Summary: | konqueror crashes when visiting http://fourpoints.de | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Willi Richert <w.richert> |
Component: | khtml parsing | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED WORKSFORME | ||
Severity: | normal | CC: | zahl |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Willi Richert
2006-10-02 16:54:09 UTC
Can confirm crash on kubuntu 3.5.4, but bt is useless... After installing debug symbols: #6 0xb5fa7a7b in khtml::HTMLTokenizer::scriptHandler (this=0x874c708) at stringit.h:190 #7 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, src=@0x874cc08) at htmltokenizer.cpp:1200 #8 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, str=@0xbfd75324, appendData=false) at htmltokenizer.cpp:1443 #9 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708) at htmltokenizer.cpp:1754 #10 0xb60626c6 in khtml::CachedScript::ref (this=0x8681d18, c=0x874c730) at loader.cpp:348 #11 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708) at htmltokenizer.cpp:408 #12 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, src=@0x874cc08) at htmltokenizer.cpp:1200 #13 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, str=@0xbfd75914, appendData=false) at htmltokenizer.cpp:1443 #14 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708) at htmltokenizer.cpp:1754 #15 0xb60626c6 in khtml::CachedScript::ref (this=0x867f240, c=0x874c730) at loader.cpp:348 #16 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708) at htmltokenizer.cpp:408 #17 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, src=@0x874cc08) at htmltokenizer.cpp:1200 #18 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, str=@0xbfd75f04, appendData=false) at htmltokenizer.cpp:1443 #19 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708) at htmltokenizer.cpp:1754 #20 0xb60626c6 in khtml::CachedScript::ref (this=0x867f578, c=0x874c730) at loader.cpp:348 #21 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708) at htmltokenizer.cpp:408 #22 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, src=@0x874cc08) at htmltokenizer.cpp:1200 #23 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, str=@0xbfd764f4, appendData=false) at htmltokenizer.cpp:1443 #24 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708) at htmltokenizer.cpp:1754 #25 0xb60626c6 in khtml::CachedScript::ref (this=0x867ee28, c=0x874c730) at loader.cpp:348 #26 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708) at htmltokenizer.cpp:408 #27 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, src=@0x874cc08) at htmltokenizer.cpp:1200 #28 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, str=@0xbfd76ae4, appendData=false) at htmltokenizer.cpp:1443 #29 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708) at htmltokenizer.cpp:1754 #30 0xb60626c6 in khtml::CachedScript::ref (this=0x85ff9a8, c=0x874c730) at loader.cpp:348 #31 0xb5fa83f9 in khtml::HTMLTokenizer::scriptHandler (this=0x874c708) at htmltokenizer.cpp:408 #32 0xb5fa939a in khtml::HTMLTokenizer::parseTag (this=0x874c708, src=@0x874cc08) at htmltokenizer.cpp:1200 #33 0xb5fac1f0 in khtml::HTMLTokenizer::write (this=0x874c708, str=@0xbfd770d4, appendData=false) at htmltokenizer.cpp:1443 #34 0xb5f92a12 in khtml::HTMLTokenizer::notifyFinished (this=0x874c708) at htmltokenizer.cpp:1754 #35 0xb60647d0 in khtml::CachedScript::checkNotify (this=0x87b0128) at loader.cpp:369 #36 0xb6067a31 in khtml::CachedScript::data (this=0x87b0128, buffer=@0x87afe8c, eof=true) at loader.cpp:361 #37 0xb6068724 in khtml::Loader::slotFinished (this=0x8443fc0, job=0x8a3bdc8) at loader.cpp:1169 #38 0xb606b5f4 in khtml::Loader::qt_invoke (this=0x8443fc0, _id=2, _o=0xbfd772b4) at loader.moc:260 #39 0xb6c7deb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #40 0xb78b6ade in KIO::Job::result (this=0x8a3bdc8, t0=0x874c708) at jobclasses.moc:162 #41 0xb7913fc4 