Bug 149888

Summary: another seemingly random crash by konqueror (KHTMLPart::checkCompleted)
Product: [Applications] konqueror Reporter: Marijn Schouten <hkBst>
Component: generalAssignee: Konqueror Bugs <konqueror-bugs-null>
Status: RESOLVED WORKSFORME    
Severity: crash CC: Regnaron
Priority: NOR    
Version First Reported In: 3.5   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Marijn Schouten 2007-09-15 12:52:04 UTC 
Version:           3.5.7 (using KDE KDE 3.5.7)
Installed from:    Gentoo Packages
Compiler:          gcc-4.1.2 
OS:                Linux

Konqueror crashed while I was reading in <http://arstechnica.com/articles/culture/the-pseudoscience-behind-homeopathy.ars/1>. 

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47585597240512 (LWP 4780)]
[KCrash handler]
#5  0x00002b4763b6da19 in KHTMLPart::checkCompleted (this=0x6499070)
    at /usr/qt/3/include/qvaluelist.h:562
#6  0x00002b4763b7f3a0 in KHTMLPart::processObjectRequest (this=0x6499070, 
    child=0x6723200, _url=<value optimized out>, mimetype=@0x7fff4cbd3010)
    at khtml_part.cpp:4465
#7  0x00002b4763b7fffb in KHTMLRun::foundMimeType (this=0x67236b0, 
    _type=@0x7fff4cbd3040) at khtml_run.cpp:51
#8  0x00002b475e0294ee in KParts::BrowserRun::slotBrowserMimetype (
    this=0x67236b0, _job=<value optimized out>, type=@0x69dad50)
    at browserrun.cpp:200
#9  0x00002b475e029650 in KParts::BrowserRun::qt_invoke (this=0x67236b0, 
    _id=7, _o=0x7fff4cbd3160) at browserrun.moc:102
#10 0x00002b4763b500c9 in KHTMLRun::qt_invoke (this=0x2b47640d5330, 
    _id=1653284800, _o=0x60000) at khtml_run.moc:77
#11 0x00002b475fad555c in QObject::activate_signal (this=0x6724d00, 
    clist=<value optimized out>, o=0x7fff4cbd3160) at kernel/qobject.cpp:2356
#12 0x00002b475e2d42c1 in KIO::TransferJob::mimetype (
    this=<value optimized out>, t0=<value optimized out>, t1=@0x6724f10)
    at jobclasses.moc:1050
#13 0x00002b475e30d0ac in KIO::TransferJob::qt_invoke (this=0x6724d00, 
    _id=20, _o=0x7fff4cbd3280) at jobclasses.moc:1074
#14 0x00002b475fad555c in QObject::activate_signal (this=0x66444e0, 
    clist=<value optimized out>, o=0x7fff4cbd3280) at kernel/qobject.cpp:2356
#15 0x00002b475fad5e2e in QObject::activate_signal (this=0x66444e0, 
    signal=<value optimized out>, param=<value optimized out>)
    at kernel/qobject.cpp:2451
#16 0x00002b475e2e1f18 in KIO::SlaveInterface::mimeType (this=0x66444e0, 
    t0=<value optimized out>) at slaveinterface.moc:370
#17 0x00002b475e32c1ba in KIO::SlaveInterface::dispatch (this=0x66444e0, 
    _cmd=21, rawdata=@0x7fff4cbd35c0) at slaveinterface.cpp:338
#18 0x00002b475e323c9d in KIO::SlaveInterface::dispatch (this=0x66444e0)
    at slaveinterface.cpp:173
#19 0x00002b475e2e33ea in KIO::Slave::gotInput (this=0x2b47640d5330)
    at slave.cpp:300
#20 0x00002b475e325218 in KIO::Slave::qt_invoke (this=0x66444e0, _id=4, 
    _o=0x7fff4cbd3700) at slave.moc:113
#21 0x00002b475fad555c in QObject::activate_signal (this=0x5e54300, 
    clist=<value optimized out>, o=0x7fff4cbd3700) at kernel/qobject.cpp:2356
#22 0x00002b475fad6135 in QObject::activate_signal (this=0x5e54300, 
    signal=<value optimized out>, param=<value optimized out>)
    at kernel/qobject.cpp:2449
#23 0x00002b475faefc6b in QSocketNotifier::event (this=0x5e54300, 
    e=0x7fff4cbd3a00) at kernel/qsocketnotifier.cpp:258
#24 0x00002b475fa7efd5 in QApplication::internalNotify (
    this=<value optimized out>, receiver=0x5e54300, e=0x7fff4cbd3a00)
    at kernel/qapplication.cpp:2635
#25 0x00002b475fa7fbd7 in QApplication::notify (this=0x7fff4cbd3d10, 
    receiver=0x5e54300, e=0x7fff4cbd3a00) at kernel/qapplication.cpp:2358
#26 0x00002b475eed350e in KApplication::notify (this=0x7fff4cbd3d10, 
    receiver=0x5e54300, event=0x7fff4cbd3a00) at kapplication.cpp:550
#27 0x00002b475fa751bb in QEventLoop::activateSocketNotifiers (this=0x5c5e20)
