Version: (using KDE KDE 3.5.2) Installed from: Debian testing/unstable Packages from debian bug http://bugs.debian.org/367090 ============================================= go to http://www.penzcentrum.hu/register.html and "submit" the form, leaving it empty. konqueror crashes. Here is the btrace: Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1501103904 (LWP 10528)] [KCrash handler] #6 0xffffe410 in __kernel_vsyscall () #7 0xa7ca66d1 in raise () from /lib/tls/i686/cmov/libc.so.6 #8 0xa7ca7f9b in abort () from /lib/tls/i686/cmov/libc.so.6 #9 0xa7cdd157 in __fsetlocking () from /lib/tls/i686/cmov/libc.so.6 #10 0xa7ce3727 in malloc_usable_size () from /lib/tls/i686/cmov/libc.so.6 #11 0xa7ce3bc2 in free () from /lib/tls/i686/cmov/libc.so.6 #12 0xa7e99061 in operator delete () from /usr/lib/libstdc++.so.6 #13 0xa5ef6f95 in ~XMLElementImpl (this=0x48) at dom_elementimpl.cpp:867 #14 0xa5ee127d in ~NodeBaseImpl (this=0x2) at dom_nodeimpl.cpp:964 #15 0xa5ef2c1e in ~DocumentImpl (this=0x8abf8e8) at dom_docimpl.cpp:399 #16 0xa609b4bc in ~Node (this=0x6) at shared.h:38 #17 0xa60a4e88 in ~Document (this=0x6) at dom_doc.cpp:208 #18 0xa6044904 in ~XMLHttpRequest (this=0x8a2b928) at xmlhttprequest.cpp:242 #19 0xa5d586cd in KJS::Collector::collect () at collector.cpp:271 #20 0xa5d588e6 in KJS::Collector::allocate (s=48) at collector.cpp:85 #21 0xa5d58a2d in KJS::ValueImp::operator new (s=0) at value.cpp:84 #22 0xa5d77d07 in StringObjectImp (this=0x8ab66c8, exec=0x0, funcProto=0x8ab6f18, stringProto=0x0) at string_object.cpp:591 #23 0xa5d7a262 in KJS::InterpreterImp::initGlobalObject (this=0x843b140) at internal.cpp:632 #24 0xa5d7c190 in KJS::Interpreter::initGlobalObject (this=0x0) at interpreter.cpp:136 #25 0xa5ff764c in KJS::Window::clear (this=0x8332820, exec=0x0) at kjs_window.cpp:1220 #26 0xa603ba50 in KJS::KJSProxyImpl::clear (this=0x841ee88) at kjs_proxy.cpp:215 #27 0xa5e987a2 in KHTMLPart::clear (this=0x8894d70) at khtml_part.cpp:1412 #28 0xa5eb1fa5 in KHTMLPart::begin (this=0x8894d70, url=@0x88a9028, xOffset=0, yOffset=0) at khtml_part.cpp:1886 #29 0xa5e9fc52 in KHTMLPart::slotData (this=0x8894d70, kio_job=0x8901aa0, data=@0xafd34e90) at khtml_part.cpp:1579 #30 0xa5ec1a5e in KHTMLPart::qt_invoke (this=0x8894d70, _id=16, _o=0xafd34ba0) at khtml_part.moc:501 #31 0xa721c54b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #32 0xa7a5c29f in KIO::TransferJob::data (this=0x8901aa0, t0=0x0, t1=@0x0) at jobclasses.moc:993 #33 0xa7a5c318 in KIO::TransferJob::slotData (this=0x8901aa0, _data=@0x0) at job.cpp:906 #34 0xa7ab0819 in KIO::TransferJob::qt_invoke (this=0x8901aa0, _id=18, _o=0xafd34c94) at jobclasses.moc:1072 #35 0xa721c54b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #36 0xa7a59462 in KIO::SlaveInterface::data (this=0x8332ad8, t0=@0x0) at slaveinterface.moc:194 #37 0xa7ac6671 in KIO::SlaveInterface::dispatch (this=0x8332ad8, _cmd=100, rawdata=@0xafd34e90) at slaveinterface.cpp:234 #38 0xa7a6da47 in KIO::SlaveInterface::dispatch (this=0x8332ad8) at slaveinterface.cpp:173 #39 0xa7a7295b in KIO::Slave::gotInput (this=0x8332ad8) at slave.cpp:300 #40 0xa7a72b0b in KIO::Slave::qt_invoke (this=0x8332ad8, _id=4, _o=0xafd34fb8) at slave.moc:113 #41 0xa721c54b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #42 0xa721ce52 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #43 