Version: 3.5.7 (using KDE KDE 3.5.7) Installed from: Debian testing/unstable Packages Compiler: gcc (GCC) 4.1.3 20070601 (prerelease) (Debian 4.1.2-12) OS: Linux I found a page that kills konqueror. http://artax.karlin.mff.cuni.cz/~hrusm3am/lab/index.php?n=Komp.Komp this one. I already straced konqueror and it seems that some datatype overflows and causes konqueror to crash. close(1019) = -1 EBADF (Bad file descriptor) close(1020) = -1 EBADF (Bad file descriptor) close(1021) = -1 EBADF (Bad file descriptor) close(1022) = -1 EBADF (Bad file descriptor) close(1023) = -1 EBADF (Bad file descriptor) write(2, "KCrash: Application \'konqueror\' "..., 44KCrash: Application 'konqueror' crashing... ) = 44 These are important lines from strace log. Probably when close(1024) occurs, it crashes. If the same page isnt embedded into IFrame, it doesnt happen - like here http://artax.karlin.mff.cuni.cz/~hrusm3am/lab/stat/auryn.htm . BR Marex
Same here, konqueror 3.5.7 on gentoo built with gcc 4.1.2
confirmed on KDE 3.5.5
also on fedora 7, version 3.5.7-0.1.fc7
Confirmed with Version: (using KDE KDE 3.5.7) Installed from: SuSE RPMs Compiler: gcc (GCC) 4.1.2 20061115 (prerelease) (SUSE Linux) Target: i586-suse-linux Configured with: ../configure --enable-threads=posix --prefix=/usr --with-local-prefix=/usr/local --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib --libexecdir=/usr/lib --enable-languages=c,c++,objc,fortran,obj-c++,java,ada --enable-checking=release --with-gxx-include-dir=/usr/include/c++/4.1.2 --enable-ssp --disable-libssp --disable-libgcj --with-slibdir=/lib --with-system-zlib --enable-shared --enable-__cxa_atexit --enable-libstdcxx-allocator=new --program-suffix=-4.1 --enable-version-specific-runtime-libs --without-system-libunwind --with-cpu=generic --host=i586-suse-linux Backtace: Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1230764336 (LWP 5811)] [KCrash handler] #9 0xb603c13c in khtml::RenderBox::containingBlockWidth () from /opt/kde3/lib/libkhtml.so.4 #10 0xb602dd9a in khtml::RenderBox::calcReplacedWidthUsing () from /opt/kde3/lib/libkhtml.so.4 #11 0xb602de1d in khtml::RenderBox::calcReplacedWidth () from /opt/kde3/lib/libkhtml.so.4 #12 0xb6033211 in khtml::RenderReplaced::calcMinMaxWidth () from /opt/kde3/lib/libkhtml.so.4 #13 0xb6028d3d in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #14 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #15 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #16 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #17 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #18 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #19 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #20 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #21 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #22 0xb6028cea in khtml::RenderObject::recalcMinMaxWidths () from /opt/kde3/lib/libkhtml.so.4 #23 0xb6089068 in khtml::RenderCanvas::layout () from /opt/kde3/lib/libkhtml.so.4 #24 0xb5fa51b1 in KHTMLView::layout () from /opt/kde3/lib/libkhtml.so.4 #25 0xb5fa5bad in KHTMLView::timerEvent () from /opt/kde3/lib/libkhtml.so.4 #26 0xb759d8d2 in QObject::event () from /usr/lib/qt3/lib/libqt-mt.so.3 #27 0xb75d650c in QWidget::event () from /usr/lib/qt3/lib/libqt-mt.so.3 #28 0xb753e9c7 in QApplication::internalNotify () from /usr/lib/qt3/lib/libqt-mt.so.3 #29 0xb753f7b9 in QApplication::notify () from /usr/lib/qt3/lib/libqt-mt.so.3 #30 0xb7bc4ca2 in KApplication::notify () from /opt/kde3/lib/libkdecore.so.4 #31 0xb7533bd3 in QEventLoop::activateTimers () from /usr/lib/qt3/lib/libqt-mt.so.3 #32 0xb74edc40 in QEventLoop::processEvents () from /usr/lib/qt3/lib/libqt-mt.so.3 #33 0xb75557f0 in QEventLoop::enterLoop () from /usr/lib/qt3/lib/libqt-mt.so.3 #34 0xb7555686 in QEventLoop::exec () from /usr/lib/qt3/lib/libqt-mt.so.3 #35 0xb753e57f in QApplication::exec () from /usr/lib/qt3/lib/libqt-mt.so.3 #36 0xb67b9b15 in kdemain () from /opt/kde3/lib/libkdeinit_konqueror.so #37 0xb7316524 in kdeinitmain () from /opt/kde3/lib/kde3/konqueror.so #38 0x0804e33f in launch () #39 0x0804ebca in handle_launcher_request () #40 0x0804ef4f in handle_requests () #41 0x0805014c in main ()