    at kernel/qapplication.h:496
#28 0x00002b475fa35ef3 in QEventLoop::processEvents (this=0x5c5e20, 
    flags=<value optimized out>) at kernel/qeventloop_x11.cpp:383
#29 0x00002b475fa93712 in QEventLoop::enterLoop (this=0x2b47640d5330)
    at kernel/qeventloop.cpp:198
#30 0x00002b475fa935c2 in QEventLoop::exec (this=0x2b47640d5330)
    at kernel/qeventloop.cpp:145
#31 0x00002b4762e7c88e in kdemain ()
   from /usr/kde/3.5/lib64/libkdeinit_konqueror.so
#32 0x0000000000407786 in launch (argc=3, _name=0x55d898 "konqueror", 
    args=0x55d8e2 "", cwd=0x0, envc=0, envs=0x55d8eb "", reset_env=false, 
    tty=0x0, avoid_loops=false, startup_id_str=0x409f2a "0") at kinit.cpp:673
#33 0x00000000004080d2 in handle_launcher_request (sock=9) at kinit.cpp:1240
#34 0x00000000004084d2 in handle_requests (waitForPid=0) at kinit.cpp:1443
#35 0x00000000004094d3 in main (argc=5, argv=0x7fff4cbd4fd8, 
    envp=0x7fff4cbd5008) at kinit.cpp:1909
#36 0x00002b47627c5584 in __libc_start_main (main=0x408d10 <main>, argc=5, 
    ubp_av=0x7fff4cbd4fd8, init=<value optimized out>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff4cbd4fc8) at libc-start.c:229
#37 0x0000000000404dc9 in _start ()
Current language:  auto; currently c
Comment 1 Marijn Schouten 2007-09-15 12:54:10 UTC 
I could not reproduce.
Comment 2 Oliver Putz 2008-01-28 02:45:01 UTC 
I can reproduce a crash with the given link in a current KDE4 SVN build. (kdelibs r766524, kdebase r766781). However, I get a completely different backtrace. (Maybe a different bug?)
Below you can find a GDB backtrace and a Valgrind log for this crash.

GDB:
Starting program: /usr/kde/svn/bin/konqueror 
[Thread debugging using libthread_db enabled]
[New Thread 0xb637ea10 (LWP 5470)]
[New Thread 0xb2c43b90 (LWP 5485)]
[New Thread 0xb2442b90 (LWP 5486)]
[New Thread 0xb1c41b90 (LWP 5487)]
[Thread 0xb1c41b90 (LWP 5487) exited]
[Thread 0xb2442b90 (LWP 5486) exited]
[Thread 0xb2c43b90 (LWP 5485) exited]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb637ea10 (LWP 5470)]
QString (this=0xbfe0fb2c, other=@0x14) at /usr/include/qt4/QtCore/qstring.h:662
662	inline QString::QString(const QString &other) : d(other.d)
#0  QString (this=0xbfe0fb2c, other=@0x14) at /usr/include/qt4/QtCore/qstring.h:662
#1  0xb4a395fc in KJSDebugger::DebugDocument::name (this=0x0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/ecma/debugger/debugdocument.cpp:60
#2  0xb4a2ff24 in KJSDebugger::DebugWindow::enterContext (this=0x829ad68, exec=0xbfe0fbb8, sourceId=3, lineno=1, 
    function=0xb143f300, args=@0xbfe0fc80)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/ecma/debugger/debugwindow.cpp:673
#3  0xb4c7e378 in KJS::FunctionImp::callAsFunction (this=0xb143f300, exec=0xbfe0fe40, thisObj=0xb2d00040, args=@0xbfe0fc80)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/function.cpp:154
#4  0xb4c858bb in KJS::JSObject::call (this=0xb143f300, exec=0xbfe0fe40, thisObj=0xb2d00040, args=@0xbfe0fc80)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/object.cpp:99
#5  0xb4c42090 in KJS::FunctionCallReferenceNode::evaluate (this=0x8791ad0, exec=0xbfe0fe40)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:1038
#6  0xb4c42cc7 in KJS::FunctionCallDotNode::evaluate (this=0x8791b90, exec=0xbfe0fe40)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:1117
#7  0xb4c3f7aa in KJS::ExprStatementNode::execute (this=0x8791bb0, exec=0xbfe0fe40)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:2168
#8  0xb4c3ed9e in KJS::SourceElementsNode::execute (this=0x88223a0, exec=0xbfe0fe40)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:2979
#9  0xb4c3b6cb in KJS::BlockNode::execute (this=0x8791be8, exec=0xbfe0fe40)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/nodes.cpp:2145
#10 0xb4c8ac2a in KJS::Interpreter::evaluate (this=0x83f99b0, sourceURL=@0xbfe0ff40, startingLineNumber=1, code=0x89a76b8, 
