Version: unspecified (using KDE 4.5.5) OS: Linux When loading a javascript voxel rendering engine, konqueror crashes with SIGSEV: (gdb) bt #0 0x0064c5e9 in _int_malloc (av=0x7633a0, bytes=48) at malloc.c:4249 #1 0x0064d9de in __libc_malloc (bytes=48) at malloc.c:3660 #2 0x00ccc7da in operator new (sz=48) at ../../../../libstdc++-v3/libsupc++/new_op.cc:52 #3 0x026def5d in KJS::UString::Rep::create (d=0x9213d78, l=5) at /usr/src/debug/kdelibs-4.5.5/kjs/ustring.cpp:169 #4 0x026df271 in KJS::UString::Rep::createCopying (d=0xbdcfe156, length=5) at /usr/src/debug/kdelibs-4.5.5/kjs/ustring.cpp:164 #5 0x026dfd9e in KJS::UString::UString (this=0xbdcfe1a4, c=0xbdcfe156, length=5) at /usr/src/debug/kdelibs-4.5.5/kjs/ustring.cpp:459 #6 0x026dfe5f in KJS::UString::from (u=<value optimized out>) at /usr/src/debug/kdelibs-4.5.5/kjs/ustring.cpp:587 #7 0x02716acf in from (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/identifier.h:78 #8 KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #9 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #10 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 #11 0x02716b28 in KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #12 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #13 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 #14 0x02716b28 in KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #15 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= ---Type <return> to continue, or q <return> to quit--- 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #16 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 #17 0x02716b28 in KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #18 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #19 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 #20 0x02716b28 in KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #21 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #22 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 #23 0x02716b28 in KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #24 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #25 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 #26 0x02716b28 in KJS::JSObject::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/kjs/object.cpp:251 #27 0x0145b097 in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, index=64000, value= 0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:835 #28 0x0145b14c in KJS::CanvasImageDataArray::put (this=0xb1a544c0, exec=0xbfefb0bc, propertyName=..., value=0xe9, attr=0) at /usr/src/debug/kdelibs-4.5.5/khtml/ecma/kjs_context2d.cpp:803 Reproducible: Always Steps to Reproduce: load http://voxel.onaluf.org/ Actual Results: crash Expected Results: no crash
Working on it. Thanks for the report.
Git commit 6e6af077c95cc1006ff799b94cb819f7d894c6db by Maks Orlovich. Committed on 21/02/2011 at 18:43. Pushed by orlovich into branch 'master'. Don't stackoverflow on put of out-of-bounds indexes in canvas pixel arrays Really, the public index put and the virtual one ought to be the different methods, with the virtual one private... BUG: 266765 M +3 -1 khtml/ecma/kjs_context2d.cpp http://commits.kde.org/kdelibs/6e6af077c95cc1006ff799b94cb819f7d894c6db