Bug 213606

Summary: Segfault opening the url "http://www.androidiani.com/forum/android-caf/5001-maemo-vs-android.html"
Product: [Applications] konqueror Reporter: dharman <dharman>
Component: khtml ecmaAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED WORKSFORME    
Severity: crash CC: dieselmachine, dingaopaicandu, Regnaron
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Unlisted Binaries   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description dharman 2009-11-07 22:07:09 UTC 
Application that crashed: konqueror
Version of the application: 4.3.2 (KDE 4.3.2)
KDE Version: 4.3.2 (KDE 4.3.2)
Qt Version: 4.5.2
Operating System: Linux 2.6.31-14-generic x86_64
Distribution: Ubuntu 9.10

What I was doing when the application crashed:
Konqueror immediately crash every time I try to open the url "http://www.androidiani.com/forum/android-caf/5001-maemo-vs-android.html"

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f95a39c1750 (LWP 28918))]

Thread 3 (Thread 0x7f958509e910 (LWP 28966)):
#0  0x00007f95a017982d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f95a33ff462 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f95a33f54f2 in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f95a33fe445 in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f95a0174a04 in start_thread () from /lib/libpthread.so.0
#5  0x00007f95a0d547bd in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 2 (Thread 0x7f95868c5910 (LWP 29008)):
#0  0x00007f95a017982d in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f95a33ff462 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f95a33f54f2 in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f95a33fe445 in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f95a0174a04 in start_thread () from /lib/libpthread.so.0
#5  0x00007f95a0d547bd in clone () from /lib/libc.so.6
#6  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f95a39c1750 (LWP 28918)):
[KCrash Handler]
#5  0x00007f958fa951b7 in ?? () from /usr/lib/libkjs.so.4
#6  0x00007f958faaa7fc in ?? () from /usr/lib/libkjs.so.4
#7  0x00007f958fa9ab26 in ?? () from /usr/lib/libkjs.so.4
#8  0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#9  0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#10 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#11 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#12 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#13 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#14 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#15 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#16 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#17 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#18 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#19 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#20 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#21 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#22 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#23 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#24 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#25 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#26 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#27 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#28 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#29 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#30 0x00007f958fad04da in ?? () from /usr/lib/libkjs.so.4
#31 0x00007f958fab098a in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#32 0x00007f958fab4249 in KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib/libkjs.so.4
#33 0x00007f9590186893 in ?? () from /usr/lib/libkhtml.so.5
#34 0x00007f959019024a in ?? () from /usr/lib/libkhtml.so.5
#35 0x00007f95901918f8 in ?? () from /usr/lib/libkhtml.so.5
#36 0x00007f9590192e8d in ?? () from /usr/lib/libkhtml.so.5
#37 0x00007f95a34f9ddc in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQtCore.so.4
#38 0x00007f95a300baf2 in KJob::result(KJob*) () from /usr/lib/libkdecore.so.5
#39 0x00007f95a300be6f in KJob::emitResult() () from /usr/lib/libkdecore.so.5
#40 0x00007f95a25bfd93 in KIO::SimpleJob::slotFinished() () from /usr/lib/libkio.so.5
#41 0x00007f95a25c0253 in KIO::TransferJob::slotFinished() () from /usr/lib/libkio.so.5
#42 0x00007f95a25beb61 in KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#43 0x00007f95a34f9ddc in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQtCore.so.4
#44 0x00007f95a2680a81 in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /usr/lib/libkio.so.5
#45 0x00007f95a267d333 in KIO::SlaveInterface::dispatch() () from /usr/lib/libkio.so.5
#46 0x00007f95a267014d in KIO::Slave::gotInput() () from /usr/lib/libkio.so.5
#47 0x00007f95a267226c in KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#48 0x00007f95a34f9ddc in QMetaObject::activate(QObject*, int, int, void**) () from /usr/lib/libQtCore.so.4
#49 0x00007f95a258cf57 in ?? () from /usr/lib/libkio.so.5
#50 0x00007f95a258d07d in KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libkio.so.5
#51 0x00007f95a34f40f9 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#52 0x00007f95a1494efc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#53 0x00007f95a149c1ce in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#54 0x00007f95a20cbab6 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#55 0x00007f95a34e4c2c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#56 0x00007f95a34e580a in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#57 0x00007f95a350d533 in ?? () from /usr/lib/libQtCore.so.4
#58 0x00007f95a03c5bbe in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#59 0x00007f95a03c9588 in ?? () from /lib/libglib-2.0.so.0
#60 0x00007f95a03c96b0 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#61 0x00007f95a350d1a6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#62 0x00007f95a15294be in ?? () from /usr/lib/libQtGui.so.4
#63 0x00007f95a34e3532 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#64 0x00007f95a34e3904 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#65 0x00007f95a34e5ab9 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#66 0x00007f95977b8e26 in kdemain () from /usr/lib/libkdeinit4_konqueror.so
#67 0x0000000000406da8 in _start ()

Reported using DrKonqi
Comment 1 Tommi Tervo 2009-11-07 22:20:11 UTC 
Thread 1 (Thread 0xb5041ac0 (LWP 29212)):
[KCrash Handler]
#6  0xb2fdf783 in KJS::RegExp::match (this=0x89ce2f8, s=..., error=0xbfa10bff, i=5, pos=0xbfa10bf8, ovector=0xbfa10bf4) at /home/teve/kde/kdelibs/kjs/regexp.cpp:414
#7  0xb2ff72e0 in KJS::RegExpObjectImp::performMatch (this=0xb12d0640, r=0x89ce2f8, exec=0xbfa11284, s=..., startOffset=5, endOffset=0xbfa10d50, ovector=0xbfa10d3c)
    at /home/teve/kde/kdelibs/kjs/regexp_object.cpp:254
#8  0xb2fe5e53 in replace (replacement=<value optimized out>, pattern=<value optimized out>, source=<value optimized out>, exec=<value optimized out>)
    at /home/teve/kde/kdelibs/kjs/string_object.cpp:369
#9  KJS::StringProtoFunc::callAsFunction (replacement=<value optimized out>, pattern=<value optimized out>, source=<value optimized out>, exec=<value optimized out>)
    at /home/teve/kde/kdelibs/kjs/string_object.cpp:611
#10 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa11284, thisObj=0xb1093940, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#11 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa11284, codeBlock=..., parentExec=0xbfa11704) at codes.def:1192
