Version: kde 3.5 branch r577316 (using KDE Devel) Installed from: Compiled sources Compiler: g++4.0.3 Kubuntu dapper x86_64 OS: Linux If you create a new document in javascript and later gets its characterSet, Khtml crashes. <script> var doc = document.implementation.createDocument("", "", null); doc.loadXML("<root>hello world</root>"); // the crash, happens because the new document does'nt have a view, // encoding is part of Khtml view doc.characterSet; </script> The same holds true for a xml document created by XMLHttpRequest and DOMParser.
==13126== Invalid read of size 4 ==13126== at 0x72A8DD0: KHTMLPart::encoding() const (khtml_part.cpp:2478) ==13126== by 0x743BB88: KJS::DOMDocument::getValueProperty(KJS::ExecState*, int) const (kjs_dom.cpp:935) ==13126== by 0x7449901: KJS::Value KJS::DOMObjectLookupGetValue<KJS::DOMDocument, KJS::DOMNode>(KJS::ExecState*, KJS::Identifier const&, KJS::HashTable const*, KJS::DOMDocument const*) (kjs_binding.h:220) ==13126== by 0x7442F72: KJS::DOMDocument::tryGet(KJS::ExecState*, KJS::Identifier const&) const (kjs_dom.cpp:919) ==13126== by 0x742D5CF: KJS::DOMObject::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_binding.cpp:50) ==13126== by 0x76283C3: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:143) ==13126== by 0x75E4223: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130) ==13126== by 0x75E7E30: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==13126== by 0x75E4E6D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3097) ==13126== by 0x75E2CF9: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==13126== by 0x760C778: KJS::InterpreterImp::evaluate(KJS::UString const&, KJS::Value const&) (internal.cpp:904) ==13126== by 0x7622103: KJS::Interpreter::evaluate(KJS::UString const&, KJS::Value const&) (interpreter.cpp:166) ==13126== Address 0x74 is not stack'd, malloc'd or (recently) free'd
Fixed now. Might still get into 3.5.5.