Version: (using KDE KDE 3.2.1) Installed from: Mandrake RPMs OS: Linux Description : TreeWalker is an optional part of the DOM version 2.0. It's described at the W3C website here http://www.w3.org/TR/DOM-Level-2-Traversal-Range/traversal.html Live demo : http://mat.virgule.info/temp/crash.html It crashs reliably for various version from Konqueror 3.2.x (at least 3.2.0, 3.2.1 and 3.2.2) from various linux distributions It has been reported not to crash for older versions (KDE 3.0.5 Slackware 8.1, Konqueror 3.1.4 mandrake 9.1+texstar) Source of the javascript : function crashkonqueror() { var treeWalker = document.createTreeWalker(document.documentElement, NodeFilter.SHOW_ELEMENT, null, true); if (treeWalker) treeWalker.nextNode(); } Backtrace : Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 26730)] 0x413fab79 in __wait4 () from /lib/libc.so.6 #0 0x413fab79 in __wait4 () from /lib/libc.so.6 #1 0x413fab08 in __libc_waitpid (pid=-512, stat_loc=0x0, options=-512) at ../sysdeps/unix/sysv/linux/waitpid.c:26 #2 0x411facd3 in waitpid (pid=-512, stat_loc=0xfffffe00, options=-512) at wrapsyscall.c:181 #3 0x407849e0 in KCrash::defaultCrashHandler () from /usr/local/kde/lib/libkdecore.so.4 #4 <signal handler called> #5 0x41bc1dad in DOM::TreeWalkerImpl::getNextSibling () from /usr/local/kde/lib/libkhtml.so.4 #6 0x41bc1a8f in DOM::TreeWalkerImpl::nextNode () from /usr/local/kde/lib/libkhtml.so.4 #7 0x41d2c08b in DOM::TreeWalker::nextNode () from /usr/local/kde/lib/libkhtml.so.4 #8 0x41cd6777 in KJS::DOMTreeWalkerProtoFunc::tryCall () from /usr/local/kde/lib/libkhtml.so.4 #9 0x41c7fe03 in KJS::DOMFunction::call () from /usr/local/kde/lib/libkhtml.so.4 #10 0x41df4ce0 in KJS::Object::call () from /usr/local/kde/lib/libkjs.so.1 #11 0x41dc7609 in KJS::FunctionCallNode::evaluate () from /usr/local/kde/lib/libkjs.so.1 #12 0x41dcbb8a in KJS::ExprStatementNode::execute () from /usr/local/kde/lib/libkjs.so.1 #13 0x41dcbf2e in KJS::IfNode::execute () from /usr/local/kde/lib/libkjs.so.1 #14 0x41dd23cc in KJS::SourceElementsNode::execute () from /usr/local/kde/lib/libkjs.so.1 #15 0x41dcb99f in KJS::BlockNode::execute () from /usr/local/kde/lib/libkjs.so.1 #16 0x41dd18e3 in KJS::FunctionBodyNode::execute () from /usr/local/kde/lib/libkjs.so.1 #17 0x41df017c in KJS::DeclaredFunctionImp::execute () from /usr/local/kde/lib/libkjs.so.1 #18 0x41def593 in KJS::FunctionImp::call () from /usr/local/kde/lib/libkjs.so.1 #19 0x41df4ce0 in KJS::Object::call () from /usr/local/kde/lib/libkjs.so.1 #20 0x41dc7609 in KJS::FunctionCallNode::evaluate () from /usr/local/kde/lib/libkjs.so.1 #21 0x41dcbb8a in KJS::ExprStatementNode::execute () from /usr/local/kde/lib/libkjs.so.1 #22 0x41dd2353 in KJS::SourceElementsNode::execute () from /usr/local/kde/lib/libkjs.so.1 #23 0x41dcb99f in KJS::BlockNode::execute () from /usr/local/kde/lib/libkjs.so.1 #24 0x41dd18e3 in KJS::FunctionBodyNode::execute () from /usr/local/kde/lib/libkjs.so.1 #25 0x41df017c in KJS::DeclaredFunctionImp::execute () from /usr/local/kde/lib/libkjs.so.1 #26 0x41def593 in KJS::FunctionImp::call () from /usr/local/kde/lib/libkjs.so.1 #27 0x41df4ce0 in KJS::Object::call () from /usr/local/kde/lib/libkjs.so.1 #28 0x41cd749e in KJS::JSEventListener::handleEvent () from /usr/local/kde/lib/libkhtml.so.4 #29 0x41bb2223 in DOM::DocumentImpl::defaultEventHandler () from /usr/local/kde/lib/libkhtml.so.4 #30 0x41bb4f23 in DOM::NodeImpl::dispatchWindowEvent () from /usr/local/kde/lib/libkhtml.so.4 #31 0x41bdd9c1 in DOM::HTMLDocumentImpl::close () from /usr/local/kde/lib/libkhtml.so.4 #32 0x41b793cc in KHTMLPart::checkEmitLoadEvent () from /usr/local/kde/lib/libkhtml.so.4 #33 0x41b7825f in KHTMLPart::slotFinishedParsing () from /usr/local/kde/lib/libkhtml.so.4 #34 0x41b92a0b in