Bug 160421

Summary: crash trying to view bibus.svg
Product: [Unmaintained] ksvg Reporter: Elmar Stellnberger (AT/K) <estellnb>
Component: generalAssignee: Nikolas Zimmermann <wildfox>
Status: RESOLVED FIXED    
Severity: crash CC: andresbajotierra, esigra, Regnaron, smartins
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: bibus.svg
new backtrace
Patch

Description Elmar Stellnberger (AT/K) 2008-04-05 18:50:54 UTC 
Version:           3.5.9 (using 3.5.9 "release 53.4" , openSUSE )
Compiler:          Target: i586-suse-linux
OS:                Linux (i686) release 2.6.16.54-0.2.3-default

crash trying to view bibus.svg (unpacked nd installed bibus_1.4.2-1.tar.gz).
Comment 1 Elmar Stellnberger (AT/K) 2008-04-05 18:51:34 UTC 
Created attachment 24205 [details]
bibus.svg
Comment 2 Oliver Putz 2008-08-09 21:54:30 UTC 
Confirming with the following backtrace on KDE-3.5.9:

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 0x7f4450f0a700 (LWP 4345)]
[KCrash handler]
#5  0x00007f4449b7c235 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00007f4449b7d753 in *__GI_abort () at abort.c:88
#7  0x00007f444a400d04 in __gnu_cxx::__verbose_terminate_handler ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.1/libstdc++.so.6
#8  0x00007f444a3ff116 in ?? ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.1/libstdc++.so.6
#9  0x00007f444a3ff143 in std::terminate ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.1/libstdc++.so.6
#10 0x00007f444a3ff22a in __cxa_throw ()
   from /usr/lib/gcc/x86_64-pc-linux-gnu/4.3.1/libstdc++.so.6
#11 0x00007f4447fbbd2f in DOM::Document::createElementNS (
    this=<value optimized out>, namespaceURI=<value optimized out>, 
    qualifiedName=<value optimized out>) at dom_doc.cpp:248
#12 0x00007f4445a7f32d in KSVG::InputHandler::startElement (this=0xcca510, 
    namespaceURI=@0x7fff58f39330, qName=@0xd9a660, attrs=@0xc9c1a0)
    at KSVGReader.cc:281
#13 0x00007f444e24d2b9 in QXmlSimpleReader::parseElement (this=0xad5930)
    at xml/qxml.cpp:3454
#14 0x00007f444e24ca2b in QXmlSimpleReader::parseContent (this=0xad5930)
    at xml/qxml.cpp:3940
#15 0x00007f444e24d533 in QXmlSimpleReader::parseElement (this=0xad5930)
    at xml/qxml.cpp:3468
#16 0x00007f444e24ca2b in QXmlSimpleReader::parseContent (this=0xad5930)
    at xml/qxml.cpp:3940
#17 0x00007f444e24d533 in QXmlSimpleReader::parseElement (this=0xad5930)
    at xml/qxml.cpp:3468
#18 0x00007f444e24ca2b in QXmlSimpleReader::parseContent (this=0xad5930)
    at xml/qxml.cpp:3940
#19 0x00007f444e24d533 in QXmlSimpleReader::parseElement (this=0xad5930)
