Version: (using KDE KDE 3.5.2) Installed from: Compiled From Sources Compiler: gcc version 4.0.3 (Gentoo 4.0.3, pie-8.7.8) OS: Linux The following code causes Konqueror to freeze: <html> <body> <b><label>Text<p></label></b> <b><label>Text</label></b> </body> </html> (Mostly because of the <p> inside the <label>, I think.) It freezes in htmlparses.cpp, line 271: while(forbiddenTag[t->tid]) { #ifdef PARSER_DEBUG kdDebug( 6035 ) << "t->id: " << t->tid << " is forbidden :-( " << endl; #endif popOneBlock(); } Backtrace: #1 0xb6ec5244 in khtml::KHTMLParser::parseToken (this=0x834bad0, t=0x8343a84) at htmlparser.cpp:275 #2 0xb6ec546f in khtml::HTMLTokenizer::processToken (this=0x8343a50) at htmltokenizer.cpp:1666 #3 0xb6ec933e in khtml::HTMLTokenizer::parseTag (this=0x8343a50, src=@0x8343f6c) at htmltokenizer.cpp:1166 #4 0xb6ec9a44 in khtml::HTMLTokenizer::write (this=0x8343a50, str=@0xbfe71048, appendData=true) at htmltokenizer.cpp:1425 #5 0xb6e2d808 in KHTMLPart::write (this=0x8317bc8, str=0x83314f8 "<html>\n <body>\n <b><label>Text<p></label></b>\n <b><label>Text</label></b>\n </body>\n</html>\na", len=93) at khtml_part.cpp:1980 #6 0xb6e2eae8 in KHTMLPart::slotData (this=0x8317bc8, kio_job=0x8313948, data=@0xbfe715c8) at khtml_part.cpp:1662 #7 0xb6e4b844 in KHTMLPart::qt_invoke (this=0x8317bc8, _id=16, _o=0xbfe712b4) at khtml_part.moc:501 #8 0x42ae5939 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #9 0xb7af08c0 in KIO::TransferJob::data (this=0x8313948, t0=0x8313948, t1=@0xbfe715c8) at jobclasses.moc:993 #10 0xb7af0959 in KIO::TransferJob::slotData (this=0x8313948, _data=@0xbfe715c8) at job.cpp:906 #11 0xb7b179ee in KIO::TransferJob::qt_invoke (this=0x8313948, _id=18, _o=0xbfe713b8) at jobclasses.moc:1072 #12 0x42ae5939 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #13 0xb7aececb in KIO::SlaveInterface::data (this=0x8331620, t0=@0xbfe715c8) at slaveinterface.moc:194 #14 0xb7b2f923 in KIO::SlaveInterface::dispatch (this=0x8331620, _cmd=100, rawdata=@0xbfe715c8) at slaveinterface.cpp:234 #15 0xb7b15d0e in KIO::SlaveInterface::dispatch (this=0x8331620) at slaveinterface.cpp:173 #16 0xb7b0e54e in KIO::Slave::gotInput (this=0x8331620) at slave.cpp:300 #17 0xb7b14831 in KIO::Slave::qt_invoke (this=0x8331620, _id=4, _o=0xbfe716c4) at slave.moc:113 #18 0x42ae5939 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #19 0x42ae5f21 in QObject::activate_signal () from /usr/qt/3/lib/libqt-mt.so.3 #20 0x42e25210 in QSocketNotifier::activated () from /usr/qt/3/lib/libqt-mt.so.3 #21 0x42b0437f in QSocketNotifier::event () from /usr/qt/3/lib/libqt-mt.so.3 #22 0x42a8676a in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3 #23 0x42a871ef in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3 #24 0xb757e550 in KApplication::notify (this=0xbfe71b94, receiver=0x82e2788, event=0xbfe71968) at kapplication.cpp:550 #25 0x42a7a59d in QEventLoop::activateSocketNotifiers () from /usr/qt/3/lib/libqt-mt.so.3 #26 0x42a35ac2 in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3 #27 0x42a9cfc9 in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3 #28 0x42a9ceb6 in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3 #29 0x42a860bf in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3 #30 0xb7f307b0 in kdemain (argc=2, argv=0xbfe72084) at konq_main.cc:206 #31 0x08048742 in main (argc=2, argv=0xbfe72084) at konqueror.la.cc:2

Created an attachment (id=15780) [details] Testcase

Same here on r531801

SVN commit 535297 by kling: Prevent an infinite loop in parseToken() when dealing with broken HTML. BUG: 126268 M +1 -1 htmlparser.cpp --- branches/KDE/3.5/kdelibs/khtml/html/htmlparser.cpp #535296:535297 @@ -268,7 +268,7 @@ // if this tag is forbidden inside the current context, pop // blocks until we are allowed to add it... - while(forbiddenTag[t->tid]) { + while(blockStack && forbiddenTag[t->tid]) { #ifdef PARSER_DEBUG kdDebug( 6035 ) << "t->id: " << t->tid << " is forbidden :-( " << endl; #endif