KHTMLPart::qt_invoke () from /usr/local/kde/lib/libkhtml.so.4 #35 0x40b5da00 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #36 0x40b5d834 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #37 0x41bb2efb in DOM::DocumentImpl::finishedParsing () from /usr/local/kde/lib/libkhtml.so.4 #38 0x41bb2fa8 in DOM::DocumentImpl::qt_emit () from /usr/local/kde/lib/libkhtml.so.4 #39 0x41bde89d in DOM::HTMLDocumentImpl::qt_emit () from /usr/local/kde/lib/libkhtml.so.4 #40 0x40b5da35 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #41 0x40b5d834 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #42 0x41bc4cbb in khtml::Tokenizer::finishedParsing () from /usr/local/kde/lib/libkhtml.so.4 #43 0x41bd4860 in khtml::HTMLTokenizer::end () from /usr/local/kde/lib/libkhtml.so.4 #44 0x41bd4163 in khtml::HTMLTokenizer::write () from /usr/local/kde/lib/libkhtml.so.4 #45 0x41bd554d in khtml::HTMLTokenizer::notifyFinished () from /usr/local/kde/lib/libkhtml.so.4 #46 0x41c75613 in khtml::CachedScript::checkNotify () from /usr/local/kde/lib/libkhtml.so.4 #47 0x41c7555f in khtml::CachedScript::data () from /usr/local/kde/lib/libkhtml.so.4 #48 0x41c79340 in khtml::Loader::slotFinished () from /usr/local/kde/lib/libkhtml.so.4 #49 0x41c7b8a8 in khtml::Loader::qt_invoke () from /usr/local/kde/lib/libkhtml.so.4 #50 0x40b5da00 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #51 0x40198132 in KIO::Job::result () from /usr/local/kde/lib/libkio.so.4 #52 0x4017f8ba in KIO::Job::emitResult () from /usr/local/kde/lib/libkio.so.4 #53 0x401812fe in KIO::SimpleJob::slotFinished () from /usr/local/kde/lib/libkio.so.4 #54 0x4018461e in KIO::TransferJob::slotFinished () from /usr/local/kde/lib/libkio.so.4 #55 0x4019993d in KIO::TransferJob::qt_invoke () from /usr/local/kde/lib/libkio.so.4 #56 0x40b5da00 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #57 0x40b5d834 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #58 0x40174d2e in KIO::SlaveInterface::finished () from /usr/local/kde/lib/libkio.so.4 #59 0x401721c4 in KIO::SlaveInterface::dispatch () from /usr/local/kde/lib/libkio.so.4 #60 0x40171490 in KIO::SlaveInterface::dispatch () from /usr/local/kde/lib/libkio.so.4 #61 0x4016e3d5 in KIO::Slave::gotInput () from /usr/local/kde/lib/libkio.so.4 #62 0x40170bb0 in KIO::Slave::qt_invoke () from /usr/local/kde/lib/libkio.so.4 #63 0x40b5da00 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #64 0x40b5db60 in QObject::activate_signal () from /usr/local/kde/lib/libqt-mt.so.3 #65 0x40e77692 in QSocketNotifier::activated () from /usr/local/kde/lib/libqt-mt.so.3 #66 0x40b79e20 in QSocketNotifier::event () from /usr/local/kde/lib/libqt-mt.so.3 #67 0x40b028c5 in QApplication::internalNotify () from /usr/local/kde/lib/libqt-mt.so.3 #68 0x40b01f7b in QApplication::notify () from /usr/local/kde/lib/libqt-mt.so.3 #69 0x406f315c in KApplication::notify () from /usr/local/kde/lib/libkdecore.so.4 #70 0x40af2518 in QEventLoop::activateSocketNotifiers () from /usr/local/kde/lib/libqt-mt.so.3 #71 0x40aadf7c in QEventLoop::processEvents () from /usr/local/kde/lib/libqt-mt.so.3 #72 0x40b15b86 in QEventLoop::enterLoop () from /usr/local/kde/lib/libqt-mt.so.3 #73 0x40b15a28 in QEventLoop::exec () from /usr/local/kde/lib/libqt-mt.so.3 #74 0x40b02b11 in QApplication::exec () from /usr/local/kde/lib/libqt-mt.so.3 #75 0x415bb4f6 in kdemain () from /usr/local/kde/lib/libkdeinit_konqueror.so #76 0x4125c8d6 in kdeinitmain () from /usr/local/kde/lib/kde3/konqueror.so #77 0x0804d013 in launch () #78 0x0804e0d1 in handle_launcher_request () #79 0x0804e63a in handle_requests ()
Created attachment 6507 [details] Backtrace (somewhat nicer than in the summary) Backtrace
