Bug 161989

Summary: [testcase] konqueror crashes every time visiting http://it.wasalive.com/it/asus+eeepc
Product: [Applications] konqueror Reporter: Andrea Diamantini <adjam7>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: andresbajotierra, fabien.skraber, finex, fizista, frank78ac, ivaylo.kabakov, jajaxor, L.Plant.98, maksim, michaelperik, michiduta07, zahl
Priority: NOR    
Version: SVN   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In: 4.5.1
Sentry Crash Report:
Attachments: Reduced test case

Description Andrea Diamantini 2008-05-12 09:11:49 UTC 
Version:           4.00.73 (using Devel)
Installed from:    Compiled sources
Compiler:          4.2.3 Target: i486-slackware-linux
Configured with: ../gcc-4.2.3/configure --prefix=/usr --enable-shared --enable-languages=ada,c,c++,fortran,java,objc --enable-threads=posix --enable-__cxa_atexit --disable-checking --with-gnu-ld --verbose --with-arch=i486 --target=i486-slackware-linux --host=i486-slackware-linux
Thread model: posix
OS:                Linux

konqueror crashes every time visiting http://it.wasalive.com/it/asus+eeepc

here is the backtrace:

Application: Konqueror (konqueror), signal SIGSEGV
[?1034h[Thread debugging using libthread_db enabled]
[New Thread 0xb63fd6d0 (LWP 3932)]
[New Thread 0xb32f0b90 (LWP 3936)]
[KCrash handler]
#5  0xb48d3fb6 in WTF::SharedPtr<khtml::RenderArena>::get (this=0x128)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/wtf/SharedPtr.h:47
#6  0xb494f0b2 in appendRunsForObject (start=0, end=1, obj=0x84f3424, 
    bidi=@0xbfeba198)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:518
#7  0xb494f27d in appendRun (bidi=@0xbfeba198)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:551
#8  0xb494ff48 in khtml::RenderBlock::bidiReorderLine (this=0x84f3254, 
    start=<value optimized out>, end=@0xbfeba1f4, bidi=@0xbfeba198)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1286
#9  0xb495283b in khtml::RenderBlock::layoutInlineChildren (this=0x84f3254, 
    relayoutChildren=false, breakBeforeLine=0)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1550
#10 0xb495cbef in khtml::RenderBlock::layoutBlock (this=0x84f3254, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:779
#11 0xb495d181 in khtml::RenderBlock::layout (this=0x84f3254)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#12 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x84f3254)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#13 0xb495b021 in khtml::RenderBlock::layoutPositionedObjects (this=0x84f316c, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1667
#14 0xb495c97e in khtml::RenderBlock::layoutBlock (this=0x84f316c, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:706
#15 0xb495d181 in khtml::RenderBlock::layout (this=0x84f316c)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#16 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x84f316c)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#17 0xb495c4ee in khtml::RenderBlock::layoutBlockChildren (this=0x84f30e8, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#18 0xb495cc04 in khtml::RenderBlock::layoutBlock (this=0x84f30e8, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#19 0xb495d181 in khtml::RenderBlock::layout (this=0x84f30e8)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#20 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x84f30e8)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#21 0xb495c4ee in khtml::RenderBlock::layoutBlockChildren (this=0x84f3064, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#22 0xb495cc04 in khtml::RenderBlock::layoutBlock (this=0x84f3064, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#23 0xb495d181 in khtml::RenderBlock::layout (this=0x84f3064)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#24 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x84f3064)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#25 0xb495c4ee in khtml::RenderBlock::layoutBlockChildren (this=0x838b0a8, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#26 0xb495cc04 in khtml::RenderBlock::layoutBlock (this=0x838b0a8, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#27 0xb495d181 in khtml::RenderBlock::layout (this=0x838b0a8)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#28 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x838b0a8)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#29 0xb495c4ee in khtml::RenderBlock::layoutBlockChildren (this=0x838af3c, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#30 0xb495cc04 in khtml::RenderBlock::layoutBlock (this=0x838af3c, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#31 0xb495d181 in khtml::RenderBlock::layout (this=0x838af3c)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#32 0xb49bc289 in khtml::RenderBody::layout (this=0x838af3c)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_body.cpp:96
#33 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x838af3c)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#34 0xb495c4ee in khtml::RenderBlock::layoutBlockChildren (this=0x838ae54, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#35 0xb495cc04 in khtml::RenderBlock::layoutBlock (this=0x838ae54, 
    relayoutChildren=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#36 0xb495d181 in khtml::RenderBlock::layout (this=0x838ae54)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#37 0xb486c581 in khtml::RenderObject::layoutIfNeeded (this=0x838ae54)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:443
#38 0xb495c4ee in khtml::RenderBlock::layoutBlockChildren (this=0x838ad18, 
    relayoutChildren=true)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#39 0xb495cc04 in khtml::RenderBlock::layoutBlock (this=0x838ad18, 
    relayoutChildren=true)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#40 0xb49b7dc8 in khtml::RenderCanvas::layout (this=0x838ad18)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/rendering/render_canvas.cpp:187
#41 0xb4869430 in KHTMLView::layout (this=0x83b61e8)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:1019
#42 0xb48cf7c5 in DOM::DocumentImpl::updateLayout (this=0x8330d08)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1304
#43 0xb49f90d1 in khtml::RenderStyleDeclarationImpl::getPropertyCSSValue (
    this=0x8c8f3b8, propertyID=68)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/css/css_renderstyledeclarationimpl.cpp:375
