Version: (using KDE KDE 3.5.3) Installed from: Debian testing/unstable Packages from debian bug http://bugs.debian.org/374903 ============================================= Package: konqueror Version: 4:3.5.3-2 Severity: normal Visiting this page causes konqueror to segfault. http://java.sun.com/javase/6/webnotes/index.html the stack trace: #0 0xb7c5e22f in free () from /lib/tls/libc.so.6 #1 0xb7c5fdfc in malloc () from /lib/tls/libc.so.6 #2 0xb7e13598 in operator new () from /usr/lib/libstdc++.so.6 #3 0xb6f8452f in QGListIterator::QGListIterator () from /usr/lib/libqt-mt.so.3 #4 0xb61bc221 in DOM::CSSSelector::operator== () from /usr/lib/libkhtml.so.4 #5 0xb61c052a in DOM::CSSParser::addBackgroundValue () from /usr/lib/libkhtml.so.4 #6 0xb610de56 in non-virtual thunk to DOM::DocumentImpl::error(int, QString const&) () from /usr/lib/libkhtml.so.4
Same on r548320 on FreeBSD. I can't get a backtrace, but the console says "Bus error: 10"
Confirmed: stack overflow (548000): first frames: #0 0xb7d9527c in mallopt () from /lib/i686/libc.so.6 #1 0xb7d97075 in malloc () from /lib/i686/libc.so.6 #2 0xb67945d8 in operator new () from /usr/lib/libstdc++.so.6 #3 0xb5ba602b in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:735 #4 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #5 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #6 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #7 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #8 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #9 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #10 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #11 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #12 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #13 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #14 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #15 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #16 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) [repeat ad nauseam] #52347 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #52348 0xb5ba5ce5 in khtml::KHTMLParser::insertNode (this=0x8440790, n=0x8498a58, flat=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:660 #52349 0xb5ba74d4 in khtml::KHTMLParser::parseToken (this=0x8440790, t=0x843661c) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmlparser.cpp:289 #52350 0xb5ba8015 in khtml::HTMLTokenizer::processToken (this=0x84365e8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1677 #52351 0xb5bacb7e in khtml::HTMLTokenizer::parseTag (this=0x84365e8, src=@0x8436ae8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1173 #52352 0xb5bad1bb in khtml::HTMLTokenizer::write (this=0x84365e8, str=@0xbfc81028, appendData=false) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1436 #52353 0xb5baa00d in khtml::HTMLTokenizer::notifyFinished (this=0x84365e8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1747 #52354 0xb5c7e40b in khtml::CachedScript::checkNotify (this=0x8438a90) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/misc/loader.cpp:369 #52355 0xb5c7e64f in khtml::CachedScript::data (this=0x8438a90, buffer=@0x8438afc, eof=true) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/misc/loader.cpp:361 #52356 0xb5c7f7fb in khtml::Loader::slotFinished (this=0x834d2f0, job=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/khtml/misc/loader.cpp:1133 #52357 0xb5c7fa6d in khtml::Loader::qt_invoke (this=0x834d2f0, _id=2, _o=0xbfc81244) at ./khtml/misc/loader.moc:260 #52358 0xb6be2313 in QObject::activate_signal (this=0x842c5b8, clist=0x84153a8, o=0xbfc81244) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2356 #52359 0xb79e28c8 in KIO::Job::result (this=0x842c5b8, t0=0x38) at ./kio/kio/jobclasses.moc:162 #52360 0xb79e296c in KIO::Job::emitResult (this=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/job.cpp:226 #52361 0xb79e5998 in KIO::SimpleJob::slotFinished (this=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/job.cpp:574 #52362 0xb79f262d in KIO::TransferJob::slotFinished (this=0x842c5b8) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/job.cpp:944 #52363 0xb79e627a in KIO::TransferJob::qt_invoke (this=0x842c5b8, _id=17, _o=0xbfc815dc) at ./kio/kio/jobclasses.moc:1071 #52364 