, 
    exec=0xbfffdec4) at ../../kjs/nodes.cpp:2919
#24 0xb699c9a1 in KJS::InterpreterImp::evaluate (this=0x875d190, 
    code=@0xbfffdec4, thisV=@0xbfffe0d4) at ../../kjs/internal.cpp:876
#25 0xb69d63aa in KJS::Interpreter::evaluate (this=0x0, code=@0x0, thisV=@0x0)
    at ../../kjs/interpreter.cpp:166
#26 0xb6c4ac7d in KJS::KJSProxyImpl::evaluate (this=0x8672f28, filename=
      {static null = {static null = <same as static member of an already seen 
type>, d = 0x804bf98, static shared_null = 0x804bf98}, d = 0x0, static 
shared_null = 0x804bf98}, baseLine=1, str=@0xbfffe324, n=@0xbfffe254, 
    completion=0xbfffe1e4) at ../../../khtml/ecma/kjs_proxy.cpp:154
#27 0xb6abfd5d in KHTMLPart::executeScript (this=0x8596c28, 
    filename=@0xbfffe2c4, baseLine=0, n=@0x0, script=@0x0)
    at ../../khtml/khtml_part.cpp:1051
#28 0xb6b311a8 in khtml::HTMLTokenizer::scriptExecution (this=0x8526cd0, 
    str=@0x0, scriptURL=@0xbfffe264, baseLine=0) at khtmlview.h:110
#29 0xb6b35af3 in khtml::HTMLTokenizer::notifyFinished (this=0x8526cd0)
    at ../../../khtml/html/htmltokenizer.cpp:1634
#30 0xb6bea6b8 in khtml::CachedScript::checkNotify (this=0x86e1878)
    at qptrdict.h:110
#31 0xb6bea5d8 in khtml::CachedScript::data (this=0x86e1878, 
    buffer=@0xb7fe1158) at ../../../khtml/misc/loader.cpp:314
#32 0xb6bee848 in khtml::Loader::slotFinished (this=0x84c1370, job=0x85a7be8)
    at ../../../khtml/misc/loader.cpp:1095
#33 0xb6bf0f7d in khtml::Loader::qt_invoke (this=0x84c1370, _id=2, 
    _o=0xbfffe584) at qucom_p.h:312
#34 0x43ceb47d in QObject::activate_signal () 
from /opt/qt3.3/lib/libqt-mt.so.3
#35 0xb7bfeee8 in KIO::Job::result (this=0x85a7be8, t0=0x0)
    at jobclasses.moc:156
#36 0xb7be33b2 in KIO::Job::emitResult (this=0x85a7be8)
    at ../../../kio/kio/job.cpp:216
#37 0xb7be4e9c in KIO::SimpleJob::slotFinished (this=0x85a7be8)
    at ../../../kio/kio/job.cpp:533
#38 0xb7be915f in KIO::TransferJob::slotFinished (this=0x85a7be8)
    at ../../../kio/kio/job.cpp:893
#39 0xb7c00e1b in KIO::TransferJob::qt_invoke (this=0x85a7be8, _id=17, 
    _o=0xbfffe93c) at jobclasses.moc:1050
#40 0x43ceb47d in QObject::activate_signal () 
from /opt/qt3.3/lib/libqt-mt.so.3
#41 0x43cea8d7 in QObject::activate_signal () 
from /opt/qt3.3/lib/libqt-mt.so.3
#42 0xb7bd615e in KIO::SlaveInterface::finished (this=0x0) at 
qmetaobject.h:261
#43 0xb7bd327c in KIO::SlaveInterface::dispatch (this=0x875cad0, _cmd=104, 
    rawdata=@0xbfffec8c) at ../../../kio/kio/slaveinterface.cpp:237
#44 0xb7bd2104 in KIO::SlaveInterface::dispatch (this=0x875cad0)
    at ../../../kio/kio/slaveinterface.cpp:173
#45 0xb7bcecb8 in KIO::Slave::gotInput (this=0x875cad0)
    at ../../../kio/kio/slave.cpp:300
#46 0xb7bd1633 in KIO::Slave::qt_invoke (this=0x875cad0, _id=4, _o=0xbfffee34)
    at slave.moc:113
#47 0x43ceb47d in QObject::activate_signal () 
from /opt/qt3.3/lib/libqt-mt.so.3
#48 0x43ceab52 in QObject::activate_signal () 
from /opt/qt3.3/lib/libqt-mt.so.3
#49 0x44166105 in QSocketNotifier::activated ()
   from /opt/qt3.3/lib/libqt-mt.so.3
#50 0x43d0de0c in QSocketNotifier::event () from /opt/qt3.3/lib/libqt-mt.so.3
#51 0x43c633b8 in QApplication::internalNotify ()
   from /opt/qt3.3/lib/libqt-mt.so.3
#52 0x43c5debd in QApplication::notify () from /opt/qt3.3/lib/libqt-mt.so.3
#53 0xb75e4b94 in KApplication::notify (this=0xbffff750, receiver=0x875c338, 
    event=0xbffff164) at ../../kdecore/kapplication.cpp:518
#54 0x43c486ac in QEventLoop::activateSocketNotifiers ()
   from /opt/qt3.3/lib/libqt-mt.so.3
#55 0x43bee947 in QEventLoop::processEvents ()
   from /opt/qt3.3/lib/libqt-mt.so.3
#56 0x43c79b4a in QEventLoop::enterLoop () from /opt/qt3.3/lib/libqt-mt.so.3
#57 0x43c79a43 in QEventLoop::exec () from /opt/qt3.3/lib/libqt-mt.so.3
#58 0x43c64405 in QApplication::exec () from /opt/qt3.3/lib/libqt-mt.so.3
#59 0xb7f4bf8c in kdemain () from /opt/kde3.3h/lib/libkdeinit_konqueror.so
#60 0x0804864b in main ()

More information about the kfm-devel mailing list