Bug 277627

Summary: konqueror crashes while executing javascript library
Product: [Applications] konqueror Reporter: Fabio Erculiani <lxnay>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED DUPLICATE    
Severity: crash CC: aiacovitti, andreas_nordal_4, kevin.l.hobbs, kollix, widearc
Priority: NOR    
Version: 4.8.5   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: example HTML page making konqi crash
New crash information added by DrKonqi

Description Fabio Erculiani 2011-07-12 14:21:29 UTC 
Application: konqueror (4.6.4 (4.6.4))
KDE Platform Version: 4.6.4 (4.6.4)
Qt Version: 4.7.3
Operating System: Linux 2.6.39-sabayon x86_64
Distribution (Platform): Gentoo Packages

-- Information about the crash:
Konqueror was loading this JS:

this.eFrame = IFrameHandler.getFrameWindow(frameName,true,mySrc);
if (document.domain == document.location.host) {
    this.eFrame.document.open();
    this.eFrame.document.write(evalFunction);
    this.eFrame.document.close();
    this.ready = true;
}

and can get the same result (since getFrameWindow is not described here) with:

<head>
</head>

<body>
  <script>
  var evalFunction = "<sc"+"ript>window.evalProxy = function(param){eval(param);};</sc"+"ript>";
  
  var _body = document.getElementsByTagName("BODY")[0];
  var iFrame = document.createElement("iframe");
  iFrame.style.visibility = "hidden";
  iFrame.style.height = "0px";
  iFrame.style.width = "0px";
  iFrame.name = "HAI";
  iFrame.id = "HAI";
  _body.appendChild(iFrame);
  iFrame.src = "about:blank";
  
  var eFrame = iFrame.contentWindow;

  
  eFrame.document.open();
  eFrame.document.write(evalFunction);
  eFrame.document.close();
  
  
  
  </script>
</body>

The crash can be reproduced every time.