*** Bug 146214 has been marked as a duplicate of this bug. ***
Created attachment 21345 [details] test case attached
I can confirm this bug (test case from comment #6) with KDE4SVN (kdebase r765071). Below you can find a GDB backtrace and a Valgrind log. GDB: Starting program: /usr/kde/svn/bin/konqueror [Thread debugging using libthread_db enabled] [New Thread 0xb63e3a10 (LWP 26505)] [New Thread 0xb2e77b90 (LWP 26540)] [New Thread 0xb2676b90 (LWP 26541)] [New Thread 0xb1e75b90 (LWP 26542)] [Thread 0xb1e75b90 (LWP 26542) exited] [Thread 0xb2e77b90 (LWP 26540) exited] [Thread 0xb2676b90 (LWP 26541) exited] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb63e3a10 (LWP 26505)] khtml::RenderBox::containingBlockWidth (this=0x890ac4c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_box.cpp:796 796 /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_box.cpp: No such file or directory. in /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_box.cpp #0 khtml::RenderBox::containingBlockWidth (this=0x890ac4c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_box.cpp:796 #1 0xb497d99b in khtml::RenderBox::calcReplacedWidthUsing (this=0x890ac4c, widthType=khtml::Width) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_box.cpp:1276 #2 0xb497da0b in khtml::RenderBox::calcReplacedWidth (this=0x890ac4c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_box.cpp:1248 #3 0xb49ad6ae in khtml::RenderReplaced::calcMinMaxWidth (this=0x890ac4c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_replaced.cpp:81 #4 0xb4971398 in khtml::RenderObject::recalcMinMaxWidths (this=0x890ac4c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1993 #5 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x890ab50) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #6 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x890abc0) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #7 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x83cd76c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #8 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x82d200c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #9 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x82d1f88) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #10 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x82d1a74) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #11 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x82d1364) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #12 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x82d127c) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #13 0xb49712d1 in khtml::RenderObject::recalcMinMaxWidths (this=0x82d1148) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_object.cpp:1979 #14 0xb49c2cfa in khtml::RenderCanvas::layout (this=0x82d1148) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/rendering/render_canvas.cpp:177 #15 0xb485716b in KHTMLView::layout (this=0x843c7c0) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtmlview.cpp:954 #16 0xb485752a in KHTMLView::timerEvent (this=0x843c7c0, e=0xbfed8578) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtmlview.cpp:3844 #17 0xb72f5269 in QObject::event (this=0x843c7c0, e=0xb73973dc) at kernel/qobject.cpp:1086 #18 0xb69d6fe2 in QWidget::event (this=0x843c7c0, event=0xbfed8578) at kernel/qwidget.cpp:6510 #19 0xb6d1a073 in QFrame::event (this=0x843c7c0, e=0xbfed8578) at widgets/qframe.cpp:655 #20 0xb6db3a9f in QAbstractScrollArea::event (this=0x843c7c0, e=0xbfed8578) at widgets/qabstractscrollarea.cpp:880 #21 0xb6db7cef in QScrollArea::event (this=0x843c7c0, e=0xbfed8578) at widgets/qscrollarea.cpp:285 #22 0xb4855685 in KHTMLView::event (this=0x843c7c0, e=0xbfed8578) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtmlview.cpp:489 #23 0xb6984e8a in