ルギア君の戯言

雑多な記事。

Konqueror クラーッシュ!

ぐはぁ

[id:lugia:20080801:1217559736]も見てね!

Konqueror (3.5.8-5m.mo4) on KDE 3.5.8-6m.mo4.xanadu Momonga Linux でクラッシュしちゃうバグを発見しましたが、根っこを見付けるのが難しそうで、とりあえず、Momonga Linux または KDE.org への報告は保留(ためらってもしょうがないのかも知れないが
っていうか、僕の環境に特有な気がするので、みなさんで確認しあってみて下さい。

サンプルページ: http://lugia.so.land.to/rdp/test.html

<object> のなかに <iframe> があるページ(XHTML)を開いたときに、
スクロール、アドレスバーへのフォーカス&ブラー、メニューの開き&閉じなどの操作をするとクラッシュする。

<![CDATA[ ]]> で囲っても効果はなし。

<!-- --> で囲めばクラッシュはしなくなる。

変な記述であることには変わりはないのかも知れないが、クラッシュするとなると、クラッキングの手口となる可能性が・・・


object タグがダメなブラウザでも iframe なら大丈夫なブラウザがあるので、それ向けの記述として試しにやってみたところ、発見。
CDATA ブロックをコメントアウトみなしてしまうネスケ系には意味がないかも知れないが。

ソース例 (テストページから抜粋)

<object data="http://so.land.to/ad/adpc_if.p" type="text/html" id="AD">
<![CDATA[
<iframe src="http://so.land.to/ad/adpc_if.p" name="AD" id="AD"
 title="ad" marginwidth="0" marginheight="0" frameborder="0" height="70"
 scrolling="no" width="468"></iframe>
]]>
<p>広告を表示できませんでした。<br />
広告を見るには、<a href="http://so.land.to/ad/adpc_if.p">これ</a>をクリックしてください。</p>
</object>

エラー時の Konqueror のトレース情報

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1208969520 (LWP 3958)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#6  0x017e7845 in ?? () from /usr/lib/libkhtml.so.4
#7  0x09b3fdbc in ?? ()
#8  0xbfc3cdd8 in ?? ()
#9  0xbfc3cd78 in ?? ()
#10 0x0146f6b1 in operator delete () from /usr/lib/libstdc++.so.6
#11 0x017fd2b1 in ?? () from /usr/lib/libkhtml.so.4
#12 0xbfc3cdf0 in ?? ()
#13 0x09b3fdbc in ?? ()
#14 0xbfc3cda8 in ?? ()
#15 0x01a05190 in ?? () from /usr/lib/libkhtml.so.4
#16 0xbfc3cdd4 in ?? ()
#17 0xbfc3cdd8 in ?? ()
#18 0xbfc3cde8 in ?? ()
#19 0x0171b4bd in KHTMLView::scheduleRepaint () from /usr/lib/libkhtml.so.4
#20 0x017fd233 in ?? () from /usr/lib/libkhtml.so.4
#21 0x09b3fe28 in ?? ()
#22 0x00000001 in ?? ()
#23 0x00000001 in ?? ()
#24 0x000003e0 in ?? ()
#25 0x000001f4 in ?? ()
#26 0x00000000 in ?? ()

追記: 昨日と異なるトレースが出てきたので追記。条件は同じなのに・・・
ちなみに、SIGSEGV であることを書くのを忘れてました・・・(駄目すぎ

(no debugging symbols found)
Using host libthread_db library "/lib/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1208624784 (LWP 4960)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#6  0x016b115f in ?? () from /usr/lib/libkhtml.so.4
#7  0x018b9a61 in ?? () from /usr/lib/libkhtml.so.4
#8  0x018bc929 in ?? () from /usr/lib/libkhtml.so.4
#9  0x018bad44 in ?? () from /usr/lib/libkhtml.so.4
#10 0x00000412 in ?? ()
#11 0xbfdb5c4b in ?? ()
#12 0xbfdb5c4a in ?? ()
#13 0xbfdb5c08 in ?? ()
#14 0x00f53cad in operator new[] () from /usr/lib/libstdc++.so.6
#15 0x016b40ca in KHTMLView::moveCaretTo () from /usr/lib/libkhtml.so.4
#16 0x016b4a59 in KHTMLPart::khtmlMousePressEvent ()
   from /usr/lib/libkhtml.so.4
#17 0x01666027 in KHTMLPart::customEvent () from /usr/lib/libkhtml.so.4
#18 0x0095454e in QObject::event () from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#19 0x008f4f67 in QApplication::internalNotify ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#20 0x008f5d11 in QApplication::notify ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#21 0x00656f32 in KApplication::notify () from /usr/lib/libkdecore.so.4
#22 0x01693610 in KHTMLView::viewportMousePressEvent ()
   from /usr/lib/libkhtml.so.4
#23 0x00a693ca in QScrollView::eventFilter ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#24 0x0167dd09 in KHTMLView::eventFilter () from /usr/lib/libkhtml.so.4
#25 0x0095446c in QObject::activate_filters ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#26 0x009544db in QObject::event () from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#27 0x0098d2ec in QWidget::event () from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#28 0x008f4f67 in QApplication::internalNotify ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#29 0x008f5ee9 in QApplication::notify ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#30 0x00656f32 in KApplication::notify () from /usr/lib/libkdecore.so.4
#31 0x00892ce5 in QETWidget::translateMouseEvent ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#32 0x0089215d in QApplication::x11ProcessEvent ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#33 0x008a287b in QEventLoop::processEvents ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#34 0x0090bbd0 in QEventLoop::enterLoop ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#35 0x0090ba66 in QEventLoop::exec () from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#36 0x008f4aff in QApplication::exec ()
   from /usr/lib/qt-3.3.7/lib/libqt-mt.so.3
#37 0x012c6e54 in kdemain () from /usr/lib/libkdeinit_konqueror.so
#38 0x050fd414 in kdeinitmain () from /usr/lib/kde3/konqueror.so
#39 0x0804debf in QGList::~QGList$delete ()
#40 0x00000002 in ?? ()
#41 0x098ed7a8 in ?? ()
#42 0x00000001 in ?? ()
#43 0x00000000 in ?? ()

さらに追記。gdb でトレースしたところ、行とソースファイルが出てきました(ぁ
途中にメモ書きをいれてあります

(gdb) run
Starting program: /usr/bin/konqueror
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1208723760 (LWP 5153)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
---Type <return> to continue, or q <return> to quit---
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
// ここで Konqueror のウィンドウが開く
// http://lugia.so.land.to/rdp/test.html にアクセスした地点で停止
ASSERT: "cb" in khtml_caret.cpp (1042)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208723760 (LWP 5153)]
0x01aab15f in ?? () from /usr/lib/libkhtml.so.4
(gdb) continue
Continuing.
KCrash: Application 'konqueror' crashing...

Program exited with code 0375.
(gdb)