'Re: Crash: window.close() in frameset.onUnload event'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Crash: window.close() in frameset.onUnload event
From:       Koos Vriezen <koos.vriezen () xs4all ! nl>
Date:       2002-02-02 15:48:21
[Download RAW message or body]

Hi,

It turns out to be more general: a window.close call causes a crash, eg.

<html><script>
var win = window.open("", "Window2", "width=200,height=200");
</script>
<body onClick="win.close()">
Window1
</body></html>

just click on 'Window1'.

The cause is the destruction of winq in Window::clear, which is also
called from KHTMLPart::begin().
In Window::scheduleClose() an assertion failed happens Q_ASSERT(winq)

My proposal: add a WindowQQbject::clear() member function

--- ecma/kjs_window.h   2002/01/18 22:36:20     1.75
+++ ecma/kjs_window.h   2002/02/02 15:30:09
@@ -154,6 +154,7 @@ namespace KJS {
     int installTimeout(const UString &handler, int t, bool singleShot);
     int installTimeout(const Value &func, List args, int t, bool
singleShot);
     void clearTimeout(int timerId, bool delAction = true);
+    void clear();
   public slots:
     void timeoutClose();
   protected slots:
--- ecma/kjs_window.cpp 2002/01/30 16:46:27     1.233
+++ ecma/kjs_window.cpp 2002/02/02 15:30:30
@@ -891,8 +891,8 @@ JSEventListener *Window::getJSEventListe
 void Window::clear( ExecState *exec )
 {
   kdDebug(6070) << "Window::clear " << this << endl;
-  delete winq;
-  winq = 0;
+  //delete winq;
+  winq->clear();
   // Get rid of everything, those user vars could hold references to DOM
nodes
   deleteAllProperties( exec );
   // Really delete those properties, so that the DOM nodes get deref'ed
@@ -1274,10 +1274,14 @@ WindowQObject::WindowQObject(Window *w)
 WindowQObject::~WindowQObject()
 {
   //kdDebug(6070) << "WindowQObject::~WindowQObject " << this << endl;
-  parentDestroyed(); // reuse same code
+  clear(); // reuse same code
 }

 void WindowQObject::parentDestroyed()
+{
+  clear();
+}
+void WindowQObject::clear()
 {
   //kdDebug(6070) << "WindowQObject::parentDestroyed " << this << " we
have " << scheduledActions.count() << " actions in the map" << endl;
   killTimers();


On Sat, 2 Feb 2002, Simon Hausmann wrote:

> On Fri, Feb 01, 2002 at 07:12:28PM +0100, Koos Vriezen wrote:
> > Two test cases where konqueror crashes:
> >
> > <html><script>
> > var win = window.open("", "Window2", "width=200,height=200");
> > </script>
> > <frameset onUnload="win.close()">
> >   <frame id="myframe" src="about:blank">
> > </frameset></html>
> >
> > Open this HTML page from konqueror filemanager. After the second
window is
> > opened, click the back button.
> >
> > #5  <signal handler called>
> > #6  0x408fb230 in QObject::inherits ()
> >    from /.../qt3/lib/libqt-mt.so.3
> > #7  0x415ce94a in KonqMainWindow::updateViewActions ()
> >    from /.../kde3/lib/konqueror.so
>
> This one is already fixed :)

Just compiled latest konqueror and khtml, I still get a crash with an
unusable backtrace. This is the output on the commandline

removeCatalogue dirfilterplugin
removeCatalogue imgalleryplugin
khtml (jscript): Window::scheduleClose window.close() 0x833b7b8
khtml (jscript): WindowQObject::timeoutClose -> closing window
khtml (memory): KHTMLPart::clear() this = 0x833b7b8
khtml (jscript): Window::clear 0x840df78
khtml (jscript): ScriptInterpreter::mark marking 2 DOM objects
khtml (jscript): ScriptInterpreter::mark marking 0 DOM objects
kparts: Part::~Part 0x833b7b8
kparts: deleting widget [KHTMLView pointer (0x8401b80) to widget view
widget, geometry=204x202+0+0] view widget
kparts: KPartsManager::slotWidgetDestroyed()
kparts: 0x834ee30 emitting activePartChanged (nil)
kparts: KPartManager::slotObjectDestroyed()
konqueror: KonqViewManager::removePart ( 0x833b7b8 )
konqueror: Found a child view
konqueror: Deleting last view -> closing the window
konqueror: KonqMainWindow::removeChildView childView 0x8237018
konqueror: KonqMainWindow::viewCountChanged
konqueror: Deleting frame 0x8237018
konqueror: KonqFrame::~KonqFrame() [KonqFrame pointer (0x83d33f0) to
widget KonqFrame, geometry=204x202+0+0]
konqueror: Deleting view 0x8237018
konqueror: Deleting m_pMainContainer [KonqFrameContainer pointer
(0x83d1a08) to unnamed widget, geometry=204x202+0+0]
konqueror: KonqFrameContainer::~KonqFrameContainer() [KonqFrameContainer
pointer (0x83d1a08) to unnamed widget, geometry=204x202+0+0] -
KonqFrameContainer
konqueror: Closing m_pMainWindow [KonqMainWindow pointer (0x834b538) to
widget konqueror-mainwindow#2, geometry=204x204+750+0]
konqueror: KonqMainWindow::closeEvent begin
konqueror: KonqMainWindow::closeEvent end
KCrash: crashing.... crashRecursionCounter = 2
KCrash: Application Name = konqueror path = <unknown> pid = 23692

Could be my patch, but I don't think so.


Regards,

Koos Vriezen




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic