Summary: | Crash when submitting form at: http://www.penzcentrum.hu/register.html | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Pierre Habouzit <madcoder> |
Component: | khtml | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maksim |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Debian testing | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Pierre Habouzit
2006-05-14 22:53:49 UTC
svn r534958 crashes too. ==26322== Invalid write of size 1 ==26322== at 0x1E19421E: DOM::HTMLScriptElementImpl::setCreatedByParser(bool) (html_headimpl.h:152) ==26322== by 0x1E19270B: khtml::XMLHandler::startElement(QString const&, QString const&, QString const&, QXmlAttributes const&) (xml_tokenizer.cpp:161) ==26322== by 0x1CB124E9: QXmlSimpleReader::parseElement() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB1588E: QXmlSimpleReader::parseBeginOrContinue(int, bool) (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB15C39: QXmlSimpleReader::parseContinue() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1E19162D: khtml::XMLTokenizer::write(khtml::TokenizerString const&, bool) (xml_tokenizer.cpp:397) ==26322== by 0x1E1726E3: DOM::DocumentImpl::write(QString const&) (dom_docimpl.cpp:1315) ==26322== by 0x1E34E4CB: KJS::XMLHttpRequest::getValueProperty(KJS::ExecState*, int) const (xmlhttprequest.cpp:161) ==26322== by 0x1E3522B1: KJS::Value KJS::DOMObjectLookupGetValue<KJS::XMLHttpRequest, KJS::DOMObject>(KJS::ExecState*, KJS::Identifier const&, KJS::HashTable const*, KJS::XMLHttpRequest const*) (kjs_binding.h:220) ==26322== by 0x1E34E936: KJS::XMLHttpRequest::tryGet(KJS::ExecState*, KJS::Identifier const&) const (xmlhttprequest.cpp:133) ==26322== by 0x1E2A2FB4: KJS::DOMObject::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_binding.cpp:50) ==26322== by 0x1E4A7409: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:143) ==26322== by 0x1E45C7DC: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130) ==26322== by 0x1E464BE1: KJS::AssignExprNode::evaluate(KJS::ExecState*) const (nodes.cpp:1760) ==26322== by 0x1E464E2B: KJS::VarDeclNode::evaluate(KJS::ExecState*) const (nodes.cpp:1791) ==26322== by 0x1E46527E: KJS::VarDeclListNode::evaluate(KJS::ExecState*) const (nodes.cpp:1863) ==26322== by 0x1E4654FE: KJS::VarStatementNode::execute(KJS::ExecState*) (nodes.cpp:1896) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E46B35D: KJS::TryNode::execute(KJS::ExecState*) (nodes.cpp:2871) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== Address 0x1EAF371C is 4 bytes after a block of size 64 alloc'd ==26322== at 0x1B8FEC73: operator new(unsigned) (vg_replace_malloc.c:164) ==26322== by 0x1E16F7BD: DOM::DocumentImpl::createElementNS(DOM::DOMString const&, DOM::DOMString const&, int*) (dom_docimpl.cpp:582) ==26322== by 0x1E19252B: khtml::XMLHandler::startElement(QString const&, QString const&, QString const&, QXmlAttributes const&) (xml_tokenizer.cpp:145) ==26322== by 0x1CB124E9: QXmlSimpleReader::parseElement() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB1588E: QXmlSimpleReader::parseBeginOrContinue(int, bool) (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB15C39: QXmlSimpleReader::parseContinue() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1E19162D: khtml::XMLTokenizer::write(khtml::TokenizerString const&, bool) (xml_tokenizer.cpp:397) ==26322== by 0x1E1726E3: DOM::DocumentImpl::write(QString const&) (dom_docimpl.cpp:1315) ==26322== by 0x1E34E4CB: KJS::XMLHttpRequest::getValueProperty(KJS::ExecState*, int) const (xmlhttprequest.cpp:161) ==26322== by 0x1E3522B1: KJS::Value KJS::DOMObjectLookupGetValue<KJS::XMLHttpRequest, KJS::DOMObject>(KJS::ExecState*, KJS::Identifier const&, KJS::HashTable const*, KJS::XMLHttpRequest const*) (kjs_binding.h:220) ==26322== by 0x1E34E936: KJS::XMLHttpRequest::tryGet(KJS::ExecState*, KJS::Identifier const&) const (xmlhttprequest.cpp:133) ==26322== by 0x1E2A2FB4: KJS::DOMObject::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_binding.cpp:50) ==26322== by 0x1E4A7409: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:143) ==26322== by 0x1E45C7DC: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130) ==26322== by 0x1E464BE1: KJS::AssignExprNode::evaluate(KJS::ExecState*) const (nodes.cpp:1760) ==26322== by 0x1E464E2B: KJS::VarDeclNode::evaluate(KJS::ExecState*) const (nodes.cpp:1791) ==26322== by 0x1E46527E: KJS::VarDeclListNode::evaluate(KJS::ExecState*) const (nodes.cpp:1863) ==26322== by 0x1E4654FE: KJS::VarStatementNode::execute(KJS::ExecState*) (nodes.cpp:1896) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E46B35D: KJS::TryNode::execute(KJS::ExecState*) (nodes.cpp:2871) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) Dupe of script-in-xml thing, probably.. Is this still valid? konqueror 3.5.3 doesn't crash. OK, 3.5.2 crashes, 3.5.3 and svn r556k won't. |