Version: 3.4.2 (using KDE KDE 3.4.2) Installed from: SuSE RPMs OS: Linux Konqueror crashes everytime I open saved Website from Google-Cache. I have put the document here: http://www.informatik.uni-oldenburg.de/~omni/Juli-RegenUndMeer.htm . I found this bug earlier (kde 3.3.?) but didnt report it yet. it also crashes in kubuntu.
Confirmed. TreeWalker, wow. Using host libthread_db library "/lib/tls/libthread_db.so.1". `shared object read from target memory' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread -1229891904 (LWP 6136)] [KCrash handler] #4 0xb638fbfd in DOM::TreeWalkerImpl::isAccepted (this=0x865b910, n=0x0) at /home/maksim/kde3/kdelibs/khtml/xml/dom2_traversalimpl.cpp:492 #5 0xb638fcc4 in DOM::TreeWalkerImpl::getFirstChild (this=0x865b910, n=0x0) at /home/maksim/kde3/kdelibs/khtml/xml/dom2_traversalimpl.cpp:529 #6 0xb638fec2 in DOM::TreeWalkerImpl::nextNode (this=0x865b910) at /home/maksim/kde3/kdelibs/khtml/xml/dom2_traversalimpl.cpp:461 #7 0xb652e136 in DOM::TreeWalker::nextNode (this=0x8530350) at /home/maksim/kde3/kdelibs/khtml/dom/dom2_traversal.cpp:332 #8 0xb64de604 in KJS::DOMTreeWalkerProtoFunc::tryCall (this=0x8530350, exec=0xbfe82f98, thisObj=@0xbfe82be8) at /home/maksim/kde3/kdelibs/khtml/ecma/kjs_traversal.cpp:273 #9 0xb64824c1 in KJS::DOMFunction::call (this=0x8530350, exec=0xbfe82f98, thisObj=@0xbfe82be8, args=@0xbfe82bdc) at /home/maksim/kde3/kdelibs/khtml/ecma/kjs_binding.cpp:114 #10 0xb61aed5e in KJS::Object::call (this=0x8530350, exec=0xbfe82f98, thisObj=@0xbfe82be8, args=@0xbfe82bdc) at /home/maksim/kde3/kdelibs/kjs/object.cpp:70 #11 0xb6179d4f in KJS::FunctionCallNode::evaluate (this=0x885f300, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:870 #12 0xb6177236 in KJS::Node::toBoolean (this=0x8530350, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:136 #13 0xb617f122 in KJS::WhileNode::execute (this=0x8a764c0, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:2122 #14 0xb6183b28 in KJS::SourceElementsNode::execute (this=0x870f738, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:3097 #15 0xb617e4ff in KJS::BlockNode::execute (this=0x88b4a40, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:1942 #16 0xb617e951 in KJS::IfNode::execute (this=0x84b24b8, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:2028 #17 0xb61839c3 in KJS::SourceElementsNode::execute (this=0x84f0528, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:3091 #18 0xb617e4ff in KJS::BlockNode::execute (this=0x8bd1658, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:1942 #19 0xb61a8d7f in KJS::DeclaredFunctionImp::execute (this=0x8530350, exec=0xbfe82f98) at /home/maksim/kde3/kdelibs/kjs/function.cpp:579 #20 0xb61a8276 in KJS::FunctionImp::call (this=0x884a578, exec=0xbfe83298, thisObj=@0xbfe83088, args=@0xbfe8307c) at /home/maksim/kde3/kdelibs/kjs/function.cpp:354 #21 0xb61aed5e in KJS::Object::call (this=0x8530350, exec=0xbfe83298, thisObj=@0xbfe83088, args=@0xbfe8307c) at /home/maksim/kde3/kdelibs/kjs/object.cpp:70 #22 0xb6179d4f in KJS::FunctionCallNode::evaluate (this=0x86c7498, exec=0xbfe83298) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:870 #23 0xb617e6da in KJS::ExprStatementNode::execute (this=0x853c430, exec=0xbfe83298) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:1980 #24 0xb61839c3 in KJS::SourceElementsNode::execute (this=0x853ce40, exec=0xbfe83298) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:3091 #25 0xb617e4ff in KJS::BlockNode::execute (this=0x8530f08, exec=0xbfe83298) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:1942 #26 0xb61a8d7f in KJS::DeclaredFunctionImp::execute (this=0x8530350, exec=0xbfe83298) at /home/maksim/kde3/kdelibs/kjs/function.cpp:579 #27 0xb61a8276 in KJS::FunctionImp::call (this=0x8895d20, exec=0x86ebd60, thisObj=@0xbfe833a8, args=@0xbfe83388) at /home/maksim/kde3/kdelibs/kjs/function.cpp:354 #28 0xb61aed5e in KJS::Object::call (this=0x8530350, exec=0x86ebd60, thisObj=@0xbfe833a8, args=@0xbfe83388) at /home/maksim/kde3/kdelibs/kjs/object.cpp:70 #29 0xb64e6b34 in KJS::JSEventListener::handleEvent (this=0x8be0b58, evt=@0xbfe83404) at /home/maksim/kde3/kdelibs/khtml/ecma/kjs_events.cpp:95 #30 0xb64e6da3 in KJS::JSLazyEventListener::handleEvent (this=0x8be0b58, evt=@0xbfe83404) at /home/maksim/kde3/kdelibs/khtml/ecma/kjs_events.cpp:151 #31 0xb63749f6 in DOM::DocumentImpl::defaultEventHandler (this=0x8babd88, evt=0x8a64368) at /home/maksim/kde3/kdelibs/khtml/xml/dom_docimpl.cpp:2391 #32 0xb63837bd in DOM::NodeImpl::dispatchWindowEvent (this=0x8babdb4, _id=17, canBubbleArg=false, cancelableArg=false) at /home/maksim/kde3/kdelibs/khtml/xml/dom_nodeimpl.cpp:509 #33 0xb63aea61 in DOM::HTMLDocumentImpl::close (this=0x8babd88) at /home/maksim/kde3/kdelibs/khtml/html/html_documentimpl.cpp:276 #34 0xb6336218 in KHTMLPart::checkEmitLoadEvent (this=0x8bcb180) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:2324 #35 0xb633766c in KHTMLPart::slotFinishedParsing (this=0x8bcb180) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:2061 #36 0xb6344c31 in KHTMLPart::qt_invoke (this=0x8bcb180, _id=20, _o=0xbfe83610) at ../khtml/khtml_part.moc:505 #37 0xb7283a60 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #38 0xb728409a in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #39 0xb6373b85 in DOM::DocumentImpl::finishedParsing (this=0x8babd88) at ../khtml/xml/dom_docimpl.moc:86 #40 0xb6373bbe in DOM::DocumentImpl::qt_emit (this=0x8babd88, _id=2, _o=0xbfe836fc) at ../khtml/xml/dom_docimpl.moc:97 #41 0xb63ae893 in DOM::HTMLDocumentImpl::qt_emit (this=0x8babd88, _id=2, _o=0xbfe836fc) at ../khtml/html/html_documentimpl.moc:91 #42 0xb7283a56 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #43 0xb728409a in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #44 0xb6391085 in khtml::Tokenizer::finishedParsing (this=0x8bc95b8) at ../khtml/xml/xml_tokenizer.moc:82 #45 0xb639e9e3 in khtml::HTMLTokenizer::end (this=0x8bc95b8) at /home/maksim/kde3/kdelibs/khtml/html/htmltokenizer.cpp:1562 #46 0xb63a1043 in khtml::HTMLTokenizer::finish (this=0x8bc95b8) at /home/maksim/kde3/kdelibs/khtml/html/htmltokenizer.cpp:1611 #47 0xb63713c8 in DOM::DocumentImpl::finishParsing (this=0x8babd88) at /home/maksim/kde3/kdelibs/khtml/xml/dom_docimpl.cpp:1315 #48 0xb6324b15 in KHTMLPart::end (this=0x8bcb180) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:1999 #49 0xb6337870 in KHTMLPart::slotFinished (this=0x8bcb180, job=0x8b9e040) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:1858 #50 0xb6344c16 in KHTMLPart::qt_invoke (this=0x8bcb180, _id=19, _o=0xbfe839b0) at ../khtml/khtml_part.moc:504 #51 0xb7283ae4 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #52 0xb7d1a2d2 in KIO::Job::result (this=0x8b9e040, t0=0x8b9e040) at ./kio/kio/jobclasses.moc:162 #53 0xb7d1f179 in KIO::Job::emitResult (this=0x8b9e040) at /home/maksim/kde3/kdelibs/kio/kio/job.cpp:222 #54 0xb7d22b1b in KIO::SimpleJob::slotFinished (this=0x8b9e040) at /home/maksim/kde3/kdelibs/kio/kio/job.cpp:570 #55 