Konqueror crash if one closes parent window before action on "open with" dialog

Bug #91509 reported by Joao Clemente on 2007-03-11
6
Affects Status Importance Assigned to Milestone
KDE Base
Unknown
High
kdebase (Ubuntu)
Low
Unassigned

Bug Description

Version: Kubuntu Edgy (Herd4 , dist-upgraded 2007-03-11).
Konquerer crashes if one gets a popup window which has a link to some content that creates the "open with" dialog, closes the popup window (before choosing one of the "open with" options), and only then chooses one action. My guess is that there is a code reference (a pointer) to the parent window ( to make some kind of back-notify, maybe to return focus? ) which segfaults because there is no parent window anymore.
Example ( not that this is not particular of this URL, this is reproductible with any kind of page/site where we can follow this sequence )
1 - open web page from wich you can have a popup window (http://209.161.33.50/dictionary/crash)
2 - open the popup (in this example, click the red speaker image after "Main Entry: crash"
3 - the popup window has a wav file, which triggers the appearance of "Open '...' ?". Do not choose an option here and instead, close the popup window.
4 - choose one option from the "Open '...'?" window. Konqueror will crash.

ProblemType: Bug
Architecture: i386
Date: Sun Mar 11 22:17:22 2007
DistroRelease: Ubuntu 7.04
Uname: Linux sol 2.6.20-9-generic #2 SMP Mon Feb 26 03:01:44 UTC 2007 i686 GNU/Linux

Version: 3.3 (using KDE 3.3.0, Gentoo)
Compiler: gcc version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
OS: Linux (i686) release 2.6.5-gentoo-r1

Clicking "Add to Calendar" on an eBay item brings up a subform. Saying something like:
"Click the link below to add this eBay listing to your calendar.
 Add to Calendar
 Learn more | Cancel"
Clicking on the link brings up a dialog saying:

Open 'http://cgi.ebay.co...ue&item=12341234'?
Name: eBayItem.vcs
Type: vCalendar Interchange File

Clicking on "Open with 'KOrganizer'" crashes konqueror.

I couldn't make my korganizer read the vCalendar file anyway, but that's another story and konqueror shouldn't crash. Clicking "Save as" instead of "Open with 'Korganizer'" also crashes konqueror.
I use KDE 3.3.0

Could you please explain exactly how to get to such a calendar link?

Go to any ebay site, choose any item. Below the time that is left for this item is a link 'Add to Calendar' or similar.
The crash seems to happen randomly. Sometimes when opening the popup, sometimes when clicking on the download link in the popup, sometimes after kget has accepted the download, sometimes even not at all.
Sorry, I have no debug build here.

Download full text (3.3 KiB)