#44 0xb49f8375 in khtml::RenderStyleDeclarationImpl::getPropertyValue (
    this=0x8c8f3b8, propertyID=68)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/css/css_renderstyledeclarationimpl.cpp:1113
#45 0xb49d5d8c in DOM::CSSStyleDeclarationImpl::getPropertyValue (
    this=0x8c8f3b8, propertyName=@0xbfebaffc)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/css/css_valueimpl.cpp:137
#46 0xb4a63ff3 in KJS::DOMCSSStyleDeclaration::getOwnPropertySlot (
    this=0xb1c56500, exec=0xbfebb358, propertyName=@0xbfebb0d0, 
    slot=@0xbfebb07c)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/ecma/kjs_css.cpp:206
#47 0xb474cfbf in KJS::JSObject::getPropertySlot (this=0xb1c56500, 
    exec=0xbfebb358, propertyName=@0xbfebb0d0, slot=@0xbfebb07c)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.h:583
#48 0xb47764da in KJS::JSObject::get (this=0xb1c56500, exec=0xbfebb358, 
    propertyName=@0xbfebb0d0)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:164
#49 0xb473d559 in KJS::BracketAccessorNode::evaluate (this=0x8a56d60, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:814
#50 0xb473e3a4 in KJS::ConditionalNode::evaluate (this=0x8a56d88, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1659
#51 0xb474ce62 in KJS::LocalAssignNode::evaluate (this=0x8c86f20, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1749
#52 0xb4739cd4 in KJS::ExprStatementNode::execute (this=0x8a56db8, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2168
#53 0xb473949a in KJS::SourceElementsNode::execute (this=0x8a56cc8, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2979
#54 0xb4736931 in KJS::BlockNode::execute (this=0x8a56de8, exec=0xbfebb358)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#55 0xb473e2d5 in KJS::IfNode::execute (this=0x8a56e00, exec=0xbfebb358)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2200
#56 0xb473949a in KJS::SourceElementsNode::execute (this=0x8a56708, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2979
#57 0xb4736931 in KJS::BlockNode::execute (this=0x8a57138, exec=0xbfebb358)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#58 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1cb8f20, 
    exec=0xbfebb358) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#59 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1cb8f20, 
    exec=0xbfebb5f8, thisObj=0xb1cc0000, args=@0xbfebb404)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#60 0xb4776c82 in KJS::JSObject::call (this=0xb1cb8f20, exec=0xbfebb5f8, 
    thisObj=0xb1cc0000, args=@0xbfebb404)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#61 0xb4759696 in KJS::FunctionProtoFunc::callAsFunction (this=0xb1cb0e80, 
    exec=0xbfebb5f8, thisObj=0xb1cb8f20, args=@0xbfebb480)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function_object.cpp:123
#62 0xb4776c82 in KJS::JSObject::call (this=0xb1cb0e80, exec=0xbfebb5f8, 
    thisObj=0xb1cb8f20, args=@0xbfebb480)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#63 0xb473ccb2 in KJS::FunctionCallDotNode::evaluate (this=0x8a44970, 
    exec=0xbfebb5f8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1141
#64 0xb473ab2e in KJS::ReturnNode::execute (this=0x8a44988, exec=0xbfebb5f8)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2474
#65 0xb47393c9 in KJS::SourceElementsNode::execute (this=0x8a449a0, 
    exec=0xbfebb5f8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2973
#66 0xb4736931 in KJS::BlockNode::execute (this=0x8a449b8, exec=0xbfebb5f8)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#67 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1c52640, 
    exec=0xbfebb5f8) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#68 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1c52640, 
    exec=0xbfebb808, thisObj=0xb1c57260, args=@0xbfebb690)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#69 0xb4776c82 in KJS::JSObject::call (this=0xb1c52640, exec=0xbfebb808, 
    thisObj=0xb1c57260, args=@0xbfebb690)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#70 0xb473ccb2 in KJS::FunctionCallDotNode::evaluate (this=0x8a57638, 
    exec=0xbfebb808) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1141
#71 0xb473ab2e in KJS::ReturnNode::execute (this=0x8a57650, exec=0xbfebb808)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2474
#72 0xb47393c9 in KJS::SourceElementsNode::execute (this=0x8a57668, 
    exec=0xbfebb808) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2973
#73 0xb4736931 in KJS::BlockNode::execute (this=0x8a57680, exec=0xbfebb808)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#74 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1cb8f80, 
    exec=0xbfebb808) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#75 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1cb8f80, 
    exec=0xbfebbaa8, thisObj=0xb1cc0000, args=@0xbfebb8b4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#76 0xb4776c82 in KJS::JSObject::call (this=0xb1cb8f80, exec=0xbfebbaa8, 
    thisObj=0xb1cc0000, args=@0xbfebb8b4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#77 0xb4759696 in KJS::FunctionProtoFunc::callAsFunction (this=0xb1cb0e80, 
    exec=0xbfebbaa8, thisObj=0xb1cb8f80, args=@0xbfebb930)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function_object.cpp:123
#78 0xb4776c82 in KJS::JSObject::call (this=0xb1cb0e80, exec=0xbfebbaa8, 
    thisObj=0xb1cb8f80, args=@0xbfebb930)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#79 0xb473ccb2 in KJS::FunctionCallDotNode::evaluate (this=0x8a44970, 
    exec=0xbfebbaa8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1141
#80 0xb473ab2e in KJS::ReturnNode::execute (this=0x8a44988, exec=0xbfebbaa8)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2474
#81 0xb47393c9 in KJS::SourceElementsNode::execute (this=0x8a449a0, 
    exec=0xbfebbaa8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2973
#82 0xb4736931 in KJS::BlockNode::execute (this=0x8a449b8, exec=0xbfebbaa8)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#83 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1c52700, 
    exec=0xbfebbaa8) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#84 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1c52700, 
    exec=0xbfebbe28, thisObj=0xb1c57260, args=@0xbfebbb40)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#85 0xb4776c82 in KJS::JSObject::call (this=0xb1c52700, exec=0xbfebbe28, 
