Version: (using KDE 4.2.0) Compiler: gcc, Debian package from testing 4.3.2-2 OS: Linux Installed from: Debian testing/unstable Packages When browsing to this website, Konqueror crashes. How to reproduce: Type this command in konsole: $ konqueror http://www.krueger-de.org/infos/perl/dyndns/default.asp It is abviously expected that the page is loaded without any crash. KCrash comes up, but does not show a backtrace, because I currently do not have debug-packages installed. I will do that as soon as I have time and attach a backtrace to the bug report. Regards, Sten
Thanks for the bug report. I could reproduce the crash in trunk rev. 921917. Application: Konqueror (konqueror), signal SIGSEGV [Current thread is 0 (LWP 6964)] [leaving out threads 2, 3, 4] Thread 1 (Thread 0xb5e5e6c0 (LWP 6964)): [KCrash Handler] #6 0xb403238a in KJS::HTMLDocument::putValueProperty (this=0xb15a28c0, exec=0xbfac98bc, token=3, value=0xb13eaaa0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_html.cpp:447 #7 0xb4045fe3 in KJS::lookupPut<KJS::HTMLDocument> (exec=0xbfac98bc, propertyName=@0x966f64c, value=0xb13eaaa0, attr=0, table=0xb43c9790, thisObj=0xb15a28c0) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/lookup.h:249 #8 0xb4046031 in KJS::lookupPut<KJS::HTMLDocument, KJS::DOMDocument> (exec=0xbfac98bc, propertyName=@0x966f64c, value=0xb13eaaa0, attr=0, table=0xb43c9790, thisObj=0xb15a28c0) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/lookup.h:265 #9 0xb4032c9d in KJS::HTMLDocument::put (this=0xb15a28c0, exec=0xbfac98bc, propertyName=@0x966f64c, value=0xb13eaaa0, attr=0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_html.cpp:435 #10 0xb3bf683c in KJS::Machine::runBlock (exec=0xbfac98bc, codeBlock=@0x966d270, parentExec=0xbfacae1c) at codes.def:660 #11 0xb3bd68d7 in KJS::FunctionImp::callAsFunction (this=0xb15a3aa0, exec=0xbfacae1c, thisObj=0xb15b0000, args=@0xbfacad68) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/function.cpp:144 #12 0xb3bdad86 in KJS::JSObject::call (this=0xb15a3aa0, exec=0xbfacae1c, thisObj=0xb15b0000, args=@0xbfacad68) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/object.cpp:99 #13 0xb3bfecea in KJS::Machine::runBlock (exec=0xbfacae1c, codeBlock=@0x96e4c00, parentExec=0x90ab6f8) at codes.def:1192 #14 0xb3bd68d7 in KJS::FunctionImp::callAsFunction (this=0xb15a1740, exec=0x90ab6f8, thisObj=0xb15b0000, args=@0xbfacaf78) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/function.cpp:144 #15 0xb3bdad86 in KJS::JSObject::call (this=0xb15a1740, exec=0x90ab6f8, thisObj=0xb15b0000, args=@0xbfacaf78) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/object.cpp:99 #16 0xb407ce7f in KJS::JSEventListener::handleEvent (this=0x98826d0, evt=@0xbfacafc0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_events.cpp:106 #17 0xb3dda572 in DOM::DocumentImpl::defaultEventHandler (this=0x93b1950, evt=0x936af08) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:2732 #18 0xb3dfd250 in DOM::NodeImpl::dispatchWindowEvent (this=0x93b195c, _id=16, canBubbleArg=false, cancelableArg=false) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_nodeimpl.cpp:566 #19 0xb3e63132 in DOM::HTMLDocumentImpl::close (this=0x93b1950) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/html/html_documentimpl.cpp:249 #20 0xb3d71e06 in KHTMLPart::checkEmitLoadEvent (this=0x9247618) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:2464 #21 0xb3d7215e in KHTMLPart::checkCompleted (this=0x9247618) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:2385 #22 0xb3d7277b in KHTMLPart::slotChildCompleted (this=0x9247618, pendingAction=false) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:4893 #23 0xb3d727a9 in KHTMLPart::slotChildCompleted (this=0x9247618) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:4876 #24 0xb3d83760 in KHTMLPart::qt_metacall (this=0x9247618, _c=QMetaObject::InvokeMetaMethod, _id=62, _a=0xbfacb2f8) at /home/kde-devel/kde/build/KDE/kdelibs/khtml/khtml_part.moc:307 #25 0xb73f0788 in QMetaObject::activate (sender=0x9852378, from_signal_index=8, to_signal_index=8, argv=0x0) at kernel/qobject.cpp:3031 #26 0xb73f0d3b in QMetaObject::activate (sender=0x9852378, m=0xb7f47830, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3101 #27 0xb7f24265 in KParts::ReadOnlyPart::completed (this=0x9852378) at /home/kde-devel/kde/build/KDE/kdelibs/kparts/part.moc:203 #28 0xb3d36380 in KHTMLView::complete (this=0x9c32770, pendingAction=false) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:4376 #29 0xb3d72223 in KHTMLPart::checkCompleted (this=0x9852378) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:2412 #30 0xb3d75ab1 in KHTMLPart::slotLoaderRequestDone (this=0x9852378, dl=0x92d6640, obj=0x9910008) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:2239 #31 0xb3d83850 in KHTMLPart::qt_metacall (this=0x9852378, _c=QMetaObject::InvokeMetaMethod, _id=69, _a=0xbfacb598) at /home/kde-devel/kde/build/KDE/kdelibs/khtml/khtml_part.moc:314 #32 0xb73f0788 in QMetaObject::activate (sender=0x928a4f8, from_signal_index=5, to_signal_index=5, argv=0xbfacb598) at kernel/qobject.cpp:3031 #33 0xb73f0d3b in QMetaObject::activate (sender=0x928a4f8, m=0xb43e6a5c, local_signal_index=1, argv=0xbfacb598) at kernel/qobject.cpp:3101 #34 0xb3fb5129 in khtml::Loader::requestDone (this=0x928a4f8, _t1=0x92d6640, _t2=0x9910008) at /home/kde-devel/kde/build/KDE/kdelibs/khtml/loader.moc:150 #35 0xb3fb9961 in khtml::Loader::slotFinished (this=0x928a4f8, job=0x97a21a8) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:1403 #36 0xb3fb9cf7 in khtml::Loader::qt_metacall (this=0x928a4f8, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfacb73c) at /home/kde-devel/kde/build/KDE/kdelibs/khtml/loader.moc:129 #37 0xb73f0788 in QMetaObject::activate (sender=0x97a21a8, from_signal_index=7, to_signal_index=7, argv=0xbfacb73c) at kernel/qobject.cpp:3031 #38 0xb73f0d3b in QMetaObject::activate (sender=0x97a21a8, m=0xb776dee8, local_signal_index=3, argv=0xbfacb73c) at kernel/qobject.cpp:3101 #39 0xb763c588 in KJob::result (this=0x97a21a8, _t1=0x97a21a8) at /home/kde-devel/kde/build/KDE/kdelibs/kdecore/kjob.moc:186 #40 0xb763cadb in KJob::emitResult (this=0x97a21a8) at /home/kde-devel/kde/src/KDE/kdelibs/kdecore/jobs/kjob.cpp:294 #41 0xb7d78eb1 in KIO::SimpleJob::slotFinished (this=0x97a21a8) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/job.cpp:489 #42 0xb7d7928a in KIO::TransferJob::slotFinished (this=0x97a21a8) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/job.cpp:966 #43 0xb7d801f1 in KIO::TransferJob::qt_metacall (this=0x97a21a8, _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfacb978) at /home/kde-devel/kde/build/KDE/kdelibs/kio/jobclasses.moc:336 #44 0xb73f0788 in QMetaObject::activate (sender=0x9bf7e30, from_signal_index=8, to_signal_index=8, argv=0x0) at kernel/qobject.cpp:3031 #45 0xb73f0d3b in QMetaObject::activate (sender=0x9bf7e30, m=0xb7f04e04, local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3101 #46 0xb7e28d51 in KIO::SlaveInterface::finished (this=0x9bf7e30) at /home/kde-devel/kde/build/KDE/kdelibs/kio/slaveinterface.moc:163 #47 0xb7e2aacf in KIO::SlaveInterface::dispatch (this=0x9bf7e30, _cmd=104, rawdata=@0xbfacbb08) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:175 #48 0xb7e2a9be in KIO::SlaveInterface::dispatch (this=0x9bf7e30) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:91 #49 0xb7e1d37c in KIO::Slave::gotInput (this=0x9bf7e30) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/slave.cpp:322 #50 0xb7e1e7b2 in KIO::Slave::qt_metacall (this=0x9bf7e30, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfacbc28) at /home/kde-devel/kde/build/KDE/kdelibs/kio/slave.moc:75 #51 0xb73f0788 in QMetaObject::activate (sender=0x9bf7590, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3031 #52 0xb73f0d3b in QMetaObject::activate (sender=0x9bf7590, m=0xb7f018e0, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3101 #53 0xb7d47ec3 in KIO::Connection::readyRead (this=0x9bf7590) at /home/kde-devel/kde/build/KDE/kdelibs/kio/connection.moc:84 #54 0xb7d48dff in KIO::ConnectionPrivate::dequeue (this=0x9ba1f88) at /home/kde-devel/kde/src/KDE/kdelibs/kio/kio/connection.cpp:82 #55 0xb7d49d39 in KIO::Connection::qt_metacall (this=0x9bf7590, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x9ae22b0) at /home/kde-devel/kde/build/KDE/kdelibs/kio/connection.moc:72 #56 0xb73e93aa in QMetaCallEvent::placeMetaCall (this=0x9945858, object=0x9bf7590) at kernel/qobject.cpp:529 #57 0xb73ee2ea in QObject::event (this=0x9bf7590, e=0x9945858) at kernel/qobject.cpp:1155 #58 0xb68f74cf in QApplicationPrivate::notify_helper (this=0x8fa71b0, receiver=0x9bf7590, e=0x9945858) at kernel/qapplication.cpp:3803 #59 0xb68f77b1 in QApplication::notify (this=0xbfacc5d8, receiver=0x9bf7590, e=0x9945858) at kernel/qapplication.cpp:3393 #60 0xb799d491 in KApplication::notify (this=0xbfacc5d8, receiver=0x9bf7590, event=0x9945858) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:307 #61 0xb73d7f07 in QCoreApplication::notifyInternal (this=0xbfacc5d8, receiver=0x9bf7590, event=0x9945858) at kernel/qcoreapplication.cpp:587 #62 0xb73dc90d in QCoreApplication::sendEvent (receiver=0x9bf7590, event=0x9945858) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:209 #63 0xb73d84ca in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x8f95268) at kernel/qcoreapplication.cpp:1198 #64 0xb73d875f in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1091 #65 0xb740fb96 in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:214 #66 0xb740ed83 in postEventSourceDispatch (s=0x8fa9510) at kernel/qeventdispatcher_glib.cpp:205 #67 0xb61656f8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #68 0xb6168da3 in ?? () from /usr/lib/libglib-2.0.so.0 #69 0xb6168f61 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #70 0xb740df9a in QEventDispatcherGlib::processEvents (this=0x8fa72a8, flags={i = -1079196716}) at kernel/qeventdispatcher_glib.cpp:319 #71 0xb69b99cc in QGuiEventDispatcherGlib::processEvents (this=0x8fa72a8, flags={i = -1079196668}) at kernel/qguieventdispatcher_glib.cpp:198 #72 0xb73d4588 in QEventLoop::processEvents (this=0xbfacc488, flags={i = -1079196608}) at kernel/qeventloop.cpp:143 #73 0xb73d47c6 in QEventLoop::exec (this=0xbfacc488, flags={i = -1079196528}) at kernel/qeventloop.cpp:194 #74 0xb73d8881 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845 #75 0xb68f71e8 in QApplication::exec () at kernel/qapplication.cpp:3331 #76 0xb80953e4 in kdemain (argc=1, argv=0xbfacc944) at /home/kde-devel/kde/src/KDE/kdebase/apps/konqueror/src/konqmain.cpp:257 #77 0x08048766 in main (argc=) at /home/kde-devel/kde/build/KDE/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3
Likely testcase, judging from bt: <script> document.body = 43; </script> If so, easy one, just needs a null check.
From one of the scripts: document.body = new Object; document.body.clientWidth = window.innerWidth-20; document.body.clientHeight = window.innerHeight-20 I think it's trying to emulate IE or something. Anyway, just need to not lose track of the obvious tc + fix.
SVN commit 922913 by orlovich: Don't crash if someone tries to set body to a non-Node BUG:183457 M +1 -1 kjs_html.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=922913
SVN commit 922914 by orlovich: Merged revision 922913: Don't crash if someone tries to set body to a non-Node BUG:183457 M +1 -1 kjs_html.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=922914
SVN commit 922920 by orlovich: Regression test for #183457 CCBUG:183457 M +2 -0 baseline/ecma/document.html-dom M +2 -0 tests/ecma/document.html WebSVN link: http://websvn.kde.org/?view=rev&revision=922920