Version: (using KDE 4.2.0) OS: Linux Installed from: Ubuntu Packages A page with a iframe-tag containing a google maps page followed small-tag results in a crash in khtml. The code was copied directly from google maps as instructed there, how to embed a map in own pages. The crash does not happen always. When I load the example page from filesystem konqueror crashes. After restarting and restoring the session the page is normally loaded correctly but after reloading the page (sometimes a 2nd try is needed), konqueror crashes. I have reduced the page as much as possible and here is the reduced page: <html> <body> <iframe width="640" height="480" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.de/maps?f=q&source=s_q&hl=de&geocode=&q=Sauerbrunnenweg,+Bad+Soden&sll=51.151786,10.415039&sspn=22.308913,43.286133&ie=UTF8&s=AARTsJpn2U_ECUQe3j4Zsl2Jz2CHMoYkpQ&ll=50.164914,8.50522&spn=0.026391,0.054932&z=14&iwloc=addr&output=embed"></iframe> <small>Größere Kartenansicht</small> </body> </html> I get a SIGSEGV. Here is the stack trace: Eine korrekte Rückverfolgung ist nicht möglich. Wahrscheinlich sind die Dateien Ihres Systems in einer Weise erstellt worden, die eine solche Rückverfolgung (Backtrace) nicht erlaubt. Oder der so genannte „Stack Frame“ für das Programm wurde durch den Absturz unbrauchbar gemacht. (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 0x7fe60727a6f0 (LWP 14039)] [New Thread 0x410f8950 (LWP 14040)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) 0x00007fe602240621 in nanosleep () from /lib/libc.so.6 [Current thread is 0 (LWP 14039)] Thread 2 (Thread 0x410f8950 (LWP 14040)): #0 0x00007fe60102955d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0 #1 0x00007fe6047cf327 in QWaitCondition::wait () from /usr/lib/libQtCore.so.4 #2 0x00007fe6047c5509 in ?? () from /usr/lib/libQtCore.so.4 #3 0x00007fe6047ce362 in ?? () from /usr/lib/libQtCore.so.4 #4 0x00007fe6010253ea in start_thread () from /lib/libpthread.so.0 #5 0x00007fe60227ec6d in clone () from /lib/libc.so.6 #6 0x0000000000000000 in ?? () Thread 1 (Thread 0x7fe60727a6f0 (LWP 14039)): #0 0x00007fe602240621 in nanosleep () from /lib/libc.so.6 #1 0x00007fe602240447 in sleep () from /lib/libc.so.6 #2 0x00007fe605730cbf in ?? () from /usr/lib/libkdeui.so.5 #3 0x00007fe6057315ca in KCrash::defaultCrashHandler () from /usr/lib/libkdeui.so.5 #4 <signal handler called> #5 0x00007fe5f7b8b692 in ?? () from /usr/lib/libkhtml.so.5 #6 0x00007fe5f7b1dc30 in ?? () from /usr/lib/libkhtml.so.5 #7 0x00007fe5f7b1f02d in ?? () from /usr/lib/libkhtml.so.5 #8 0x00007fe5f7b2aa6b in ?? () from /usr/lib/libkhtml.so.5 #9 0x00007fe5f7b87ffc in ?? () from /usr/lib/libkhtml.so.5 #10 0x00007fe5f7b2a3d5 in ?? () from /usr/lib/libkhtml.so.5 #11 0x00007fe5f7b2ad22 in ?? () from /usr/lib/libkhtml.so.5 #12 0x00007fe5f7b2a3d5 in ?? () from /usr/lib/libkhtml.so.5 #13 0x00007fe5f7b2ad22 in ?? () from /usr/lib/libkhtml.so.5 #14 0x00007fe5f7b82e52 in ?? () from /usr/lib/libkhtml.so.5 #15 0x00007fe5f79ed5bd in KHTMLView::layout () from /usr/lib/libkhtml.so.5 #16 0x00007fe5f7a770fd in ?? () from /usr/lib/libkhtml.so.5 #17 0x00007fe5f7a770aa in ?? () from /usr/lib/libkhtml.so.5 #18 0x00007fe5f7c1fe92 in ?? () from /usr/lib/libkhtml.so.5 #19 0x00007fe5f738a100 in KJS::JSObject::get () from /usr/lib/libkjs.so.4 #20 0x00007fe5f739d5aa in ?? () from /usr/lib/libkjs.so.4 #21 0x00007fe5f7386e8f in KJS::FunctionImp::callAsFunction () from /usr/lib/libkjs.so.4 #22 0x00007fe5f738a939 in KJS::JSObject::call () from /usr/lib/libkjs.so.4 #23 0x00007fe5f73a4fde in ?? () from /usr/lib/libkjs.so.4 #24 0x00007fe5f7386e8f in KJS::FunctionImp::callAsFunction () from /usr/lib/libkjs.so.4 #25 0x00007fe5f738a939 in KJS::JSObject::call () from /usr/lib/libkjs.so.4 #26 0x00007fe5f73a4fde in ?? () from /usr/lib/libkjs.so.4 #27 0x00007fe5f735be99 in ?? () from /usr/lib/libkjs.so.4 #28 0x00007fe5f738d397 in KJS::Interpreter::evaluate () from /usr/lib/libkjs.so.4 #29 0x00007fe5f738d453 in KJS::Interpreter::evaluate () from /usr/lib/libkjs.so.4 #30 0x00007fe5f7c688d1 in ?? () from /usr/lib/libkhtml.so.5 #31 0x00007fe5f7a36141 in KHTMLPart::executeScript () from /usr/lib/libkhtml.so.5 #32 0x00007fe5f7ac3118 in ?? () from /usr/lib/libkhtml.so.5 #33 0x00007fe5f7ac896a in ?? () from /usr/lib/libkhtml.so.5 #34 0x00007fe5f7aca535 in ?? () from /usr/lib/libkhtml.so.5 #35 0x00007fe5f7acd453 in ?? () from /usr/lib/libkhtml.so.5 #36 0x00007fe5f7a123ed in KHTMLPart::write () from /usr/lib/libkhtml.so.5 #37 0x00007fe5f7a146d4 in KHTMLPart::slotData () from /usr/lib/libkhtml.so.5 #38 0x00007fe5f7a34350 in KHTMLPart::qt_metacall () from /usr/lib/libkhtml.so.5 #39 0x00007fe6048cb134 in QMetaObject::activate () from /usr/lib/libQtCore.so.4 #40 0x00007fe6060e41e4 in KIO::TransferJob::data () from /usr/lib/libkio.so.5 #41 0x00007fe6060ef089 in KIO::TransferJob::qt_metacall () from /usr/lib/libkio.so.5 #42 0x00007fe6048cb134 in QMetaObject::activate () from /usr/lib/libQtCore.so.4 #43 0x00007fe60619eb42 in KIO::SlaveInterface::data () from /usr/lib/libkio.so.5 #44 0x00007fe6061a23c8 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.5 #45 0x00007fe60619edf2 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.5 #46 0x00007fe606190013 in KIO::Slave::gotInput () from /usr/lib/libkio.so.5 #47 0x00007fe606192318 in KIO::Slave::qt_metacall () from /usr/lib/libkio.so.5 #48 0x00007fe6048cb134 in QMetaObject::activate () from /usr/lib/libQtCore.so.4 #49 0x00007fe6060b8f21 in ?? () from /usr/lib/libkio.so.5 #50 0x00007fe6060b937a in KIO::Connection::qt_metacall () from /usr/lib/libkio.so.5 #51 0x00007fe6048c5da5 in QObject::event () from /usr/lib/libQtCore.so.4 #52 0x00007fe603dd8c3d in QApplicationPrivate::notify_helper () from /usr/lib/libQtGui.so.4 #53 0x00007fe603de09ba in QApplication::notify () from /usr/lib/libQtGui.so.4 #54 0x00007fe6056cb5db in KApplication::notify () from /usr/lib/libkdeui.so.5 #55 0x00007fe6048b6d61 in QCoreApplication::notifyInternal () from /usr/lib/libQtCore.so.4 #56 0x00007fe6048b79fa in QCoreApplicationPrivate::sendPostedEvents () from /usr/lib/libQtCore.so.4 #57 0x00007fe6048df4d3 in ?? () from /usr/lib/libQtCore.so.4 #58 0x00007fe5fff49d3b in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #59 0x00007fe5fff4d50d in ?? () from /usr/lib/libglib-2.0.so.0 #60 0x00007fe5fff4d6cb in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #61 0x00007fe6048df15f in QEventDispatcherGlib::processEvents () from /usr/lib/libQtCore.so.4 #62 0x00007fe603e6aa6f in ?? () from /usr/lib/libQtGui.so.4 #63 0x00007fe6048b5682 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4 #64 0x00007fe6048b580d in QEventLoop::exec () from /usr/lib/libQtCore.so.4 #65 0x00007fe6048b7cbd in QCoreApplication::exec () from /usr/lib/libQtCore.so.4 #66 0x00007fe606e6bff9 in kdemain () from /usr/lib/libkdeinit4_konqueror.so #67 0x00007fe6021b6466 in __libc_start_main () from /lib/libc.so.6 #68 0x00000000004007a9 in _start () #0 0x00007fe602240621 in nanosleep () from /lib/libc.so.6