-- Backtrace:
Application: Konqueror (konqueror), signal: Segmentation fault
[KCrash Handler]
#6  0x00007f18d1570b3b in khtml::HTMLTokenizer::scriptHandler() () from /usr/lib64/libkhtml.so.5
#7  0x00007f18d1572182 in khtml::HTMLTokenizer::parseRawContent(khtml::TokenizerString&) () from /usr/lib64/libkhtml.so.5
#8  0x00007f18d1574e88 in khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) () from /usr/lib64/libkhtml.so.5
#9  0x00007f18d1575905 in khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) () from /usr/lib64/libkhtml.so.5
#10 0x00007f18d152014e in DOM::DocumentImpl::write(QString const&) () from /usr/lib64/libkhtml.so.5
#11 0x00007f18d16e316b in KJS::HTMLDocFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkhtml.so.5
#12 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#13 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#14 0x00007f18d0b69f8e in KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#15 0x00007f18d0b8b13f in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#16 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#17 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#18 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#19 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#20 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#21 0x00007f18d0b5441d in KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#22 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#23 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#24 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#25 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#26 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#27 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#28 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#29 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#30 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#31 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#32 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#33 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#34 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#35 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#36 0x00007f18d0b5441d in KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#37 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#38 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#39 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#40 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#41 0x00007f18d0b8a849 in KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0ul> const&, KJS::ExecState*) () from /usr/lib64/libkjs.so.4
#42 0x00007f18d0b6b46b in KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) () from /usr/lib64/libkjs.so.4
#43 0x00007f18d17279f9 in KJS::JSEventListener::handleEvent(DOM::Event&) () from /usr/lib64/libkhtml.so.5
#44 0x00007f18d1554b5c in DOM::EventTargetImpl::handleLocalEvents(DOM::EventImpl*, bool) () from /usr/lib64/libkhtml.so.5
#45 0x00007f18d152dff0 in DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) () from /usr/lib64/libkhtml.so.5
#46 0x00007f18d152e22e in DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) () from /usr/lib64/libkhtml.so.5
#47 0x00007f18d152fb2a in DOM::NodeImpl::dispatchHTMLEvent(int, bool, bool) () from /usr/lib64/libkhtml.so.5
#48 0x00007f18d1580faf in DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*) () from /usr/lib64/libkhtml.so.5
#49 0x00007f18d1690a1f in khtml::CachedScript::checkNotify() () from /usr/lib64/libkhtml.so.5
#50 0x00007f18d1690bcc in khtml::CachedScript::data(QBuffer&, bool) () from /usr/lib64/libkhtml.so.5
#51 0x00007f18d1690f27 in khtml::Loader::slotFinished(KJob*) () from /usr/lib64/libkhtml.so.5
#52 0x00007f18d16913b3 in khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkhtml.so.5
#53 0x00007f18e33d82ff in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#54 0x00007f18e38344a2 in KJob::result(KJob*) () from /usr/lib64/libkdecore.so.5
#55 0x00007f18e38344e0 in KJob::emitResult() () from /usr/lib64/libkdecore.so.5
#56 0x00007f18e458299d in KIO::SimpleJob::slotFinished() () from /usr/lib64/libkio.so.5
#57 0x00007f18e4587af2 in KIO::TransferJob::slotFinished() () from /usr/lib64/libkio.so.5
#58 0x00007f18e458c171 in KIO::TransferJob::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkio.so.5
#59 0x00007f18e33d82ff in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#60 0x00007f18e462bd81 in KIO::SlaveInterface::dispatch(int, QByteArray const&) () from /usr/lib64/libkio.so.5
#61 0x00007f18e4628cb3 in KIO::SlaveInterface::dispatch() () from /usr/lib64/libkio.so.5
#62 0x00007f18e461c426 in KIO::Slave::gotInput() () from /usr/lib64/libkio.so.5
#63 0x00007f18e461ca3c in KIO::Slave::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkio.so.5
#64 0x00007f18e33d82ff in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/qt4/libQtCore.so.4
#65 0x00007f18e4553c77 in KIO::ConnectionPrivate::dequeue() () from /usr/lib64/libkio.so.5
#66 0x00007f18e4553d2d in KIO::Connection::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib64/libkio.so.5
#67 0x00007f18e33d7dfa in QObject::event(QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#68 0x00007f18e252de64 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#69 0x00007f18e2532a2a in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/qt4/libQtGui.so.4
#70 0x00007f18e3e1d806 in KApplication::notify(QObject*, QEvent*) () from /usr/lib64/libkdeui.so.5
#71 0x00007f18e33c3acc in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/qt4/libQtCore.so.4
#72 0x00007f18e33c72c5 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib64/qt4/libQtCore.so.4
#73 0x00007f18e33ee9e3 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () from /usr/lib64/qt4/libQtCore.so.4
#74 0x00007f18de34f633 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#75 0x00007f18de34fe10 in g_main_context_iterate.clone.6 () from /usr/lib64/libglib-2.0.so.0
#76 0x00007f18de3500ad in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#77 0x00007f18e33eeb7f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#78 0x00007f18e25d338e in ?? () from /usr/lib64/qt4/libQtGui.so.4
#79 0x00007f18e33c2e82 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#80 0x00007f18e33c30cc in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/qt4/libQtCore.so.4
#81 0x00007f18e33c757b in QCoreApplication::exec() () from /usr/lib64/qt4/libQtCore.so.4
#82 0x00007f18e5c3f47a in kdemain () from /usr/lib64/libkdeinit4_konqueror.so
#83 0x00007f18e583ccdd in __libc_start_main () from /lib64/libc.so.6
#84 0x0000000000400799 in _start ()

Possible duplicates by query: bug 274304, bug 265478, bug 258847, bug 258832, bug 256123.

Reported using DrKonqi
Comment 1 Martin Koller 2011-07-15 06:22:42 UTC 
Can reproduce with 4.6.5. Due to above line break, the example file is attached now.
Backtrace:

Application: Konqueror (konqueror), signal: Segmentation fault
[KCrash Handler]
#7  khtml::HTMLTokenizer::scriptHandler (this=0x8d06d28) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:485
#8  0xb20acc01 in khtml::HTMLTokenizer::parseRawContent (this=0x8d06d28, src=...) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:379
#9  0xb20aff3c in khtml::HTMLTokenizer::parseTag (this=0x8d06d28, src=...) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:1527
#10 0xb20b05a6 in khtml::HTMLTokenizer::write (this=0x8d06d28, str=..., appendData=false) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:1798
#11 0xb2055c32 in DOM::DocumentImpl::write (this=0x8d04208, text=...) at /usr/src/debug/kdelibs-4.6.5/khtml/xml/dom_docimpl.cpp:1687
#12 0xb223caf7 in KJS::HTMLDocFunction::callAsFunction (this=0xafb71a40, exec=0xbfcad0fc, thisObj=0xbfcacce0, args=...) at /usr/src/debug/kdelibs-4.6.5/khtml/ecma/kjs_html.cpp:135
#13 0xb1dd5ccb in call (exec=0xbfcad0fc, codeBlock=..., parentExec=0x0) at /usr/src/debug/kdelibs-4.6.5/kjs/object.h:626
#14 KJS::Machine::runBlock (exec=0xbfcad0fc, codeBlock=..., parentExec=0x0) at codes.def:1223
#15 0xb1d8904c in KJS::FunctionBodyNode::execute (this=0x8cc8aa8, exec=0xbfcad0fc) at /usr/src/debug/kdelibs-4.6.5/kjs/nodes.cpp:927
#16 0xb1dbc880 in KJS::Interpreter::evaluate (this=0x8c51a98, sourceURL=..., startingLineNumber=4, code=0x8cc69a8, codeLength=543, thisV=0xafb80000)
    at /usr/src/debug/kdelibs-4.6.5/kjs/interpreter.cpp:564
#17 0xb1dbca3a in KJS::Interpreter::evaluate (this=0x8c51a98, sourceURL=..., startingLineNumber=4, code=..., thisV=0xafb80000) at /usr/src/debug/kdelibs-4.6.5/kjs/interpreter.cpp:504
#18 0xb2268933 in KJSProxy::evaluate (this=0x8c554a0, filename=..., baseLine=0, str=..., n=..., completion=0xbfcad2fc) at /usr/src/debug/kdelibs-4.6.5/khtml/ecma/kjs_proxy.cpp:126
#19 0xb1fd2ad3 in KHTMLPart::executeScript (this=0x8b17518, filename=..., baseLine=-1, n=..., script=...) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:1279
#20 0xb20a7903 in khtml::HTMLTokenizer::scriptExecution (this=0x8c39240, str=..., scriptURL=..., baseLine=0) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:517
#21 0xb20ab172 in khtml::HTMLTokenizer::scriptHandler (this=0x8c39240) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:470
#22 0xb20acc01 in khtml::HTMLTokenizer::parseRawContent (this=0x8c39240, src=...) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:379
#23 0xb20aff3c in khtml::HTMLTokenizer::parseTag (this=0x8c39240, src=...) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:1527
#24 0xb20b05a6 in khtml::HTMLTokenizer::write (this=0x8c39240, str=..., appendData=true) at /usr/src/debug/kdelibs-4.6.5/khtml/html/htmltokenizer.cpp:1798
#25 0xb1fd349b in KHTMLPart::write (this=0x8b17518, data=
    0x8c3e6d0 "<head>\n</head>\n\n<body>\n  <script>\n  var evalFunction = \"<sc\"+\"ript>window.evalProxy = function(param){eval(param);};</sc\"+\"ript>\";\n\n  var _body = document.getElementsByTagName(\"BODY\")[0];\n  var iFrame"..., len=<value optimized out>) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:2093
#26 0xb1fc910e in KHTMLPart::slotData (this=0x8b17518, kio_job=0x8c151e8, data=...) at /usr/src/debug/kdelibs-4.6.5/khtml/khtml_part.cpp:1741
#27 0xb1ff63d4 in KHTMLPart::qt_metacall (this=0x8b17518, _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbfcada94) at /usr/src/debug/kdelibs-4.6.5/build/khtml/khtml_part.moc:278
#28 0xb686c5fd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#29 0xb687c7fc in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#30 0xb7164c3d in KIO::TransferJob::data (this=0x8c151e8, _t1=0x8c151e8, _t2=...) at /usr/src/debug/kdelibs-4.6.5/build/kio/jobclasses.moc:388
#31 0xb7164ca8 in KIO::TransferJob::slotData (this=0x8c151e8, _data=...) at /usr/src/debug/kdelibs-4.6.5/kio/kio/job.cpp:1012
#32 0xb726c803 in KIO::TransferJob::qt_metacall (this=0x8c151e8, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbfcadc28)
    at /usr/src/debug/kdelibs-4.6.5/build/kio/jobclasses.moc:368
#33 0xb686c5fd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#34 0xb687c7fc in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#35 0xb7179fb5 in KIO::SlaveInterface::data (this=0x8c273c0, _t1=...) at /usr/src/debug/kdelibs-4.6.5/build/kio/slaveinterface.moc:146
#36 0xb72aa478 in KIO::SlaveInterface::dispatch (this=0x8c273c0, _cmd=100, rawdata=...) at /usr/src/debug/kdelibs-4.6.5/kio/kio/slaveinterface.cpp:161
#37 0xb723b0fa in KIO::SlaveInterface::dispatch (this=0x8c273c0) at /usr/src/debug/kdelibs-4.6.5/kio/kio/slaveinterface.cpp:89
#38 0xb723a058 in KIO::Slave::gotInput (this=0x8c273c0) at /usr/src/debug/kdelibs-4.6.5/kio/kio/slave.cpp:348
#39 0xb723f95c in KIO::Slave::qt_metacall (this=0x8c273c0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbfcadf0c) at /usr/src/debug/kdelibs-4.6.5/build/kio/slave.moc:82
#40 0xb686c5fd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#41 0xb687c7fc in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#42 0xb715b275 in KIO::Connection::readyRead (this=0x8c09990) at /usr/src/debug/kdelibs-4.6.5/build/kio/connection.moc:92
#43 0xb723f6ca in KIO::ConnectionPrivate::dequeue (this=0x8ae77f0) at /usr/src/debug/kdelibs-4.6.5/kio/kio/connection.cpp:82
#44 0xb723f79f in KIO::Connection::qt_metacall (this=0x8c09990, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x88c9118) at /usr/src/debug/kdelibs-4.6.5/build/kio/connection.moc:79
#45 0xb686c5fd in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#46 0xb68770e5 in QMetaCallEvent::placeMetaCall(QObject*) () from /usr/lib/libQtCore.so.4
#47 0xb687b37f in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#48 0xb5cfb6e4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#49 0xb5d044a7 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#50 0xb6d9a0f1 in KApplication::notify (this=0xbfcae930, receiver=0x8c09990, event=0x8ba5010) at /usr/src/debug/kdelibs-4.6.5/kdeui/kernel/kapplication.cpp:311
#51 0xb6865d5e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#52 0xb6869aec in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQtCore.so.4
#53 0xb6869c3c in QCoreApplication::sendPostedEvents(QObject*, int) () from /usr/lib/libQtCore.so.4
#54 0xb68943b4 in ?? () from /usr/lib/libQtCore.so.4
#55 0xb53fbb49 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#56 0xb53fc350 in ?? () from /usr/lib/libglib-2.0.so.0
#57 0xb53fc60e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#58 0xb689453b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#59 0xb5db21ca in ?? () from /usr/lib/libQtGui.so.4
#60 0xb686503d in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#61 0xb6865269 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#62 0xb6869d10 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#63 0xb5cf93e4 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#64 0xb782b38f in kdemain (argc=2, argv=0xbfcaebe4) at /usr/src/debug/kdebase-4.6.5/konqueror/src/konqmain.cpp:219
#65 0x0804860b in main (argc=2, argv=0xbfcaebe4) at /usr/src/debug/kdebase-4.6.5/build/konqueror/src/konqueror_dummy.cpp:3
Comment 2 Martin Koller 2011-07-15 06:23:36 UTC 
Created attachment 61889 [details]
example HTML page making konqi crash
Comment 3 Dawit Alemayehu 2012-01-27 17:15:25 UTC 
*** Bug 290985 has been marked as a duplicate of this bug. ***
Comment 4 Leonardo La Malfa 2012-05-31 18:23:21 UTC 
Created attachment 71479 [details]
New crash information added by DrKonqi