#12 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d9b20, exec=0xbfa11704, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#13 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa11704, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#14 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa11704, codeBlock=..., parentExec=0xbfa11b84) at codes.def:1192
#15 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d8f20, exec=0xbfa11b84, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#16 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa11b84, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#17 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa11b84, codeBlock=..., parentExec=0xbfa12004) at codes.def:1192
#18 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d7ea0, exec=0xbfa12004, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#19 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa12004, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#20 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa12004, codeBlock=..., parentExec=0xbfa12484) at codes.def:1192
#21 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d7e60, exec=0xbfa12484, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#22 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa12484, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#23 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa12484, codeBlock=..., parentExec=0xbfa12904) at codes.def:1192
#24 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d7b60, exec=0xbfa12904, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#25 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa12904, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#26 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa12904, codeBlock=..., parentExec=0xbfa12d84) at codes.def:1192
#27 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d7a20, exec=0xbfa12d84, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#28 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa12d84, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#29 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa12d84, codeBlock=..., parentExec=0xbfa13204) at codes.def:1192
#30 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb11d79e0, exec=0xbfa13204, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#31 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0xbfa13204, thisObj=0xb11d6ec0, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#32 0xb301f9da in KJS::Machine::runBlock (exec=0xbfa13204, codeBlock=..., parentExec=0x82d7a70) at codes.def:1192
#33 0xb2ffdecb in KJS::FunctionImp::callAsFunction (this=0xb10997a0, exec=0x82d7a70, thisObj=0xb12e0040, args=...) at /home/teve/kde/kdelibs/kjs/function.cpp:144
#34 0xb3001aed in KJS::JSObject::call (this=0x5, exec=0x82d7a70, thisObj=0xb12e0040, args=...) at /home/teve/kde/kdelibs/kjs/object.cpp:69
#35 0xb33f4d37 in KJS::JSEventListener::handleEvent (this=0x88c0a10, evt=...) at /home/teve/kde/kdelibs/khtml/ecma/kjs_events.cpp:106
#36 0xb33fd97b in KJS::XMLHttpRequest::changeState (this=0xb12e0040, newState=XHRS_Loaded) at /home/teve/kde/kdelibs/khtml/ecma/xmlhttprequest.cpp:351
#37 0xb33ff3e4 in KJS::XMLHttpRequest::slotFinished (this=0xb12e0040) at /home/teve/kde/kdelibs/khtml/ecma/xmlhttprequest.cpp:725
#38 0xb3400632 in slotFinished (job=0x0, this=0x88b11e0) at /home/teve/kde/kdelibs/khtml/ecma/xmlhttprequest.cpp:93
#39 KJS::XMLHttpRequestQObject::qt_metacall (job=0x0, this=0x88b11e0) at /home/teve/kde/klb/khtml/xmlhttprequest.moc:78
#40 0xb683900c in QMetaObject::metacall (object=0x88b11e0, cl=InvokeMetaMethod, idx=5, argv=0xbfa13538) at /home/teve/kde/kde-qt/src/corelib/kernel/qmetaobject.cpp:237