    thisObj=0xb1c57260, args=@0xbfebbb40)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#86 0xb473ccb2 in KJS::FunctionCallDotNode::evaluate (this=0x889f1b0, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1141
#87 0xb473e43c in KJS::BinaryLogicalNode::evaluate (this=0x889f1e0, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1628
#88 0xb473b74a in KJS::PropertyListNode::evaluate (this=0x889f210, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:736
#89 0xb4736ffe in KJS::ObjectLiteralNode::evaluate (this=0x8aa45f8, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:716
#90 0xb473a484 in KJS::ArgumentListNode::evaluateList (this=0x889f288, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:901
#91 0xb474cf14 in KJS::ArgumentsNode::evaluateList (this=0x87e91d0, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.h:481
#92 0xb473cbb0 in KJS::FunctionCallDotNode::evaluate (this=0x889f300, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1133
#93 0xb4739d70 in KJS::StaticVarStatementNode::execute (this=0x834ac60, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2108
#94 0xb473949a in KJS::SourceElementsNode::execute (this=0x8a0c310, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2979
#95 0xb4736931 in KJS::BlockNode::execute (this=0x889f3f0, exec=0xbfebbe28)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#96 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1c5a3e0, 
    exec=0xbfebbe28) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#97 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1c5a3e0, 
    exec=0xbfebc0b8, thisObj=0xb1c56b40, args=@0xbfebbed4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#98 0xb4776c82 in KJS::JSObject::call (this=0xb1c5a3e0, exec=0xbfebc0b8, 
    thisObj=0xb1c56b40, args=@0xbfebbed4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#99 0xb4759696 in KJS::FunctionProtoFunc::callAsFunction (this=0xb1cb0e80, 
    exec=0xbfebc0b8, thisObj=0xb1c5a3e0, args=@0xbfebbf50)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function_object.cpp:123
#100 0xb4776c82 in KJS::JSObject::call (this=0xb1cb0e80, exec=0xbfebc0b8, 
    thisObj=0xb1c5a3e0, args=@0xbfebbf50)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#101 0xb473ccb2 in KJS::FunctionCallDotNode::evaluate (this=0x8844718, 
    exec=0xbfebc0b8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:1141
#102 0xb4739cd4 in KJS::ExprStatementNode::execute (this=0x876c6d8, 
    exec=0xbfebc0b8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2168
#103 0xb47393c9 in KJS::SourceElementsNode::execute (this=0x876c6f0, 
    exec=0xbfebc0b8) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2973
#104 0xb4736931 in KJS::BlockNode::execute (this=0x81349c0, exec=0xbfebc0b8)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#105 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1c5a280, 
    exec=0xbfebc0b8) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#106 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1c5a280, 
    exec=0xbfebc308, thisObj=0xb1c56b40, args=@0xbfebc194)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#107 0xb4776c82 in KJS::JSObject::call (this=0xb1c5a280, exec=0xbfebc308, 
    thisObj=0xb1c56b40, args=@0xbfebc194)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#108 0xb4771417 in KJS::DeclaredFunctionImp::construct (this=0xb1c5a280, 
    exec=0xbfebc308, args=@0xbfebc194)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:363
#109 0xb473c3a3 in KJS::NewExprNode::evaluate (this=0x8a2da88, exec=0xbfebc308)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:958
#110 0xb473ab2e in KJS::ReturnNode::execute (this=0x8a2daa0, exec=0xbfebc308)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2474
#111 0xb473949a in KJS::SourceElementsNode::execute (this=0x887b030, 
    exec=0xbfebc308) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2979
#112 0xb4736931 in KJS::BlockNode::execute (this=0x8a2dad0, exec=0xbfebc308)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#113 0xb476f302 in KJS::DeclaredFunctionImp::execute (this=0xb1c5b2e0, 
    exec=0xbfebc308) at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:373
#114 0xb477074b in KJS::FunctionImp::callAsFunction (this=0xb1c5b2e0, 
    exec=0xbfebc530, thisObj=0xb1c57120, args=@0xbfebc3e4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:161
#115 0xb4776c82 in KJS::JSObject::call (this=0xb1c5b2e0, exec=0xbfebc530, 
    thisObj=0xb1c57120, args=@0xbfebc3e4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/object.cpp:99
#116 0xb4771417 in KJS::DeclaredFunctionImp::construct (this=0xb1c5b2e0, 
    exec=0xbfebc530, args=@0xbfebc3e4)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/function.cpp:363
#117 0xb473c3a3 in KJS::NewExprNode::evaluate (this=0x8c85b28, exec=0xbfebc530)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:958
#118 0xb4739cd4 in KJS::ExprStatementNode::execute (this=0x8c85b40, 
    exec=0xbfebc530) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2168
#119 0xb473949a in KJS::SourceElementsNode::execute (this=0x8c856d8, 
    exec=0xbfebc530) at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2979
#120 0xb4736931 in KJS::BlockNode::execute (this=0x8c85b70, exec=0xbfebc530)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/nodes.cpp:2145
#121 0xb477b2b8 in KJS::Interpreter::evaluate (this=0x8330ef0, 
    sourceURL=@0xbfebc644, startingLineNumber=130, code=0x8c850f0, 
    codeLength=246, thisV=0xb1cc0000)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/interpreter.cpp:499
#122 0xb477b353 in KJS::Interpreter::evaluate (this=0x8330ef0, 
    sourceURL=@0xbfebc644, startingLineNumber=130, code=@0xbfebc648, 
    thisV=0xb1cc0000)
    at /DATI/future/kde/src/KDE/kdelibs/kjs/interpreter.cpp:440
#123 0xb4a5d1f2 in KJS::KJSProxyImpl::evaluate (this=0x83f37d0, 
    filename=@0xbfebc6d8, baseLine=130, str=@0xbfebc894, n=@0xbfebc73c, 
    completion=0xbfebc6b8)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/ecma/kjs_proxy.cpp:157
#124 0xb488f2d4 in KHTMLPart::executeScript (this=0x83b5d28, 
    filename=@0xbfebc758, baseLine=130, n=@0xbfebc73c, script=@0xbfebc894)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1184
#125 0xb4907066 in khtml::HTMLTokenizer::scriptExecution (this=0x8804518, 
    str=@0xbfebc894, scriptURL=@0xbfebc88c, baseLine=129)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:466
