Version: 3.5 (using KDE 3.5 (RC1) Level "a" , SUSE 9.3 UNSUPPORTED) Compiler: gcc version 3.3.5 20050117 (prerelease) (SUSE Linux) OS: Linux (i686) release 2.6.10 The following HTML crashes konqueror, but only if loaded from a local file: <iframe onload="this.contentWindow.location;" src="nosuchfile" >
Created attachment 13397 [details] Crash dump of iframe crash
*** Bug 116188 has been marked as a duplicate of this bug. ***
Pasting the crash dump: (no debugging symbols found) [KCrash handler] #7 0x41f6ba80 in KJS::ValueImp::dispatchToObject () from /opt/kde3/lib/libkjs.so.1 #8 0x41f7979a in KJS::ObjectImp::toNumber () from /opt/kde3/lib/libkjs.so.1 #9 0x41f7806c in KJS::Reference::getValue () from /opt/kde3/lib/libkjs.so.1 #10 0x41f7d905 in KJS::UndefinedImp::toObject () from /opt/kde3/lib/libkjs.so.1 #11 0x41f7b504 in KJS::UndefinedImp::toObject () from /opt/kde3/lib/libkjs.so.1 #12 0x41f6f7df in KJS::FunctionImp::parameterProperty () from /opt/kde3/lib/libkjs.so.1 #13 0x41f6f38c in KJS::DeclaredFunctionImp::execute () from /opt/kde3/lib/libkjs.so.1 #14 0x41f81e20 in KJS::FunctionImp::call () from /opt/kde3/lib/libkjs.so.1 #15 0x41f7a0de in KJS::Object::call () from /opt/kde3/lib/libkjs.so.1 #16 0x41e5476b in EmbedLiveConnect::get () from /opt/kde3/lib/libkhtml.so.4 #17 0x41e54a02 in EmbedLiveConnect::get () from /opt/kde3/lib/libkhtml.so.4 #18 0x41d12b35 in DOM::XMLAttributeReader::XMLAttributeReader () from /opt/kde3/lib/libkhtml.so.4 #19 0x41d1d9f9 in DOM::ElementMappingCache::add () from /opt/kde3/lib/libkhtml.so.4 #20 0x41d3ae7f in findDoctypeEntry () from /opt/kde3/lib/libkhtml.so.4 #21 0x41cbe49f in KHTMLPart::checkEmitLoadEvent () from /opt/kde3/lib/libkhtml.so.4 #22 0x41cdeecb in KHTMLPart::slotFinishedParsing () from /opt/kde3/lib/libkhtml.so.4 #23 0x41cf3174 in KHTMLPart::qt_invoke () from /opt/kde3/lib/libkhtml.so.4 #24 0x408a9a7e in QObject::activate_signal_bool () from /usr/lib/qt3/lib/libqt-mt.so.3 #25 0x0874a238 in ?? () #26 0x00000014 in ?? () #27 0xbfffce00 in ?? () #28 0x41d5993a in findDoctypeEntry () from /opt/kde3/lib/libkhtml.so.4 #29 0x408aa226 in QObject::activate_filters () from /usr/lib/qt3/lib/libqt-mt.so.3 #30 0x086fe238 in ?? () #31 0x0876b550 in ?? () #32 0xbfffce00 in ?? () #33 0x41f29258 in ?? () from /opt/kde3/lib/libkhtml.so.4 #34 0x08733440 in ?? () #35 0xbfffce00 in ?? () #36 0x0876b550 in ?? () #37 0x41d0ab5e in DOM::XMLAttributeReader::XMLAttributeReader () from /opt/kde3/lib/libkhtml.so.4 #38 0x41d0ac29 in DOM::XMLAttributeReader::XMLAttributeReader () from /opt/kde3/lib/libkhtml.so.4 #39 0x41d0ac88 in DOM::XMLAttributeReader::XMLAttributeReader () from /opt/kde3/lib/libkhtml.so.4 #40 0x41d3a10b in findDoctypeEntry () from /opt/kde3/lib/libkhtml.so.4 #41 0x408a9ab1 in QObject::activate_signal_bool () from /usr/lib/qt3/lib/libqt-mt.so.3 #42 0x086fe238 in ?? () #43 0x00000002 in ?? () #44 0xbfffcf10 in ?? () #45 0x41055900 in main_arena () from /lib/tls/libc.so.6 #46 0x41055838 in main_arena () from /lib/tls/libc.so.6 #47 0x085d3a38 in ?? () #48 0x00000000 in ?? () #49 0x0870f1f0 in ?? () #50 0x01000018 in ?? () #51 0x0870f350 in ?? () #52 0x41055838 in main_arena () from /lib/tls/libc.so.6 #53 0x00000000 in ?? () #54 0x41055824 in main_arena () from /lib/tls/libc.so.6 #55 0x41055828 in main_arena () from /lib/tls/libc.so.6 #56 0x41055800 in __malloc_initialize_hook () from /lib/tls/libc.so.6 #57 0x40d05b94 in ?? () from /usr/lib/qt3/lib/libqt-mt.so.3 #58 0xbfffcf24 in ?? () #59 0x0870f1f0 in ?? () #60 0xbfffcf48 in ?? () #61 0x408aa226 in QObject::activate_filters () from /usr/lib/qt3/lib/libqt-mt.so.3 #62 0x0870f1f0 in ?? () #63 0x0839b608 in ?? () #64 0xbfffcf10 in ?? () #65 0x40fa1115 in _int_free () from /lib/tls/libc.so.6
