Version: (using KDE 3.5.9) Installed from: Gentoo Packages Compiler: GCC 4.1.2 (Gentoo) OS: Linux (1) goto http://news.yahoo.com/ ; (2) select a story list, eg 'US' ; (3) select a story, eg 'Explosion destroys church', one of those in the US list 080403 with URL : http://news.yahoo.com/s/ap/20080403/ap_on_re_us/church_explosion;_ylt=A0WTUfm2V_RHKjIA_xdvzwcF ; (4) click the picture accompanying the story (if there is none, try another story: most have pictures) ; (5) a new page will load showing a larger version of the picture with a thumbnail slideshow of other pictures (if there is no thumbnail show for that story, try another story: most have a slideshow) : the URL for the picture-page for the story above is http://news.yahoo.com/nphotos/First-Baptist-Church/photo//080402/480/e84c36a358054f229c223c7193b17071//s:/ap/20080403/ap_on_re_us/church_explosion;_ylt=A0WTUfz0V_RH1tAALBJH2ocA (6) click on one of the thumbnails towards the top right of the page ; (7) Konqueror crashes ! -- tested several times with different stories, no problem with Firefox 2.0.0.13 .
I can reproduce the crash on KDE 3.5.8. However, I cannot reproduce the crash on a KDE4 SVN build unless I activate the JS Debugger. The backtrace for konqueror-3.5.8 is: Starting program: /usr/kde/3.5/bin/konqueror http://news.yahoo.com/nphotos/First-Baptist-Church/photo//080402/480/e84c36a358054f229c223c7193b17071//s:/ap/20080403/ap_on_re_us/church_explosion;_ylt=A0WTUfz0V_RH1tAALBJH2ocA [Thread debugging using libthread_db enabled] [New Thread 0xb647baf0 (LWP 6417)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0xb647baf0 (LWP 6417)] 0x00000000 in ?? () #0 0x00000000 in ?? () #1 0xb5fe6d00 in khtml::RenderBlock::addChildToFlow (this=0x874878c, newChild=0x86dade8, beforeChild=0x8706e3c) at render_block.cpp:372 #2 0xb6009100 in khtml::RenderFlow::addChildWithContinuation (this=0x86bf7e4, newChild=0x86dade8, beforeChild=0x8706e3c) at render_flow.cpp:114 #3 0xb600918f in khtml::RenderFlow::addChild (this=0x86bf7e4, newChild=0x86dade8, beforeChild=0x86bf914) at render_flow.cpp:127 #4 0xb5f82cbf in DOM::NodeImpl::createRendererIfNeeded (this=0x86d9650) at dom_nodeimpl.cpp:938 #5 0xb5f89161 in DOM::ElementImpl::attach (this=0x86d9650) at dom_elementimpl.cpp:536 #6 0xb5f88e6a in DOM::ElementImpl::recalcStyle (this=0x86d9650, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:626 #7 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x86d9650, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #8 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x86d9390, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #9 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x86d9390, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #10 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x86d71e0, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #11 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x86d71e0, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #12 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x86ce6b0, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #13 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x86ce6b0, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #14 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x8545218, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #15 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x8545218, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #16 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x85029f8, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #17 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x85029f8, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #18 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x850a088, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #19 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x850a088, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #20 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x8535548, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #21 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x8535548, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #22 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x858aa70, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #23 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x858aa70, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #24 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x84dcf30, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #25 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x84dcf30, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #26 