0xb6be2313 in QObject::activate_signal (this=0x842d108, clist=0x842db70, o=0xbfc815dc) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2356 #52365 0xb6be311c in QObject::activate_signal (this=0x842d108, signal=6) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2325 #52366 0xb79cfd61 in KIO::SlaveInterface::finished (this=0x38) at ./kio/kio/slaveinterface.moc:226 #52367 0xb79d1c7f in KIO::SlaveInterface::dispatch (this=0x842d108, _cmd=104, rawdata=@0xbfc81820) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/slaveinterface.cpp:243 #52368 0xb79d151e in KIO::SlaveInterface::dispatch (this=0x842d108) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/slaveinterface.cpp:173 #52369 0xb79cd5ad in KIO::Slave::gotInput (this=0x842d108) at /home/tjmaciei/src/kde3/KDE/kdelibs/kio/kio/slave.cpp:300 #52370 0xb79cda88 in KIO::Slave::qt_invoke (this=0x842d108, _id=4, _o=0xbfc81978) at ./kio/kio/slave.moc:113 #52371 0xb6be2313 in QObject::activate_signal (this=0x842cb40, clist=0x842d320, o=0xbfc81978) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2356 #52372 0xb6be2ef0 in QObject::activate_signal (this=0x842cb40, signal=2, param=20) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qobject.cpp:2449 #52373 0xb6ffac68 in QSocketNotifier::activated (this=0x842cb40, t0=20) at /home/tjmaciei/src/kde3/qt-copy/src/.moc/debug-shared-mt/moc_qsocketnotifier.cpp:85 #52374 0xb6c080c3 in QSocketNotifier::event (this=0x842cb40, e=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qsocketnotifier.cpp:258 #52375 0xb6b6a02b in QApplication::internalNotify (this=0xbfc82044, receiver=0x842cb40, e=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qapplication.cpp:2635 #52376 0xb6b6a281 in QApplication::notify (this=0xbfc82044, receiver=0x842cb40, e=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qapplication.cpp:2358 #52377 0xb7378e29 in KApplication::notify (this=0xbfc82044, receiver=0x842cb40, event=0xbfc81c7c) at /home/tjmaciei/src/kde3/KDE/kdelibs/kdecore/kapplication.cpp:550 #52378 0xb7eee62e in QApplication::sendEvent (receiver=0x1, event=0xbfc81c7c) at /home/tjmaciei/src/kde3/qt-copy/include/qapplication.h:496 #52379 0xb6b591f0 in QEventLoop::activateSocketNotifiers (this=0x81148f0) at kernel/qeventloop_unix.cpp:578 #52380 0xb6b045e4 in QEventLoop::processEvents (this=0x81148f0, flags=4) at kernel/qeventloop_x11.cpp:383 #52381 0xb6b8626a in QEventLoop::enterLoop (this=0x81148f0) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qeventloop.cpp:198 #52382 0xb6b86193 in QEventLoop::exec (this=0x81148f0) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qeventloop.cpp:145 #52383 0xb6b6899d in QApplication::exec (this=0xbfc82044) at /home/tjmaciei/src/kde3/qt-copy/src/kernel/qapplication.cpp:2758 #52384 0xb7ed528a in kdemain (argc=56, argv=0x38) at /home/tjmaciei/src/kde3/KDE/kdebase/konqueror/konq_main.cc:206 #52385 0xb7d45728 in __libc_start_main () from /lib/i686/libc.so.6 #52386 0x08048421 in _start () at ../sysdeps/i386/elf/start.S:119
If it helps, this is the value of the node n: $2 = {<khtml::TreeShared<DOM::NodeImpl>> = {_ref = 0, m_parent = 0x0}, _vptr.NodeImpl = 0xb5dc6c68, document = 0x83b1f28, m_previous = 0x0, m_next = 0x0, m_render = 0x0, m_regdListeners = {listeners = 0x0}, m_tabIndex = 0, m_hasTabIndex = false, m_hasId = false, m_attached = false, m_closed = false, m_changed = false, m_hasChangedChild = false, m_changedAscendentAttribute = false, m_inDocument = false, m_hasAnchor = false, m_specified = false, m_hovered = false, m_focused = false, m_active = false, m_implicit = false, m_htmlCompat = true, m_hasClassList = false, m_hasClass = false}
More information: p/a *n $4 = {<khtml::TreeShared<DOM::NodeImpl>> = {_ref = 0x0, m_parent = 0x0}, _vptr.NodeImpl = 0xb5e90c68 <vtable for DOM::HTMLTableRowElementImpl+8>, [cut]
Bug #129909 is likely pretty similar. Also, thiago noted that the n is a TR
The page has probably changed since the bug was reported, but it works fine in Konqueror 3.5.9 and 4 (trunk, r798696) now. Konqueror 4 even notes there is a coding error in the page, but shows it anyway.
Confirmed that the page doesn't crash konqueror anymore (both 3.5.9 and trunk r800924). Probably because the site could be changed. Closed as INVALID.