Bug 135005

Summary: konqueror crashes when visiting http://fourpoints.de
Product: [Applications] konqueror Reporter: Willi Richert <w.richert>
Component: khtml parsingAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: normal CC: zahl
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Willi Richert 2006-10-02 16:54:09 UTC
Version:           3.5.2 (using KDE 3.5.2, Kubuntu Package 4:3.5.2-0ubuntu18.1 dapper)
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.15-26-386

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
.
.
.
(no debugging symbols found)
[KCrash handler]
#6  0xb60592a9 in QValueListPrivate<khtml::TokenizerSubstring>::clear ()
   from /usr/lib/libkhtml.so.4
#7  0xb605933d in QValueList<khtml::TokenizerSubstring>::clear ()
   from /usr/lib/libkhtml.so.4
#8  0xb605308c in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#9  0xb5fab4b2 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#10 0xb5fac4e9 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#11 0xb5faf247 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#12 0xb5f969e6 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#13 0xb604fd34 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#14 0xb5fab69c in DOM::checkChild () from /usr/lib/libkhtml.so.4
#15 0xb5fac4e9 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#16 0xb5faf247 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#17 0xb5f969e6 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#18 0xb604fd34 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#19 0xb5fab69c in DOM::checkChild () from /usr/lib/libkhtml.so.4
#20 0xb5fac4e9 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#21 0xb5faf247 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#22 0xb5f969e6 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#23 0xb604fd34 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#24 0xb5fab69c in DOM::checkChild () from /usr/lib/libkhtml.so.4
#25 0xb5fac4e9 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#26 0xb5faf247 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#27 0xb5f969e6 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#28 0xb604fd34 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#29 0xb5fab69c in DOM::checkChild () from /usr/lib/libkhtml.so.4
#30 0xb5fac4e9 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#31 0xb5faf247 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#32 0xb5f969e6 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#33 0xb604fd34 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#34 0xb5fab69c in DOM::checkChild () from /usr/lib/libkhtml.so.4
#35 0xb5fac4e9 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#36 0xb5faf247 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#37 0xb5f969e6 in DOM::checkChild () from /usr/lib/libkhtml.so.4
#38 0xb6051d9a in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#39 0xb6054eaf in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#40 0xb6055b23 in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#41 0xb6055cbe in khtml_jpeg_source_mgr::khtml_jpeg_source_mgr ()
   from /usr/lib/libkhtml.so.4
#42 0xb7273eb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#43 0xb7a9c5ae in KIO::Job::result () from /usr/lib/libkio.so.4
#44 0xb7aedd62 in KIO::Job::emitResult () from /usr/lib/libkio.so.4
#45 0xb7aedea6 in KIO::SimpleJob::slotFinished () from /usr/lib/libkio.so.4
#46 0xb7aee5a9 in KIO::TransferJob::slotFinished () from /usr/lib/libkio.so.4
#47 0xb7aefaef in KIO::TransferJob::qt_invoke () from /usr/lib/libkio.so.4
#48 0xb7273eb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#49 0xb7274954 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#50 0xb7a979d4 in KIO::SlaveInterface::finished () from /usr/lib/libkio.so.4
#51 0xb7b07cc1 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4
#52 0xb7aae739 in KIO::SlaveInterface::dispatch () from /usr/lib/libkio.so.4
#53 0xb7ab3230 in KIO::Slave::gotInput () from /usr/lib/libkio.so.4
#54 0xb7ab33c5 in KIO::Slave::qt_invoke () from /usr/lib/libkio.so.4
#55 0xb7273eb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#56 0xb72747c8 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#57 0xb760806f in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3
#58 0xb72941fe in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3
#59 0xb7209e56 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#60 0xb720a052 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#61 0xb78d6d7d in KApplication::notify () from /usr/lib/libkdecore.so.4
#62 0xb719b157 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3
#63 0xb71fb973 in QEventLoop::activateSocketNotifiers ()
   from /usr/lib/libqt-mt.so.3
#64 0xb71aef43 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#65 0xb7222947 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#66 0xb722286a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#67 0xb7208965 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#68 0xb6781a51 in kdemain () from /usr/lib/libkdeinit_konqueror.so
#69 0xb7f284f4 in kdeinitmain () from /usr/lib/kde3/konqueror.so
#70 0x0804e063 in ?? ()
#71 0x00000004 in ?? ()
#72 0x081402b0 in ?? ()
#73 0x00000001 in ?? ()
#74 0x00000000 in ?? ()
Comment 1 Maksim Orlovich 2006-10-02 16:57:50 UTC
Can confirm crash on kubuntu 3.5.4, but bt is useless...
