Version: 3.4.90 (using KDE 3.4.90 (alpha1, >= 20050806), compiled sources) Compiler: gcc version 3.3.4 (pre 3.3.5 20040809) OS: Linux (i686) release 2.6.8-24.11-default Steps to reproduce 1. Enter google.pt 2. Search for "wireless electricity" 3. Click on "Google Answers: wireless electricity" link: http://answers.google.com/answers/threadview?id=541203 Always reproducable. All times but one, entering the URL directly crashes Konqueror too.
Forgot the bactrace: Using host libthread_db library "/lib/tls/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 1097442336 (LWP 7216)] [KCrash handler] #3 0x41d4b03c in DOM::DocumentImpl::view (this=0x0) at dom_docimpl.h:276 #4 0x41e8f303 in KJS::HTMLElement::getValueProperty (this=0x841b708, exec=0xbfffd990, token=331) at kjs_html.cpp:1909 #5 0x41e7b757 in KJS::HTMLElement::tryGet (this=0x841b708, exec=0xbfffd990, propertyName=@0xbfffd590) at kjs_html.cpp:1205 #6 0x41e5870e in KJS::DOMObject::get (this=0x841b708, exec=0xbfffd990, p=@0xbfffd590) at kjs_binding.cpp:50 #7 0x42057f9a in KJS::Reference::getValue (this=0xbfffd580, exec=0xbfffd990) at reference.cpp:143 #8 0x4200f62b in KJS::Node::evaluate (this=0x85587e8, exec=0xbfffd990) at nodes.cpp:130 #9 0x4200f67b in KJS::Node::toBoolean (this=0x85587e8, exec=0xbfffd990) at nodes.cpp:136 #10 0x42018b13 in KJS::IfNode::execute (this=0x851a568, exec=0xbfffd990) at nodes.cpp:2016 #11 0x42018c53 in KJS::IfNode::execute (this=0x85b1a10, exec=0xbfffd990) at nodes.cpp:2028 #12 0x4201f144 in KJS::SourceElementsNode::execute (this=0x855c818, exec=0xbfffd990) at nodes.cpp:3097 #13 0x420185f5 in KJS::BlockNode::execute (this=0x84d6208, exec=0xbfffd990) at nodes.cpp:1942 #14 0x42019f50 in KJS::ForNode::execute (this=0x8532a80, exec=0xbfffd990) at nodes.cpp:2199 #15 0x4201f144 in KJS::SourceElementsNode::execute (this=0x8507860, exec=0xbfffd990) at nodes.cpp:3097 #16 0x420185f5 in KJS::BlockNode::execute (this=0x84d6178, exec=0xbfffd990) at nodes.cpp:1942 #17 0x42018bf0 in KJS::IfNode::execute (this=0x84d5be8, exec=0xbfffd990) at nodes.cpp:2021 #18 0x4201f144 in KJS::SourceElementsNode::execute (this=0x853d640, exec=0xbfffd990) at nodes.cpp:3097 #19 0x420185f5 in KJS::BlockNode::execute (this=0x8485fe8, exec=0xbfffd990) at nodes.cpp:1942 #20 0x4203d193 in KJS::InterpreterImp::evaluate (this=0x853d378, code=@0xbfffdab0, thisV=@0xbfffdad0) at internal.cpp:904 #21 0x420520f0 in KJS::Interpreter::evaluate (this=0x8532380, code=@0xbfffdab0, thisV=@0xbfffdad0) at interpreter.cpp:166 #22 0x41ec535c in KJS::KJSProxyImpl::evaluate (this=0x85388b0, filename= {static null = {static null = <same as static member of an already seen type>, d = 0x8057070, static shared_null = 0x8057070}, d = 0x853cd10, static shared_null = 0x8057070}, baseLine=1, str=@0xbfffdcc0, n=@0xbfffdc10, completion=0xbfffdb90) at kjs_proxy.cpp:154 #23 0x41cf0e04 in KHTMLPart::executeScript (this=0x8483788, filename=@0xbfffdc50, baseLine=1, n=@0xbfffdc10, script=@0xbfffdcc0) at khtml_part.cpp:1155 #24 0x41d717fe in khtml::HTMLTokenizer::scriptExecution (this=0x853b3e0, str=@0xbfffdcc0, scriptURL=@0xbfffdcb0, baseLine=0) at htmltokenizer.cpp:441 #25 0x41d76466 in khtml::HTMLTokenizer::notifyFinished (this=0x853b3e0) at htmltokenizer.cpp:1737 #26 0x41e4cd18 in khtml::CachedScript::checkNotify (this=0x853ca20) at loader.cpp:335 #27 0x41e4cc8f in khtml::CachedScript::data (this=0x853ca20, buffer=@0x84856e4, eof=true) at loader.cpp:327 #28 0x41e508d3 in khtml::Loader::slotFinished (this=0x832dbe0, job=0x84845a0) at loader.cpp:1124 #29 0x41e526da in khtml::Loader::qt_invoke (this=0x832dbe0, _id=2, _o=0xbfffdef0) at loader.moc:260 #30 0x40d7d697 in QObject::activate_signal (this=0x84845a0, clist=0x852e968, o=0xbfffdef0) at qobject.cpp:2355 #31 0x401f3cfc in KIO::Job::result (this=0x84845a0, t0=0x84845a0) at jobclasses.moc:162 #32 0x401df22d in KIO::Job::emitResult (this=0x84845a0) at job.cpp:222 #33 0x401e08d0 in KIO::SimpleJob::slotFinished (this=0x84845a0) at job.cpp:570 #34 0x401e2c1e in KIO::TransferJob::slotFinished (this=0x84845a0) at job.cpp:938 #35 0x401f64ac in KIO::TransferJob::qt_invoke (this=0x84845a0, _id=17, _o=0xbfffe1b0) at jobclasses.moc:1071 #36 0x40d7d697 in QObject::activate_signal (this=0x84319f8, clist=0x84325b8, o=0xbfffe1b0) at qobject.cpp:2355 #37 0x40d7d536 in QObject::activate_signal (this=0x84319f8, signal=6) at qobject.cpp:2324 #38 0x401d1ce1 in KIO::SlaveInterface::finished (this=0x84319f8) at slaveinterface.moc:226 #39 0x401d026d in KIO::SlaveInterface::dispatch (this=0x84319f8, _cmd=104, rawdata=@0xbfffe380) at slaveinterface.cpp:243 #40 0x401cfea4 in KIO::SlaveInterface::dispatch (this=0x84319f8) at slaveinterface.cpp:173 #41 0x401cd911 in KIO::Slave::gotInput (this=0x84319f8) at slave.cpp:300 #42 0x401cf38f in KIO::Slave::qt_invoke (this=0x84319f8, _id=4, _o=0xbfffe4c0) at slave.moc:113 #43 0x40d7d697 in QObject::activate_signal (this=0x84312b0, clist=0x8431c70, o=0xbfffe4c0) at qobject.cpp:2355 #44 0x40d7da09 in QObject::activate_signal (this=0x84312b0, signal=2, param=18) at qobject.cpp:2448 #45 0x410d8dc9 in QSocketNotifier::activated (this=0x84312b0, t0=18) at moc_qsocketnotifier.cpp:85 #46 0x40d9d908 in QSocketNotifier::event (this=0x84312b0, e=0xbfffe730) at qsocketnotifier.cpp:258 #47 0x40d1a8b3 in QApplication::internalNotify (this=0xbfffeb10, receiver=0x84312b0, e=0xbfffe730) at qapplication.cpp:2635 #48 0x40d19d70 in QApplication::notify (this=0xbfffeb10, receiver=0x84312b0, e=0xbfffe730) at qapplication.cpp:2358 #49 0x4080a040 in KApplication::notify (this=0xbfffeb10, receiver=0x84312b0, event=0xbfffe730) at kapplication.cpp:550 #50 0x4004ed8d in QApplication::sendEvent (receiver=0x84312b0, event=0xbfffe730) at qapplication.h:491 #51 0x40d08c08 in QEventLoop::activateSocketNotifiers (this=0x80f2770) at qeventloop_unix.cpp:578 #52 0x40cc0a2a in QEventLoop::processEvents (this=0x80f2770, flags=4) at qeventloop_x11.cpp:383 #53 0x40d2eb92 in QEventLoop::enterLoop (this=0x80f2770) at qeventloop.cpp:198 #54 0x40d2eaae in QEventLoop::exec (this=0x80f2770) at qeventloop.cpp:145 #55 0x40d1aa33 in QApplication::exec (this=0xbfffeb10) at qapplication.cpp:2758 #56 0x418031b6 in kdemain (argc=2, argv=0x80ce2c0) at konq_main.cc:206 #57 0x409dd7b9 in kdeinitmain (argc=2, argv=0x80ce2c0) at konqueror_dummy.cc:3 #58 0x0804e673 in launch (argc=2, _name=0x80d6494 "konqueror", args=0x80d64a7 "\001", cwd=0x0, envc=1, envs=0x80d64b8 "", reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x80d64bc "CaixaMagica;1126786822;335055;6922_TIME1774405") at kinit.cpp:637 #59 0x0804f997 in handle_launcher_request (sock=8) at kinit.cpp:1201 #60 0x08050060 in handle_requests (waitForPid=0) at kinit.cpp:1404 #61 0x080514bc in main (argc=2, argv=0xbffff194, envp=0xbffff1a0) at kinit.cpp:1848
Cannot reproduce, bt is similar as http://bugs.kde.org/show_bug.cgi?id=96296
case IFrameContentWindow: { KHTMLView *view = static_cast<DOM::DocumentImpl*>(iFrame.contentDocument().handle())->view(); if (view && view->part()) return Value(Window::retrieveWindow(view->part())); else return Undefined(); So seems like contentDocument is null.
*** Bug 113030 has been marked as a duplicate of this bug. ***
*** Bug 113226 has been marked as a duplicate of this bug. ***
*** Bug 113232 has been marked as a duplicate of this bug. ***
SVN commit 463885 by orlovich: Don't crash in contentWindow if document is null, which may be the case when there is no renderer (the old renderer-manages part problem), or if the part isn't khtml. Fixes crashes on some fairly high-profile sites BUG:112653 M +5 -1 kjs_html.cpp --- branches/KDE/3.5/kdelibs/khtml/ecma/kjs_html.cpp #463884:463885 @@ -1906,7 +1906,11 @@ case IFrameContentDocument: return checkNodeSecurity(exec,iFrame.contentDocument()) ? getDOMNode(exec, iFrame.contentDocument()) : Undefined(); case IFrameContentWindow: { - KHTMLView *view = static_cast<DOM::DocumentImpl*>(iFrame.contentDocument().handle())->view(); + DOM::DocumentImpl* contentDoc = static_cast<DOM::DocumentImpl*>(iFrame.contentDocument().handle()); + if (!contentDoc) + return Undefined(); + + KHTMLView *view = contentDoc->view(); if (view && view->part()) return Value(Window::retrieveWindow(view->part())); else
SVN commit 463900 by orlovich: Regression test for #112653 CCBUG:112653 A baseline/unsorted/112653.html-dom A baseline/unsorted/112653.html-render M +1 -0 baseline/unsorted/svnignore A tests/unsorted/112653.html --- trunk/tests/khtmltests/regression/baseline/unsorted/svnignore #463899:463900 @@ -38,3 +38,4 @@ ./72528.html-dom ./73386.html-dom 98130.html-dump.png +112653.html-dump.png
*** Bug 113344 has been marked as a duplicate of this bug. ***
*** Bug 113360 has been marked as a duplicate of this bug. ***
*** Bug 113466 has been marked as a duplicate of this bug. ***
*** Bug 114173 has been marked as a duplicate of this bug. ***
*** Bug 114228 has been marked as a duplicate of this bug. ***
*** Bug 114573 has been marked as a duplicate of this bug. ***
*** Bug 106129 has been marked as a duplicate of this bug. ***
*** Bug 109772 has been marked as a duplicate of this bug. ***