konqueror (4.8.3 (4.8.3)) on KDE Platform 4.8.3 (4.8.3) using Qt 4.8.1

- What I was doing when the application crashed:

I was trying to open this page with KHTML view mode: http://translate.google.com/translate_tools

This does not happen when viewing the same page with WebKit view mode.

-- Backtrace (Reduced):
#6  khtml::HTMLTokenizer::scriptHandler (this=0xdfb7860) at ../../khtml/html/htmltokenizer.cpp:483
#7  0x00007fa97b920ed1 in khtml::HTMLTokenizer::parseRawContent (this=0xdfb7860, src=...) at ../../khtml/html/htmltokenizer.cpp:379
#8  0x00007fa97b9235f5 in khtml::HTMLTokenizer::parseTag (this=0xdfb7860, src=...) at ../../khtml/html/htmltokenizer.cpp:1528
#9  0x00007fa97b9240b5 in khtml::HTMLTokenizer::write (this=0xdfb7860, str=..., appendData=<optimized out>) at ../../khtml/html/htmltokenizer.cpp:1797
#10 0x00007fa97b8c8063 in DOM::DocumentImpl::write (this=0xc5f0c00, text=...) at ../../khtml/xml/dom_docimpl.cpp:1687
Comment 5 Tommi Tervo 2012-06-28 16:19:11 UTC 
*** Bug 302702 has been marked as a duplicate of this bug. ***
Comment 6 Jekyll Wu 2012-09-20 00:38:18 UTC 
*** Bug 307054 has been marked as a duplicate of this bug. ***
Comment 7 Andrea Iacovitti 2014-06-27 09:59:52 UTC 

*** This bug has been marked as a duplicate of bug 209107 ***