#126 0xb490778b in khtml::HTMLTokenizer::scriptHandler (this=0x8804518)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:419
#127 0xb4908044 in khtml::HTMLTokenizer::parseSpecial (this=0x8804518, 
    src=@0x88049e0)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:335
#128 0xb490a336 in khtml::HTMLTokenizer::parseTag (this=0x8804518, 
    src=@0x88049e0)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1245
#129 0xb490a8d5 in khtml::HTMLTokenizer::write (this=0x8804518, 
    str=@0xbfebcba8, appendData=false)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1476
#130 0xb4907310 in khtml::HTMLTokenizer::notifyFinished (this=0x8804518)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1789
#131 0xb4a023d0 in khtml::CachedScript::checkNotify (this=0x8a54520)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:389
#132 0xb4a0763b in khtml::CachedScript::data (this=0x8a54520, 
    buffer=@0x84f1594, eof=true)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:381
#133 0xb4a04c19 in khtml::Loader::slotFinished (this=0x8377c30, job=0x8a96580)
    at /DATI/future/kde/src/KDE/kdelibs/khtml/misc/loader.cpp:1398
#134 0xb4a04ec8 in khtml::Loader::qt_metacall (this=0x8377c30, 
    _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfebce4c)
    at /DATI/future/kde/build/KDE/kdelibs/khtml/loader.moc:129
#135 0xb72b08dd in QMetaObject::activate (sender=0x8a96580, 
    from_signal_index=7, to_signal_index=7, argv=0xbfebce4c)
    at kernel/qobject.cpp:2998
#136 0xb72b0ce5 in QMetaObject::activate (sender=0x8a96580, m=0xb7be7968, 
    local_signal_index=3, argv=0xbfebce4c) at kernel/qobject.cpp:3071
#137 0xb7b08306 in KJob::result (this=0x8a96580, _t1=0x8a96580)
    at /DATI/future/kde/build/KDE/kdelibs/kdecore/kjob.moc:186
#138 0xb7b08767 in KJob::emitResult (this=0x8a96580)
    at /DATI/future/kde/src/KDE/kdelibs/kdecore/jobs/kjob.cpp:290
#139 0xb7c98aa9 in KIO::SimpleJob::slotFinished (this=0x8a96580)
    at /DATI/future/kde/src/KDE/kdelibs/kio/kio/job.cpp:491
#140 0xb7c98e36 in KIO::TransferJob::slotFinished (this=0x8a96580)
    at /DATI/future/kde/src/KDE/kdelibs/kio/kio/job.cpp:961
#141 0xb7c9e988 in KIO::TransferJob::qt_metacall (this=0x8a96580, 
    _c=QMetaObject::InvokeMetaMethod, _id=7, _a=0xbfebd098)
    at /DATI/future/kde/build/KDE/kdelibs/kio/jobclasses.moc:336
#142 0xb72b08dd in QMetaObject::activate (sender=0x83f2aa8, 
    from_signal_index=8, to_signal_index=8, argv=0x0)
    at kernel/qobject.cpp:2998
#143 0xb72b0ce5 in QMetaObject::activate (sender=0x83f2aa8, m=0xb7dd8284, 
    local_signal_index=4, argv=0x0) at kernel/qobject.cpp:3071
#144 0xb7d286a7 in KIO::SlaveInterface::finished (this=0x83f2aa8)
    at /DATI/future/kde/build/KDE/kdelibs/kio/slaveinterface.moc:161
#145 0xb7d29e9b in KIO::SlaveInterface::dispatch (this=0x83f2aa8, _cmd=104, 
    rawdata=@0xbfebd224)
    at /DATI/future/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:175
#146 0xb7d2a85f in KIO::SlaveInterface::dispatch (this=0x83f2aa8)
    at /DATI/future/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:90
#147 0xb7d1ef61 in KIO::Slave::gotInput (this=0x83f2aa8)
    at /DATI/future/kde/src/KDE/kdelibs/kio/kio/slave.cpp:319
#148 0xb7d200bd in KIO::Slave::qt_metacall (this=0x83f2aa8, 
    _c=QMetaObject::InvokeMetaMethod, _id=296, _a=0xbfebd338)
    at /DATI/future/kde/build/KDE/kdelibs/kio/slave.moc:75
#149 0xb72b08dd in QMetaObject::activate (sender=0x83bac28, 
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at kernel/qobject.cpp:2998
#150 0xb72b0ce5 in QMetaObject::activate (sender=0x83bac28, m=0xb7dd4f40, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3071
#151 0xb7c713c7 in KIO::Connection::readyRead (this=0x83bac28)
    at /DATI/future/kde/build/KDE/kdelibs/kio/connection.moc:84
#152 0xb7c72105 in KIO::ConnectionPrivate::dequeue (this=0x8345598)
    at /DATI/future/kde/src/KDE/kdelibs/kio/kio/connection.cpp:82
#153 0xb7c72b9f in KIO::Connection::qt_metacall (this=0x83bac28, 
    _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x87fd4a8)
    at /DATI/future/kde/build/KDE/kdelibs/kio/connection.moc:72
#154 0xb72accab in QMetaCallEvent::placeMetaCall (this=0x8345c70, 
    object=0x83bac28) at kernel/qobject.cpp:535
#155 0xb72aee0d in QObject::event (this=0x83bac28, e=0x8345c70)
    at kernel/qobject.cpp:1128
#156 0xb6ae66fa in QApplicationPrivate::notify_helper (this=0x8072440, 
    receiver=0x83bac28, e=0x8345c70) at kernel/qapplication.cpp:3772
#157 0xb6aed182 in QApplication::notify (this=0xbfebdca8, receiver=0x83bac28, 
    e=0x8345c70) at kernel/qapplication.cpp:3366
#158 0xb79163ac in KApplication::notify (this=0xbfebdca8, receiver=0x83bac28, 
    event=0x8345c70)
    at /DATI/future/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#159 0xb729fcf3 in QCoreApplication::notifyInternal (this=0xbfebdca8, 
    receiver=0x83bac28, event=0x8345c70) at kernel/qcoreapplication.cpp:583
#160 0xb72a11cf in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, 
    event_type=0, data=0x804b288)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#161 0xb72a1407 in QCoreApplication::sendPostedEvents (receiver=0x0, 
    event_type=0) at kernel/qcoreapplication.cpp:1091
#162 0xb72c6cf5 in postEventSourceDispatch (s=0x8074710)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#163 0xb6585c76 in g_main_context_dispatch ()
   from /usr/X11R6/lib/libglib-2.0.so.0
#164 0xb6589003 in ?? () from /usr/X11R6/lib/libglib-2.0.so.0
#165 0x08074690 in ?? ()
#166 0x00000000 in ?? ()
#0  0xb679b79c in nanosleep () from /lib/libc.so.6
Comment 1 Jonas Vejlin 2008-05-12 11:34:14 UTC 
I can reprodocue this bug in Debian Stable (eka kde 3.5.5
Her is the gdb
(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1232721696 (LWP 4690)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#9  0xb5f1acad in non-virtual thunk to DOM::HTMLEmbedElementImpl::~HTMLEmbedElementImpl() () from /usr/lib/libkhtml.so.4
#10 0xb5f2e580 in non-virtual thunk to DOM::HTMLEmbedElementImpl::~HTMLEmbedElementImpl() () from /usr/lib/libkhtml.so.4
#11 0x0af3a964 in ?? ()
#12 0x083c6718 in ?? ()
#13 0x00000001 in ?? ()
#14 0xb61043e4 in ?? () from /usr/lib/libkhtml.so.4
#15 0x0af3a964 in ?? ()
#16 0x00000000 in ?? ()
Comment 2 A. Spehr 2008-05-13 09:12:19 UTC 
Are those actual bidi calls in there? I don't see anything that looks like it would use bidi in the page (looking at it under iceweasel).