#5 0x08051d26 in QString::length (this=0x8826c44) at qstring.h:880
#6 0x08051d41 in QString::isEmpty (this=0x8826c44) at qstring.h:886
#7 0x4025c728 in KRun::foundMimeType (this=0x8760010, type=@0xbfffea10)
    at krun.cpp:1074
#8 0x41809854 in KonqRun::foundMimeType (this=0x8760010, _type=@0xbfffea50)
    at konq_run.cc:128
#9 0x400528d8 in KParts::BrowserRun::slotBrowserMimetype (this=0x8760010,
    _job=0x8bad088, type=@0x8831838) at browserrun.cpp:196
#10 0x4005494f in KParts::BrowserRun::qt_invoke (this=0x8760010, _id=7,
    _o=0xbfffeb60) at browserrun.moc:102
#11 0x41809f7f in KonqRun::qt_invoke (this=0x8760010, _id=7, _o=0xbfffeb60)
    at konq_run.moc:88
#12 0x40c87a2c in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#13 0x401dd105 in KIO::TransferJob::mimetype (this=0x8bad088, t0=0x8bad088,
    t1=@0x8bad198) at jobclasses.moc:1029
#14 0x401cafcd in KIO::TransferJob::slotMimetype (this=0x8bad088,
    type=@0x8ab62b0) at job.cpp:1024
#15 0x401dd36d in KIO::TransferJob::qt_invoke (this=0x8bad088, _id=20,
    _o=0xbfffec80) at jobclasses.moc:1053
#16 0x40c87a2c in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#17 0x40c87ecd in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#18 0x401bee8d in KIO::SlaveInterface::mimeType (this=0x87d3fa0,
    t0=@0xbfffee20) at slaveinterface.moc:370
#19 0x401bcf94 in KIO::SlaveInterface::dispatch (this=0x87d3fa0, _cmd=21,
    rawdata=@0xbfffee80) at slaveinterface.cpp:350
#20 0x401bc78e in KIO::SlaveInterface::dispatch (this=0x87d3fa0)
    at slaveinterface.cpp:191
#21 0x401ba649 in KIO::Slave::gotInput (this=0x87d3fa0) at slave.cpp:294
#22 0x401bc02d in KIO::Slave::qt_invoke (this=0x87d3fa0, _id=4, _o=0xbfffefa0)
    at slave.moc:113
#23 0x40c87a2c in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#24 0x40c87b8d in QObject::activate_signal () from /opt/qt333/lib/libqt-mt.so.3
#25 0x40fbedb2 in QSocketNotifier::activated ()
   from /opt/qt333/lib/libqt-mt.so.3
#26 0x40ca41d0 in QSocketNotifier::event () from /opt/qt333/lib/libqt-mt.so.3
#27 0x40c2b0bf in QApplication::internalNotify ()
   from /opt/qt333/lib/libqt-mt.so.3
#28 0x40c2a6be in QApplication::notify () from /opt/qt333/lib/libqt-mt.so.3
#29 0x407b2ed7 in KApplication::notify (this=0xbffff6a0, receiver=0x8b5a7a0,
    event=0xbffff2c0) at kapplication.cpp:495
#30 0x40c1aaca in QEventLoop::activateSocketNotifiers ()
   from /opt/qt333/lib/libqt-mt.so.3
#31 0x40bd3c83 in QEventLoop::processEvents ()
   from /opt/qt333/lib/libqt-mt.so.3
#32 0x40c3d478 in QEventLoop::enterLoop () from /opt/qt333/lib/libqt-mt.so.3
#33 0x40c3d328 in QEventLoop::exec () from /opt/qt333/lib/libqt-mt.so.3
#34 0x40c2b311 in QApplication::exec () from /opt/qt333/lib/libqt-mt.so.3
#35 0x41802c27 in kdemain (argc=2, argv=0x805c8c8) at konq_main.cc:204
#36 0x40978938 in kdeinitmain (argc=2, argv=0x805c8c8) at konqueror_dummy.cc:2
#37 0x0804e2c5 in launch (argc=2, _name=0x80ed714 "konqueror",
    args=0x80ed727 "\001", cwd=0x0, envc=1, envs=0x80ed738 "",
    reset_env=false, tty=0x0, avoid_loops=false,
    startup_id_str=0x80ed73c "baron;1097735519;356936;635_TIME151583165")
    at kinit.cpp:599
#38 ...

Read more...

can confirm the bug with a KDE: 3.3.1 with Qt: 3.3.3 on a gentoo.
CFLAGS="-mcpu=athlon-xp -Os -pipe"
CHOST="i686-pc-linux-gnu"
gcc-3.3.4, glibc-2.3.4.20040808-r1, kernel 2.6.9-gentoo-r1
Sorry but no backtrace.

*** Bug 104649 has been marked as a duplicate of this bug. ***

I got a bit different BT this time.

Program received signal SIGSEGV, Segmentation fault.
0x282198f7 in KParts::URLArgs::doPost (this=0x8509494)
    at browserextension.cpp:179
179 return d ? d->doPost : false;