    at xml/qxml.cpp:3468
#20 0x00007f444e24ca2b in QXmlSimpleReader::parseContent (this=0xad5930)
    at xml/qxml.cpp:3940
#21 0x00007f444e24d533 in QXmlSimpleReader::parseElement (this=0xad5930)
    at xml/qxml.cpp:3468
#22 0x00007f444e252259 in QXmlSimpleReader::parseBeginOrContinue (
    this=0xad5930, state=1, incremental=false) at xml/qxml.cpp:3014
#23 0x00007f444e252819 in QXmlSimpleReader::parse (this=0xad5930, 
    input=0xd2a570, incremental=false) at xml/qxml.cpp:2956
#24 0x00007f444e23d6a9 in QXmlSimpleReader::parse (this=0xad5930, 
    input=0xd2a570) at xml/qxml.cpp:2911
#25 0x00007f4445987dc1 in KSVG::SVGDocumentImpl::slotSVGContent (
    this=0xb021a0, dev=0xffb060) at SVGDocumentImpl.cc:267
#26 0x00007f444598ac6b in KSVG::SVGDocumentImpl::qt_invoke (this=0xb021a0, 
    _id=4, _o=0x7fff58f3a990) at SVGDocumentImpl.moc:177
#27 0x00007f444df6e888 in QObject::activate_signal (this=0xce1850, 
    clist=0xa45250, o=0x7fff58f3a990) at kernel/qobject.cpp:2356
#28 0x00007f4445a75707 in KSVG::KSVGLoader::gotResult (this=0xce1850, 
    t0=0xffb060) at KSVGLoader.moc:113
#29 0x00007f4445a75af7 in KSVG::KSVGLoader::slotResult (this=0xce1850, 
    job=<value optimized out>) at KSVGLoader.cpp:138
#30 0x00007f4445a75cc3 in KSVG::KSVGLoader::qt_invoke (this=0xce1850, _id=3, 
    _o=0x7fff58f3ac40) at KSVGLoader.moc:133
#31 0x00007f444df6e888 in QObject::activate_signal (this=0xa0c780, 
    clist=0xa455f0, o=0x7fff58f3ac40) at kernel/qobject.cpp:2356
#32 0x00007f4450686664 in KIO::Job::result (this=0xa0c780, t0=0xa0c780)
    at jobclasses.moc:162
#33 0x00007f445068c0ab in KIO::Job::emitResult (this=0xa0c780) at job.cpp:235
#34 0x00007f445068c4ec in KIO::SimpleJob::slotFinished (this=0xa0c780)
    at job.cpp:601
#35 0x00007f445068ca23 in KIO::TransferJob::slotFinished (this=0xa0c780)
    at job.cpp:971
#36 0x00007f445068adac in KIO::TransferJob::qt_invoke (this=0xa0c780, _id=17, 
    _o=0x7fff58f3b1d0) at jobclasses.moc:1071
#37 0x00007f444df6e888 in QObject::activate_signal (this=0xa848b0, 
    clist=0xad1840, o=0x7fff58f3b1d0) at kernel/qobject.cpp:2356
#38 0x00007f444df6f8a2 in QObject::activate_signal (this=0xa848b0, signal=6)
    at kernel/qobject.cpp:2325
#39 0x00007f4450678aa8 in KIO::SlaveInterface::dispatch (this=0xa848b0, 
    _cmd=104, rawdata=@0x7fff58f3b510) at slaveinterface.cpp:243
#40 0x00007f4450678ddf in KIO::SlaveInterface::dispatch (this=0xa848b0)
    at slaveinterface.cpp:173
#41 0x00007f445067459d in KIO::Slave::gotInput (this=0xa848b0)
    at slave.cpp:300
#42 0x00007f44506761c8 in KIO::Slave::qt_invoke (this=0xa848b0, _id=4, 