in KIO::Job::emitResult (this=0x8a3bdc8) at job.cpp:226 #42 0xb7914108 in KIO::SimpleJob::slotFinished (this=0x8a3bdc8) at job.cpp:574 #43 0xb791480b in KIO::TransferJob::slotFinished (this=0x8a3bdc8) at job.cpp:944 #44 0xb791635f in KIO::TransferJob::qt_invoke (this=0x8a3bdc8, _id=17, _o=0xbfd7763c) at jobclasses.moc:1071 #45 0xb6c7deb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #46 0xb6c7e954 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #47 0xb78b2118 in KIO::SlaveInterface::finished (this=0x874c708) at slaveinterface.moc:226 #48 0xb792719e in KIO::SlaveInterface::dispatch (this=0x851ea58, _cmd=104, rawdata=@0xbfd778e0) at slaveinterface.cpp:243 #49 0xb78fa620 in KIO::SlaveInterface::dispatch (this=0x851ea58) at slaveinterface.cpp:173 #50 0xb78ef730 in KIO::Slave::gotInput (this=0x851ea58) at slave.cpp:300 #51 0xb78f3a87 in KIO::Slave::qt_invoke (this=0x851ea58, _id=4, _o=0xbfd77a38) at slave.moc:113 #52 0xb6c7deb9 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #53 0xb6c7e7c8 in QObject::activate_signal () from /usr/lib/libqt-mt.so.3 #54 0xb701206f in QSocketNotifier::activated () from /usr/lib/libqt-mt.so.3 #55 0xb6c9e1fe in QSocketNotifier::event () from /usr/lib/libqt-mt.so.3 #56 0xb6c13e56 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #57 0xb6c14052 in QApplication::notify () from /usr/lib/libqt-mt.so.3 #58 0xb73ba7ab in KApplication::notify (this=0xbfd780d8, receiver=0x851f688, event=0xbfd77d90) at kapplication.cpp:550 #59 0xb6ba5157 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #60 0xb6c05973 in QEventLoop::activateSocketNotifiers () from /usr/lib/libqt-mt.so.3 #61 0xb6bb8f43 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #62 0xb6c2c947 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #63 0xb6c2c86a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #64 0xb6c12965 in QApplication::exec () from /usr/lib/libqt-mt.so.3 #65 0xb7f1bc11 in kdemain () from /usr/lib/libkdeinit_konqueror.so #66 0xb7c46ea2 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #67 0x080483b5 in ?? () Looks nasty. i can confirm on suse 10.1 64 bits Vérification au démarrage de la configuration du système désactivée. Using host libthread_db library "/lib64/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 47716952423296 (LWP 3865)] [KCrash handler] #5 0x00002b65fa2bbf50 in QValueListPrivate<khtml::TokenizerString>::QValueListPrivate () from /opt/kde3/lib64/libkhtml.so.4 #6 0x00002b65fa2bbfcf in QValueList<khtml::TokenizerString>::detachInternal () from /opt/kde3/lib64/libkhtml.so.4 #7 0x00002b65fa2af9d2 in khtml::HTMLTokenizer::scriptHandler () from /opt/kde3/lib64/libkhtml.so.4 #8 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag () from /opt/kde3/lib64/libkhtml.so.4 #9 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write () from /opt/kde3/lib64/libkhtml.so.4 #10 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished () from /opt/kde3/lib64/libkhtml.so.4 #11 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler () from /opt/kde3/lib64/libkhtml.so.4 #12 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag () from /opt/kde3/lib64/libkhtml.so.4 #13 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write () from /opt/kde3/lib64/libkhtml.so.4 #14 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished () from /opt/kde3/lib64/libkhtml.so.4 #15 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler () from /opt/kde3/lib64/libkhtml.so.4 #16 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag () from /opt/kde3/lib64/libkhtml.so.4 #17 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write () from /opt/kde3/lib64/libkhtml.so.4 #18 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished () from /opt/kde3/lib64/libkhtml.so.4 #19 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler () from /opt/kde3/lib64/libkhtml.so.4 #20 