#41 0xb684d058 in QMetaObject::activate (sender=0x88b0908, m=0xb6cabc28, local_signal_index=3, argv=0xbfa13538) at /home/teve/kde/kde-qt/src/corelib/kernel/qobject.cpp:3398
#42 0xb6b08e13 in KJob::result (this=0x88b0908, _t1=0x88b0908) at /home/teve/kde/klb/kdecore/kjob.moc:194
#43 0xb6b09169 in KJob::emitResult (this=0x88b0908) at /home/teve/kde/kdelibs/kdecore/jobs/kjob.cpp:304
#44 0xb738f320 in KIO::SimpleJob::slotFinished (this=0x88b0908) at /home/teve/kde/kdelibs/kio/kio/job.cpp:475
#45 0xb738f83a in KIO::TransferJob::slotFinished (this=0x88b0908) at /home/teve/kde/kdelibs/kio/kio/job.cpp:975
#46 0xb738d733 in KIO::TransferJob::qt_metacall (this=0x88b0908, _c=InvokeMetaMethod, _id=47, _a=0xbfa13798) at /home/teve/kde/klb/kio/jobclasses.moc:367
#47 0xb683900c in QMetaObject::metacall (object=0x88b0908, cl=InvokeMetaMethod, idx=47, argv=0xbfa13798) at /home/teve/kde/kde-qt/src/corelib/kernel/qmetaobject.cpp:237
#48 0xb684d058 in QMetaObject::activate (sender=0x879d0f8, m=0xb755f384, local_signal_index=4, argv=0x0) at /home/teve/kde/kde-qt/src/corelib/kernel/qobject.cpp:3398
#49 0xb7456f17 in KIO::SlaveInterface::finished (this=0x879d0f8) at /home/teve/kde/klb/kio/slaveinterface.moc:171
#50 0xb745a1fd in KIO::SlaveInterface::dispatch (this=0x879d0f8, _cmd=104, rawdata=...) at /home/teve/kde/kdelibs/kio/kio/slaveinterface.cpp:175
#51 0xb74573d3 in KIO::SlaveInterface::dispatch (this=0x879d0f8) at /home/teve/kde/kdelibs/kio/kio/slaveinterface.cpp:91
#52 0xb744a300 in KIO::Slave::gotInput (this=0x879d0f8) at /home/teve/kde/kdelibs/kio/kio/slave.cpp:320
#53 0xb744aa43 in KIO::Slave::qt_metacall (this=0x879d0f8, _c=InvokeMetaMethod, _id=30, _a=0xbfa13aa8) at /home/teve/kde/klb/kio/slave.moc:82
#54 0xb683900c in QMetaObject::metacall (object=0x879d0f8, cl=InvokeMetaMethod, idx=30, argv=0xbfa13aa8) at /home/teve/kde/kde-qt/src/corelib/kernel/qmetaobject.cpp:237
#55 0xb684d058 in QMetaObject::activate (sender=0x879cb48, m=0xb755bcc0, local_signal_index=0, argv=0x0) at /home/teve/kde/kde-qt/src/corelib/kernel/qobject.cpp:3398
#56 0xb7358d17 in KIO::Connection::readyRead (this=0x879cb48) at /home/teve/kde/klb/kio/connection.moc:92
#57 0xb735b0ae in KIO::ConnectionPrivate::dequeue (this=0x869ec18) at /home/teve/kde/kdelibs/kio/kio/connection.cpp:82
#58 0xb735b1de in KIO::Connection::qt_metacall (this=0x879cb48, _c=InvokeMetaMethod, _id=5, _a=0x88c98c0) at /home/teve/kde/klb/kio/connection.moc:79
#59 0xb683900c in QMetaObject::metacall (object=0x879cb48, cl=InvokeMetaMethod, idx=5, argv=0x88c98c0) at /home/teve/kde/kde-qt/src/corelib/kernel/qmetaobject.cpp:237
#60 0xb6846e8f in QMetaCallEvent::placeMetaCall (this=0x881c2b8, object=0x879cb48) at /home/teve/kde/kde-qt/src/corelib/kernel/qobject.cpp:562
#61 0xb6849167 in QObject::event (this=0x879cb48, e=0x881c2b8) at /home/teve/kde/kde-qt/src/corelib/kernel/qobject.cpp:1246
#62 0xb5ba349a in QApplicationPrivate::notify_helper (this=0x8068b08, receiver=0x879cb48, e=0x881c2b8) at /home/teve/kde/kde-qt/src/gui/kernel/qapplication.cpp:4251
#63 0xb5ba10fa in QApplication::notify (this=0xbfa145c0, receiver=0x879cb48, e=0x881c2b8) at /home/teve/kde/kde-qt/src/gui/kernel/qapplication.cpp:3676
#64 0xb6f061ba in KApplication::notify (this=0xbfa145c0, receiver=0x879cb48, event=0x881c2b8) at /home/teve/kde/kdelibs/kdeui/kernel/kapplication.cpp:302
#65 0xb6831a79 in QCoreApplication::notifyInternal (this=0xbfa145c0, receiver=0x879cb48, event=0x881c2b8) at /home/teve/kde/kde-qt/src/corelib/kernel/qcoreapplication.cpp:704
#66 0xb6835551 in QCoreApplication::sendEvent (receiver=0x879cb48, event=0x881c2b8) at ../../include/QtCore/../../../kde-qt/src/corelib/kernel/qcoreapplication.h:215
#67 0xb6832b2d in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x8051f28) at /home/teve/kde/kde-qt/src/corelib/kernel/qcoreapplication.cpp:1345