And in 4.0 branch svn r802901 (~4.0.4?) it crashes:

#6  0xb45aa792 in WTF::SharedPtr<khtml::RenderArena>::get (this=0x130)
    at /home/kde-devel/kde/src/KDE/kdelibs/kjs/wtf/SharedPtr.h:47
#7  0xb45baf36 in DOM::DocumentImpl::renderArena (this=0x8)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.h:306
#8  0xb4668384 in khtml::RenderObject::renderArena (this=0x863d784)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_object.cpp:1698
#9  0xb4643916 in appendRunsForObject (start=0, end=1, obj=0x863d784, 
    bidi=@0xbff3a288)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:518
#10 0xb4643b41 in appendRun (bidi=@0xbff3a288)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:551
#11 0xb464739a in khtml::RenderBlock::bidiReorderLine (this=0x863d5b4, 
    start=@0xbff3a300, end=@0xbff3a2d4, bidi=@0xbff3a288)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1283
#12 0xb4648032 in khtml::RenderBlock::layoutInlineChildren (this=0x863d5b4, 
    relayoutChildren=false, breakBeforeLine=0)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1547
#13 0xb4655a7e in khtml::RenderBlock::layoutBlock (this=0x863d5b4, 
    relayoutChildren=false)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:779
#14 0xb46561d7 in khtml::RenderBlock::layout (this=0x863d5b4)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#15 0xb4522841 in khtml::RenderObject::layoutIfNeeded (this=0x863d5b4)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:441
#16 0xb46534f7 in khtml::RenderBlock::layoutPositionedObjects (this=0x863d4cc, 
    relayoutChildren=false)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1667
#17 0xb46556e1 in khtml::RenderBlock::layoutBlock (this=0x863d4cc, 
    relayoutChildren=false)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:706
#18 0xb46561d7 in khtml::RenderBlock::layout (this=0x863d4cc)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#19 0xb4522841 in khtml::RenderObject::layoutIfNeeded (this=0x863d4cc)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:441
#20 0xb465501d in khtml::RenderBlock::layoutBlockChildren (this=0x863d448, 
    relayoutChildren=false)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#21 0xb4655a93 in khtml::RenderBlock::layoutBlock (this=0x863d448, 
    relayoutChildren=false)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:781
#22 0xb46561d7 in khtml::RenderBlock::layout (this=0x863d448)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:682
#23 0xb4522841 in khtml::RenderObject::layoutIfNeeded (this=0x863d448)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:441
#24 0xb465501d in khtml::RenderBlock::layoutBlockChildren (this=0x863d3c4, 
    relayoutChildren=false)
    at /home/kde-devel/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1502
#25 0xb4655a93 in khtml::RenderBlock::layoutBlock (this=0x863d3c4, 
    relayoutChildren=false)
    at /home/kde
.....
Comment 3 Frank Reininghaus 2008-08-29 23:40:31 UTC 
Created attachment 27136 [details]
Reduced test case