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag () from /opt/kde3/lib64/libkhtml.so.4 #21 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write () from /opt/kde3/lib64/libkhtml.so.4 #22 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished () from /opt/kde3/lib64/libkhtml.so.4 #23 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler () from /opt/kde3/lib64/libkhtml.so.4 #24 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag () from /opt/kde3/lib64/libkhtml.so.4 #25 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write () from /opt/kde3/lib64/libkhtml.so.4 #26 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished () from /opt/kde3/lib64/libkhtml.so.4 #27 0x00002b65fa2af7ac in khtml::HTMLTokenizer::scriptHandler () from /opt/kde3/lib64/libkhtml.so.4 #28 0x00002b65fa2b1d4b in khtml::HTMLTokenizer::parseTag () from /opt/kde3/lib64/libkhtml.so.4 #29 0x00002b65fa2b3357 in khtml::HTMLTokenizer::write () from /opt/kde3/lib64/libkhtml.so.4 #30 0x00002b65fa2aeead in khtml::HTMLTokenizer::notifyFinished () from /opt/kde3/lib64/libkhtml.so.4 #31 0x00002b65fa35a254 in khtml::CachedScript::checkNotify () from /opt/kde3/lib64/libkhtml.so.4 #32 0x00002b65fa360ed1 in khtml::CachedScript::data () from /opt/kde3/lib64/libkhtml.so.4 #33 0x00002b65fa35f847 in khtml::Loader::slotFinished () from /opt/kde3/lib64/libkhtml.so.4 #34 0x00002b65fa35fe8f in khtml::Loader::qt_invoke () from /opt/kde3/lib64/libkhtml.so.4 #35 0x00002b65f4fc5adc in QObject::activate_signal () from /usr/lib/qt3/lib64/libqt-mt.so.3 #36 0x00002b65f457bd12 in KIO::Job::result () from /opt/kde3/lib64/libkio.so.4 #37 0x00002b65f45b298f in KIO::Job::emitResult () from /opt/kde3/lib64/libkio.so.4 #38 0x00002b65f45c41da in KIO::SimpleJob::slotFinished () from /opt/kde3/lib64/libkio.so.4 #39 0x00002b65f45c482a in KIO::TransferJob::slotFinished () from /opt/kde3/lib64/libkio.so.4 #40 0x00002b65f45b25f8 in KIO::TransferJob::qt_invoke () from /opt/kde3/lib64/libkio.so.4 #41 0x00002b65f4fc5adc in QObject::activate_signal () from /usr/lib/qt3/lib64/libqt-mt.so.3 #42 0x00002b65f4fc67f3 in QObject::activate_signal () from /usr/lib/qt3/lib64/libqt-mt.so.3 #43 0x00002b65f45cead5 in KIO::SlaveInterface::dispatch () from /opt/kde3/lib64/libkio.so.4 #44 0x00002b65f45d760e in KIO::SlaveInterface::dispatch () from /opt/kde3/lib64/libkio.so.4 #45 0x00002b65f45872ab in KIO::Slave::gotInput () from /opt/kde3/lib64/libkio.so.4 #46 0x00002b65f45c68b8 in KIO::Slave::qt_invoke () from /opt/kde3/lib64/libkio.so.4 #47 0x00002b65f4fc5adc in QObject::activate_signal () from /usr/lib/qt3/lib64/libqt-mt.so.3 #48 0x00002b65f4fc671f in QObject::activate_signal () from /usr/lib/qt3/lib64/libqt-mt.so.3 #49 0x00002b65f4fe038b in QSocketNotifier::event () from /usr/lib/qt3/lib64/libqt-mt.so.3 #50 0x00002b65f4f6eae5 in QApplication::internalNotify () from /usr/lib/qt3/lib64/libqt-mt.so.3 #51 0x00002b65f4f6f717 in QApplication::notify () from /usr/lib/qt3/lib64/libqt-mt.so.3 #52 0x00002b65f4aae7b8 in KApplication::notify () from /opt/kde3/lib64/libkdecore.so.4 #53 0x00002b65f4f64adc in QEventLoop::activateSocketNotifiers () from /usr/lib/qt3/lib64/libqt-mt.so.3 #54 0x00002b65f4f25490 in QEventLoop::processEvents () from /usr/lib/qt3/lib64/libqt-mt.so.3 #55 0x00002b65f4f837f1 in QEventLoop::enterLoop () from /usr/lib/qt3/lib64/libqt-mt.so.3 #56 0x00002b65f4f8369a in QEventLoop::exec () from /usr/lib/qt3/lib64/libqt-mt.so.3 #57 0x00002b65f86f4d33 in kdemain () from /opt/kde3/lib64/libkdeinit_konqueror.so #58 0x0000000000407431 in launch () #59 0x0000000000407d6c in handle_launcher_request () #60 0x00000000004080f5 in handle_requests () #61 0x000000000040914a in main () Valgrind output: ==31846== ==31846== Invalid read of size 4 ==31846== at 0x406F0D4: QGList::count() const (in /opt/kde3.5/lib/libkdeinit_konqueror.so) ==31846== by 