    _o=0x7fff58f3b6e0) at slave.moc:113
#43 0x00007f444df6e888 in QObject::activate_signal (this=0xa84840, 
    clist=0xa84b70, o=0x7fff58f3b6e0) at kernel/qobject.cpp:2356
#44 0x00007f444df6f5f0 in QObject::activate_signal (this=0xa84840, signal=2, 
    param=14) at kernel/qobject.cpp:2449
#45 0x00007f444e3a3138 in QSocketNotifier::activated (this=0xa84840, t0=14)
    at .moc/debug-shared-mt/moc_qsocketnotifier.cpp:85
#46 0x00007f444df96a08 in QSocketNotifier::event (this=0xa84840, 
    e=0x7fff58f3bbf0) at kernel/qsocketnotifier.cpp:258
#47 0x00007f444def397f in QApplication::internalNotify (this=0x7fff58f3c050, 
    receiver=0xa84840, e=0x7fff58f3bbf0) at kernel/qapplication.cpp:2635
#48 0x00007f444def5aca in QApplication::notify (this=0x7fff58f3c050, 
    receiver=0xa84840, e=0x7fff58f3bbf0) at kernel/qapplication.cpp:2358
#49 0x00007f444f69d76c in KApplication::notify (this=0x7fff58f3c050, 
    receiver=0xa84840, event=0x7fff58f3bbf0) at kapplication.cpp:550
#50 0x00007f444dee3c44 in QEventLoop::activateSocketNotifiers (this=0x685c30)
    at kernel/qeventloop_unix.cpp:578
#51 0x00007f444de8c4ca in QEventLoop::processEvents (this=0x685c30, flags=4)
    at kernel/qeventloop_x11.cpp:383
#52 0x00007f444df135e5 in QEventLoop::enterLoop (this=0x685c30)
    at kernel/qeventloop.cpp:198
#53 0x00007f444df133eb in QEventLoop::exec (this=0x685c30)
    at kernel/qeventloop.cpp:145
#54 0x00007f444def57c4 in QApplication::exec (this=0x7fff58f3c050)
    at kernel/qapplication.cpp:2758
#55 0x00007f44493ed557 in kdemain (argc=<value optimized out>, 
    argv=<value optimized out>) at konq_main.cc:206
#56 0x0000000000409524 in launch (argc=1, _name=0x64a3f8 "konqueror", 
    args=0x64a402 "\001", cwd=0x0, envc=1, envs=0x64a416 "", reset_env=false, 
    tty=0x0, avoid_loops=false, 
    startup_id_str=0x64a41f "localhost;1218311530;305134;18395_TIME2835785432") at kinit.cpp:673
#57 0x0000000000409db3 in handle_launcher_request (sock=9) at kinit.cpp:1240
#58 0x000000000040a512 in handle_requests (waitForPid=0) at kinit.cpp:1443
#59 0x000000000040ad17 in main (argc=5, argv=<value optimized out>, 
    envp=0x7fff58f3d238) at kinit.cpp:1908
#60 0x00007f4449b68486 in __libc_start_main (main=0x40a650 <main>, argc=5, 
    ubp_av=0x7fff58f3d208, init=0x40c0c0 <__libc_csu_init>, 
    fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff58f3d1f8) at libc-start.c:226
#61 0x0000000000406a69 in _start ()
Current language:  auto; currently c
Comment 3 Oliver Putz 2008-08-09 21:55:50 UTC 
Also confirming on KDE-4.1 with the following backtrace:

Application: Konqueror (konqueror), signal SIGABRT
[Thread debugging using libthread_db enabled]
[New Thread 0xb6239700 (LWP 14390)]
[KCrash handler]
#6  0xffffe424 in __kernel_vsyscall ()
#7  0xb64ecb91 in *__GI_raise (sig=6)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0xb64ee378 in *__GI_abort () at abort.c:88
#9  0xb741b097 in qt_message_output (msgType=QtFatalMsg, 
    buf=0xbfbbcc6c "ASSERT: \"!this->isEmpty()\" in file /usr/include/qt4/QtCore/qstack.h, line 69") at global/qglobal.cpp:2058
#10 0xb741b14f in qFatal (msg=0xb756eab4 "ASSERT: \"%s\" in file %s, line %d")
    at global/qglobal.cpp:2260
#11 0xb741b5cb in qt_assert (assertion=0xb4afbb61 "!this->isEmpty()", 
    file=0xb4afba00 "/usr/include/qt4/QtCore/qstack.h", line=69)
    at global/qglobal.cpp:1828
#12 0xb48e4ad3 in QStack<QString>::pop (this=0x82fbac4)
    at /usr/include/qt4/QtCore/qstack.h:69
#13 0xb48e2366 in khtml::XMLHandler::endPrefixMapping (this=0x83475a0, 
    prefix=@0x830ffb0)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/khtml/xml/xml_tokenizer.cpp:148
#14 0xb709d4d1 in QXmlSimpleReaderPrivate::processElementETagBegin2 (
    this=0x82d7ba0) at sax/qxml.cpp:4062
#15 0xb70a0714 in QXmlSimpleReaderPrivate::parseElement (this=0x82d7ba0)
    at sax/qxml.cpp:3861
#16 0xb709f687 in QXmlSimpleReaderPrivate::parseContent (this=0x82d7ba0)
    at sax/qxml.cpp:4208
#17 0xb70a0418 in QXmlSimpleReaderPrivate::parseElement (this=0x82d7ba0)
    at sax/qxml.cpp:3843
#18 0xb709f687 in QXmlSimpleReaderPrivate::parseContent (this=0x82d7ba0)
    at sax/qxml.cpp:4208
#19 0xb70a0418 in QXmlSimpleReaderPrivate::parseElement (this=0x82d7ba0)
    at sax/qxml.cpp:3843
#20 0xb709f687 in QXmlSimpleReaderPrivate::parseContent (this=0x82d7ba0)
    at sax/qxml.cpp:4208
#21 0xb70a0418 in QXmlSimpleReaderPrivate::parseElement (this=0x82d7ba0)
    at sax/qxml.cpp:3843
#22 0xb709f687 in QXmlSimpleReaderPrivate::parseContent (this=0x82d7ba0)
    at sax/qxml.cpp:4208
#23 0xb70a0418 in QXmlSimpleReaderPrivate::parseElement (this=0x82d7ba0)
    at sax/qxml.cpp:3843
#24 0xb70a7246 in QXmlSimpleReaderPrivate::parseBeginOrContinue (
    this=0x82d7ba0, state=1, incremental=true) at sax/qxml.cpp:3475
#25 0xb70a7674 in QXmlSimpleReader::parseContinue (this=0x83475e0)
    at sax/qxml.cpp:3452
#26 0xb48e19b4 in khtml::XMLTokenizer::write (this=0x8347580, 
    str=@0xbfbbf498, appendData=true)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/khtml/xml/xml_tokenizer.cpp:442
#27 0xb4874182 in KHTMLPart::write (this=0x82f43d0, 
    data=0x82bd3d8 "/>\n          </ns:license>\n          <dc:language>en</dc:language>\n        </ns:Work>\n        <ns:License\n", ' ' <repeats 11 times>, "rdf:about=\"http://web.resource.org/cc/PublicDomain\">\n          <ns:permits\n        "..., len=4096)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/khtml/khtml_part.cpp:1972
#28 0xb4876700 in KHTMLPart::slotData (this=0x82f43d0, kio_job=0x80580a8, 
    data=@0xbfbbf964)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/khtml/khtml_part.cpp:1662
#29 0xb487da63 in KHTMLPart::qt_metacall (this=0x82f43d0, 
    _c=QMetaObject::InvokeMetaMethod, _id=33, _a=0xbfbbf6e8)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/khtml/khtml_part.moc:264
#30 0xb752e530 in QMetaObject::activate (sender=0x80580a8, 
    from_signal_index=<value optimized out>, to_signal_index=40, 
    argv=<value optimized out>) at kernel/qobject.cpp:3001
#31 0xb752ec92 in QMetaObject::activate (sender=0x80580a8, m=0xb7e5c510, 
    local_signal_index=0, argv=0xbfbbf6e8) at kernel/qobject.cpp:3071
#32 0xb7cf82d7 in KIO::TransferJob::data (this=0x80580a8, _t1=0x80580a8, 
    _t2=@0xbfbbf964)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/kio/jobclasses.moc:356
#33 0xb7cf8b79 in KIO::TransferJob::slotData (this=0x80580a8, 
    _data=@0xbfbbf964)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/kio/kio/job.cpp:927
#34 0xb7d029e7 in KIO::TransferJob::qt_metacall (this=0x80580a8, 