Same problem with Konqueror 3.2.2 Debian Testing Here is my backtrace: 0x40fc340e in __waitpid_nocancel () from /lib/tls/libpthread.so.0 #0 0x40fc340e in __waitpid_nocancel () from /lib/tls/libpthread.so.0 #1 0x40744e20 in KCrash::defaultCrashHandler () from /usr/lib/libkdecore.so.4 #2 <signal handler called> #3 0x4337ed64 in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #4 0x4337e9ff in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #5 0x434de44b in DOM::TreeWalker::nextNode () from /usr/lib/libkhtml.so.4 #6 0x434885b8 in TestFunctionImp::call () from /usr/lib/libkhtml.so.4 #7 0x43434c37 in QPtrDict<khtml::CachedObjectClient>::deleteItem () from /usr/lib/libkhtml.so.4 #8 0x435a7b10 in KJS::Object::call () from /usr/lib/libkjs.so.1 #9 0x435796cd in KJS::roundValue () from /usr/lib/libkjs.so.1 #10 0x4357ddca in KJS::roundValue () from /usr/lib/libkjs.so.1 #11 0x4357e16e in KJS::roundValue () from /usr/lib/libkjs.so.1 #12 0x4358483c in KJS::roundValue () from /usr/lib/libkjs.so.1 #13 0x4357dbdf in KJS::roundValue () from /usr/lib/libkjs.so.1 #14 0x43583ce3 in KJS::roundValue () from /usr/lib/libkjs.so.1 #15 0x435a31dc in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1 #16 0x435a25ac in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1 #17 0x435a7b10 in KJS::Object::call () from /usr/lib/libkjs.so.1 #18 0x435796cd in KJS::roundValue () from /usr/lib/libkjs.so.1 #19 0x4357ddca in KJS::roundValue () from /usr/lib/libkjs.so.1 #20 0x435847c6 in KJS::roundValue () from /usr/lib/libkjs.so.1 #21 0x4357dbdf in KJS::roundValue () from /usr/lib/libkjs.so.1 #22 0x43583ce3 in KJS::roundValue () from /usr/lib/libkjs.so.1 #23 0x435a31dc in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1 #24 0x435a25ac in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1 #25 0x435a7b10 in KJS::Object::call () from /usr/lib/libkjs.so.1 #26 0x434893e5 in TestFunctionImp::call () from /usr/lib/libkhtml.so.4 #27 0x4336f443 in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #28 0x433720a7 in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #29 0x4339adcc in DOM::removeForbidden () from /usr/lib/libkhtml.so.4 #30 0x433392e6 in KHTMLPart::checkEmitLoadEvent () from /usr/lib/libkhtml.so.4 #31 0x433382af in KHTMLPart::slotFinishedParsing () from /usr/lib/libkhtml.so.4 #32 0x43350e17 in KHTMLPart::qt_invoke () from /usr/lib/libkhtml.so.4 #33 0x40b15d9c in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #34 0x40b15bd4 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #35 0x433700fb in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #36 0x433701a8 in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #37 0x4339ba6d in DOM::removeForbidden () from /usr/lib/libkhtml.so.4 #38 0x40b15dd1 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #39 0x40b15bd4 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #40 0x43381cbb in KStaticDeleter<KHTMLPageCache>::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #41 0x43391ae0 in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #42 0x433913e3 in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #43 0x433928eb in KStaticDeleter<QPtrList<DOM::DocumentImpl> >::~KStaticDeleter () from /usr/lib/libkhtml.so.4 #44 0x4342b823 in QPtrList<DOM::StyleBaseImpl>::deleteItem () from /usr/lib/libkhtml.so.4 #45 0x4342b772 in QPtrList<DOM::StyleBaseImpl>::deleteItem () from /usr/lib/libkhtml.so.4 #46 0x4342f555 in QPtrList<DOM::StyleBaseImpl>::deleteItem () from /usr/lib/libkhtml.so.4 #47 0x434309ed in QPtrList<DOM::StyleBaseImpl>::deleteItem () from /usr/lib/libkhtml.so.4 #48 0x40b15d9c in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #49 0x40199efa in KIO::Job::result () from /usr/lib/libkio.so.4 #50 0x401849da in KIO::Job::emitResult () from /usr/lib/libkio.so.4 #51 0x40185ede in KIO::SimpleJob::slotFinished () from /usr/lib/libkio.so.4 #52 0x40188d6e in KIO::TransferJob::slotFinished () from /usr/lib/libkio.so.4 #53 0x4019b6cd in KIO::TransferJob::qt_invoke () from /usr/lib/libkio.so.4 #54 0x40b15d9c in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #55 0x40b15bd4 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #56 0x4017ac2e in KIO::SlaveInterface::finished () from /usr/lib/libkio.so.4 #57 0x4017988b in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4 #58 0x40178e89 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4 #59 0x4017691b in KIO::Slave::gotInput () from /usr/lib/libkio.so.4 #60 0x401785d8 in KIO::Slave::qt_invoke () from /usr/lib/libkio.so.4 #61 0x40b15d9c in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #62 0x40b15efd in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #63 0x40e340f2 in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3 #64 0x40b31d20 in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3 #65 0x40aba47f in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #66 0x40ab9a8b in QApplication::notify () from /usr/lib/libqt-mt.so.3 #67 0x406c0b29 in KApplication::notify () from /usr/lib/libkdecore.so.4 #68 0x40aaa1ba in QEventLoop::activateSocketNotifiers () from /usr/lib/libqt-mt.so.3 #69 0x40a65b28 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #70 0x40acdce8 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #71 0x40acdb98 in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #72 0x40aba6d1 in QApplication::exec () from /usr/lib/libqt-mt.so.3 #73 0x414e5cbc in kdemain () from /usr/lib/libkdeinit_konqueror.so #74 0x41491866 in kdeinitmain () from /usr/lib/kde3/konqueror.so #75 0x0804cc36 in ?? () #76 0x00000002 in ?? () #77 0x0805ff50 in ?? () #78 0x00000001 in ?? () #79 0x0805e663 in ?? () #80 0x00000000 in ?? () #81 0x407e3e71 in posix_memalign () from /usr/lib/libkdecore.so.4 #82 0x0804e12b in ?? () #83 0x00000002 in ?? () #84 0x0805e64c in ?? () #85 0x0805e65f in ?? () #86 0x00000000 in ?? () #87 0x00000001 in ?? () #88 0x0805e670 in ?? () #89 0x00000000 in ?? () #90 0x00000000 in ?? () #91 0x00000000 in ?? () #92 0x0805e674 in ?? () #93 0xbffffab8 in ?? () #94 0x4079a253 in KStartupInfoId::initId () from /usr/lib/libkdecore.so.4 #95 0x0804e64e in ?? () #96 0x00000008 in ?? () #97 0xbffffb90 in ?? () #98 0xbffffb10 in ?? () #99 0xbffffa90 in ?? () #100 0x00000000 in ?? () #101 0xbffffa30 in ?? () #102 0xbffff998 in ?? () #103 0x41143eb3 in operator delete () from /usr/lib/libstdc++.so.5 #104 0x0804f64d in ?? () #105 0x00000000 in ?? () #106 0xbffffc8e in ?? () #107 0x00000001 in ?? () #108 0x00000000 in ?? () #109 0x00000000 in ?? () #110 0x00000000 in ?? () #111 0x00000000 in ?? () #112 0x00000000 in ?? () #113 0x00000000 in ?? () #114 0x0805045d in _IO_stdin_used () #115 0xbffffc68 in ?? () #116 0x412cfebc in ?? () from /lib/tls/libc.so.6 #117 0x00000000 in ?? () #118 0x411c4a51 in __cxa_atexit () from /lib/tls/libc.so.6 #119 0x08059e80 in ?? () #120 0x0804fc50 in ?? () #121 0x00000000 in ?? () #122 0x08059e50 in ?? () #123 0x00000001 in ?? () #124 0x00000001 in ?? () #125 0x00000001 in ?? () #126 0x00000001 in ?? () #127 0x0800fc8b in ?? () #128 0x0805d230 in ?? () #129 0x0000ffff in ?? () #130 0xbffffca8 in ?? () #131 0x080502e5 in QPtrList<char>::deleteItem () #132 0x411ad7f8 in __libc_start_main () from /lib/tls/libc.so.6 #133 0x412cfebc in ?? () from /lib/tls/libc.so.6 #134 0x400164a0 in ?? () from /lib/ld-linux.so.2 #135 0xbffffcf0 in ?? () #136 0x08050200 in QPtrList<char>::deleteItem ()
Update : A friend of mine told me that this bug don't exist in Safari 1.2.2
I can not reproduce this with cvs head from 20040729. Distro is Gentoo. Cheers Jo
Trusting comment 3 and comment 4, I close the bug. Please REOPEN it, if it is still valid.