This test case still crashes 4.1, SVN trunk 854508, and 3.5.10 for me. The backtrace is not always the same, but always similar to the ones posted here earlier. It's a bit strange that the "new Effect();" command in the script section is needed for the crash although I was able to remove the link to the JS file defining the "Effect".
Comment 4 Luke Plant 2009-01-21 23:01:11 UTC 
Same here, with Konqueror 4.1.4, and another URL on the same site: http://en.wasalive.com/en/dell
Comment 5 FiNeX 2009-08-31 14:08:44 UTC 
The first link makes my current trunk version of Konqueror (KDE 4) crash (r1017738)
Comment 6 Dario Andres 2009-10-12 18:15:35 UTC 
Bug 210326 got another testcase site: http://ijustmadelove.com/
I could still reproduce both crashes on 4.4..
Thanks
Comment 7 Dario Andres 2009-10-12 18:15:53 UTC 
*** Bug 210326 has been marked as a duplicate of this bug. ***
Comment 8 Dario Andres 2009-11-11 03:08:41 UTC 
*** Bug 214057 has been marked as a duplicate of this bug. ***
Comment 9 FiNeX 2010-08-15 14:33:33 UTC 
Crash reproduced on KDE 4.4.5 using the testcase on comment #3.

Moreover the backtrace is very similar to bug #145635
Comment 10 Maksim Orlovich 2010-08-16 15:15:25 UTC 
==12274== Invalid read of size 4
==12274==    at 0xCA29FB7: khtml::DocPtr<DOM::DocumentImpl>::get() const (shared.h:104)
==12274==    by 0xCB91EBF: khtml::RenderObject::renderArena() const (render_object.cpp:2371)
==12274==    by 0xCB70164: khtml::appendRunsForObject(int, int, khtml::RenderObject*, khtml::BidiState&) (bidi.cpp:554)
==12274==    by 0xCB70263: khtml::appendRun(khtml::BidiState&) (bidi.cpp:568)
==12274==    by 0xCB732A6: khtml::RenderBlock::bidiReorderLine(khtml::BidiIterator const&, khtml::BidiIterator const&, khtml::BidiState&) (bidi.cpp:1297)
==12274==    by 0xCB73DDE: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1512)
==12274==    by 0xCB7FB12: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:833)
==12274==    by 0xCB80014: khtml::RenderBlock::layout() (render_block.cpp:736)
==12274==    by 0xCA29B40: khtml::RenderObject::layoutIfNeeded() (render_object.h:480)
==12274==    by 0xCB7F2DF: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1556)
==12274==    by 0xCB7FB23: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==12274==    by 0xCB80014: khtml::RenderBlock::layout() (render_block.cpp:736)
==12274==    by 0xCBF79A3: khtml::RenderBody::layout() (render_body.cpp:91)
==12274==    by 0xCA29B40: khtml::RenderObject::layoutIfNeeded() (render_object.h:480)
==12274==    by 0xCB7F2DF: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1556)
==12274==    by 0xCB7FB23: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==12274==    by 0xCB80014: khtml::RenderBlock::layout() (render_block.cpp:736)
==12274==    by 0xCA29B40: khtml::RenderObject::layoutIfNeeded() (render_object.h:480)
==12274==    by 0xCB7F2DF: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1556)
==12274==    by 0xCB7FB23: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==12274==    by 0xCBF2C20: khtml::RenderCanvas::layout() (render_canvas.cpp:191)
==12274==    by 0xCA265F2: KHTMLView::layout() (khtmlview.cpp:1019)
==12274==    by 0xCA26CB4: KHTMLView::timerEvent(QTimerEvent*) (khtmlview.cpp:4166)
==12274==    by 0x543FE49: QObject::event(QEvent*) (qobject.cpp:1212)
==12274==    by 0x59A9216: QWidget::event(QEvent*) (qwidget.cpp:8501)
==12274==    by 0x5DD8F89: QFrame::event(QEvent*) (qframe.cpp:557)
==12274==    by 0x5E78E3F: QAbstractScrollArea::event(QEvent*) (qabstractscrollarea.cpp:989)
==12274==    by 0x5E7DEBE: QScrollArea::event(QEvent*) (qscrollarea.cpp:314)
==12274==    by 0xCA24B64: KHTMLView::event(QEvent*) (khtmlview.cpp:551)
==12274==    by 0x5944D65: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4306)
==12274==    by 0x5944BCB: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:4271)
==12274==    by 0x4CC9E02: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:309)
==12274==    by 0x542AA71: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:726)
==12274==    by 0x40A4FDD: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:215)
==12274==    by 0x54608BC: QTimerInfoList::activateTimers() (qeventdispatcher_unix.cpp:603)
==12274==    by 0x545CCDE: timerSourceDispatch(_GSource*, int (*)(void*), void*) (qeventdispatcher_glib.cpp:184)
==12274==    by 0x6A536DD: g_main_context_dispatch (gmain.c:2119)
==12274==    by 0x6A57567: g_main_context_iterate (gmain.c:2750)
==12274==    by 0x6A5770D: g_main_context_iteration (gmain.c:2813)
==12274==    by 0x545DCB7: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventdispatcher_glib.cpp:412)
==12274==    by 0x5A0B18F: QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qguieventdispatcher_glib.cpp:204)
==12274==    by 0x5428412: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:149)
==12274==    by 0x5428556: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (qeventloop.cpp:197)
==12274==    by 0x542B117: QCoreApplication::exec() (qcoreapplication.cpp:1003)
==12274==    by 0x5942233: QApplication::exec() (qapplication.cpp:3585)
==12274==    by 0x412A3CC: kdemain (konqmain.cpp:220)
==12274==    by 0x804872A: main (konqueror_dummy.cpp:3)
==12274==  Address 0x7b3f6b0 is 16 bytes inside a block of size 40 free'd