Comment 2 Maksim Orlovich 2006-10-02 17:03:35 UTC
After installing debug symbols:
#6  0xb5fa7a7b in khtml::HTMLTokenizer::scriptHandler (this=0x874c708)
    at stringit.h:190
#7  0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, 
    src=@0x874cc08) at htmltokenizer.cpp:1200
#8  0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, 
    str=@0xbfd75324, appendData=false) at htmltokenizer.cpp:1443
#9  0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708)
    at htmltokenizer.cpp:1754
#10 0xb60626c6 in khtml::CachedScript::ref (this=0x8681d18, c=0x874c730)
    at loader.cpp:348
#11 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708)
    at htmltokenizer.cpp:408
#12 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, 
    src=@0x874cc08) at htmltokenizer.cpp:1200
#13 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, 
    str=@0xbfd75914, appendData=false) at htmltokenizer.cpp:1443
#14 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708)
    at htmltokenizer.cpp:1754
#15 0xb60626c6 in khtml::CachedScript::ref (this=0x867f240, c=0x874c730)
    at loader.cpp:348
#16 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708)
    at htmltokenizer.cpp:408
#17 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, 
    src=@0x874cc08) at htmltokenizer.cpp:1200
#18 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, 
    str=@0xbfd75f04, appendData=false) at htmltokenizer.cpp:1443
#19 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708)
    at htmltokenizer.cpp:1754
#20 0xb60626c6 in khtml::CachedScript::ref (this=0x867f578, c=0x874c730)
    at loader.cpp:348
#21 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708)
    at htmltokenizer.cpp:408
#22 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, 
    src=@0x874cc08) at htmltokenizer.cpp:1200
#23 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, 
    str=@0xbfd764f4, appendData=false) at htmltokenizer.cpp:1443
#24 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708)
    at htmltokenizer.cpp:1754
#25 0xb60626c6 in khtml::CachedScript::ref (this=0x867ee28, c=0x874c730)
    at loader.cpp:348
#26 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708)
    at htmltokenizer.cpp:408
#27 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, 
    src=@0x874cc08) at htmltokenizer.cpp:1200
#28 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, 
    str=@0xbfd76ae4, appendData=false) at htmltokenizer.cpp:1443
#29 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708)
    at htmltokenizer.cpp:1754
#30 0xb60626c6 in khtml::CachedScript::ref (this=0x85ff9a8, c=0x874c730)
    at loader.cpp:348
#31 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708)
    at htmltokenizer.cpp:408
#32 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, 
    src=@0x874cc08) at htmltokenizer.cpp:1200
#33 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, 
    str=@0xbfd770d4, appendData=false) at htmltokenizer.cpp:1443
#34 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708)
    at htmltokenizer.cpp:1754
#35 0xb60647d0 in khtml::CachedScript::checkNotify (this=0x87b0128)
    at loader.cpp:369
#36 0xb6067a31 in khtml::CachedScript::data (this=0x87b0128, 
    buffer=@0x87afe8c, eof=true) at loader.cpp:361
#37 0xb6068724 in khtml::Loader::slotFinished (this=0x8443fc0, job=0x8a3bdc8)
    at loader.cpp:1169
#38 0xb606b5f4 in khtml::Loader::qt_invoke (this=0x8443fc0, _id=2, 
    _o=0xbfd772b4) at loader.moc:260
#39 0xb6c7deb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#40 0xb78b6ade in KIO::Job::result (this=0x8a3bdc8, t0=0x874c708)
    at jobclasses.moc:162
#41 0xb7913fc4 in KIO::Job::emitResult (this=0x8a3bdc8) at job.cpp:226
#42 0xb7914108 in KIO::SimpleJob::slotFinished (this=0x8a3bdc8) at job.cpp:574
#43 0xb791480b in KIO::TransferJob::slotFinished (this=0x8a3bdc8)
    at job.cpp:944
#44 0xb791635f in KIO::TransferJob::qt_invoke (this=0x8a3bdc8, _id=17, 
    _o=0xbfd7763c) at jobclasses.moc:1071
#45 0xb6c7deb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#46 0xb6c7e954 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#47 0xb78b2118 in KIO::SlaveInterface::finished (this=0x874c708)
    at slaveinterface.moc:226
#48 0xb792719e in KIO::SlaveInterface::dispatch (this=0x851ea58, _cmd=104, 
    rawdata=@0xbfd778e0) at slaveinterface.cpp:243
#49 0xb78fa620 in KIO::SlaveInterface::dispatch (this=0x851ea58)
    at slaveinterface.cpp:173
#50 0xb78ef730 in KIO::Slave::gotInput (this=0x851ea58) at slave.cpp:300
#51 0xb78f3a87 in KIO::Slave::qt_invoke (this=0x851ea58, _id=4, _o=0xbfd77a38)
    at slave.moc:113
#52 0xb6c7deb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#53 0xb6c7e7c8 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#54 0xb701206f in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3
#55 0xb6c9e1fe in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3
#56 0xb6c13e56 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#57 0xb6c14052 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#58 0xb73ba7ab in KApplication::notify (this=0xbfd780d8, receiver=0x851f688, 
    event=0xbfd77d90) at kapplication.cpp:550
#59 0xb6ba5157 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3
#60 0xb6c05973 in QEventLoop::activateSocketNotifiers ()
   from /usr/lib/libqt-mt.so.3
#61 0xb6bb8f43 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#62 0xb6c2c947 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#63 0xb6c2c86a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#64 0xb6c12965 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#65 0xb7f1bc11 in kdemain () from /usr/lib/libkdeinit_konqueror.so
#66 0xb7c46ea2 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#67 0x080483b5 in ?? ()

Looks nasty.