Actual bt: konqueror: /home/maksim/kde3/kdelibs/kjs/nodes.cpp:670: virtual KJS::Reference KJS::AccessorNode2::evaluateReference(KJS::ExecState*) const: Assertion `v.isValid()' failed. Using host libthread_db library "/lib/tls/libthread_db.so.1". `shared object read from target memory' has disappeared; keeping its symbols. [Thread debugging using libthread_db enabled] [New Thread -1231455360 (LWP 22690)] [KCrash handler] #4 0xffffe410 in __kernel_vsyscall () #5 0xb6a1ef21 in raise () from /lib/tls/libc.so.6 #6 0xb6a2086b in abort () from /lib/tls/libc.so.6 #7 0xb6a18065 in __assert_fail () from /lib/tls/libc.so.6 #8 0xb61a62b0 in KJS::AccessorNode2::evaluateReference (this=0x84475e8, exec=0xbffc66ec) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:670 #9 0xb61a41e9 in KJS::Node::evaluate (this=0x0, exec=0xbffc66ec) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:130 #10 0xb61ab6da in KJS::ExprStatementNode::execute (this=0x8447600, exec=0xbffc66ec) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:1980 #11 0xb61b09c3 in KJS::SourceElementsNode::execute (this=0x8447630, exec=0xbffc66ec) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:3091 #12 0xb61ab4ff in KJS::BlockNode::execute (this=0x8447668, exec=0xbffc66ec) at /home/maksim/kde3/kdelibs/kjs/nodes.cpp:1942 #13 0xb61d5d7f in KJS::DeclaredFunctionImp::execute (this=0x0, exec=0xbffc66ec) at /home/maksim/kde3/kdelibs/kjs/function.cpp:579 #14 0xb61d5276 in KJS::FunctionImp::call (this=0x8447580, exec=0x8325628, thisObj=@0xbffc67fc, args=@0xbffc67dc) at /home/maksim/kde3/kdelibs/kjs/function.cpp:354 #15 0xb61dbd5e in KJS::Object::call (this=0x0, exec=0x8325628, thisObj=@0xbffc67fc, args=@0xbffc67dc) at /home/maksim/kde3/kdelibs/kjs/object.cpp:70 #16 0xb6522d54 in KJS::JSEventListener::handleEvent (this=0x8424728, evt=@0xbffc6880) at /home/maksim/kde3/kdelibs/khtml/ecma/kjs_events.cpp:95 #17 0xb6522fc3 in KJS::JSLazyEventListener::handleEvent (this=0x8424728, evt=@0xbffc6880) at /home/maksim/kde3/kdelibs/khtml/ecma/kjs_events.cpp:151 #18 0xb63cc4e0 in DOM::NodeImpl::handleLocalEvents (this=0x8424620, evt=0x844f1d0, useCapture=false) at /home/maksim/kde3/kdelibs/khtml/xml/dom_nodeimpl.cpp:662 #19 0xb63cd6de in DOM::NodeImpl::dispatchWindowEvent (this=0x84277d4, _id=17, canBubbleArg=false, cancelableArg=false) at /home/maksim/kde3/kdelibs/khtml/xml/dom_nodeimpl.cpp:528 #20 0xb63f7c15 in DOM::HTMLDocumentImpl::close (this=0x84277a8) at /home/maksim/kde3/kdelibs/khtml/html/html_documentimpl.cpp:276 #21 0xb6383128 in KHTMLPart::checkEmitLoadEvent (this=0x8426e10) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:2324 #22 0xb638457c in KHTMLPart::slotFinishedParsing (this=0x8426e10) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:2061 #23 0xb6391b41 in KHTMLPart::qt_invoke (this=0x8426e10, _id=20, _o=0xbffc6a84) at ../khtml/khtml_part.moc:505 #24 0xb7105a60 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #25 0xb710609a in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #26 0xb63bf2db in DOM::DocumentImpl::finishedParsing (this=0x84277a8) at ../khtml/xml/dom_docimpl.moc:86 #27 0xb63bf359 in DOM::DocumentImpl::qt_emit (this=0x84277a8, _id=2, _o=0xbffc6b70) at ../khtml/xml/dom_docimpl.moc:97 #28 0xb63f8933 in DOM::HTMLDocumentImpl::qt_emit (this=0x84277a8, _id=2, _o=0xbffc6b70) at ../khtml/html/html_documentimpl.moc:91 #29 0xb7105a56 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #30 0xb710609a in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #31 0xb63dafb5 in khtml::Tokenizer::finishedParsing (this=0x8447350) at ../khtml/xml/xml_tokenizer.moc:82 #32 0xb63e8023 in khtml::HTMLTokenizer::end (this=0x8447350) at /home/maksim/kde3/kdelibs/khtml/html/htmltokenizer.cpp:1562 #33 0xb63ea683 in khtml::HTMLTokenizer::finish (this=0x8447350) at /home/maksim/kde3/kdelibs/khtml/html/htmltokenizer.cpp:1611 #34 0xb63bcaf8 in DOM::DocumentImpl::finishParsing (this=0x84277a8) at /home/maksim/kde3/kdelibs/khtml/xml/dom_docimpl.cpp:1315 #35 0xb6371a25 in KHTMLPart::end (this=0x8426e10) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:1999 #36 0xb637e1e6 in KHTMLPart::htmlError (this=0x8426e10, errorCode=11, text=@0xbffc6ef0, reqUrl=@0x842d6a8) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:1723 #37 0xb639271a in KHTMLPart::openURL (this=0x8426e10, url=@0xbffc7024) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:598 #38 0xb6384122 in KHTMLPart::processObjectRequest (this=0x8310058, child=0x8424d50, _url=@0x8425618, mimetype=@0xbffc710c) at /home/maksim/kde3/kdelibs/khtml/khtml_part.cpp:4599 #39 0xb639d8a9 in KHTMLRun::foundMimeType (this=0x84255f0, _type=@0xbffc71a8) at /home/maksim/kde3/kdelibs/khtml/khtml_run.cpp:51 #40 0xb7e52455 in KParts::BrowserRun::redirectToError (this=0x84255f0, error=11, errorText=@0xbffc7274) at /home/maksim/kde3/kdelibs/kparts/browserrun.cpp:477 #41 0xb7e52868 in KParts::BrowserRun::init (this=0x84255f0) at /home/maksim/kde3/kdelibs/kparts/browserrun.cpp:88 #42 0xb7c573b1 in KRun::slotTimeout (this=0x84255f0) at /home/maksim/kde3/kdelibs/kio/kio/krun.cpp:998 #43 0xb7c581e5 in KRun::qt_invoke (this=0x84255f0, _id=2, _o=0xbffc73ac) at ./kio/kio/krun.moc:116 #44 0xb7e53de4 in KParts::BrowserRun::qt_invoke (this=0x84255f0, _id=2, _o=0xbffc73ac) at ./kparts/browserrun.moc:106 #45 0xb639db53 in KHTMLRun::qt_invoke (this=0x84255f0, _id=2, _o=0xbffc73ac) at ../khtml/khtml_run.moc:77 #46 0xb7105a60 in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #47 0xb710609a in QObject::activate_signal () from /opt/kde3.4/lib/libqt-mt.so.3 #48 0xb7386873 in QTimer::timeout () from /opt/kde3.4/lib/libqt-mt.so.3 #49 0xb711eda9 in QTimer::event () from /opt/kde3.4/lib/libqt-mt.so.3 #50 0xb70bb1e5 in QApplication::internalNotify () from /opt/kde3.4/lib/libqt-mt.so.3 #51 0xb70bb9b8 in QApplication::notify () from /opt/kde3.4/lib/libqt-mt.so.3 #52 0xb75f528b in KApplication::notify (this=0xbffc7958, receiver=0x8425648, event=0xbffc768c) at /home/maksim/kde3/kdelibs/kdecore/kapplication.cpp:550 #53 0xb70b1acb in QEventLoop::activateTimers () from /opt/kde3.4/lib/libqt-mt.so.3 #54 0xb707b63e in QEventLoop::processEvents () from /opt/kde3.4/lib/libqt-mt.so.3 #55 0xb70cbcdc in QEventLoop::enterLoop () from /opt/kde3.4/lib/libqt-mt.so.3 #56 0xb70cbc41 in QEventLoop::exec () from /opt/kde3.4/lib/libqt-mt.so.3 #57 0xb70ba646 in QApplication::exec () from /opt/kde3.4/lib/libqt-mt.so.3 #58 0xb7f2874c in kdemain () from /opt/kde3.4/lib/libkdeinit_konqueror.so #59 0xb6a0be40 in __libc_start_main () from /lib/tls/libc.so.6 #60 0x080485e1 in _start () at ../sysdeps/i386/elf/start.S:119
Can't reproduce in post-3.5.8 3.5.x, or my current 4.0.x tree
I can not reproduce it either in 3,5,9 or 4.1b2