Bug 129563

Summary: Konqueror crashes in http://www.wikimapia.org
Product: [Applications] konqueror Reporter: Hasso Tepper <hasso>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash CC: ismail
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Hasso Tepper 2006-06-21 12:07:04 UTC 
Version:           3.5.3 (using KDE 3.5.3, compiled sources)
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.16-ck12

#0  0xb6197de6 in DOM::DocumentImpl::domTreeVersion (this=0x0) at dom_docimpl.h:517
#1  0xb619664b in DOM::NodeListImpl::Cache::updateNodeListInfo (this=0x847f9e8, doc=0x0) at dom_nodeimpl.cpp:1778
#2  0xb6195db0 in DOM::NodeListImpl::item (this=0x888fa20, index=52) at dom_nodeimpl.cpp:1624
#3  0xb635e3d8 in DOM::NodeList::item (this=0x87b8fc4, index=52) at dom_node.cpp:470
#4  0xb62b82fd in KJS::DOMNodeList::tryGet (this=0x87b8f98, exec=0xbff40630, p=@0xbff3fec0) at kjs_dom.cpp:624
#5  0xb62ae729 in KJS::DOMObject::get (this=0x87b8f98, exec=0xbff40630, p=@0xbff3fec0) at kjs_binding.cpp:50
#6  0xb5f5a1df in KJS::ObjectImp::getPropertyByIndex (this=0x87b8f98, exec=0xbff40630, propertyName=52) at object.cpp:191
#7  0xb5f61a9a in KJS::Reference::getValue (this=0xbff3ff80, exec=0xbff40630) at reference.cpp:142
#8  0xb5f191df in KJS::Node::evaluate (this=0x8a66b10, exec=0xbff40630) at nodes.cpp:130
#9  0xb5f1b4cb in KJS::AccessorNode2::evaluateReference (this=0x8a66b28, exec=0xbff40630) at nodes.cpp:668
#10 0xb5f1c0cd in KJS::FunctionCallNode::evaluate (this=0x8a66ba0, exec=0xbff40630) at nodes.cpp:829
#11 0xb5f1fc4b in KJS::AssignNode::evaluate (this=0x8a66bb8, exec=0xbff40630) at nodes.cpp:1562
#12 0xb5f21c89 in KJS::ExprStatementNode::execute (this=0x8a66bd8, exec=0xbff40630) at nodes.cpp:1980
#13 0xb5f287ea in KJS::SourceElementsNode::execute (this=0x8a65b58, exec=0xbff40630) at nodes.cpp:3097
#14 0xb5f21aae in KJS::BlockNode::execute (this=0x8a67168, exec=0xbff40630) at nodes.cpp:1942
#15 0xb5f22102 in KJS::IfNode::execute (this=0x8a67198, exec=0xbff40630) at nodes.cpp:2021
#16 0xb5f28687 in KJS::SourceElementsNode::execute (this=0x8a671d0, exec=0xbff40630) at nodes.cpp:3091
#17 0xb5f21aae in KJS::BlockNode::execute (this=0x8a67208, exec=0xbff40630) at nodes.cpp:1942
#18 0xb5f2441a in KJS::ForInNode::execute (this=0x8a67238, exec=0xbff40630) at nodes.cpp:2306
#19 0xb5f287ea in KJS::SourceElementsNode::execute (this=0x8a65970, exec=0xbff40630) at nodes.cpp:3097
#20 0xb5f21aae in KJS::BlockNode::execute (this=0x8a672b8, exec=0xbff40630) at nodes.cpp:1942
#21 0xb5f54783 in KJS::DeclaredFunctionImp::execute (this=0x89fa4f8, exec=0xbff40630) at function.cpp:588
#22 0xb5f53953 in KJS::FunctionImp::call (this=0x89fa4f8, exec=0xbff409a0, thisObj=@0xbff40750, args=@0xbff407a0) at function.cpp:363
#23 0xb5f59a78 in KJS::Object::call (this=0xbff40780, exec=0xbff409a0, thisObj=@0xbff40750, args=@0xbff407a0) at object.cpp:73
#24 0xb5f1c566 in KJS::FunctionCallNode::evaluate (this=0x87f88b8, exec=0xbff409a0) at nodes.cpp:870
#25 0xb5f21c89 in KJS::ExprStatementNode::execute (this=0x8804b90, exec=0xbff409a0) at nodes.cpp:1980
#26 0xb5f28687 in KJS::SourceElementsNode::execute (this=0x8a2ecf0, exec=0xbff409a0) at nodes.cpp:3091
#27 0xb5f21aae in KJS::BlockNode::execute (this=0x87fb3b8, exec=0xbff409a0) at nodes.cpp:1942
#28 0xb5f46913 in KJS::InterpreterImp::evaluate (this=0x849c340, code=@0xbff40ad0, thisV=@0xbff40af0) at internal.cpp:904
#29 0xb5f5bb3a in KJS::Interpreter::evaluate (this=0x8308720, code=@0xbff40ad0, thisV=@0xbff40af0) at interpreter.cpp:166
#30 0xb631658f in KJS::KJSProxyImpl::evaluate (this=0x8547f78, filename={d = 0x87f4e80}, baseLine=1, str=@0x832bfcc, n=@0xbff40c70, completion=0xbff40bf0)
    at kjs_proxy.cpp:164
#31 0xb61341f7 in KHTMLPart::executeScript (this=0x85001f8, n=@0xbff40c70, script=@0x832bfcc) at khtml_part.cpp:1198
#32 0xb6305d44 in KJS::ScheduledAction::execute (this=0x832bfc0, window=0x83597e8) at kjs_window.cpp:1938
#33 0xb6306b2a in KJS::WindowQObject::timerEvent (this=0x82244b0) at kjs_window.cpp:2073
#34 0xb6f52485 in QObject::event ( from /usr/qt/3/lib/libqt-mt.so.3 )
Comment 1 Ismail Donmez 2006-06-21 12:10:06 UTC 
Valgrind shows an invalid read:

