Summary: | konqueror crashes on a google cache page | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | christophe_goudey |
Component: | khtml | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED DUPLICATE | ||
Severity: | crash | CC: | maksim |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
christophe_goudey
2006-02-11 14:06:21 UTC
#4 0x420d5772 in DOM::Node::nodeType (this=0xbfb3267c) at dom_node.cpp:202 #5 0x42026eb4 in KJS::getDOMNode (exec=0x86b6640, n=@0xbfb3267c) at kjs_dom.cpp:1439 #6 0x420acae7 in KJS::JSLazyEventListener::parseCode (this=0x842d188) at kjs_events.cpp:201 #7 0x420ae6a4 in KJS::JSLazyEventListener::handleEvent (this=0x842d188, evt=@0xbfb326f8) at kjs_events.cpp:149 #8 0x41efaf9c in DOM::NodeImpl::handleLocalEvents (this=0x84c38cc, evt=0x8471420, useCapture=false) at dom_nodeimpl.cpp:605 #9 0x41efb2a2 in DOM::NodeImpl::dispatchGenericEvent (this=0x84c38cc, evt=0x8471420) at dom_nodeimpl.cpp:382 #10 0x41efb62c in DOM::NodeImpl::dispatchWindowEvent (this=0x84c38cc, _id=17, canBubbleArg=false, cancelableArg=false) at dom_nodeimpl.cpp:440 #11 0x41f31976 in DOM::HTMLDocumentImpl::close (this=0x84c38a0) at html_documentimpl.cpp:276 #12 0x41ea3947 in KHTMLPart::checkEmitLoadEvent (this=0x881fd68) at khtml_part.cpp:2329 #13 0x41ea3cf9 in KHTMLPart::checkCompleted (this=0x881fd68) at khtml_part.cpp:2251 #14 0x41ea40b7 in KHTMLPart::slotChildCompleted (this=0x881fd68, pendingAction=false) at khtml_part.cpp:5043 #15 0x41ea40e2 in KHTMLPart::slotChildCompleted (this=0x881fd68) at khtml_part.cpp:5030 #16 0x41eb5ab6 in KHTMLPart::qt_invoke (this=0x881fd68, _id=56, _o=0xbfb32a78) at khtml_part.moc:541 I think there was some discussion of this nasty on the list earlier: ==13650== Invalid read of size 4 ==13650== at 0x6E4A606: khtml::TreeShared<DOM::NodeImpl>::ref() (shared.h:34) ==13650== by 0x700FC44: DOM::Node::Node(DOM::NodeImpl*) (dom_node.cpp:148) ==13650== by 0x6FF14C1: KJS::JSLazyEventListener::parseCode() const (kjs_events.cpp:201) ==13650== by 0x6FF2B0C: KJS::JSLazyEventListener::handleEvent(DOM::Event&) (kjs_events.cpp:149) ==13650== by 0x6EAAFDC: DOM::NodeImpl::handleLocalEvents(DOM::EventImpl*, bool) (dom_nodeimpl.cpp:605) ==13650== by 0x6EAB218: DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) (dom_nodeimpl.cpp:382) ==13650== by 0x6EAB4BE: DOM::NodeImpl::dispatchWindowEvent(int, bool, bool) (dom_nodeimpl.cpp:440) ==13650== by 0x6ED5AF4: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:276) ==13650== by 0x6E62F2F: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2329) ==13650== by 0x6E6323D: KHTMLPart::checkCompleted() (khtml_part.cpp:2251) ==13650== by 0x6E64308: KHTMLPart::slotLoaderRequestDone(khtml::DocLoader*, khtml::CachedObject*) (khtml_part.cpp:2104) ==13650== by 0x6E719E0: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:548) ==13650== Address 0x9D45954 is 4 bytes inside a block of size 84 free'd ==13650== at 0x401C1EB: operator delete(void*) (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so) ==13650== by 0x6ED9275: DOM::HTMLFrameSetElementImpl::~HTMLFrameSetElementImpl() (html_baseimpl.cpp:456) ==13650== by 0x6EC6768: khtml::KHTMLParser::parseToken(khtml::Token*) (htmlparser.cpp:308) ==13650== by 0x6EC7281: khtml::HTMLTokenizer::processToken() (htmltokenizer.cpp:1666) ==13650== by 0x6ECB913: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1166) ==13650== by 0x6ECBE56: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1425) ==13650== by 0x6EA0B82: DOM::DocumentImpl::write(QString const&) (dom_docimpl.cpp:1315) ==13650== by 0x6EA0BCD: DOM::DocumentImpl::write(DOM::DOMString const&) (dom_docimpl.cpp:1303) ==13650== by 0x7012269: DOM::HTMLDocument::write(DOM::DOMString const&) (html_document.cpp:213) ==13650== by 0x6FA7143: KJS::HTMLDocFunction::tryCall(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_html.cpp:108) ==13650== by 0x6F90870: KJS::DOMFunction::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (kjs_binding.cpp:114) ==13650== by 0x7138F1D: KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) (object.cpp:73) |