QApplicationPrivate::notify_helper (this=0x80587d0, receiver=0x843c7c0, e=0xbfed8578) at kernel/qapplication.cpp:3556 #24 0xb69866df in QApplication::notify (this=0xbfed8968, receiver=0x843c7c0, e=0xbfed8578) at kernel/qapplication.cpp:3115 #25 0xb78c2083 in KApplication::notify (this=0xbfed8968, receiver=0x843c7c0, event=0xbfed8578) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/kernel/kapplication.cpp:314 #26 0xb72e3d7b in QCoreApplication::notifyInternal (this=0xbfed8968, receiver=0x843c7c0, event=0xbfed8578) at kernel/qcoreapplication.cpp:530 #27 0xb730cefb in QTimerInfoList::activateTimers (this=0x8058f4c) at kernel/qcoreapplication.h:200 #28 0xb730cfd1 in QEventDispatcherUNIX::activateTimers (this=0x8057f50) at kernel/qeventdispatcher_unix.cpp:828 #29 0xb730d9ab in QEventDispatcherUNIX::processEvents (this=0x8057f50, flags=@0xbfed86f8) at kernel/qeventdispatcher_unix.cpp:890 #30 0xb6a0ecce in QEventDispatcherX11::processEvents (this=0x8057f50, flags=@0xbfed8724) at kernel/qeventdispatcher_x11.cpp:145 #31 0xb72e3191 in QEventLoop::processEvents (this=0xbfed8790, flags=@0xbfed8758) at kernel/qeventloop.cpp:140 #32 0xb72e329a in QEventLoop::exec (this=0xbfed8790, flags=@0xbfed8798) at kernel/qeventloop.cpp:186 #33 0xb72e5626 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:759 #34 0xb6984487 in QApplication::exec () at kernel/qapplication.cpp:3053 #35 0xb7f563bf in kdemain (argc=1, argv=0xbfed8c64) at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase-9999.4/apps/konqueror/src/konqmain.cpp:218 #36 0x080487e2 in main (argc=446, argv=0x0) at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase_build/apps/konqueror/src/konqueror_dummy.cpp:3 #37 0xb65f1fdc in __libc_start_main (main=0x80487c0 <main>, argc=1, ubp_av=0xbfed8c64, init=0x8048810 <__libc_csu_init>, fini=0x8048800 <__libc_csu_fini>, rtld_fini=0xb7f79100 <_dl_fini>, stack_end=0xbfed8c5c) at libc-start.c:229 #38 0x08048731 in _start () Valgrind: ==26597== Memcheck, a memory error detector. ==26597== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al. ==26597== Using LibVEX rev 1732, a library for dynamic binary translation. ==26597== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP. ==26597== Using valgrind-3.2.3, a dynamic binary instrumentation framework. ==26597== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al. ==26597== For more details, rerun with: -v ==26597== ==26597== My PID = 26597, parent PID = 26322. Prog and args are: ==26597== konqueror ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400A9B5: _dl_relocate_object (do-rel.h:65) ==26597== by 0x400454C: dl_main (rtld.c:2214) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400A9BD: _dl_relocate_object (do-rel.h:68) ==26597== by 0x400454C: dl_main (rtld.c:2214) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400B053: _dl_relocate_object (do-rel.h:104) ==26597== by 0x400454C: dl_main (rtld.c:2214) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400AAF3: _dl_relocate_object (do-rel.h:117) ==26597== by 0x400454C: dl_main (rtld.c:2214) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400A9B5: _dl_relocate_object (do-rel.h:65) ==26597== by 0x4004169: dl_main (rtld.c:2284) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400A9BD: _dl_relocate_object (do-rel.h:68) ==26597== by 0x4004169: dl_main (rtld.c:2284) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x400AAF3: _dl_relocate_object (do-rel.h:117) ==26597== by 0x4004169: dl_main (rtld.c:2284) ==26597== by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239) ==26597== by 0x400124E: _dl_start (rtld.c:327) ==26597== by 0x40008A6: (within /lib/ld-2.6.1.so) ==26597== ==26597== Source and destination overlap in mempcpy(0x7A1C2C0, 0x7A1C2C0, 21) ==26597== at 0x4021E3A: (within /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==26597== by 0x4022781: mempcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==26597== by 0x58E51D2: _IO_default_xsputn (genops.c:463) ==26597== by 0x58C021E: vfprintf (vfprintf.c:1568) ==26597== by 0x58D9CBA: vsprintf (iovsprintf.c:43) ==26597== by 0x58C5ADD: sprintf (sprintf.c:34) ==26597== by 0x4970942: parse_fontdata (omGeneric.c:618) ==26597== by 0x4970AE2: parse_vw (omGeneric.c:1095) ==26597== by 0x4971301: create_oc (omGeneric.c:1233) ==26597== by 0x4930C0A: XCreateOC (OCWrap.c:53) ==26597== by 0x49270A9: XCreateFontSet (FSWrap.c:185) ==26597== by 0x551969D: getFontSet(QFont const&) (qximinputcontext_x11.cpp:319) ==26597== ==26597== Syscall param write(buf) points to uninitialised byte(s) ==26597== at 0x4DBAFAB: (within /lib/libpthread-2.6.1.so) ==26597== by 0x4946767: _X11TransWrite (Xtrans.c:900) ==26597== by 0x4940066: _XFlushInt (XlibInt.c:675) ==26597== by 0x4926DE4: XFreeGC (FreeGC.c:45) ==26597== by 0x5125D18: QX11PaintEngine::end() (qpaintengine_x11.cpp:529) ==26597== by 0x5093A79: QPainter::end() (qpainter.cpp:1440) ==26597== by 0x50959A9: QPainter::~QPainter() (qpainter.cpp:1080) ==26597== by 0x513A6E3: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int) (qbackingstore.cpp:1191) ==26597== by 0x513AF4A: QWidgetBackingStore::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int) (qbackingstore.cpp:1113) ==26597== by 0x513A3D6: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int) (qbackingstore.cpp:1246) ==26597== by 0x513AF4A: QWidgetBackingStore::paintSiblingsRecursive(QPaintDevice*, QList<QObject*> const&, int, QRegion const&, QPoint const&, int) (qbackingstore.cpp:1113) ==26597== by 0x513A3D6: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int) (qbackingstore.cpp:1246) ==26597== Address 0x5D9DEB6 is 1,702 bytes inside a block of size 16,384 alloc'd ==26597== at 0x40207D3: calloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==26597== by 0x4931578: XOpenDisplay (OpenDis.c:289) ==26597== by 0x5010318: qt_init(QApplicationPrivate*, int, _XDisplay*, unsigned long, unsigned long) (qapplication_x11.cpp:1530) ==26597== by 0x4FB16B8: QApplicationPrivate::construct(_XDisplay*, unsigned long, unsigned long) (qapplication.cpp:709) ==26597== by 0x4FB2253: QApplication::QApplication(int&, char**, bool, int) (qapplication.cpp:667) ==26597== by 0x47136BE: KApplication::KApplication(bool) (kapplication.cpp:349) ==26597== by 0x404966C: KonquerorApplication::KonquerorApplication() (konqapplication.cpp:29) ==26597== by 0x40CDCEC: kdemain (konqmain.cpp:67) ==26597== by 0x80487E1: main (konqueror_dummy.cpp:3) ==26597== ==26597== Syscall param write(buf) points to uninitialised byte(s) ==26597== at 0x4DBAFAB: (within /lib/libpthread-2.6.1.so) ==26597== by 0x4946767: _X11TransWrite (Xtrans.c:900) ==26597== by 0x4940066: _XFlushInt (XlibInt.c:675) ==26597== by 0x4940B64: _XEventsQueued (XlibInt.c:743) ==26597== by 0x4932ADB: XEventsQueued (Pending.c:44) ==26597== by 0x5032D3B: QEventDispatcherX11::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_x11.cpp:72) ==26597== by 0x4CFA190: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:140) ==26597== by 0x4CFA299: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:186) ==26597== by 0x4CFC625: QCoreApplication::exec() (qcoreapplication.cpp:759) ==26597== by 0x4FA8486: QApplication::exec() (qapplication.cpp:3053) ==26597== by 0x40CE3BE: kdemain (konqmain.cpp:218) ==26597== by 0x80487E1: main (konqueror_dummy.cpp:3) ==26597== Address 0x5D9E191 is 2,433 bytes inside a block of size 16,384 alloc'd ==26597== at 0x40207D3: calloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==26597== by 0x4931578: XOpenDisplay (OpenDis.c:289) ==26597== by 0x5010318: qt_init(QApplicationPrivate*, int, _XDisplay*, unsigned long, unsigned long) (qapplication_x11.cpp:1530) ==26597== by 0x4FB16B8: QApplicationPrivate::construct(_XDisplay*, unsigned long, unsigned long) (qapplication.cpp:709) ==26597== by 0x4FB2253: QApplication::QApplication(int&, char**, bool, int) (qapplication.cpp:667) ==26597== by 0x47136BE: KApplication::KApplication(bool) (kapplication.cpp:349) ==26597== by 0x404966C: KonquerorApplication::KonquerorApplication() (konqapplication.cpp:29) ==26597== by 