    codeLength=11694, thisV=0xb2d00040)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/interpreter.cpp:501
#11 0xb4c8acee in KJS::Interpreter::evaluate (this=0x83f99b0, sourceURL=@0xbfe0ff40, startingLineNumber=1, 
    code=@0xbfe0ff3c, thisV=0xb2d00040)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kjs/interpreter.cpp:442
#12 0xb4a014b6 in KJS::KJSProxyImpl::evaluate (this=0x8227c88, filename=@0xbfe0ffd0, baseLine=1, str=@0xbfe10118, 
    n=@0xbfe1003c, completion=0xbfe0ffc0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/ecma/kjs_proxy.cpp:157
#13 0xb480fb72 in KHTMLPart::executeScript (this=0x81e3150, filename=@0xbfe10044, baseLine=1, n=@0xbfe1003c, 
    script=@0xbfe10118) at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/khtml_part.cpp:1181
#14 0xb48924f2 in khtml::HTMLTokenizer::scriptExecution (this=0x825b3c0, str=@0xbfe10118, scriptURL=@0xbfe10110, baseLine=0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:450
#15 0xb48926c1 in khtml::HTMLTokenizer::notifyFinished (this=0x825b3c0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/html/htmltokenizer.cpp:1755
#16 0xb499cb74 in khtml::CachedScript::checkNotify (this=0x8709328)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/misc/loader.cpp:374
#17 0xb49a2529 in khtml::CachedScript::data (this=0x8709328, buffer=@0x81e6544, eof=true)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/misc/loader.cpp:366
#18 0xb499f699 in khtml::Loader::slotFinished (this=0x821fe10, job=0x873fa38)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/khtml/misc/loader.cpp:1299
#19 0xb499f981 in khtml::Loader::qt_metacall (this=0x821fe10, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfe1075c)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/khtml/loader.moc:126
#20 0xb72921f4 in QMetaObject::activate (sender=0x873fa38, from_signal_index=7, to_signal_index=7, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#21 0xb7292d94 in QMetaObject::activate (sender=0x873fa38, m=0xb7b933a8, local_signal_index=3, argv=0xbfe1075c)
    at kernel/qobject.cpp:3140
#22 0xb7a91e34 in KJob::result (this=0x873fa38, _t1=0x873fa38)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kdecore/kjob.moc:185
#23 0xb7a92372 in KJob::emitResult (this=0x873fa38)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdecore/jobs/kjob.cpp:290
#24 0xb7c4a5b8 in KIO::SimpleJob::slotFinished (this=0x873fa38)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/job.cpp:491
#25 0xb7c4a96a in KIO::TransferJob::slotFinished (this=0x873fa38)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/job.cpp:961
#26 0xb7c51503 in KIO::TransferJob::qt_metacall (this=0x873fa38, _c=QMetaObject::InvokeMetaMethod, _id=47, _a=0xbfe10de4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/jobclasses.moc:335
#27 0xb72921f4 in QMetaObject::activate (sender=0x823b8e8, from_signal_index=8, to_signal_index=8, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#28 0xb7292d94 in QMetaObject::activate (sender=0x823b8e8, m=0xb7dbb024, local_signal_index=4, argv=0x0)
    at kernel/qobject.cpp:3140
#29 0xb7cf27e6 in KIO::SlaveInterface::finished (this=0x823b8e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/slaveinterface.moc:160
#30 0xb7cf43aa in KIO::SlaveInterface::dispatch (this=0x823b8e8, _cmd=104, rawdata=@0xbfe10fc4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/slaveinterface.cpp:176
#31 0xb7cf5006 in KIO::SlaveInterface::dispatch (this=0x823b8e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/slaveinterface.cpp:90
#32 0xb7ce7677 in KIO::Slave::gotInput (this=0x823b8e8)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/slave.cpp:319
#33 0xb7ce8bcd in KIO::Slave::qt_metacall (this=0x823b8e8, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfe114e4)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/slave.moc:74