#68 0xb68327e5 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/teve/kde/kde-qt/src/corelib/kernel/qcoreapplication.cpp:1238
#69 0xb68698ba in QCoreApplication::sendPostedEvents () at ../../include/QtCore/../../../kde-qt/src/corelib/kernel/qcoreapplication.h:220
#70 0xb68681a8 in postEventSourceDispatch (s=0x806af10) at /home/teve/kde/kde-qt/src/corelib/kernel/qeventdispatcher_glib.cpp:276
#71 0xb535e4c2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#72 0xb5361d98 in ?? () from /usr/lib/libglib-2.0.so.0
#73 0xb5361ebe in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#74 0xb68691a4 in QEventDispatcherGlib::processEvents (this=0x8051998, flags=...) at /home/teve/kde/kde-qt/src/corelib/kernel/qeventdispatcher_glib.cpp:407
#75 0xb5c6cdf0 in QGuiEventDispatcherGlib::processEvents (this=0x8051998, flags=...) at /home/teve/kde/kde-qt/src/gui/kernel/qguieventdispatcher_glib.cpp:202
#76 0xb682eedb in QEventLoop::processEvents (this=0xbfa1440c, flags=...) at /home/teve/kde/kde-qt/src/corelib/kernel/qeventloop.cpp:149
#77 0xb682f020 in QEventLoop::exec (this=0xbfa1440c, flags=...) at /home/teve/kde/kde-qt/src/corelib/kernel/qeventloop.cpp:201
#78 0xb6832155 in QCoreApplication::exec () at /home/teve/kde/kde-qt/src/corelib/kernel/qcoreapplication.cpp:981
#79 0xb5ba0d72 in QApplication::exec () at /home/teve/kde/kde-qt/src/gui/kernel/qapplication.cpp:3590
#80 0xb7712f0f in kdemain (argc=1, argv=0xbfa148c4) at /home/teve/kde/kdebase/apps/konqueror/src/konqmain.cpp:257
#81 0x0804879b in main (argc=1, argv=0xbfa148c4) at /home/teve/kde/kbb/apps/konqueror/src/konqueror_dummy.cpp:3
Comment 2 Tommi Tervo 2009-11-07 22:36:18 UTC 
trunk r1044007, without arena allocator:

==29239== Invalid write of size 4
==29239==    at 0x9F6E260: khtml::InlineFlowBox::removeFromLine(khtml::InlineBox*) (render_line.cpp:238)
==29239==    by 0x9F6E2BB: khtml::InlineBox::remove() (render_line.cpp:76)
==29239==    by 0x9F6EEE7: khtml::InlineBox::detach(khtml::RenderArena*, bool) (render_line.cpp:81)
==29239==    by 0x9F6D576: khtml::InlineBox::deleteLine(khtml::RenderArena*) (render_line.cpp:255)
==29239==    by 0x9F6D4D6: khtml::InlineFlowBox::deleteLine(khtml::RenderArena*) (render_line.cpp:209)
==29239==    by 0x9EFCDEE: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1460)
==29239==    by 0x9F07696: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:833)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F3C6B2: khtml::RenderTableCell::layout() (render_table.cpp:2527)
==29239==    by 0x9F3FBA1: khtml::RenderTableRow::layout() (render_table.cpp:2308)
==29239==    by 0x9F1FE72: khtml::RenderContainer::layout() (render_object.h:479)
==29239==    by 0x9F431E3: khtml::RenderTable::layout() (render_table.cpp:347)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F3C6B2: khtml::RenderTableCell::layout() (render_table.cpp:2527)
==29239==    by 0x9F3FBA1: khtml::RenderTableRow::layout() (render_table.cpp:2308)
==29239==    by 0x9F1FE72: khtml::RenderContainer::layout() (render_object.h:479)
==29239==    by 0x9F431E3: khtml::RenderTable::layout() (render_table.cpp:347)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F3C6B2: khtml::RenderTableCell::layout() (render_table.cpp:2527)
==29239==    by 0x9F3FBA1: khtml::RenderTableRow::layout() (render_table.cpp:2308)
==29239==  Address 0xbb94f9c is 36 bytes inside a block of size 72 free'd
==29239==    at 0x40268A6: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==29239==    by 0x9F30A7F: khtml::RenderArena::free(unsigned int, void*) (render_arena.cpp:122)
==29239==    by 0x9F30280: khtml::InlineTextBox::detach(khtml::RenderArena*, bool) (render_text.cpp:83)