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x84dc868, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #27 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x84dc868, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #28 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x84d72b8, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #29 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x84d72b8, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #30 0xb5f88d15 in DOM::ElementImpl::recalcStyle (this=0x839db58, change=DOM::NodeImpl::NoChange) at dom_elementimpl.cpp:654 #31 0xb5fb1c09 in DOM::HTMLElementImpl::recalcStyle (this=0x839db58, ch=DOM::NodeImpl::NoChange) at html_elementimpl.cpp:274 #32 0xb5f73532 in DOM::DocumentImpl::recalcStyle (this=0x83966d0, change=DOM::NodeImpl::NoChange) at dom_docimpl.cpp:1164 #33 0xb5f6e534 in DOM::DocumentImpl::updateRendering (this=0x83966d0) at dom_docimpl.cpp:1193 #34 0xb614770f in DOM::Document::updateRendering (this=0xbfe93720) at dom_doc.cpp:533 #35 0xb60e3ba6 in KJS::ScheduledAction::execute (this=0x86c7660, window=0x841f420) at kjs_window.cpp:2140 #36 0xb60e3db0 in KJS::WindowQObject::timerEvent (this=0x841f5d8) at kjs_window.cpp:2280 #37 0xb6cae440 in QObject::event () from /usr/qt/3/lib/libqt-mt.so.3 #38 0xb6c3a90f in QApplication::internalNotify () from /usr/qt/3/lib/libqt-mt.so.3 #39 0xb6c3c887 in QApplication::notify () from /usr/qt/3/lib/libqt-mt.so.3 #40 0xb74e0ae4 in KApplication::notify (this=0xbfe93e84, receiver=0x841f5d8, event=0xbfe93b28) at kapplication.cpp:550 #41 0xb7f1b234 in QApplication::sendEvent (receiver=0x841f5d8, event=0x7) at /usr/qt/3/include/qapplication.h:496 #42 0xb6c2b674 in QEventLoop::activateTimers () from /usr/qt/3/lib/libqt-mt.so.3 #43 0xb6bdad47 in QEventLoop::processEvents () from /usr/qt/3/lib/libqt-mt.so.3 #44 0xb6c5872d in QEventLoop::enterLoop () from /usr/qt/3/lib/libqt-mt.so.3 #45 0xb6c5854e in QEventLoop::exec () from /usr/qt/3/lib/libqt-mt.so.3 #46 0xb6c3c5d3 in QApplication::exec () from /usr/qt/3/lib/libqt-mt.so.3 #47 0xb7f0ab69 in kdemain (argc=2, argv=0xbfe94344) at konq_main.cc:206 #48 0x0804871f in main (argc=Cannot access memory at address 0x7 ) at konqueror.la.cc:2 #49 0xb6493fdc in __libc_start_main (main=0x8048704 <main>, argc=2, ubp_av=0xbfe94344, init=0x8048740 <__libc_csu_init>, fini=0x8048730 <__libc_csu_fini>, rtld_fini=0xb7f97100 <_dl_fini>, stack_end=0xbfe9433c) at libc-start.c:229 #50 0x08048681 in _start ()
SVN commit 793952 by orlovich: Backport Allan's r786289: "Protect anonymous blocks from being deleted while they are actively insterting a new child" BUG:160249 BUG:160292 BUG:160388 M +13 -6 render_container.cpp M +2 -1 render_object.cpp M +6 -1 render_object.h WebSVN link: http://websvn.kde.org/?view=rev&revision=793952
*** Bug 160452 has been marked as a duplicate of this bug. ***
*** Bug 160504 has been marked as a duplicate of this bug. ***
I have updated to Kdelibs-3.5.9-r2, Kjsembed-3.5.9, Kwin-3.5.9-r1 & Kdesktop-3.5.9-r1 & re-emerged Konqueror-3.5.9 (the latest versions in Gentoo testing) & have found another Yahoo news photo display which causes Konqueror to crash. Goto URL http://news.yahoo.com/nphotos/Pakistan-Karachi-international-cricket-match-Hadiqa-Kiyani-Pakistan/ss/events/wl/081401pakistan/s:/ap/20080419/ap_on_re_as/pakistan/im:/080420/ids_photos_en/r3619277809.jpg/ and try to bring up photo number 2 (the girl in profile) by clicking on the '>' symbol or on the 2nd thumbnail: Konqueror crashes (tested several times). After restarting Konqueror & bringing up the history list, the wanted photo can be displayed from the list without a crash (a strange result). The visible effect this time is different from the original bug I reported: then the photo partly displayed before Konqueror crashed, but now the crash is immediate.
Following my previous report, Konqueror is also crashing on 2 Australian newspaper sites, http://www.theage.com.au/ and http://www.smh.com.au/ (Melbourne Age & Sydney Morning Herald). The crash seems to occur while it is loading one of the many images required, as reported on the status bar. I have retested these crashes, like the previous one.
Please do not reopen. It's fixed, just well after 3.5.9 was released.
*** Bug 161948 has been marked as a duplicate of this bug. ***
*** Bug 161953 has been marked as a duplicate of this bug. ***
Yes, thanks to all the fixers (smile): I updated to kdelibs-3.5.9-r4 on Gentoo, recompiled Konqueror & the crash no longer occurs in Yahoo news photo lists. That was yesterday (the Gentoo update was >= 080504), so your response is timely.