#34 0xb72921f4 in QMetaObject::activate (sender=0x83877f0, from_signal_index=4, to_signal_index=4, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#35 0xb7292d94 in QMetaObject::activate (sender=0x83877f0, m=0xb7db7f20, local_signal_index=0, argv=0x0)
    at kernel/qobject.cpp:3140
#36 0xb7c229a3 in KIO::Connection::readyRead (this=0x83877f0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/connection.moc:83
#37 0xb7c23826 in KIO::ConnectionPrivate::dequeue (this=0x8350190)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kio/kio/connection.cpp:82
#38 0xb7c245d5 in KIO::Connection::qt_metacall (this=0x83877f0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x8873db0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs_build/kio/connection.moc:71
#39 0xb728d2f9 in QMetaCallEvent::placeMetaCall (this=0x86e15b0, object=0x83877f0) at kernel/qobject.cpp:536
#40 0xb7290017 in QObject::event (this=0x83877f0, e=0xc) at kernel/qobject.cpp:1122
#41 0xb691fe8a in QApplicationPrivate::notify_helper (this=0x80587d0, receiver=0x83877f0, e=0x86e15b0)
    at kernel/qapplication.cpp:3556
#42 0xb692177a in QApplication::notify (this=0xbfe11ef8, receiver=0x83877f0, e=0x86e15b0) at kernel/qapplication.cpp:3115
#43 0xb785dcb3 in KApplication::notify (this=0xbfe11ef8, receiver=0x83877f0, event=0x86e15b0)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/kernel/kapplication.cpp:314
#44 0xb727ed7b in QCoreApplication::notifyInternal (this=0xbfe11ef8, receiver=0x83877f0, event=0x86e15b0)
    at kernel/qcoreapplication.cpp:530
#45 0xb728021a in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x804ce50)
    at kernel/qcoreapplication.h:200
#46 0xb72a8905 in QEventDispatcherUNIX::processEvents (this=0x8057f50, flags=@0xbfe11bd8)
    at kernel/qeventdispatcher_unix.cpp:858
#47 0xb69a9cce in QEventDispatcherX11::processEvents (this=0x8057f50, flags=@0xbfe11c04)
    at kernel/qeventdispatcher_x11.cpp:145
#48 0xb727e191 in QEventLoop::processEvents (this=0xbfe11c70, flags=@0xbfe11c38) at kernel/qeventloop.cpp:140
#49 0xb727e29a in QEventLoop::exec (this=0xbfe11c70, flags=@0xbfe11c78) at kernel/qeventloop.cpp:186
#50 0xb7280626 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:759
#51 0xb691f487 in QApplication::exec () at kernel/qapplication.cpp:3053
#52 0xb7f00717 in kdemain (argc=1, argv=0xbfe12274)
    at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase-9999.4/apps/konqueror/src/konqmain.cpp:218
#53 0x080487e2 in main (argc=Cannot access memory at address 0xc
) at /var/tmp/portage/kde-base/kdebase-9999.4/work/kdebase_build/apps/konqueror/src/konqueror_dummy.cpp:3
#54 0xb658cfdc in __libc_start_main (main=0x80487c0 <main>, argc=1, ubp_av=0xbfe12274, init=0x8048810 <__libc_csu_init>, 
    fini=0x8048800 <__libc_csu_fini>, rtld_fini=0xb7f25100 <_dl_fini>, stack_end=0xbfe1226c) at libc-start.c:229
#55 0x08048731 in _start ()


Valgrind:
==5501== Source and destination overlap in mempcpy(0x7884680, 0x7884680, 21)
==5501==    at 0x4021E3A: (within /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5501==    by 0x4022781: mempcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5501==    by 0x58F61D2: _IO_default_xsputn (genops.c:463)
==5501==    by 0x58D121E: vfprintf (vfprintf.c:1568)
==5501==    by 0x58EACBA: vsprintf (iovsprintf.c:43)
==5501==    by 0x58D6ADD: sprintf (sprintf.c:34)
==5501==    by 0x4981942: parse_fontdata (omGeneric.c:618)
==5501==    by 0x4981AE2: parse_vw (omGeneric.c:1095)
==5501==    by 0x4982301: create_oc (omGeneric.c:1233)
==5501==    by 0x4941C0A: XCreateOC (OCWrap.c:53)
==5501==    by 0x49380A9: XCreateFontSet (FSWrap.c:185)
==5501==    by 0x552A69D: getFontSet(QFont const&) (qximinputcontext_x11.cpp:319)
--5501-- Reading syms from /usr/kde/svn/lib/kde4/libkshorturifilter.so (0xB9B8000)
--5501-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/libkshorturifilter.so.debug...