0x724653A: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:409) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== Address 0x7A6ED8C is 220 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) ==31846== ==31846== Invalid read of size 4 ==31846== at 0x7246730: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:429) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== Address 0x7A6ED70 is 192 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) ==31846== ==31846== Invalid write of size 1 ==31846== at 0x7246736: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:423) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== Address 0x7A6ED0C is 92 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) ==31846== ==31846== Invalid write of size 4 ==31846== at 0x724673A: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:424) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== Address 0x7A6ED34 is 132 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) ==31846== ==31846== Invalid write of size 4 ==31846== at 0x7246744: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:424) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== Address 0x7A6ED2C is 124 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) ==31846== ==31846== Invalid read of size 4 ==31846== at 0x406F0D4: QGList::count() const (in /opt/kde3.5/lib/libkdeinit_konqueror.so) ==31846== by 0x724661B: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:429) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== Address 0x7A6ED8C is 220 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) ==31846== ==31846== Invalid read of size 4 ==31846== at 0x724A306: QValueList<khtml::TokenizerString>::isEmpty() const (qvaluelist.h:524) ==31846== by 0x724B064: khtml::TokenizerQueue::pop() (stringit.h:190) ==31846== by 0x7246638: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:430) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== by 0x724652C: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:408) ==31846== by 0x72487F7: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1207) ==31846== by 0x7249374: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1450) ==31846== by 0x7246102: khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) (htmltokenizer.cpp:1761) ==31846== by 0x731DFED: khtml::CachedScript::ref(khtml::CachedObjectClient*) (loader.cpp:348) ==31846== Address 0x7A6ED6C is 188 bytes inside a block of size 1,324 free'd ==31846== at 0x401D422: operator delete(void*) (vg_replace_malloc.c:244) ==31846== by 0x7244999: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1708) ==31846== by 0x721447D: DOM::DocumentImpl::close() (dom_docimpl.cpp:1304) ==31846== by 0x72558EF: DOM::HTMLDocumentImpl::close() (html_documentimpl.cpp:252) ==31846== by 0x71D2B19: KHTMLPart::checkEmitLoadEvent() (khtml_part.cpp:2338) ==31846== by 0x71D4C53: KHTMLPart::slotFinishedParsing() (khtml_part.cpp:2075) ==31846== by 0x71DD5C6: KHTMLPart::qt_invoke(int, QUObject*) (khtml_part.moc:504) ==31846== by 0x4E7A782: QObject::activate_signal(QConnectionList*, QUObject*) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x4E7AD27: QObject::activate_signal(int) (in /opt/qt3.3g2/lib/libqt-mt.so.3.3.6) ==31846== by 0x721094D: DOM::DocumentImpl::finishedParsing() (dom_docimpl.moc:86) ==31846== by 0x7210998: DOM::DocumentImpl::qt_emit(int, QUObject*) (dom_docimpl.moc:97) ==31846== by 0x7254A7A: DOM::HTMLDocumentImpl::qt_emit(int, QUObject*) (html_documentimpl.moc:91) In other words a tokenizer that have been deleted before the last script finished loading. Someone at debian bug tracker reported this happened on 3.5.8: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452133 Not much info apart of the backtrace. I don't see the crash with trunk (r796129). Site appears to work correctly, as far as I can tell without knowing any German It crashes in 3.5.9 with segmentation fault. No crash here in 4.00.83, closing |