    _c=QMetaObject::InvokeMetaMethod, _id=48, _a=0xbfbbf80c)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/kio/jobclasses.moc:337
#35 0xb752e530 in QMetaObject::activate (sender=0x8692948, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=<value optimized out>) at kernel/qobject.cpp:3001
#36 0xb752ec92 in QMetaObject::activate (sender=0x8692948, m=0xb7e5ef44, 
    local_signal_index=0, argv=0xbfbbf80c) at kernel/qobject.cpp:3071
#37 0xb7d9ab15 in KIO::SlaveInterface::data (this=0x8692948, _t1=@0xbfbbf964)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/kio/slaveinterface.moc:136
#38 0xb7d9c461 in KIO::SlaveInterface::dispatch (this=0x8692948, _cmd=100, 
    rawdata=@0xbfbbf964)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/kio/kio/slaveinterface.cpp:162
#39 0xb7d9cf9b in KIO::SlaveInterface::dispatch (this=0x8692948)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/kio/kio/slaveinterface.cpp:90
#40 0xb7d90115 in KIO::Slave::gotInput (this=0x8692948)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/kio/kio/slave.cpp:319
#41 0xb7d91585 in KIO::Slave::qt_metacall (this=0x8692948, 
    _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfbbfa68)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/kio/slave.moc:75
#42 0xb752e530 in QMetaObject::activate (sender=0x8691f68, 
    from_signal_index=<value optimized out>, to_signal_index=4, 
    argv=<value optimized out>) at kernel/qobject.cpp:3001
#43 0xb752ec92 in QMetaObject::activate (sender=0x8691f68, m=0xb7e5bba0, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3071
#44 0xb7cd0b6d in KIO::Connection::readyRead (this=0x8691f68)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/kio/connection.moc:84
#45 0xb7cd181d in KIO::ConnectionPrivate::dequeue (this=0x8691f88)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/kio/kio/connection.cpp:82
#46 0xb7cd2595 in KIO::Connection::qt_metacall (this=0x8691f68, 
    _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x844d4e8)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs_build/kio/connection.moc:72
#47 0xb7528249 in QMetaCallEvent::placeMetaCall (this=0x85a0960, 
    object=0x8691f68) at kernel/qobject.cpp:535
#48 0xb752a309 in QObject::event (this=0x8691f68, e=0x85a0960)
    at kernel/qobject.cpp:1131
#49 0xb68668a4 in QApplicationPrivate::notify_helper (this=0x80577a8, 
    receiver=0x8691f68, e=0x85a0960) at kernel/qapplication.cpp:3772
#50 0xb686aa75 in QApplication::notify (this=0xbfbc041c, receiver=0x8691f68, 
    e=0x85a0960) at kernel/qapplication.cpp:3366
#51 0xb7ae56c3 in KApplication::notify (this=0xbfbc041c, receiver=0x8691f68, 
    event=0x85a0960)
    at /var/tmp/portage/kde-base/kdelibs-4.1.0/work/kdelibs-4.1.0/kdeui/kernel/kapplication.cpp:311
#52 0xb7518d59 in QCoreApplication::notifyInternal (this=0xbfbc041c, 
    receiver=0x8691f68, event=0x85a0960) at kernel/qcoreapplication.cpp:587
#53 0xb751a006 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, 
    event_type=0, data=0x804b808) at kernel/qcoreapplication.h:215
#54 0xb7547eca in QEventDispatcherUNIX::processEvents (this=0x8057718, 
    flags=@0xbfbc0128) at kernel/qeventdispatcher_unix.cpp:867
#55 0xb68f6f61 in QEventDispatcherX11::processEvents (this=0x8057718, 
    flags=@0xbfbc0158) at kernel/qeventdispatcher_x11.cpp:154
#56 0xb75180d3 in QEventLoop::processEvents (this=0xbfbc01d0, 
    flags=@0xbfbc0198) at kernel/qeventloop.cpp:149
#57 0xb7518246 in QEventLoop::exec (this=0xbfbc01d0, flags=@0xbfbc01d8)
    at kernel/qeventloop.cpp:200
#58 0xb751a401 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845
#59 0xb686623f in QApplication::exec () at kernel/qapplication.cpp:3304
#60 0xb7f8ccf1 in kdemain (argc=1, argv=0xbfbc0734)
    at /var/tmp/portage/kde-base/konqueror-4.1.0/work/konqueror-4.1.0/apps/konqueror/src/konqmain.cpp:227
#61 0x080488a2 in main (argc=)
    at /var/tmp/portage/kde-base/konqueror-4.1.0/work/konqueror_build/apps/konqueror/src/konqueror_dummy.cpp:3
#0  0xffffe424 in __kernel_vsyscall ()
Comment 4 Sergio Martins 2008-12-15 03:46:52 UTC 
For me its fine in trunk and in kde-4.1.3.

