Version: 3.5.2 (using KDE 3.5.2, Kubuntu Package 4:3.5.2-0ubuntu0 breezy) Compiler: Target: i486-linux-gnu OS: Linux (i686) release 2.6.12-10-386 konqueror dies on http://www.alphafilter.com/ I think it is something with the javascript menu script wich comes from http://www.wdonline.com/dhtml/xwebmenu/ That site generates a crash to, I tried to make minimal testcase but I failed, maybe you could take a look? This happens in kde3.5.2 and latest svn bransh. Regards Fredrik J
Yes. I crashes deep in javascript. First it crashes on NodeImpl::Cache because document is 0. If you fix it to work with document=0, it crashes in getAttribute because document is 0. Before crashing the following is written to terminal: khtml (tokenizer): Finished loading an external script khtml (tokenizer): Finished loading an external script khtml (tokenizer): Finished loading an external script khtml (jscript): JavaScript: access granted for document.load() of http://www.alphafilter.com/xml/context.xml khtml (jscript): WARNING: Script threw exception: ReferenceError: Can't find variable: Text khtml (jscript): JavaScript: access granted for document.load() of http://www.alphafilter.com/xml/xmlRecentArticles.cfm Backtrace for the crash: Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1231964480 (LWP 420)] [KCrash handler] #6 0xb63c1bd6 in DOM::DocumentImpl::domTreeVersion (this=0x0) at dom_docimpl.h:517 #7 0xb63bce0b in DOM::NodeListImpl::Cache::updateNodeListInfo ( this=0x88ddb50, doc=0x0) at /opt/src/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:1774 #8 0xb63bcf8d in DOM::NodeListImpl::length (this=0x88df430) at /opt/src/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:1652 #9 0xb65932d4 in DOM::NodeList::length (this=0x88d2bdc) at /opt/src/kde/kdelibs/khtml/dom/dom_node.cpp:476 #10 0xb64ec825 in KJS::DOMNodeList::tryGet (this=0x88d2bb0, exec=0xbfe8a554, p=@0xbfe89ecc) at /opt/src/kde/kdelibs/khtml/ecma/kjs_dom.cpp:611 #11 0xb64dff2e in KJS::DOMObject::get (this=0x88d2bb0, exec=0xbfe8a554, p=@0xbfe89ecc) at /opt/src/kde/kdelibs/khtml/ecma/kjs_binding.cpp:50 #12 0xb6189eea in KJS::Reference::getValue (this=0xbfe89ebc, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/reference.cpp:143 #13 0xb6146f92 in KJS::Node::evaluate (this=0x0, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:130 #14 0xb614ba2c in KJS::RelationalNode::evaluate (this=0x87daa28, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1339 #15 0xb6146fe3 in KJS::Node::toBoolean (this=0x0, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:136 #16 0xb614fb1c in KJS::ForNode::execute (this=0x87fb270, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2190 #17 0xb614d62b in KJS::StatListNode::execute (this=0x87da910, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1716 #18 0xb615182a in KJS::CaseClauseNode::evalStatements (this=0x884d760, exec=0x0) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2481 #19 0xb6151db1 in KJS::CaseBlockNode::evalBlock (this=0x884d790, exec=0xbfe8a554, input=@0xbfe8a250) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2594 #20 0xb61526b1 in KJS::SwitchNode::execute (this=0x884d7b0, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2680 #21 0xb61541df in KJS::SourceElementsNode::execute (this=0x884d7e8, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3091 #22 0xb614e455 in KJS::BlockNode::execute (this=0x884d820, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #23 0xb614e9ee in KJS::IfNode::execute (this=0x884d850, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2021 #24 0xb6154330 in KJS::SourceElementsNode::execute (this=0x85ab1e0, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3097 #25 0xb614e455 in KJS::BlockNode::execute (this=0x884d8c0, exec=0xbfe8a554) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #26 