==29239==    by 0x9F2C194: khtml::InlineTextBox::deleteLine(khtml::RenderArena*) (render_text.cpp:601)
==29239==    by 0x9F6D4D6: khtml::InlineFlowBox::deleteLine(khtml::RenderArena*) (render_line.cpp:209)
==29239==    by 0x9EFCDEE: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1460)
==29239==    by 0x9F07696: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:833)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F3C6B2: khtml::RenderTableCell::layout() (render_table.cpp:2527)
==29239==    by 0x9F3FBA1: khtml::RenderTableRow::layout() (render_table.cpp:2308)
==29239==    by 0x9F1FE72: khtml::RenderContainer::layout() (render_object.h:479)
==29239==    by 0x9F431E3: khtml::RenderTable::layout() (render_table.cpp:347)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F07988: khtml::RenderBlock::layout() (render_block.cpp:736)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F3C6B2: khtml::RenderTableCell::layout() (render_table.cpp:2527)
==29239==    by 0x9F3FBA1: khtml::RenderTableRow::layout() (render_table.cpp:2308)
==29239==    by 0x9F1FE72: khtml::RenderContainer::layout() (render_object.h:479)
==29239==    by 0x9F431E3: khtml::RenderTable::layout() (render_table.cpp:347)
==29239==    by 0x9F06D42: khtml::RenderBlock::layoutBlockChildren(bool) (render_object.h:479)
==29239==    by 0x9F074A4: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:835)
==29239==    by 0x9F3C6B2: khtml::RenderTableCell::layout() (render_table.cpp:2527)
==29239==    by 0x9F3FBA1: khtml::RenderTableRow::layout() (render_table.cpp:2308)
==29239==
==29239== Invalid read of size 4
==29239==    at 0xA357783: KJS::RegExp::match(KJS::UString const&, bool*, int, int*, int**) (regexp.cpp:414)
==29239==    by 0xA36F2DF: KJS::RegExpObjectImp::performMatch(KJS::RegExp*, KJS::ExecState*, KJS::UString const&, int, int*, int**) (regexp_object.cpp:254)
==29239==    by 0xA35DE52: KJS::StringProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (string_object.cpp:369)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA35E024: KJS::StringProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (string_object.cpp:393)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA35E024: KJS::StringProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (string_object.cpp:393)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==    by 0xA375ECA: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:144)
==29239==    by 0xA379AEC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:69)
==29239==    by 0xA3979D9: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==29239==  Address 0x1c is not stack'd, malloc'd or (recently) free'd
Comment 3 Oliver Putz 2010-02-03 16:35:10 UTC 
Looks pretty similar to bug #225332 (which has a minimal testcase attached)
Comment 4 Maksim Orlovich 2010-05-29 17:44:08 UTC 
*** Bug 239957 has been marked as a duplicate of this bug. ***
Comment 5 Maksim Orlovich 2010-06-05 20:04:16 UTC 
SVN commit 1134920 by orlovich:

Fix problems with reentry of operations on the same regexp object
from helper JS functions passed to its ops, by properly separating out 
per-match state out of RegExp.

BUG:225332
CCBUG: 213606
(#213606 no longer crashes, but I am concerned about an another warning in the vg log there)



 M  +20 -23    regexp.cpp  
 M  +27 -16    regexp.h  
 M  +7 -5      regexp_object.cpp  
 M  +2 -1      regexp_object.h  
 M  +11 -12    string_object.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1134920
Comment 6 Justin Zobel 2020-12-17 05:37:39 UTC 
Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 7 Bug Janitor Service 2021-01-01 04:34:16 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 8 Bug Janitor Service 2021-01-16 04:33:49 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!