Comment 3 Marc Collin 2006-10-03 00:11:11 UTC
i can confirm on suse 10.1 64 bits

Vérification au démarrage de la configuration du système désactivée.

Using host libthread_db library "/lib64/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47716952423296 (LWP 3865)]
[KCrash handler]
#5  0x00002b65fa2bbf50 in QValueListPrivate<khtml::TokenizerString>::QValueListPrivate () from /opt/kde3/lib64/libkhtml.so.4
#6  0x00002b65fa2bbfcf in QValueList<khtml::TokenizerString>::detachInternal ()
   from /opt/kde3/lib64/libkhtml.so.4
#7  0x00002b65fa2af9d2 in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib64/libkhtml.so.4
#8  0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib64/libkhtml.so.4
#9  0x00002b65fa2b3357 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib64/libkhtml.so.4
#10 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#11 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib64/libkhtml.so.4
#12 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib64/libkhtml.so.4
#13 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib64/libkhtml.so.4
#14 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#15 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib64/libkhtml.so.4
#16 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib64/libkhtml.so.4
#17 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib64/libkhtml.so.4
#18 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#19 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib64/libkhtml.so.4
#20 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib64/libkhtml.so.4
#21 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib64/libkhtml.so.4
#22 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#23 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib64/libkhtml.so.4
#24 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib64/libkhtml.so.4
#25 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib64/libkhtml.so.4
#26 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#27 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler ()
   from /opt/kde3/lib64/libkhtml.so.4
#28 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag ()
   from /opt/kde3/lib64/libkhtml.so.4
#29 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write ()
   from /opt/kde3/lib64/libkhtml.so.4
#30 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#31 0x00002b65fa35a254 in khtml::CachedScript::checkNotify ()
   from /opt/kde3/lib64/libkhtml.so.4
#32 0x00002b65fa360ed1 in khtml::CachedScript::data ()
   from /opt/kde3/lib64/libkhtml.so.4
#33 0x00002b65fa35f847 in khtml::Loader::slotFinished ()
   from /opt/kde3/lib64/libkhtml.so.4
#34 0x00002b65fa35fe8f in khtml::Loader::qt_invoke ()
   from /opt/kde3/lib64/libkhtml.so.4
#35 0x00002b65f4fc5adc in QObject::activate_signal ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#36 0x00002b65f457bd12 in KIO::Job::result () from /opt/kde3/lib64/libkio.so.4
#37 0x00002b65f45b298f in KIO::Job::emitResult ()
   from /opt/kde3/lib64/libkio.so.4
#38 0x00002b65f45c41da in KIO::SimpleJob::slotFinished ()
   from /opt/kde3/lib64/libkio.so.4
#39 0x00002b65f45c482a in KIO::TransferJob::slotFinished ()
   from /opt/kde3/lib64/libkio.so.4
#40 0x00002b65f45b25f8 in KIO::TransferJob::qt_invoke ()
   from /opt/kde3/lib64/libkio.so.4
#41 0x00002b65f4fc5adc in QObject::activate_signal ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#42 0x00002b65f4fc67f3 in QObject::activate_signal ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#43 0x00002b65f45cead5 in KIO::SlaveInterface::dispatch ()
   from /opt/kde3/lib64/libkio.so.4
#44 0x00002b65f45d760e in KIO::SlaveInterface::dispatch ()
   from /opt/kde3/lib64/libkio.so.4
#45 0x00002b65f45872ab in KIO::Slave::gotInput ()
   from /opt/kde3/lib64/libkio.so.4
#46 0x00002b65f45c68b8 in KIO::Slave::qt_invoke ()
   from /opt/kde3/lib64/libkio.so.4
#47 0x00002b65f4fc5adc in QObject::activate_signal ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#48 0x00002b65f4fc671f in QObject::activate_signal ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#49 0x00002b65f4fe038b in QSocketNotifier::event ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#50 0x00002b65f4f6eae5 in QApplication::internalNotify ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#51 0x00002b65f4f6f717 in QApplication::notify ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#52 0x00002b65f4aae7b8 in KApplication::notify ()
   from /opt/kde3/lib64/libkdecore.so.4