0xb617d12c in KJS::DeclaredFunctionImp::execute (this=0x0, exec=0x0) at /opt/src/kde/kdelibs/kjs/function.cpp:588 #27 0xb617c659 in KJS::FunctionImp::call (this=0x8838fb8, exec=0xbfe8b034, thisObj=@0x0, args=@0xbfe8a628) at /opt/src/kde/kdelibs/kjs/function.cpp:363 #28 0xb6183479 in KJS::Object::call (this=0x0, exec=0xbfe8b034, thisObj=@0x0, args=@0x0) at /opt/src/kde/kdelibs/kjs/object.cpp:73 #29 0xb6149d53 in KJS::FunctionCallNode::evaluate (this=0x87df990, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:870 #30 0xb614e61f in KJS::ExprStatementNode::execute (this=0x87df9a8, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1980 #31 0xb614e9ee in KJS::IfNode::execute (this=0x884d4a8, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2021 #32 0xb6154330 in KJS::SourceElementsNode::execute (this=0x88309e0, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3097 #33 0xb614e455 in KJS::BlockNode::execute (this=0x884d518, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #34 0xb614e9ee in KJS::IfNode::execute (this=0x884d548, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2021 #35 0xb614ea53 in KJS::IfNode::execute (this=0x884d580, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2028 #36 0xb6154330 in KJS::SourceElementsNode::execute (this=0x87dae28, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3097 #37 0xb614e455 in KJS::BlockNode::execute (this=0x884d5f0, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #38 0xb614e9ee in KJS::IfNode::execute (this=0x884d620, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2021 #39 0xb6154330 in KJS::SourceElementsNode::execute (this=0x87dab80, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3097 #40 0xb614e455 in KJS::BlockNode::execute (this=0x884d690, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #41 0xb614fbba in KJS::ForNode::execute (this=0x87fb270, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2199 #42 0xb614d62b in KJS::StatListNode::execute (this=0x87da910, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1716 #43 0xb615182a in KJS::CaseClauseNode::evalStatements (this=0x884d760, exec=0x0) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2481 #44 0xb6151e10 in KJS::CaseBlockNode::evalBlock (this=0x884d790, exec=0xbfe8b034, input=@0xbfe8ad30) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2598 #45 0xb61526b1 in KJS::SwitchNode::execute (this=0x884d7b0, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2680 #46 0xb61541df in KJS::SourceElementsNode::execute (this=0x884d7e8, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3091 #47 0xb614e455 in KJS::BlockNode::execute (this=0x884d820, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #48 0xb614e9ee in KJS::IfNode::execute (this=0x884d850, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2021 #49 0xb6154330 in KJS::SourceElementsNode::execute (this=0x85ab1e0, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3097 #50 0xb614e455 in KJS::BlockNode::execute (this=0x884d8c0, exec=0xbfe8b034) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #51 0xb617d12c in KJS::DeclaredFunctionImp::execute (this=0x0, exec=0x0) at /opt/src/kde/kdelibs/kjs/function.cpp:588 #52 0xb617c659 in KJS::FunctionImp::call (this=0x8838fb8, exec=0xbfe8b464, thisObj=@0x0, args=@0xbfe8b108) at /opt/src/kde/kdelibs/kjs/function.cpp:363 #53 0xb6183479 in KJS::Object::call (this=0x0, exec=0xbfe8b464, thisObj=@0x0, args=@0x0) at /opt/src/kde/kdelibs/kjs/object.cpp:73 #54 0xb6149d53 in KJS::FunctionCallNode::evaluate (this=0x8623d98, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:870 #55 0xb614e61f in KJS::ExprStatementNode::execute (this=0x8623db0, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1980 #56 0xb61541df in KJS::SourceElementsNode::execute (this=0x8623de0, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3091 #57 0xb614e455 in KJS::BlockNode::execute (this=0x8623e18, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #58 0xb614e9ee in KJS::IfNode::execute (this=0x8623e48, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:2021 #59 0xb6154330 in KJS::SourceElementsNode::execute (this=0x85b4a70, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3097 #60 0xb614e455 in KJS::BlockNode::execute (this=0x88052c0, exec=0xbfe8b464) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #61 0xb617d12c in KJS::DeclaredFunctionImp::execute (this=0x0, exec=0x0) at /opt/src/kde/kdelibs/kjs/function.cpp:588 #62 0xb617c659 in KJS::FunctionImp::call (this=0x8838f28, exec=0xbfe8b894, thisObj=@0x0, args=@0xbfe8b558) at /opt/src/kde/kdelibs/kjs/function.cpp:363 #63 0xb617d077 in KJS::DeclaredFunctionImp::construct (this=0x8838f28, exec=0xbfe8b894, args=@0x0) at /opt/src/kde/kdelibs/kjs/function.cpp:578 #64 0xb656c69c in KJS::Object::construct (this=0xbfe8b56c, exec=0xbfe8b894, args=@0xbfe8b558) at object.h:698 #65 0xb614988d in KJS::NewExprNode::evaluate (this=0x8645ab8, exec=0xbfe8b894) at /opt/src/kde/kdelibs/kjs/nodes.cpp:801 #66 0xb614c87d in KJS::AssignNode::evaluate (this=0x86d1bb0, exec=0xbfe8b894) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1562 #67 0xb614e61f in KJS::ExprStatementNode::execute (this=0x8749b60, exec=0xbfe8b894) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1980 #68 0xb61541df in KJS::SourceElementsNode::execute (this=0x85a7df0, exec=0xbfe8b894) at /opt/src/kde/kdelibs/kjs/nodes.cpp:3091 #69 0xb614e455 in KJS::BlockNode::execute (this=0x881d2d8, exec=0xbfe8b894) at /opt/src/kde/kdelibs/kjs/nodes.cpp:1942 #70 0xb617d12c in KJS::DeclaredFunctionImp::execute (this=0x0, exec=0x0) at /opt/src/kde/kdelibs/kjs/function.cpp:588 #71 0xb617c659 in KJS::FunctionImp::call (this=0x87e9238, exec=0x87c0fd8, thisObj=@0x0, args=@0xbfe8b960) at /opt/src/kde/kdelibs/kjs/function.cpp:363 #72 0xb6183479 in KJS::Object::call (this=0x0, exec=0x87c0fd8, thisObj=@0x0, args=@0x0) at /opt/src/kde/kdelibs/kjs/object.cpp:73 #73 0xb656bb9c in KJS::JSEventListener::handleEvent (this=0x879d870, evt=@0xbfe8b9bc) at /opt/src/kde/kdelibs/khtml/ecma/kjs_events.cpp:95 #74 0xb63b5893 in DOM::DocumentImpl::defaultEventHandler (this=0x86ede48, evt=0x8623780) at /opt/src/kde/kdelibs/khtml/xml/dom_docimpl.cpp:2442 #75 0xb63bf792 in DOM::NodeImpl::dispatchWindowEvent (this=0x86ede74, _id=17, canBubbleArg=false, cancelableArg=false) at /opt/src/kde/kdelibs/khtml/xml/dom_nodeimpl.cpp:445 #76 0xb63f5eff in DOM::HTMLDocumentImpl::close (this=0x86ede48) at /opt/src/kde/kdelibs/khtml/html/html_documentimpl.cpp:276 #77 0xb636a2df in KHTMLPart::checkEmitLoadEvent (this=0x875fa28) at /opt/src/kde/kdelibs/khtml/khtml_part.cpp:2336 #78 0xb636a66c in KHTMLPart::checkCompleted (this=0x875fa28) at /opt/src/kde/kdelibs/khtml/khtml_part.cpp:2258 #79 0xb636bc38 in KHTMLPart::slotLoaderRequestDone (this=0x875fa28, dl=0x86465b0, obj=0x882b9a0) at /opt/src/kde/kdelibs/khtml/khtml_part.cpp:2111 #80 0xb637bed3 in KHTMLPart::qt_invoke (this=0x875fa28, _id=63, _o=0xbfe8bc38) at khtml_part.moc:548 #81 0xb703c783 in QObject::activate_signal () from /opt/qt3.3g2/lib/libqt-mt.so.3 #82 0xb64d4a19 in khtml::Loader::requestDone (this=0x8589e48, t0=0x86465b0, t1=0x882b9a0) at loader.moc:240 #83 0xb64d6faf in khtml::Loader::slotFinished (this=0x8589e48, job=0x8811638) at /opt/src/kde/kdelibs/khtml/misc/loader.cpp:1098 #84 0xb64d71c0 in khtml::Loader::qt_invoke (this=0x8589e48, _id=2, _o=0xbfe8bd58) at loader.moc:260 #85 0xb703c783 in QObject::activate_signal () from /opt/qt3.3g2/lib/libqt-mt.so.3 #86 0xb7b5b508 in KIO::Job::result (this=0x8811638, t0=0x0) at jobclasses.moc:162 #87 0xb7b5b59d in