--5501-- Reading syms from /usr/kde/svn/lib/kde4/libkurisearchfilter.so (0xB9C5000)
--5501-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/libkurisearchfilter.so.debug...
--5501-- Reading syms from /usr/kde/svn/lib/kde4/liblocaldomainurifilter.so (0xB9E2000)
--5501-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/liblocaldomainurifilter.so.debug...
--5501-- Reading syms from /usr/kde/svn/lib/kde4/libkuriikwsfilter.so (0xB9E9000)
--5501-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/libkuriikwsfilter.so.debug...
--5501-- Reading syms from /usr/kde/svn/lib/kde4/libfixhosturifilter.so (0xB9F9000)
--5501-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/libfixhosturifilter.so.debug...
--5501-- Reading syms from /lib/libnss_dns-2.6.1.so (0xD226000)
--5501-- Reading debug info from /usr/lib/debug/lib/libnss_dns-2.6.1.so.debug...
--5501-- Reading syms from /usr/kde/svn/lib/kde4/libkhtmlpart.so (0xA870000)
--5501-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/libkhtmlpart.so.debug...
==5501== 
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x4B7925C: (within /lib/libz.so.1.2.3)
==5501== 
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x4B79212: (within /lib/libz.so.1.2.3)
--5501-- memcheck GC: 262144 nodes, 243080 survivors ( 92.7%)
--5501-- memcheck GC: increase table size to 524288
==5501== 
==5501== Invalid read of size 4
==5501==    at 0x8E67E2D: QString::QString(QString const&) (qstring.h:662)
==5501==    by 0x90B55FB: KJSDebugger::DebugDocument::name() const (debugdocument.cpp:60)
==5501==    by 0x90ABF23: KJSDebugger::DebugWindow::enterContext(KJS::ExecState*, int, int, KJS::JSObject*, KJS::List const&) (debugwindow.cpp:673)
==5501==    by 0x8CF4377: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:154)
==5501==    by 0x8CFB8BA: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==5501==    by 0x8CB808F: KJS::FunctionCallReferenceNode::evaluate(KJS::ExecState*) (nodes.cpp:1038)
==5501==    by 0x8CB8CC6: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) (nodes.cpp:1117)
==5501==    by 0x8CB57A9: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:2168)
==5501==    by 0x8CB4D9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:2979)
==5501==    by 0x8CB16CA: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:2145)
==5501==    by 0x8D00C29: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:501)
==5501==    by 0x8D00CED: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:442)
==5501==  Address 0x14 is not stack'd, malloc'd or (recently) free'd
--5501-- REDIR: 0x58FE840 (strncat) redirected to 0x4021FAC (strncat)
==5501== Warning: invalid file descriptor -1 in syscall write()
==5501==    at 0x4DCBFAB: (within /lib/libpthread-2.6.1.so)
==5501==    by 0x4785DDE: KCrash::startDrKonqi(char const**, int) (kcrash.cpp:349)
==5501==    by 0x478645A: KCrash::defaultCrashHandler(int) (kcrash.cpp:287)
==5501==    by 0x58BB287: (within /lib/libc-2.6.1.so)
==5501==    by 0x90B55FB: KJSDebugger::DebugDocument::name() const (debugdocument.cpp:60)
==5501==    by 0x90ABF23: KJSDebugger::DebugWindow::enterContext(KJS::ExecState*, int, int, KJS::JSObject*, KJS::List const&) (debugwindow.cpp:673)
==5501==    by 0x8CF4377: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:154)
==5501==    by 0x8CFB8BA: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==5501==    by 0x8CB808F: KJS::FunctionCallReferenceNode::evaluate(KJS::ExecState*) (nodes.cpp:1038)
==5501==    by 0x8CB8CC6: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) (nodes.cpp:1117)
==5501==    by 0x8CB57A9: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:2168)
==5501==    by 0x8CB4D9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:2979)
==5501== Warning: invalid file descriptor -1 in syscall write()