==12274==    at 0x40236AD: operator delete(void*) (vg_replace_malloc.c:346)
==12274==    by 0xCADAB74: DOM::TextImpl::~TextImpl() (dom_textimpl.h:111)
==12274==    by 0xCACE35C: DOM::NodeBaseImpl::removeChildren() (dom_nodeimpl.cpp:1722)
==12274==    by 0xCB2CC6B: DOM::HTMLElementImpl::setInnerHTML(DOM::DOMString const&, int&) (html_elementimpl.cpp:526)
==12274==    by 0xCCCA5E8: KJS::HTMLElement::putValueProperty(KJS::ExecState*, int, KJS::JSValue*, int) (kjs_html.cpp:2620)
==12274==    by 0xCCDEF95: bool KJS::lookupPut<KJS::HTMLElement>(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int, KJS::HashTable const*, KJS::HTMLElement*) (lookup.h:249)
==12274==    by 0xCCDEFF7: void KJS::lookupPut<KJS::HTMLElement, KJS::DOMElement>(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int, KJS::HashTable const*, KJS::HTMLElement*) (lookup.h:265)
==12274==    by 0xCCCCAE5: KJS::HTMLElement::put(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int) (kjs_html.cpp:2393)
==12274==    by 0xD6372CF: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:672)
==12274==    by 0xD5DD3FE: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:927)
==12274==    by 0xD61E575: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:556)
==12274==    by 0xD61E621: KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::JSValue*) (interpreter.cpp:496)
==12274==    by 0xCCF7FD8: KJSProxy::evaluate(QString, int, QString const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:126)
==12274==    by 0xCA57D62: KHTMLPart::executeScript(QString const&, int, DOM::Node const&, QString const&) (khtml_part.cpp:1282)
==12274==    by 0xCB19677: khtml::HTMLTokenizer::scriptExecution(QString const&, QString const&, int) (htmltokenizer.cpp:517)
==12274==    by 0xCB19FB0: khtml::HTMLTokenizer::scriptHandler() (htmltokenizer.cpp:470)
==12274==    by 0xCB1A626: khtml::HTMLTokenizer::parseRawContent(khtml::TokenizerString&) (htmltokenizer.cpp:379)
==12274==    by 0xCB1C021: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1527)
==12274==    by 0xCB1C735: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1798)
==12274==    by 0xCA4A723: KHTMLPart::write(char const*, int) (khtml_part.cpp:2088)
==12274==    by 0xCA4D26D: KHTMLPart::slotData(KIO::Job*, QByteArray const&) (khtml_part.cpp:1740)
==12274==    by 0xCA56236: KHTMLPart::qt_metacall(QMetaObject::Call, int, void**) (khtml_part.moc:277)
==12274==    by 0x5431781: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12274==    by 0x544385B: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3292)
==12274==    by 0x44B5638: KIO::TransferJob::data(KIO::Job*, QByteArray const&) (jobclasses.moc:388)
==12274==    by 0x44B8F5A: KIO::TransferJob::slotData(QByteArray const&) (job.cpp:1003)
==12274==    by 0x44C15FF: KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) (jobclasses.moc:368)
==12274==    by 0x5431781: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12274==    by 0x544385B: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3292)
==12274==    by 0x45694A2: KIO::SlaveInterface::data(QByteArray const&) (slaveinterface.moc:146)
==12274==    by 0x456AFFE: KIO::SlaveInterface::dispatch(int, QByteArray const&) (slaveinterface.cpp:163)
==12274==    by 0x456BC29: KIO::SlaveInterface::dispatch() (slaveinterface.cpp:91)
==12274==    by 0x455EAA3: KIO::Slave::gotInput() (slave.cpp:344)
==12274==    by 0x455FFDA: KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) (slave.moc:82)
==12274==    by 0x5431781: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12274==    by 0x544385B: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (qobject.cpp:3292)
==12274==    by 0x4484E16: KIO::Connection::readyRead() (connection.moc:92)
==12274==    by 0x4485E35: KIO::ConnectionPrivate::dequeue() (connection.cpp:82)
==12274==    by 0x4486CB5: KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) (connection.moc:79)
==12274==    by 0x5431781: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237)
==12274==    by 0x543E25E: QMetaCallEvent::placeMetaCall(QObject*) (qobject.cpp:561)
==12274==    by 0x543FF0C: QObject::event(QEvent*) (qobject.cpp:1245)
==12274==    by 0x5944D65: QApplicationPrivate::notify_helper(QObject*, QEvent*) (qapplication.cpp:4306)
==12274==    by 0x5942625: QApplication::notify(QObject*, QEvent*) (qapplication.cpp:3710)
==12274==    by 0x4CC9E02: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:309)
==12274==    by 0x542AA71: QCoreApplication::notifyInternal(QObject*, QEvent*) (qcoreapplication.cpp:726)
==12274==    by 0x40A4FDD: QCoreApplication::sendEvent(QObject*, QEvent*) (qcoreapplication.h:215)
==12274==    by 0x542BAA5: QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (qcoreapplication.cpp:1364)
==12274==    by 0x542B75E: QCoreApplication::sendPostedEvents(QObject*, int) (qcoreapplication.cpp:1260)
==12274==    by 0x4D91235: QCoreApplication::sendPostedEvents() (qcoreapplication.h:220)
Comment 11 Maksim Orlovich 2010-08-16 16:15:50 UTC 
Urk. The way first-letter works is pretty bad --- if the comments don't lie it relies on a detach(!) of the parent to blow away the pseudo's renderer. That works when restyling the element itself, but blowing away kids doesn't handle it. 