#0 0x282198f7 in KParts::URLArgs::doPost (this=0x8509494)
    at browserextension.cpp:179
#1 0x2822113b in KParts::BrowserRun::handleNonEmbeddable (this=0x8509400,
    _mimeType=@0xbfbfedbc) at browserrun.cpp:229
#2 0x280c77ec in KonqRun::foundMimeType (this=0x8509400, _type=@0xbfbfee04)
    at konq_run.cc:105
#3 0x28220e03 in KParts::BrowserRun::slotBrowserMimetype (this=0x8509400,
    _job=0x8baa200, type=@0x8434da0) at browserrun.cpp:196
#4 0x2822300f in KParts::BrowserRun::qt_invoke (this=0x8509400, _id=7,
    _o=0xbfbfef00) at browserrun.moc:102
#5 0x280c80ed in KonqRun::qt_invoke (this=0x8509400, _id=7, _o=0xbfbfef00)
    at konq_run.moc:88
#6 0x28e71f01 in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#7 0x2840f457 in KIO::TransferJob::mimetype (this=0x8baa200, t0=0x8baa200,
    t1=@0x8baa310) at jobclasses.moc:1029
#8 0x283fc3aa in KIO::TransferJob::slotMimetype (this=0x8baa200,
    type=@0x83474d0) at job.cpp:1052
#9 0x2840f7d2 in KIO::TransferJob::qt_invoke (this=0x8baa200, _id=20,
    _o=0xbfbff068) at jobclasses.moc:1053
#10 0x28e71f01 in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#11 0x28e72497 in QObject::activate_signal () from /usr/X11R6/lib/libqt-mt.so.3
#12 0x283f0bf2 in KIO::SlaveInterface::mimeType (this=0x9146300,
    t0=@0xbfbff1c0) at slaveinterface.moc:370

Dan O'Huiginn (daniel-ohuiginn) wrote :

Yep, I can reproduce this by following your instructions.

Dan O'Huiginn (daniel-ohuiginn) wrote :
Download full text (4.0 KiB)

backtrace (from konqueror --sync, with -dbgsym packages, on feisty herd 5)

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1234577712 (LWP 13143)]
[KCrash handler]
#6 0xb7a03810 in KRun::foundMimeType (this=0x88f9c60, type=@0xbffea718)
    at /build/buildd/kdelibs-3.5.6/./kio/kio/krun.cpp:1277
#7 0xb5da431f in KHTMLRun::foundMimeType (this=0x88f9c60, _type=@0xbffea754)
    at /build/buildd/kdelibs-3.5.6/./khtml/khtml_run.cpp:74
#8 0xb7b5a7a5 in KParts::BrowserRun::slotBrowserMimetype (this=0x88f9c60,
    _job=0x88e5ec8, type=@0x8920870)
    at /build/buildd/kdelibs-3.5.6/./kparts/browserrun.cpp:200
#9 0xb7b5a90e in KParts::BrowserRun::qt_invoke (this=0x88f9c60, _id=7,
    _o=0xbffea820) at ./browserrun.moc:102
#10 0xb5d70f2b in KHTMLRun::qt_invoke (this=0x88f9c60, _id=7, _o=0xbffea820)
    at ./khtml_run.moc:77
#11 0xb6cb6097 in QObject::activate_signal (this=0x88e5ec8, clist=0x884e258,
    o=0xbffea820) at kernel/qobject.cpp:2356
#12 0xb7911960 in KIO::TransferJob::mimetype (this=0x88e5ec8, t0=0x88e5ec8,
    t1=@0x88e5fd8) at ./jobclasses.moc:1050
#13 0xb79119e2 in KIO::TransferJob::slotMimetype (this=0x88e5ec8,
    type=@0x89556c8) at /build/buildd/kdelibs-3.5.6/./kio/kio/job.cpp:1111
#14 0xb7951bed in KIO::TransferJob::qt_invoke (this=0x88e5ec8, _id=20,
    _o=0xbffea958) at ./jobclasses.moc:1074
#15 0xb6cb6097 in QObject::activate_signal (this=0x8754908, clist=0x8753348,
    o=0xbffea958) at kernel/qobject.cpp:2356
#16 0xb6cb65cc in QObject::activate_signal (this=0x8754908, signal=19,
    param=@0xbffea9ac) at kernel/qobject.cpp:2451
#17 0xb791d423 in KIO::SlaveInterface::mimeType (this=0x8754908,
    t0=@0xbffeab50) at ./slaveinterface.moc:370
#18 0xb796f881 in KIO::SlaveInterface::dispatch (this=0x8754908, _cmd=21,
    rawdata=@0xbffeab90)
    at /build/buildd/kdelibs-3.5.6/./kio/kio/slaveinterface.cpp:338
#19 0xb7977f0a in KIO::SlaveInterface::dispatch (this=0x8754908)
    at /build/buildd/kdelibs-3.5.6/./kio/kio/slaveinterface.cpp:173
#20 0xb791ee8c in KIO::Slave::gotInput (this=0x8754908)
    at /build/buildd/kdelibs-3.5.6/./kio/kio/slave.cpp:300
#21 0xb7968410 in KIO::Slave::qt_invoke (this=0x8754908, _id=4, _o=0xbffeacb8)
    at ./slave.moc:113
#22 0xb6cb6097 in QObject::activate_signal (this=0x87548d0, clist=0x873ee10,
    o=0xbffeacb8) at kernel/qobject.cpp:2356
#23 0xb6cb69ae in QObject::activate_signal (this=0x87548d0, signal=2,
    param=25) at kernel/qobject.cpp:2449
#24 0xb704384f in QSocketNotifier::activated (this=0x87548d0, t0=25)
    at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#25 0xb6cd8c56 in QSocketNotifier::event (this=0x87548d0, e=0xbffeafe8)
    at kernel/qsocketnotifier.cpp:258
#26 0xb6c4d2ec in QApplication::internalNotify (this=0xbffeb638,
    receiver=0x87548d0, e=0xbffeafe8) at kernel/qapplication.cpp:2635
#27 0xb6c4f11b in QApplication::notify (this=0xbffeb638, receiver=0x87548d0,
    e=0xbffeafe8) at kernel/qapplication.cpp:2358
#28 0xb7424ce2 in KApplication::notify (this=0xbffeb638, receiver=0x87548d0,
    event=0xbffeafe8)
    at /build/buildd/kdelibs-3.5.6/./kdecore/kapplication.cpp:550
#29 0xb6b...