Oliver, can you try in kde-4.1.3?
Comment 5 Oliver Putz 2008-12-15 10:17:31 UTC 
Hi! Sure! Clicking on the link to the attachement still instananeously crashes konqueror from KDE-4.1.82. The backtrace is:

Application: Konqueror (konqueror), signal SIGABRT
[Current thread is 0 (LWP 4854)]

Thread 2 (Thread 0xb14c9b90 (LWP 4863)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb72a7f12 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb7304c6d in QWaitCondition::wait (this=0x85a5d58, mutex=0x85a5d54, time=30000) at thread/qwaitcondition_unix.cpp:86
#3  0xb72f9e70 in QThreadPoolThread::run (this=0x85a5ec0) at concurrent/qthreadpool.cpp:141
#4  0xb7303a24 in QThreadPrivate::start (arg=0x85a5ec0) at thread/qthread_unix.cpp:191
#5  0xb72a4160 in start_thread (arg=0xb14c9b90) at pthread_create.c:297
#6  0xb66e3c0e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb6220700 (LWP 4854)):
[KCrash Handler]
#6  0xffffe424 in __kernel_vsyscall ()
#7  0xb6642690 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#8  0xb6643ed8 in *__GI_abort () at abort.c:88
#9  0xb72fb32f in qt_message_output (msgType=QtFatalMsg, buf=0xbffb6e70 "ASSERT: \"!this->isEmpty()\" in file /usr/include/qt4/QtCore/qstack.h, line 69") at global/qglobal.cpp:2108
#10 0xb72fb3ee in qFatal (msg=0xb7444e7c "ASSERT: \"%s\" in file %s, line %d") at global/qglobal.cpp:2309
#11 0xb72fb72f in qt_assert (assertion=0xb4722079 "!this->isEmpty()", file=0xb4721f20 "/usr/include/qt4/QtCore/qstack.h", line=69) at global/qglobal.cpp:1878
#12 0xb4446c3d in QStack<QString>::pop (this=0x854ba04) at /usr/include/qt4/QtCore/qstack.h:69
#13 0xb4444db0 in khtml::XMLHandler::endPrefixMapping (this=0x8422694, prefix=@0x86dd3c8) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/khtml/xml/xml_tokenizer.cpp:152
#14 0xb7aaecf7 in QXmlSimpleReaderPrivate::processElementETagBegin2 (this=0x8661c60) at sax/qxml.cpp:4065
#15 0xb7ab779b in QXmlSimpleReaderPrivate::parseElement (this=0x8661c60) at sax/qxml.cpp:3864
#16 0xb7ab6b11 in QXmlSimpleReaderPrivate::parseContent (this=0x8661c60) at sax/qxml.cpp:4211
#17 0xb7ab7756 in QXmlSimpleReaderPrivate::parseElement (this=0x8661c60) at sax/qxml.cpp:3846
#18 0xb7ab6b11 in QXmlSimpleReaderPrivate::parseContent (this=0x8661c60) at sax/qxml.cpp:4211
#19 0xb7ab7756 in QXmlSimpleReaderPrivate::parseElement (this=0x8661c60) at sax/qxml.cpp:3846
#20 0xb7ab6b11 in QXmlSimpleReaderPrivate::parseContent (this=0x8661c60) at sax/qxml.cpp:4211
#21 0xb7ab7756 in QXmlSimpleReaderPrivate::parseElement (this=0x8661c60) at sax/qxml.cpp:3846
#22 0xb7ab6b11 in QXmlSimpleReaderPrivate::parseContent (this=0x8661c60) at sax/qxml.cpp:4211
#23 0xb7ab7756 in QXmlSimpleReaderPrivate::parseElement (this=0x8661c60) at sax/qxml.cpp:3846
#24 0xb7aba15e in QXmlSimpleReaderPrivate::parseBeginOrContinue (this=0x8661c60, state=1, incremental=true) at sax/qxml.cpp:3478
#25 0xb7aba390 in QXmlSimpleReader::parseContinue (this=0x84226d4) at sax/qxml.cpp:3455
#26 0xb4444347 in khtml::XMLTokenizer::write (this=0x8422678, str=@0xbffb9678, appendData=true) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/khtml/xml/xml_tokenizer.cpp:458
#27 0xb43cdf94 in KHTMLPart::write (this=0x8325df0, 
    data=0x8652278 "/>\n          </ns:license>\n          <dc:language>en</dc:language>\n        </ns:Work>\n        <ns:License\n", ' ' <repeats 11 times>, "rdf:about=\"http://web.resource.org/cc/PublicDomain\">\n          <ns:permits\n        "..., len=4096) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/khtml/khtml_part.cpp:2060
#28 0xb43d01d0 in KHTMLPart::slotData (this=0x8325df0, kio_job=0x86cf9e0, data=@0xbffb9b74) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/khtml/khtml_part.cpp:1745
#29 0xb43d7997 in KHTMLPart::qt_metacall (this=0x8325df0, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbffb98e8)
    at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/khtml/khtml_part.moc:264
#30 0xb740b4e1 in QMetaObject::activate (sender=0x86cf9e0, from_signal_index=<value optimized out>, to_signal_index=40, argv=0xbffb98e8) at kernel/qobject.cpp:3028
#31 0xb740d3d8 in QMetaObject::activate (sender=0x86cf9e0, m=0xb7dda3d0, local_signal_index=0, argv=0xbffb98e8) at kernel/qobject.cpp:3098