(Also, the "new Effect()" thing doesn't matter, I think --- the problem is still visible in valgrind w/o it)
Comment 12 Maksim Orlovich 2010-08-16 16:32:19 UTC 
*** Bug 209342 has been marked as a duplicate of this bug. ***
Comment 13 Maksim Orlovich 2010-08-16 16:32:28 UTC 
*** Bug 210646 has been marked as a duplicate of this bug. ***
Comment 14 Maksim Orlovich 2010-08-16 16:32:46 UTC 
*** Bug 223079 has been marked as a duplicate of this bug. ***
Comment 15 Maksim Orlovich 2010-08-16 18:44:11 UTC 
SVN commit 1164385 by orlovich:

Fix problems with ghost first-letter RenderTextFragments staying around 
(and keeping dangling pointers w/them) when the inline containing their 
text has changed by keeping a link from the main text's RenderTextFragment 
to the letter's, to permit invalidating it (Stolen from WebCore).

This fixes the crashes, but on change first-letter isn't reapplied properly 
as still keeps a useless anonymous inline wrapper and RenderBlock::updateFirstLetter
isn't smart enough to walk past it or reuse it. 

BUG: 161989


 M  +2 -0      render_block.cpp  
 M  +24 -3     render_text.cpp  
 M  +12 -2     render_text.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1164385
Comment 16 Maksim Orlovich 2010-08-16 18:48:16 UTC 
SVN commit 1164387 by orlovich:

Merged revision:r1164385 | orlovich | 2010-08-16 12:47:57 -0400 (Mon, 16 Aug 2010) | 11 lines

Fix problems with ghost first-letter RenderTextFragments staying around 
(and keeping dangling pointers w/them) when the inline containing their 
text has changed by keeping a link from the main text's RenderTextFragment 
to the letter's, to permit invalidating it (Stolen from WebCore).

This fixes the crashes, but on change first-letter isn't reapplied properly 
as still keeps a useless anonymous inline wrapper and RenderBlock::updateFirstLetter
isn't smart enough to walk past it or reuse it. 

BUG: 161989

 M  +2 -0      render_block.cpp  
 M  +24 -3     render_text.cpp  
 M  +12 -2     render_text.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1164387
Comment 17 Martin Koller 2011-05-21 00:20:30 UTC 
*** Bug 145635 has been marked as a duplicate of this bug. ***