0x40CDCEC: kdemain (konqmain.cpp:67) ==26597== by 0x80487E1: main (konqueror_dummy.cpp:3) ==26597== ==26597== Syscall param write(buf) points to uninitialised byte(s) ==26597== at 0x4DBAFAB: (within /lib/libpthread-2.6.1.so) ==26597== by 0x4946767: _X11TransWrite (Xtrans.c:900) ==26597== by 0x4940066: _XFlushInt (XlibInt.c:675) ==26597== by 0x494015E: _XReply (XlibInt.c:1708) ==26597== by 0x493C74D: XTranslateCoordinates (TrCoords.c:53) ==26597== by 0x5025F20: QWidget::mapFromGlobal(QPoint const&) const (qwidget_x11.cpp:1025) ==26597== by 0x4FAB348: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3275) ==26597== by 0x4714082: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:314) ==26597== by 0x4CFAD7A: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:530) ==26597== by 0x500E627: QETWidget::translateMouseEvent(_XEvent const*) (qcoreapplication.h:203) ==26597== by 0x500CE8D: QApplication::x11ProcessEvent(_XEvent*) (qapplication_x11.cpp:2913) ==26597== by 0x5032C44: QEventDispatcherX11::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_x11.cpp:125) ==26597== Address 0x5D9E191 is 2,433 bytes inside a block of size 16,384 alloc'd ==26597== at 0x40207D3: calloc (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==26597== by 0x4931578: XOpenDisplay (OpenDis.c:289) ==26597== by 0x5010318: qt_init(QApplicationPrivate*, int, _XDisplay*, unsigned long, unsigned long) (qapplication_x11.cpp:1530) ==26597== by 0x4FB16B8: QApplicationPrivate::construct(_XDisplay*, unsigned long, unsigned long) (qapplication.cpp:709) ==26597== by 0x4FB2253: QApplication::QApplication(int&, char**, bool, int) (qapplication.cpp:667) ==26597== by 0x47136BE: KApplication::KApplication(bool) (kapplication.cpp:349) ==26597== by 0x404966C: KonquerorApplication::KonquerorApplication() (konqapplication.cpp:29) ==26597== by 0x40CDCEC: kdemain (konqmain.cpp:67) ==26597== by 0x80487E1: main (konqueror_dummy.cpp:3) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x4B6827D: (within /lib/libz.so.1.2.3) ==26597== ==26597== Conditional jump or move depends on uninitialised value(s) ==26597== at 0x4B68212: (within /lib/libz.so.1.2.3) ==26597== ==26597== Invalid read of size 4 ==26597== at 0x9170EAB: khtml::RenderBox::containingBlockWidth() const (render_box.cpp:796) ==26597== by 0x916B99A: khtml::RenderBox::calcReplacedWidthUsing(khtml::WidthType) const (render_box.cpp:1276) ==26597== by 0x916BA0A: khtml::RenderBox::calcReplacedWidth() const (render_box.cpp:1248) ==26597== by 0x919B6AD: khtml::RenderReplaced::calcMinMaxWidth() (render_replaced.cpp:81) ==26597== by 0x915F397: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1993) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== by 0x915F2D0: khtml::RenderObject::recalcMinMaxWidths() (render_object.cpp:1979) ==26597== Address 0x0 is not stack'd, malloc'd or (recently) free'd ==26597== ==26597== ERROR SUMMARY: 47 errors from 14 contexts (suppressed: 11 from 3) ==26597== malloc/free: in use at exit: 15,263,971 bytes in 157,681 blocks. ==26597== malloc/free: 980,649 allocs, 822,968 frees, 149,291,064 bytes allocated. ==26597== For counts of detected errors, rerun with: -v ==26597== searching for pointers to 157,681 not-freed blocks. ==26597== checked 52,226,700 bytes. ==26597== ==26597== LEAK SUMMARY: ==26597== definitely lost: 47,342 bytes in 1,715 blocks. ==26597== possibly lost: 82,320 bytes in 3,067 blocks. ==26597== still reachable: 15,134,309 bytes in 152,899 blocks. ==26597== suppressed: 0 bytes in 0 blocks. ==26597== Rerun with --leak-check=full to see details of leaked memory.
http://artax.karlin.mff.cuni.cz/~hrusm3am/lab/index.php?n=Komp.Komp confirmed to crash konqueror 3.5.8.dfsg.1-2 (debian sid, kde 3.5.8) gcc version 4.2.3 20080114 (prerelease) (Debian 4.2.2-7)
Still in KDE 4.0.3.
*** Bug 173443 has been marked as a duplicate of this bug. ***
It doesn't crash on current trunk. Someone can confirm it?
Cannot reproduce using current trunk. Closing as WORKSFORME