#32 0xb7c755ab in KIO::TransferJob::data (this=0x86cf9e0, _t1=0x86cf9e0, _t2=@0xbffb9b74) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/kio/jobclasses.moc:356
#33 0xb7c75eab in KIO::TransferJob::slotData (this=0x86cf9e0, _data=@0xbffb9b74) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/kio/kio/job.cpp:917
#34 0xb7c7f87a in KIO::TransferJob::qt_metacall (this=0x86cf9e0, _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbffb9a1c)
    at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/kio/jobclasses.moc:337
#35 0xb740b4e1 in QMetaObject::activate (sender=0x83b3140, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xbffb9a1c) at kernel/qobject.cpp:3028
#36 0xb740d3d8 in QMetaObject::activate (sender=0x83b3140, m=0xb7ddcea4, local_signal_index=0, argv=0xbffb9a1c) at kernel/qobject.cpp:3098
#37 0xb7d17f91 in KIO::SlaveInterface::data (this=0x83b3140, _t1=@0xbffb9b74) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/kio/slaveinterface.moc:138
#38 0xb7d1a13f in KIO::SlaveInterface::dispatch (this=0x83b3140, _cmd=100, rawdata=@0xbffb9b74) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/kio/kio/slaveinterface.cpp:163
#39 0xb7d1a40b in KIO::SlaveInterface::dispatch (this=0x83b3140) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/kio/kio/slaveinterface.cpp:91
#40 0xb7d0d549 in KIO::Slave::gotInput (this=0x83b3140) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/kio/kio/slave.cpp:322
#41 0xb7d0e865 in KIO::Slave::qt_metacall (this=0x83b3140, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbffb9c98) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/kio/slave.moc:75
#42 0xb740b4e1 in QMetaObject::activate (sender=0x840c768, from_signal_index=<value optimized out>, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3028
#43 0xb740d3d8 in QMetaObject::activate (sender=0x840c768, m=0xb7dd9980, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3098
#44 0xb7c4e6e7 in KIO::Connection::readyRead (this=0x840c768) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/kio/connection.moc:84
#45 0xb7c4f3b5 in KIO::ConnectionPrivate::dequeue (this=0x848e7d0) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/kio/kio/connection.cpp:82
#46 0xb7c50155 in KIO::Connection::qt_metacall (this=0x840c768, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x8413020)
    at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs_build/kio/connection.moc:72
#47 0xb7402edd in QMetaCallEvent::placeMetaCall (this=0x839e5a0, object=0x840c768) at kernel/qobject.cpp:535
#48 0xb7404ba7 in QObject::event (this=0x840c768, e=0x839e5a0) at kernel/qobject.cpp:1152
#49 0xb6ad6fab in QApplicationPrivate::notify_helper (this=0x8059360, receiver=0x840c768, e=0x839e5a0) at kernel/qapplication.cpp:3809
#50 0xb6addae5 in QApplication::notify (this=0xbffba718, receiver=0x840c768, e=0x839e5a0) at kernel/qapplication.cpp:3399
#51 0xb7910ea7 in KApplication::notify (this=0xbffba718, receiver=0x840c768, event=0x839e5a0) at /var/tmp/portage/kde-base/kdelibs-4.1.82/work/kdelibs-4.1.82/kdeui/kernel/kapplication.cpp:307
#52 0xb73f4b21 in QCoreApplication::notifyInternal (this=0xbffba718, receiver=0x840c768, event=0x839e5a0) at kernel/qcoreapplication.cpp:593
#53 0xb73f5984 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x804c310) at kernel/qcoreapplication.h:215
#54 0xb73f5bc3 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1097
#55 0xb6b6c5a1 in QEventDispatcherX11::processEvents (this=0x8059878, flags={i = -1074027464}) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#56 0xb73f36b0 in QEventLoop::processEvents (this=0xbffba4b0, flags={i = -1074027400}) at kernel/qeventloop.cpp:149
#57 0xb73f3852 in QEventLoop::exec (this=0xbffba4b0, flags={i = -1074027336}) at kernel/qeventloop.cpp:200
#58 0xb73f5c6f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:851
#59 0xb6ad6d43 in QApplication::exec () at kernel/qapplication.cpp:3337
#60 0xb7f84d77 in kdemain (argc=2, argv=0xbffbaa94) at /var/tmp/portage/kde-base/konqueror-4.1.82/work/konqueror-4.1.82/apps/konqueror/src/konqmain.cpp:257
#61 0x080487d2 in main (argc=) at /var/tmp/portage/kde-base/konqueror-4.1.82/work/konqueror_build/apps/konqueror/src/konqueror_dummy.cpp:3
Comment 6 Dario Andres 2008-12-21 20:10:08 UTC 
Here using:

Qt: 4.4.3
KDE: 4.1.85 (KDE 4.1.85 (KDE 4.2 Beta2))
kdelibs svn rev. 899634 / kdebase svn rev. 899635
on ArchLinux x86_64 - Kernel 2.6.27.8

The SVG is shown OK and Konqueror doesn't crash.

Can anyone else confirm this ?
Comment 7 Elmar Stellnberger (AT/K) 2009-01-04 17:50:32 UTC 
Created attachment 29899 [details]
new backtrace

newest konqueror 3.5.10 release 33.1 crashes as soon as I click on the attachment bibus.svg.
Comment 8 esigra 2009-01-18 12:34:34 UTC 
This is a confirmation that the bug still exists in KDE 3.5.10.
Comment 9 Oliver Putz 2009-03-15 08:34:35 UTC 
Still crashes with KDE-4.2.1 from SuseLiveCD (which regrettably ships without debugging data)
Comment 10 Sergio Martins 2009-03-18 06:44:22 UTC 
I don't get the assert, I get a segfault, here's the valgrind report:

==31221== Invalid read of size 4
==31221==    at 0x9C17F30: khtml::XMLHandler::endPrefixMapping(QString const&) (qatomic_i386.h:115)
==31221==    by 0x457E5E5: QXmlSimpleReaderPrivate::processElementETagBegin2() (qxml.cpp:4066)
==31221==    by 0x457F25A: QXmlSimpleReaderPrivate::parseElement() (qxml.cpp:3865)
==31221==    by 0x45807FA: QXmlSimpleReaderPrivate::parseContent() (qxml.cpp:4408)
==31221==    by 0x457F793: QXmlSimpleReaderPrivate::parseElement() (qxml.cpp:3934)
==31221==    by 0x45807FA: QXmlSimpleReaderPrivate::parseContent() (qxml.cpp:4408)
==31221==    by 0x457F793: QXmlSimpleReaderPrivate::parseElement() (qxml.cpp:3934)
==31221==    by 0x45807FA: QXmlSimpleReaderPrivate::parseContent() (qxml.cpp:4408)
==31221==    by 0x457F793: QXmlSimpleReaderPrivate::parseElement() (qxml.cpp:3934)
==31221==    by 0x45807FA: QXmlSimpleReaderPrivate::parseContent() (qxml.cpp:4408)
==31221==    by 0x457F793: QXmlSimpleReaderPrivate::parseElement() (qxml.cpp:3934)
==31221==    by 0x4580A6A: QXmlSimpleReaderPrivate::parseBeginOrContinue(int, bool) (qxml.cpp:3479)
==31221==    by 0x4580DCF: QXmlSimpleReader::parseContinue() (qxml.cpp:3456)
==31221==    by 0x9C19C7A: khtml::XMLTokenizer::write(khtml::TokenizerString const&, bool) (xml_tokenizer.cpp:458)
==31221==    by 0x9B70F72: KHTMLPart::write(char const*, int) (khtml_part.cpp:2081)
==31221==    by 0x9B765FA: KHTMLPart::slotData(KIO::Job*, QByteArray const&) (khtml_part.cpp:1766)
==31221==    by 0x9B99A9F: KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) (khtml_part.moc:265)
==31221==    by 0x4D7D363: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3066)
==31221==    by 0x4D7D7EA: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3143)
==31221==    by 0x4290BDC: KIO::TransferJob::data(KIO::Job*, QByteArray const&) (jobclasses.moc:364)
==31221==    by 0x4291D94: KIO::TransferJob::slotData(QByteArray const&) (job.cpp:917)
==31221==    by 0x42A2FBD: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:344)
==31221==    by 0x4D7D363: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3066)
==31221==    by 0x4D7D7EA: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3143)
==31221==    by 0x436D676: KIO::SlaveInterface::data(QByteArray const&) (slaveinterface.moc:140)
==31221==    by 0x4370D6E: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:163)
==31221==    by 0x436DAAA: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91)
==31221==    by 0x435BFC2: KIO::Slave::gotInput() (slave.cpp:322)
==31221==    by 0x435CCCC: KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) (slave.moc:76)
==31221==    by 0x4D7D363: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3066)
==31221==  Address 0x3 is not stack'd, malloc'd or (recently) free'd
Comment 11 Sergio Martins 2009-03-18 07:47:07 UTC 
Created attachment 32224 [details]
Patch

Can any trigger try my patch? Apply it inside kdelibs.
Comment 12 Sergio Martins 2009-03-19 02:13:27 UTC 
SVN commit 941182 by smartins:

Don't crash while opening non well-formed SVG files.

BUG: 160421


 M  +10 -5     xml_tokenizer.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=941182
Comment 13 Sergio Martins 2009-03-19 02:23:33 UTC 
SVN commit 941184 by smartins:

Backport r941182 by smartins from trunk to the 4.2 branch:

Don't crash while opening non well-formed SVG files.

CCBUG: 160421


 M  +10 -5     xml_tokenizer.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=941184