Version: (using KDE KDE 3.2.2) Installed from: NetBSD pkgsrc Compiler: gcc (GCC) 3.3.3 (NetBSD nb1 20040301) OS: NetBSD Konqueror core dumps when visiting http://delit.net and Java Script is enabled. With disabled Java Script all works fine [more or less]. Backtraces No backtraces available ATM. How to Reproduce: Enable Java Script and visit the link above. Expected behavior Core dump // wbr
=5255== Invalid read of size 4 ==5255== at 0x3E16D746: khtml::HTMLTokenizer::scriptExecution(QString const&, QString const&, int) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E171D89: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E2047C8: khtml::CachedScript::checkNotify() (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E20472F: khtml::CachedScript::data(QBuffer&, bool) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E208242: khtml::Loader::slotFinished(KIO::Job*) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E209502: khtml::Loader::qt_invoke(int, QUObject*) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3CCC6BCF: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.1) ==5255== by 0x3C313A4B: KIO::Job::result(KIO::Job*) (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== by 0x3C3006B1: KIO::Job::emitResult() (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== by 0x3C3018C2: KIO::SimpleJob::slotFinished() (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== by 0x3C303F5C: KIO::TransferJob::slotFinished() (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== by 0x3C3151FA: KIO::TransferJob::qt_invoke(int, QUObject*) (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== by 0x3CCC6BCF: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.1) ==5255== by 0x3CCC69BE: QObject::activate_signal(int) (in /usr/lib/qt3/lib/libqt-mt.so.3.3.1) ==5255== by 0x3C2F4837: KIO::SlaveInterface::finished() (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== by 0x3C2F37F0: KIO::SlaveInterface::dispatch(int, QMemArray<char> const&) (in /code/opt/kde3/lib/libkio.so.4.2.0) ==5255== Address 0x3E56AD20 is 192 bytes inside a block of size 304 free'd ==5255== at 0x3C01F959: operator delete(void*) (vg_replace_malloc.c:129) ==5255== by 0x3E171B33: khtml::HTMLTokenizer::~HTMLTokenizer() (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E14AE43: DOM::DocumentImpl::close() (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E179CEB: DOM::HTMLDocumentImpl::close() (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E288EF0: DOM::HTMLDocument::close() (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E2219EE: KJS::HTMLDocFunction::tryCall(KJS::ExecState*, KJS::Object&, KJS::List const&) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E20DCC9: KJS::DOMFunction::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) ==5255== by 0x3E37ECF7: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E35025E: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E35479A: KJS::ExprStatementNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E35A81E: KJS::SourceElementsNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E3545C2: KJS::BlockNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E354BC0: KJS::IfNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E35A8BA: KJS::SourceElementsNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E3545C2: KJS::BlockNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255== by 0x3E359DBB: KJS::FunctionBodyNode::execute(KJS::ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) ==5255==
*** This bug has been marked as a duplicate of 68523 ***