0xa75aef7f in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3 #44 0xa723c80a in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3 #45 0xa71b287a in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #46 0xa71b2a76 in QApplication::notify () from /usr/lib/libqt-mt.so.3 #47 0xa788902e in KApplication::notify (this=0xafd3565c, receiver=0x83dd7e8, event=0xafd35310) at kapplication.cpp:550 #48 0xa7144001 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #49 0xa71a4435 in QEventLoop::activateSocketNotifiers () from /usr/lib/libqt-mt.so.3 #50 0xa7157d06 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #51 0xa71cb255 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #52 0xa71cb17a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #53 0xa71b138d in QApplication::exec () from /usr/lib/libqt-mt.so.3 #54 0xa660217c in kdemain (argc=0, argv=0x0) at konq_main.cc:206 #55 0xa7f18524 in kdeinitmain (argc=0, argv=0x0) at konqueror_dummy.cc:3 #56 0x0804e1d6 in launch (argc=2, _name=0x80757dc "konqueror", args=0x80757ef "\001", cwd=0x0, envc=1, envs=0x8075800 "", reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x0) at kinit.cpp:639 #57 0x0804e897 in handle_launcher_request (sock=8) at kinit.cpp:1205 #58 0x0804ee13 in handle_requests (waitForPid=0) at kinit.cpp:1406 #59 0x0804fe9b in main (argc=2, argv=0xafd36164, envp=0x0) at kinit.cpp:1850 #60 0xa7c91eb0 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #61 0x0804b861 in _start () at ../sysdeps/i386/elf/start.S:119
svn r534958 crashes too.
==26322== Invalid write of size 1 ==26322== at 0x1E19421E: DOM::HTMLScriptElementImpl::setCreatedByParser(bool) (html_headimpl.h:152) ==26322== by 0x1E19270B: khtml::XMLHandler::startElement(QString const&, QString const&, QString const&, QXmlAttributes const&) (xml_tokenizer.cpp:161) ==26322== by 0x1CB124E9: QXmlSimpleReader::parseElement() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB1588E: QXmlSimpleReader::parseBeginOrContinue(int, bool) (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB15C39: QXmlSimpleReader::parseContinue() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1E19162D: khtml::XMLTokenizer::write(khtml::TokenizerString const&, bool) (xml_tokenizer.cpp:397) ==26322== by 0x1E1726E3: DOM::DocumentImpl::write(QString const&) (dom_docimpl.cpp:1315) ==26322== by 0x1E34E4CB: KJS::XMLHttpRequest::getValueProperty(KJS::ExecState*, int) const (xmlhttprequest.cpp:161) ==26322== by 0x1E3522B1: KJS::Value KJS::DOMObjectLookupGetValue<KJS::XMLHttpRequest, KJS::DOMObject>(KJS::ExecState*, KJS::Identifier const&, KJS::HashTable const*, KJS::XMLHttpRequest const*) (kjs_binding.h:220) ==26322== by 0x1E34E936: KJS::XMLHttpRequest::tryGet(KJS::ExecState*, KJS::Identifier const&) const (xmlhttprequest.cpp:133) ==26322== by 0x1E2A2FB4: KJS::DOMObject::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_binding.cpp:50) ==26322== by 0x1E4A7409: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:143) ==26322== by 0x1E45C7DC: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130) ==26322== by 0x1E464BE1: KJS::AssignExprNode::evaluate(KJS::ExecState*) const (nodes.cpp:1760) ==26322== by 0x1E464E2B: KJS::VarDeclNode::evaluate(KJS::ExecState*) const (nodes.cpp:1791) ==26322== by 0x1E46527E: KJS::VarDeclListNode::evaluate(KJS::ExecState*) const (nodes.cpp:1863) ==26322== by 0x1E4654FE: KJS::VarStatementNode::execute(KJS::ExecState*) (nodes.cpp:1896) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E46B35D: KJS::TryNode::execute(KJS::ExecState*) (nodes.cpp:2871) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== Address 0x1EAF371C is 4 bytes after a block of size 64 alloc'd ==26322== at 0x1B8FEC73: operator new(unsigned) (vg_replace_malloc.c:164) ==26322== by 0x1E16F7BD: DOM::DocumentImpl::createElementNS(DOM::DOMString const&, DOM::DOMString const&, int*) (dom_docimpl.cpp:582) ==26322== by 0x1E19252B: khtml::XMLHandler::startElement(QString const&, QString const&, QString const&, QXmlAttributes const&) (xml_tokenizer.cpp:145) ==26322== by 0x1CB124E9: QXmlSimpleReader::parseElement() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB1588E: QXmlSimpleReader::parseBeginOrContinue(int, bool) (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1CB15C39: QXmlSimpleReader::parseContinue() (in /usr/lib/libqt-mt.so.3.3.4) ==26322== by 0x1E19162D: khtml::XMLTokenizer::write(khtml::TokenizerString const&, bool) (xml_tokenizer.cpp:397) ==26322== by 0x1E1726E3: DOM::DocumentImpl::write(QString const&) (dom_docimpl.cpp:1315) ==26322== by 0x1E34E4CB: KJS::XMLHttpRequest::getValueProperty(KJS::ExecState*, int) const (xmlhttprequest.cpp:161) ==26322== by 0x1E3522B1: KJS::Value KJS::DOMObjectLookupGetValue<KJS::XMLHttpRequest, KJS::DOMObject>(KJS::ExecState*, KJS::Identifier const&, KJS::HashTable const*, KJS::XMLHttpRequest const*) (kjs_binding.h:220) ==26322== by 0x1E34E936: KJS::XMLHttpRequest::tryGet(KJS::ExecState*, KJS::Identifier const&) const (xmlhttprequest.cpp:133) ==26322== by 0x1E2A2FB4: KJS::DOMObject::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_binding.cpp:50) ==26322== by 0x1E4A7409: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:143) ==26322== by 0x1E45C7DC: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130) ==26322== by 0x1E464BE1: KJS::AssignExprNode::evaluate(KJS::ExecState*) const (nodes.cpp:1760) ==26322== by 0x1E464E2B: KJS::VarDeclNode::evaluate(KJS::ExecState*) const (nodes.cpp:1791) ==26322== by 0x1E46527E: KJS::VarDeclListNode::evaluate(KJS::ExecState*) const (nodes.cpp:1863) ==26322== by 0x1E4654FE: KJS::VarStatementNode::execute(KJS::ExecState*) (nodes.cpp:1896) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E46B35D: KJS::TryNode::execute(KJS::ExecState*) (nodes.cpp:2871) ==26322== by 0x1E46C584: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3091) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588) ==26322== by 0x1E498B31: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:363) ==26322== by 0x1E4A06FC: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==26322== by 0x1E45FEB3: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==26322== by 0x1E465AF4: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==26322== by 0x1E465F67: KJS::IfNode::execute(KJS::ExecState*) (nodes.cpp:2021) ==26322== by 0x1E46C69F: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==26322== by 0x1E4658EF: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==26322== by 0x1E4997EA: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:588)
Dupe of script-in-xml thing, probably..
Is this still valid? konqueror 3.5.3 doesn't crash.
OK, 3.5.2 crashes, 3.5.3 and svn r556k won't.