==5501==    at 0x4DCBFAB: (within /lib/libpthread-2.6.1.so)
==5501==    by 0x4785DF1: KCrash::startDrKonqi(char const**, int) (kcrash.cpp:350)
==5501==    by 0x478645A: KCrash::defaultCrashHandler(int) (kcrash.cpp:287)
==5501==    by 0x58BB287: (within /lib/libc-2.6.1.so)
==5501==    by 0x90B55FB: KJSDebugger::DebugDocument::name() const (debugdocument.cpp:60)
==5501==    by 0x90ABF23: KJSDebugger::DebugWindow::enterContext(KJS::ExecState*, int, int, KJS::JSObject*, KJS::List const&) (debugwindow.cpp:673)
==5501==    by 0x8CF4377: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:154)
==5501==    by 0x8CFB8BA: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==5501==    by 0x8CB808F: KJS::FunctionCallReferenceNode::evaluate(KJS::ExecState*) (nodes.cpp:1038)
==5501==    by 0x8CB8CC6: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) (nodes.cpp:1117)
==5501==    by 0x8CB57A9: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:2168)
==5501==    by 0x8CB4D9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:2979)
==5501== Warning: invalid file descriptor -1 in syscall read()
==5501==    at 0x4DCC02B: (within /lib/libpthread-2.6.1.so)
==5501==    by 0x4785E03: KCrash::startDrKonqi(char const**, int) (kcrash.cpp:351)
==5501==    by 0x478645A: KCrash::defaultCrashHandler(int) (kcrash.cpp:287)
==5501==    by 0x58BB287: (within /lib/libc-2.6.1.so)
==5501==    by 0x90B55FB: KJSDebugger::DebugDocument::name() const (debugdocument.cpp:60)
==5501==    by 0x90ABF23: KJSDebugger::DebugWindow::enterContext(KJS::ExecState*, int, int, KJS::JSObject*, KJS::List const&) (debugwindow.cpp:673)
==5501==    by 0x8CF4377: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:154)
==5501==    by 0x8CFB8BA: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==5501==    by 0x8CB808F: KJS::FunctionCallReferenceNode::evaluate(KJS::ExecState*) (nodes.cpp:1038)
==5501==    by 0x8CB8CC6: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) (nodes.cpp:1117)
==5501==    by 0x8CB57A9: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:2168)
==5501==    by 0x8CB4D9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:2979)
--5501-- Discarding syms at 0x48DE000-0x48E2000 in /usr/lib/gconv/UTF-16.so due to munmap()
--5501-- Discarding syms at 0x8C28000-0x8C30000 in /lib/libnss_compat-2.6.1.so due to munmap()
--5501-- Discarding syms at 0x8C47000-0x8C51000 in /lib/libnss_nis-2.6.1.so due to munmap()
--5501-- Discarding syms at 0x8C51000-0x8C5B000 in /lib/libnss_files-2.6.1.so due to munmap()
--5501-- Discarding syms at 0xD226000-0xD22C000 in /lib/libnss_dns-2.6.1.so due to munmap()
==5501== 
==5501== ERROR SUMMARY: 148 errors from 11 contexts (suppressed: 22 from 3)
==5501== 
==5501== 1 errors in context 1 of 11:
==5501== Invalid read of size 4
==5501==    at 0x8E67E2D: QString::QString(QString const&) (qstring.h:662)
==5501==    by 0x90B55FB: KJSDebugger::DebugDocument::name() const (debugdocument.cpp:60)
==5501==    by 0x90ABF23: KJSDebugger::DebugWindow::enterContext(KJS::ExecState*, int, int, KJS::JSObject*, KJS::List const&) (debugwindow.cpp:673)
==5501==    by 0x8CF4377: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:154)
==5501==    by 0x8CFB8BA: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==5501==    by 0x8CB808F: KJS::FunctionCallReferenceNode::evaluate(KJS::ExecState*) (nodes.cpp:1038)
==5501==    by 0x8CB8CC6: KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) (nodes.cpp:1117)
==5501==    by 0x8CB57A9: KJS::ExprStatementNode::execute(KJS::ExecState*) (nodes.cpp:2168)
==5501==    by 0x8CB4D9D: KJS::SourceElementsNode::execute(KJS::ExecState*) (nodes.cpp:2979)
==5501==    by 0x8CB16CA: KJS::BlockNode::execute(KJS::ExecState*) (nodes.cpp:2145)