Read more...

Changed in kdebase:
status: Unknown → Unconfirmed

*** Bug 143253 has been marked as a duplicate of this bug. ***

*** Bug 147086 has been marked as a duplicate of this bug. ***

...And well, after three years, have anyone an idea about the cause of this bug?

Thanks.

Changed in kdebase:
status: New → Invalid

The cause of the bug ?
IF bug 143253 is in fact a duplicate of this, then just read the title of the bug (143253) and I think it becames pretty obvious: You are allowed to destroy the parent windows and then there is some kind of pointer that would tell the parent window that it has already some interesting data... but by then you get a null pointer exception because the windows is not there anymore!
This could easily be fixed by creating a dependency between parent and child window which would keep the parent window open (attached to the child status).

Tommy, I disagree that my bug (143253) is a duplicate of this one. If any, my bug is a generalization of this problem (altough I dont "feel it to be" by reading this description, as at my bug there is a "close the back window before using the front window" that I dont see mentioned here) so by having invalidated my bug you're making people getting away from the problem.

I can't find any link on an ebay site to download the offending vcs file. Perhaps it has been removed in a redesign since the original bug report. Can anyone reproduce this with Konqueror from KDE 4?

Jonathan Thomas (echidnaman) wrote :

Is this still an issue in KDE4?

Changed in kdebase:
importance: Undecided → Low
status: Confirmed → Incomplete
Changed in kdebase:
status: Invalid → Unknown
Changed in kdebase:
status: Unknown → Confirmed
Jonathan Thomas (echidnaman) wrote :

I can't reproduce this in Intrepid, assuming fixed.

Changed in kdebase:
status: Incomplete → Fix Released

I'm not able to find the calendar. Someone knows if it has been removed?

Changed in kdebase:
status: Confirmed → Unknown
Changed in kdebase:
importance: Unknown → High
status: Unknown → Incomplete

Message from the Bugsquad and Konqueror teams:
This bug is closed as outdated, as we do not have the manpower to maintain the KDE3 version anymore.
If you still can reproduce this issue with Konqueror 4.8.4 or later, please open a new report.
Thank you for your understanding.

Changed in kde-baseapps:
status: Incomplete → Unknown
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.