0xb7d23da0 in KIO::TransferJob::slotFinished (this=0x8b9e040) at /home/maksim/kde3/kdelibs/kio/kio/job.cpp:938 #56 0xb7d2bc68 in KIO::TransferJob::qt_invoke (this=0x8b9e040, _id=17, _o=0xbfe83cf4) at ./kio/kio/jobclasses.moc:1071 #57 0xb7283a60 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #58 0xb728409a in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #59 0xb7d09128 in KIO::SlaveInterface::finished (this=0x84e5c88) at ./kio/kio/slaveinterface.moc:226 #60 0xb7d0cff8 in KIO::SlaveInterface::dispatch (this=0x84e5c88, _cmd=104, rawdata=@0xbfe83f68) at /home/maksim/kde3/kdelibs/kio/kio/slaveinterface.cpp:243 #61 0xb7d0a0e1 in KIO::SlaveInterface::dispatch (this=0x84e5c88) at /home/maksim/kde3/kdelibs/kio/kio/slaveinterface.cpp:173 #62 0xb7d070bb in KIO::Slave::gotInput (this=0x84e5c88) at /home/maksim/kde3/kdelibs/kio/kio/slave.cpp:300 #63 0xb7d073b9 in KIO::Slave::qt_invoke (this=0x84e5c88, _id=4, _o=0xbfe84090) at ./kio/kio/slave.moc:113 #64 0xb7283a60 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #65 0xb7283fb1 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #66 0xb7503c9a in QSocketNotifier::activated () from /opt/kde3.4/lib/libqt-mt.so.3 #67 0xb729922d in QSocketNotifier::event () from /opt/kde3.4/lib/libqt-mt.so.3 #68 0xb72391e5 in QApplication::internalNotify () from /opt/kde3.4/lib/libqt-mt.so.3 #69 0xb72399b8 in QApplication::notify () from /opt/kde3.4/lib/libqt-mt.so.3 #70 0xb776d817 in KApplication::notify (this=0xbfe84628, receiver=0x8669528, event=0xbfe8435c) at /home/maksim/kde3/kdelibs/kdecore/kapplication.cpp:550 #71 0xb722fbb8 in QEventLoop::activateSocketNotifiers () from /opt/kde3.4/lib/libqt-mt.so.3 #72 0xb71f9626 in QEventLoop::processEvents () from /opt/kde3.4/lib/libqt-mt.so.3 #73 0xb7249cdc in QEventLoop::enterLoop () from /opt/kde3.4/lib/libqt-mt.so.3 #74 0xb7249c41 in QEventLoop::exec () from /opt/kde3.4/lib/libqt-mt.so.3 #75 0xb7238646 in QApplication::exec () from /opt/kde3.4/lib/libqt-mt.so.3 #76 0xb68db74c in kdemain () from /opt/kde3.4/lib/libkdeinit_konqueror.so #77 0xb6967740 in kdeinitmain () from /opt/kde3.4/lib/kde3/konqueror.so #78 0x0804dea4 in launch (argc=2, _name=0x809669c "konqueror", args=0x80966b0 "\001", cwd=0x0, envc=1, envs=0x80966c1 "", reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x8050852 "0") at /home/maksim/kde3/kdelibs/kinit/kinit.cpp:637 #79 0x0804e599 in handle_launcher_request (sock=8) at /home/maksim/kde3/kdelibs/kinit/kinit.cpp:1203 #80 0x0804eb92 in handle_requests (waitForPid=0) at /home/maksim/kde3/kdelibs/kinit/kinit.cpp:1404 #81 0x0804fb1c in main (argc=2, argv=0xbfe85064, envp=0xbfe85070) at /home/maksim/kde3/kdelibs/kinit/kinit.cpp:1848
Patch: --- xml/dom2_traversalimpl.cpp (revision 474896) +++ xml/dom2_traversalimpl.cpp (working copy) @@ -522,7 +522,7 @@ { short _result; - if( !n || n->firstChild() ) + if( !n || !n->firstChild() ) return 0; n = n->firstChild();
incredible... same mistake in getLastChild, btw
SVN commit 478314 by orlovich: Fix obvious logic errors, leading to crash (thanks to Germain for spotting the other of the twins) BUG:115680 M +2 -2 dom2_traversalimpl.cpp --- branches/KDE/3.5/kdelibs/khtml/xml/dom2_traversalimpl.cpp #478313:478314 @@ -522,7 +522,7 @@ { short _result; - if( !n || n->firstChild() ) + if( !n || !n->firstChild() ) return 0; n = n->firstChild(); @@ -551,7 +551,7 @@ { short _result; - if( !n || n->lastChild() ) + if( !n || !n->lastChild() ) return 0; n = n->lastChild(); _result = isAccepted( n );