Version: (using KDE KDE 3.5.8) Installed from: Gentoo Packages Compiler: gcc (GCC) 4.2.2 (Gentoo 4.2.2 p1.0) CFLAGS="-O2 -pipe -march=nocona -fomit-frame-pointer" OS: Linux My pretty much vanilla Konqueror 3.5.8 (no Plugins like Flash or Java oaded) crashes after a short period of time after viewing www.umtslink.at - it also happened for 3.5.7, several users on #kde @ freenode reported the same behaviour. Steps to reproduce: 1.) browse to www.umtslink.at 2.) see Konqui crash (SIGSEGV) 3.) Profit! Expected Behaviour: Konqui should not crash, but rather let me browse the site.
Kubuntu 3.5.8 packages: ==32595== Invalid read of size 4 ==32595== at 0x7640366: DOM::DocumentImpl::setStyleSheet(DOM::DOMString const&, DOM::DOMString const&, DOM::DOMString const&) (dom_docimpl.cpp:2477) ==32595== by 0x7739A7F: khtml::CachedCSSStyleSheet::ref(khtml::CachedObjectClient*) (loader.cpp:246) ==32595== by 0x7640508: DOM::DocumentImpl::load(DOM::DOMString const&) (dom_docimpl.cpp:2446) ==32595== by 0x780074D: DOM::Document::load(DOM::DOMString const&) (dom_doc.cpp:490) ==32595== by 0x77AA6C5: KJS::DOMDocumentProtoFunc::tryCall(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_dom.cpp:1098) ==32595== by 0x77824F3: KJS::DOMFunction::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_binding.cpp:136) ==32595== by 0x790F6A8: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==32595== by 0x791FC20: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==32595== by 0x791CD2D: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==32595== by 0x7919197: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3108) ==32595== by 0x790CC68: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==32595== by 0x790CAC5: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:613) ==32595== by 0x790E9F3: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:373) ==32595== by 0x790F6A8: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==32595== by 0x779BA3B: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:96) ==32595== by 0x779BC77: KJS::JSLazyEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:152) ==32595== by 0x7633989: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:602) ==32595== by 0x7637E1F: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:379) ==32595== by 0x763FF1F: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:437) ==32595== by 0x7671534: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:276) ==32595== by 0x763A34E: DOM::DocumentImpl::loadXML(DOM::DOMString const&) (dom_docimpl.cpp:2459) ==32595== by 0x76403E2: DOM::DocumentImpl::setStyleSheet(DOM::DOMString const&, DOM::DOMString const&, DOM::DOMString const&) (dom_docimpl.cpp:2467) ==32595== by 0x7739A7F: khtml::CachedCSSStyleSheet::ref(khtml::CachedObjectClient*) (loader.cpp:246) ==32595== by 0x7640508: DOM::DocumentImpl::load(DOM::DOMString const&) (dom_docimpl.cpp:2446) ==32595== by 0x780074D: DOM::Document::load(DOM::DOMString const&) (dom_doc.cpp:490) ==32595== by 0x77AA6C5: KJS::DOMDocumentProtoFunc::tryCall(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_dom.cpp:1098) ==32595== by 0x77824F3: KJS::DOMFunction::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_binding.cpp:136) ==32595== by 0x790F6A8: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==32595== by 0x791FC20: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:870) ==32595== by 0x791CD2D: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:1980) ==32595== by 0x7919197: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:3108) ==32595== by 0x790CC68: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:1942) ==32595== by 0x790CAC5: KJS::DeclaredFunctionImp::execute(KJS::ExecState*) (function.cpp:613) ==32595== by 0x790E9F3: KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (function.cpp:373) ==32595== by 0x790F6A8: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) ==32595== by 0x779BA3B: KJS::JSEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:96) ==32595== by 0x779BC77: KJS::JSLazyEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:152) ==32595== by 0x7633989: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:602) ==32595== by 0x7637E1F: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:379) ==32595== by 0x763FF1F: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:437) ==32595== by 0x7671534: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:276) ==32595== by 0x763A34E: DOM::DocumentImpl::loadXML(DOM::DOMString const&) (dom_docimpl.cpp:2459) ==32595== Address 0x0 is not stack'd, malloc'd or (recently) free'd KCrash: Application 'konqueror' crashing...
Maybe I was browsing the wrong parts of the page, but no crashes occured for me in 3.5.9 and trunk (r798735).
I clicked around in 3.5.9 I cannot reproduce this anymore. Closing.