==31522==
==31522== Invalid read of size 4
==31522==    at 0x71DBDE6: DOM::DocumentImpl::domTreeVersion() const (dom_docimpl.h:517)
==31522==    by 0x71DA64A: DOM::NodeListImpl::Cache::updateNodeListInfo(DOM::DocumentImpl*) (dom_nodeimpl.cpp:1778)
==31522==    by 0x71D9DAF: DOM::NodeListImpl::item(unsigned long) const (dom_nodeimpl.cpp:1624)
==31522==    by 0x73A23D7: DOM::NodeList::item(unsigned long) const (dom_node.cpp:470)
==31522==    by 0x72FC2FC: KJS::DOMNodeList::tryGet(KJS::ExecState*, KJS::Identifier const&) const (kjs_dom.cpp:624)
==31522==    by 0x72F2728: KJS::DOMObject::get(KJS::ExecState*, KJS::Identifier const&) const (kjs_binding.cpp:50)
==31522==    by 0x74E81DE: KJS::ObjectImp::getPropertyByIndex(KJS::ExecState*, unsigned) const (object.cpp:191)
==31522==    by 0x74EFA99: KJS::Reference::getValue(KJS::ExecState*) const (reference.cpp:142)
==31522==    by 0x74A71DE: KJS::Node::evaluate(KJS::ExecState*) const (nodes.cpp:130)
==31522==    by 0x74A94CA: KJS::AccessorNode2::evaluateReference(KJS::ExecState*) const (nodes.cpp:668)
==31522==    by 0x74AA0CC: KJS::FunctionCallNode::evaluate(KJS::ExecState*) const (nodes.cpp:829)
==31522==    by 0x74ADC4A: KJS::AssignNode::evaluate(KJS::ExecState*) const (nodes.cpp:1562)
==31522==  Address 0x10C is not stack'd, malloc'd or (recently) free'd
Comment 2 Allan Sandfeld 2006-06-21 16:05:59 UTC 
Another duplicate of #128015 ?
Comment 3 Maksim Orlovich 2006-06-22 01:26:06 UTC 
yep.

*** This bug has been marked as a duplicate of 128015 ***