Thanks for the bug report and the nice test case! It's not 100% reproducible, but both 4.2.0 and trunk rev. 933864 crash sometimes when opening the test case. Here's a more detailed backtrace: Thread 1 (Thread 0xb5c186c0 (LWP 25478)): [KCrash Handler] #6 0xb3c72a58 in khtml::InlineFlowBox::deleteLine (this=0x9571c9c, arena=0x95483a8) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_line.cpp:209 #7 0xb3bd4520 in khtml::RenderBlock::determineStartPosition (this=0x95719d4, fullLayout=true, start=@0xbfe0f340, bidi=@0xbfe0f2c0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1742 #8 0xb3bd5a92 in khtml::RenderBlock::layoutInlineChildren (this=0x95719d4, relayoutChildren=true, breakBeforeLine=0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1469 #9 0xb3be44f6 in khtml::RenderBlock::layoutBlock (this=0x95719d4, relayoutChildren=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:780 #10 0xb3be4cef in khtml::RenderBlock::layout (this=0x95719d4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:683 #11 0xb3c6b398 in khtml::RenderBody::layout (this=0x95719d4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_body.cpp:91 #12 0xb3a7326d in khtml::RenderObject::layoutIfNeeded (this=0x95719d4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:477 #13 0xb3be3a3b in khtml::RenderBlock::layoutBlockChildren (this=0x95718e4, relayoutChildren=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1510 #14 0xb3be450b in khtml::RenderBlock::layoutBlock (this=0x95718e4, relayoutChildren=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:782 #15 0xb3be4cef in khtml::RenderBlock::layout (this=0x95718e4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:683 #16 0xb3a7326d in khtml::RenderObject::layoutIfNeeded (this=0x95718e4) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:477 #17 0xb3be3a3b in khtml::RenderBlock::layoutBlockChildren (this=0x95717a0, relayoutChildren=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1510 #18 0xb3be450b in khtml::RenderBlock::layoutBlock (this=0x95717a0, relayoutChildren=true) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:782 #19 0xb3c65c4e in khtml::RenderCanvas::layout (this=0x95717a0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_canvas.cpp:187 #20 0xb3a6f802 in KHTMLView::layout (this=0x946cad0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:1052 #21 0xb3b11e78 in DOM::DocumentImpl::updateLayout (this=0x953e8f0) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1510 #22 0xb3b11dd1 in DOM::DocumentImpl::updateLayout (this=0x95b6140) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1497 #23 0xb3d3e84f in KJS::DOMNode::getValueProperty (this=0xb1c21ca0, exec=0xbfe10eac, token=62) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_dom.cpp:365 #24 0xb3d4562d in KJS::staticValueGetter<KJS::DOMNode> (exec=0xbfe10eac, slot=@0xbfe0fa48) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/lookup.h:147 #25 0xb390010f in KJS::PropertySlot::getValue (this=0xbfe0fa48, exec=0xbfe10eac, originalObject=0xb1c21ca0, propertyName=@0x975972c) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/property_slot.h:46 #26 0xb38fe9d6 in KJS::JSObject::get (this=0xb1c21ca0, exec=0xbfe10eac, propertyName=@0x975972c) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/object.cpp:132 #27 0xb391ae24 in KJS::Machine::runBlock (exec=0xbfe10eac, codeBlock=@0x97598e0, parentExec=0xbfe1240c) at codes.def:673 #28 0xb38fab6b in KJS::FunctionImp::callAsFunction (this=0xb1c21040, exec=0xbfe1240c, thisObj=0xb1c30000, args=@0xbfe12358) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/function.cpp:144 #29 0xb38ffb77 in KJS::JSObject::call (this=0xb1c21040, exec=0xbfe1240c, thisObj=0xb1c30000, args=@0xbfe12358) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/object.cpp:69 #30 0xb3923092 in KJS::Machine::runBlock (exec=0xbfe1240c, codeBlock=@0x975e0f8, parentExec=0xbfe13a20) at codes.def:1192 #31 0xb38fab6b in KJS::FunctionImp::callAsFunction (this=0xb1c211c0, exec=0xbfe13a20, thisObj=0xb1c30000, args=@0xbfe138b8) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/function.cpp:144 #32 0xb38ffb77 in KJS::JSObject::call (this=0xb1c211c0, exec=0xbfe13a20, thisObj=0xb1c30000, args=@0xbfe138b8) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/object.cpp:69 #33 0xb3923092 in KJS::Machine::runBlock (exec=0xbfe13a20, codeBlock=@0x98ce330, parentExec=0x0) at codes.def:1192 #34 0xb38c37a1 in KJS::FunctionBodyNode::execute (this=0x98ce2d8, exec=0xbfe13a20) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/nodes.cpp:927 #35 0xb3901a3f in KJS::Interpreter::evaluate (this=0x9611328, sourceURL=@0xbfe13ba8, startingLineNumber=2, code=0x98a5fe0, codeLength=18233, thisV=0xb1c30000) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/interpreter.cpp:553 #36 0xb3901ca1 in KJS::Interpreter::evaluate (this=0x9611328, sourceURL=@0xbfe13ba8, startingLineNumber=2, code=@0xbfe13bac, thisV=0xb1c30000) at /home/kde-devel/kde/src/KDE/kdelibs/kjs/interpreter.cpp:493 #37 0xb3d8f747 in KJS::KJSProxyImpl::evaluate (this=0x960aa20, filename= {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 11153}, alloc = 0, size = 0, data = 0xb73b4c3a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 176}, alloc = 0, size = 0, data = 0xb73b4c4e, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0xbfe13c54, static codecForCStrings = 0x0}, baseLine=2, str=@0xbfe13e00, n=@0xbfe13ca8, completion=0xbfe13c2c) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/ecma/kjs_proxy.cpp:158 #38 0xb3aa9640 in KHTMLPart::executeScript (this=0x93dcf00, filename=@0xbfe13cc4, baseLine=2, n=@0xbfe13ca8, script=@0xbfe13e00) at /home/kde-devel/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1320 (46 more frames follow...)
It's probably a duplicate of bug 182524 and the ones I listed in https://bugs.kde.org/show_bug.cgi?id=182524#c2, but maybe the test case actually makes it easier to find the root cause of the bug.
@ FrankR: could you please try getting a valgrind log of this? Isn't reproducible under it for me...
(In reply to comment #3) > @ FrankR: could you please try getting a valgrind log of this? Isn't > reproducible under it for me... I have the same problem - "konqueror testcase.html" crashes more often than not, but "valgrind konqueror testcase.html" never crashes for me :-(
No crash inside vg: ==20050== ==20050== Invalid read of size 4 ==20050== at 0x1481E39E: void khtmlImLoad::scaleLoop<unsigned int>(QImage*, unsigned int*, int, QImage const&, int, int, int) (scaledimageplane.cpp:53) ==20050== by 0x1481E884: khtmlImLoad::ScaledImagePlane::ensureUpToDate(unsigned int, unsigned int, khtmlImLoad::PixmapTile*) (scaledimageplane.cpp:97) ==20050== by 0x1481F4DB: khtmlImLoad::PixmapPlane::paint(int, int, QPainter*, int, int, int, int) (pixmapplane.cpp:102) ==20050== by 0x1481FB04: khtmlImLoad::ImagePainter::paint(int, int, QPainter*, int, int, int, int) (imagepainter.cpp:126) ==20050== by 0x14639EF3: khtml::RenderImage::paint(khtml::RenderObject::PaintInfo&, int, int) (render_image.cpp:331) ==20050== by 0x14634A00: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1082) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634E00: khtml::RenderLayer::paint(QPainter*, QRect const&, bool) (render_layer.cpp:974) ==20050== by 0x14457084: KHTMLView::render(QPainter*, QRect const&, QPoint const&) (khtmlview.cpp:3428) ==20050== by 0x146551D6: khtml::RenderWidget::paintWidget(khtml::RenderObject::PaintInfo&, QWidget*, int, int, QPixmap**) (render_replace d.cpp:764) ==20050== by 0x146564CD: khtml::RenderWidget::paint(khtml::RenderObject::PaintInfo&, int, int) (render_replaced.cpp:624) ==20050== by 0x1467F771: khtml::InlineBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:141) ==20050== by 0x1467E196: khtml::InlineFlowBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:826) ==20050== by 0x1467E214: khtml::RootInlineBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:1134) ==20050== by 0x14625B86: khtml::RenderFlow::paintLines(khtml::RenderObject::PaintInfo&, int, int) (render_flow.cpp:389) ==20050== by 0x145EAFF9: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1730) ==20050== by 0x145EB46D: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1700) ==20050== by 0x145EB07F: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1734) ==20050== by 0x145EB46D: khtml::RenderBlock::paint(khtml::RenderObject::PaintInfo&, int, int) (render_block.cpp:1700) ==20050== by 0x14634A00: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1082) ==20050== by 0x14634C8F: khtml::RenderLayer::paintLayer(khtml::RenderLayer*, QPainter*, QRect const&, bool) (render_layer.cpp:1107) ==20050== by 0x14634E00: khtml::RenderLayer::paint(QPainter*, QRect const&, bool) (render_layer.cpp:974) ==20050== by 0x1446B6A4: KHTMLView::paintEvent(QPaintEvent*) (khtmlview.cpp:964) ==20050== by 0x7D3B12E: QWidget::event(QEvent*) (qwidget.cpp:7649) ==20050== by 0x8125C8A: QFrame::event(QEvent*) (qframe.cpp:554) ==20050== by 0x1445D837: KHTMLView::widgetEvent(QEvent*) (khtmlview.cpp:2356) ==20050== by 0x14461C4C: KHTMLView::eventFilter(QObject*, QEvent*) (khtmlview.cpp:2220) ==20050== by 0x75B3766: QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (qcoreapplication.cpp:710) ==20050== by 0x7CDE358: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4047) ==20050== by 0x7CE023C: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4016) ==20050== by 0x66A465C: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:307) ==20050== by 0x75B51A8: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:590) ==20050== by 0x7CEA0DC: QCoreApplication::sendSpontaneousEvent(QObject*, QEvent*) (qcoreapplication.h:211) ==20050== by 0x7D389F9: QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (q widget.cpp:5041) ==20050== by 0x7F0F4A5: QWidgetBackingStore::sync() (qbackingstore.cpp:1259) ==20050== by 0x7D32CC1: QWidgetPrivate::syncBackingStore() (qwidget.cpp:1598) ==20050== by 0x7D3B711: QWidget::event(QEvent*) (qwidget.cpp:7789) ==20050== by 0x8142D56: QMainWindow::event(QEvent*) (qmainwindow.cpp:1391) ==20050== by 0x67788A9: KMainWindow::event(QEvent*) (kmainwindow.cpp:1094) ==20050== by 0x67B638E: KXmlGuiWindow::event(QEvent*) (kxmlguiwindow.cpp:131) ==20050== by 0x4EA5ACD: KonqMainWindow::event(QEvent*) (konqmainwindow.cpp:5681) ==20050== by 0x7CDE37A: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4051) ==20050== by 0x7CE023C: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4016) ==20050== by 0x66A465C: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:307) ==20050== by 0x75B51A8: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:590) ==20050== Address 0x1110419c is 0 bytes after a block of size 4 alloc'd ==20050== at 0x4C2694E: malloc (vg_replace_malloc.c:207) ==20050== by 0x7D93776: QImageData::create(QSize const&, QImage::Format, int) (qimage.cpp:241) ==20050== by 0x7D954E9: QImage::QImage(int, int, QImage::Format) (qimage.cpp:826) ==20050== by 0x1481EF2C: khtmlImLoad::ImageFormat::makeImage(int, int) const (imageformat.h:74) ==20050== by 0x148219B7: khtmlImLoad::Image::notifyAppendFrame(int, int, khtmlImLoad::ImageFormat const&) (image.cpp:249) ==20050== by 0x14826D3A: khtmlImLoad::ImageLoader::notifyAppendFrame(int, int, khtmlImLoad::ImageFormat const&) (imageloader.h:62) ==20050== by 0x14826D75: khtmlImLoad::ImageLoader::notifySingleFrameImage(int, int, khtmlImLoad::ImageFormat const&) (imageloader.h:71) ==20050== by 0x148275F8: khtmlImLoad::PNGLoader::haveInfo() (pngloader.cpp:186) ==20050== by 0x14827679: khtmlImLoad::PNGLoader::dispHaveInfo(png_struct_def*, png_info_struct*) (pngloader.cpp:66) ==20050== by 0xC0E260B: (within /usr/lib/libpng12.so.0.27.0) ==20050== by 0xC0E2C7A: png_process_data (in /usr/lib/libpng12.so.0.27.0) ==20050== by 0x148270E3: khtmlImLoad::PNGLoader::processData(unsigned char*, int) (pngloader.cpp:257) ==20050== by 0x14821D3C: khtmlImLoad::Image::processData(unsigned char*, int) (image.cpp:151) ==20050== by 0x146EFFA3: khtml::CachedImage::data(QBuffer&, bool) (loader.cpp:853) ==20050== by 0x146EC713: khtml::Loader::slotData(KIO::Job*, QByteArray const&) (loader.cpp:1467) ==20050== by 0x146EF13F: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:133) ==20050== by 0x75CB547: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3061) ==20050== by 0x75CC89A: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3136) ==20050== by 0x5B2C6A4: KIO::TransferJob::data(KIO::Job*, QByteArray const&) (jobclasses.moc:364) ==20050== by 0x5B2CF85: KIO::TransferJob::slotData(QByteArray const&) (job.cpp:921) ==20050== by 0x5B37254: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:344) ==20050== by 0x75CB547: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3061) ==20050== by 0x75CC89A: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3136) ==20050== by 0x5BD588C: KIO::SlaveInterface::data(QByteArray const&) (slaveinterface.moc:140) ==20050== by 0x5BD7206: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:163) ==20050== by 0x5BD7132: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91) ==20050== by 0x5BCADDA: KIO::Slave::gotInput() (slave.cpp:322) ==20050== by 0x5BCC03A: KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) (slave.moc:76) ==20050== by 0x75CB547: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3061) ==20050== by 0x75CC89A: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3136) ==20050== by 0x5B027ED: KIO::Connection::readyRead() (connection.moc:86) ==20050== by 0x5B03665: KIO::ConnectionPrivate::dequeue() (connection.cpp:82) ==20050== by 0x5B044F9: KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) (connection.moc:73) ==20050== by 0x75C4DB2: QMetaCallEvent::placeMetaCall(QObject*) (qobject.cpp:484) ==20050== by 0x75C93E3: QObject::event(QEvent*) (qobject.cpp:1110) ==20050== by 0x7CDE37A: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4051) ==20050== by 0x7CDE6C7: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3598) ==20050== by 0x66A465C: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:307) ==20050== by 0x75B51A8: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:590) ==20050== by 0x75B8C3C: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:208) ==20050== by 0x75B56FA: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1228) ==20050== by 0x75B58D1: QCoreApplication::sendPostedEvents(QObject*, int) (qcoreapplication.cpp:1124) ==20050== by 0x75E47F2: QCoreApplication::sendPostedEvents() (qcoreapplication.h:213) ==20050== by 0x75E3A33: postEventSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:204) ==20050== by 0xB61FD3A: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1800.2) ==20050== by 0xB62350C: (within /usr/lib/libglib-2.0.so.0.1800.2) ==20050== by 0xB6236CA: g_main_context_iteration (in /usr/lib/libglib-2.0.so.0.1800.2) ==20050== by 0x75E2D75: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:318) ==20050== by 0x7D86212: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:197) ==20050== by 0x75B2456: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:144)
The provided testcase works fine for me with konqueror 4.2.90. I opened the html file abaout a dozen time from within dolphin and it never crashed. Can somebody else still reproduce that crash with a current version of konqueror?
Konqueror 4.2.2 does not crash any more.
Thanks for the quick reply. I close this report for now. Please feel free to reopen, if anybody still experiences this issue with a recent kde version.