==5501==    by 0x8D00C29: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:501)
==5501==    by 0x8D00CED: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:442)
==5501==  Address 0x14 is not stack'd, malloc'd or (recently) free'd
==5501== 
==5501== 1 errors in context 2 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x4B7925C: (within /lib/libz.so.1.2.3)
==5501== 
==5501== 1 errors in context 3 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==5501==    by 0x4004169: dl_main (rtld.c:2284)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 1 errors in context 4 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==5501==    by 0x4004169: dl_main (rtld.c:2284)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 1 errors in context 5 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==5501==    by 0x4004169: dl_main (rtld.c:2284)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 1 errors in context 6 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==5501==    by 0x400454C: dl_main (rtld.c:2214)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 1 errors in context 7 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400B053: _dl_relocate_object (do-rel.h:104)
==5501==    by 0x400454C: dl_main (rtld.c:2214)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 1 errors in context 8 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==5501==    by 0x400454C: dl_main (rtld.c:2214)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 1 errors in context 9 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==5501==    by 0x400454C: dl_main (rtld.c:2214)
==5501==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==5501==    by 0x400124E: _dl_start (rtld.c:327)
==5501==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==5501== 
==5501== 11 errors in context 10 of 11:
==5501== Source and destination overlap in mempcpy(0x7884680, 0x7884680, 21)
==5501==    at 0x4021E3A: (within /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5501==    by 0x4022781: mempcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==5501==    by 0x58F61D2: _IO_default_xsputn (genops.c:463)
==5501==    by 0x58D121E: vfprintf (vfprintf.c:1568)
==5501==    by 0x58EACBA: vsprintf (iovsprintf.c:43)
==5501==    by 0x58D6ADD: sprintf (sprintf.c:34)
==5501==    by 0x4981942: parse_fontdata (omGeneric.c:618)
==5501==    by 0x4981AE2: parse_vw (omGeneric.c:1095)
==5501==    by 0x4982301: create_oc (omGeneric.c:1233)
==5501==    by 0x4941C0A: XCreateOC (OCWrap.c:53)
==5501==    by 0x49380A9: XCreateFontSet (FSWrap.c:185)
==5501==    by 0x552A69D: getFontSet(QFont const&) (qximinputcontext_x11.cpp:319)
==5501== 
==5501== 128 errors in context 11 of 11:
==5501== Conditional jump or move depends on uninitialised value(s)
==5501==    at 0x4B79212: (within /lib/libz.so.1.2.3)
--5501-- 
--5501-- supp:    1 X11-64bit-padding-2a
--5501-- supp:    5 X11-64bit-padding-1d
--5501-- supp:   16 X11-64bit-padding-1c
==5501== 
==5501== IN SUMMARY: 148 errors from 11 contexts (suppressed: 22 from 3)
==5501== 
==5501== malloc/free: in use at exit: 14,420,138 bytes in 98,319 blocks.
==5501== malloc/free: 1,146,666 allocs, 1,048,347 frees, 205,213,249 bytes allocated.
==5501== 
==5501== searching for pointers to 98,319 not-freed blocks.
==5501== checked 53,747,480 bytes.
==5501== 
==5501== LEAK SUMMARY:
==5501==    definitely lost: 12,848 bytes in 487 blocks.
==5501==      possibly lost: 184,936 bytes in 4,017 blocks.
==5501==    still reachable: 14,222,354 bytes in 93,815 blocks.
==5501==         suppressed: 0 bytes in 0 blocks.
==5501== Rerun with --leak-check=full to see details of leaked memory.
Comment 3 A. Spehr 2008-05-07 07:31:20 UTC 
Cannot reproduce.

I'm using 4.0 branch r802754 (4.0.3++)