#53 0x00002b65f4f64adc in QEventLoop::activateSocketNotifiers ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#54 0x00002b65f4f25490 in QEventLoop::processEvents ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#55 0x00002b65f4f837f1 in QEventLoop::enterLoop ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#56 0x00002b65f4f8369a in QEventLoop::exec ()
   from /usr/lib/qt3/lib64/libqt-mt.so.3
#57 0x00002b65f86f4d33 in kdemain ()
   from /opt/kde3/lib64/libkdeinit_konqueror.so
#58 0x0000000000407431 in launch ()
#59 0x0000000000407d6c in handle_launcher_request ()
#60 0x00000000004080f5 in handle_requests ()
#61 0x000000000040914a in main ()
Comment 4 Allan Sandfeld 2006-10-14 19:14:55 UTC
Valgrind output:
==31846==
==31846== Invalid read of size 4
==31846==    at 0x406F0D4: QGList::count() const (in /opt/kde3.5/lib/libkdeinit_konqueror.so)
==31846==    by 0x724653A: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:409)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==  Address 0x7A6ED8C is 220 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==31846==
==31846== Invalid read of size 4
==31846==    at 0x7246730: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:429)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==  Address 0x7A6ED70 is 192 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==31846==
==31846== Invalid write of size 1
==31846==    at 0x7246736: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:423)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==  Address 0x7A6ED0C is 92 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==31846==
==31846== Invalid write of size 4
==31846==    at 0x724673A: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:424)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==  Address 0x7A6ED34 is 132 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==31846==
==31846== Invalid write of size 4
==31846==    at 0x7246744: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:424)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==  Address 0x7A6ED2C is 124 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==31846==
==31846== Invalid read of size 4
==31846==    at 0x406F0D4: QGList::count() const (in /opt/kde3.5/lib/libkdeinit_konqueror.so)
==31846==    by 0x724661B: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:429)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==  Address 0x7A6ED8C is 220 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
==31846==
==31846== Invalid read of size 4
==31846==    at 0x724A306: QValueList<khtml::TokenizerString>::isEmpty() const (qvaluelist.h:524)
==31846==    by 0x724B064: khtml::TokenizerQueue::pop() (stringit.h:190)
==31846==    by 0x7246638: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:430)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==    by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408)
==31846==    by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207)
==31846==    by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450)
==31846==    by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761)
==31846==    by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348)
==31846==  Address 0x7A6ED6C is 188 bytes inside a block of size 1,324 free'd
==31846==    at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244)
==31846==    by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708)
==31846==    by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304)
==31846==    by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252)
==31846==    by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338)
==31846==    by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075)
==31846==    by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504)
==31846==    by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6)
==31846==    by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86)
==31846==    by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97)
==31846==    by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91)
Comment 5 Allan Sandfeld 2006-10-14 19:16:26 UTC
In other words a tokenizer that have been deleted before the last script finished loading.
Comment 6 Raúl 2008-02-09 14:16:28 UTC
Someone at debian bug tracker reported this happened on 3.5.8: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452133

Not much info apart of the backtrace.
Comment 7 Philip Rodrigues 2008-04-20 20:54:06 UTC
I don't see the crash with trunk (r796129). Site appears to work correctly, as far as I can tell without knowing any German
Comment 8 Rui G. 2008-04-21 21:35:15 UTC
It crashes in 3.5.9 with segmentation fault.
Comment 9 A. Spehr 2008-06-22 01:17:26 UTC
No crash here in 4.00.83, closing