KIO::Job::emitResult (this=0x8811638) at /opt/src/kde/kdelibs/kio/kio/job.cpp:226 #88 0xb7b5e530 in KIO::SimpleJob::slotFinished (this=0x8811638) at /opt/src/kde/kdelibs/kio/kio/job.cpp:574 #89 0xb7b6b08d in KIO::TransferJob::slotFinished (this=0x8811638) at /opt/src/kde/kdelibs/kio/kio/job.cpp:944 #90 0xb7b5edda in KIO::TransferJob::qt_invoke (this=0x8811638, _id=17, _o=0xbfe8c094) at jobclasses.moc:1071 #91 0xb703c783 in QObject::activate_signal () from /opt/qt3.3g2/lib/libqt-mt.so.3 #92 0xb703cd28 in QObject::activate_signal () from /opt/qt3.3g2/lib/libqt-mt.so.3 #93 0xb7b48e31 in KIO::SlaveInterface::finished (this=0x0) at slaveinterface.moc:226 #94 0xb7b4ad50 in KIO::SlaveInterface::dispatch (this=0x855c190, _cmd=104, rawdata=@0xbfe8c2dc) at /opt/src/kde/kdelibs/kio/kio/slaveinterface.cpp:243 #95 0xb7b4a5ee in KIO::SlaveInterface::dispatch (this=0x855c190) at /opt/src/kde/kdelibs/kio/kio/slaveinterface.cpp:173 #96 0xb7b466ad in KIO::Slave::gotInput (this=0x855c190) at /opt/src/kde/kdelibs/kio/kio/slave.cpp:300 #97 0xb7b46b88 in KIO::Slave::qt_invoke (this=0x855c190, _id=4, _o=0xbfe8c3e0) at slave.moc:113 #98 0xb703c783 in QObject::activate_signal () from /opt/qt3.3g2/lib/libqt-mt.so.3 #99 0xb703cc6a in QObject::activate_signal () from /opt/qt3.3g2/lib/libqt-mt.so.3 #100 0xb726d2c0 in QSocketNotifier::activated () from /opt/qt3.3g2/lib/libqt-mt.so.3 #101 0xb7051be5 in QSocketNotifier::event () from /opt/qt3.3g2/lib/libqt-mt.so.3 #102 0xb6fffb5c in QApplication::internalNotify () from /opt/qt3.3g2/lib/libqt-mt.so.3 #103 0xb70000bb in QApplication::notify () from /opt/qt3.3g2/lib/libqt-mt.so.3 #104 0xb7542660 in KApplication::notify (this=0xbfe8c8fc, receiver=0x86782b0, event=0xbfe8c640) at /opt/src/kde/kdelibs/kdecore/kapplication.cpp:550 #105 0xb7df485e in QApplication::sendEvent (receiver=0x0, event=0xbfe8c640) at qapplication.h:496 #106 0xb6ff3632 in QEventLoop::activateSocketNotifiers () from /opt/qt3.3g2/lib/libqt-mt.so.3 #107 0xb6fc50b1 in QEventLoop::processEvents () from /opt/qt3.3g2/lib/libqt-mt.so.3 #108 0xb700ba9b in QEventLoop::enterLoop () from /opt/qt3.3g2/lib/libqt-mt.so.3 #109 0xb700ba15 in QEventLoop::exec () from /opt/qt3.3g2/lib/libqt-mt.so.3 #110 0xb6ffb980 in QApplication::exec () from /opt/qt3.3g2/lib/libqt-mt.so.3 #111 0xb7ee28bf in kdemain () from /opt/kde3.5/lib/libkdeinit_konqueror.so #112 0xb6960eb0 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6 #113 0x080485d1 in _start () at ../sysdeps/i386/elf/start.S:119
How the heck can the document be 0 anyway? Isn't it reference-counted by all the nodes?
The node could have been made using NodeImpl(0). Tried putting assert(document !=0) into NodeImpl::NodeImpl(document), but it still crashed the same place, so maybe there is another way to make a node with no document.
*** Bug 129540 has been marked as a duplicate of this bug. ***
If you have -any- standalone testcase, no matter how huge, it would be very helpful. I don't have much net access now, and so have to debug offline...
OK, never mind that, I've made one, and know what's going on, now just need to figure out why the code was written like that...
*** Bug 129563 has been marked as a duplicate of this bug. ***
*** Bug 129806 has been marked as a duplicate of this bug. ***
Проверка системной конфигурации при запуске выключена. (no debugging symbols found) Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1". (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread -1501346112 (LWP 19042)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [KCrash handler] #6 0xa5e1f37f in KHTMLWalletQueue::~KHTMLWalletQueue () from /usr/lib/libkhtml.so.4 #7 0xa5e247eb in DOM::RegisteredListenerList::isHTMLEventListener () from /usr/lib/libkhtml.so.4 #8 0xa5fcfd82 in DOM::NodeList::item () from /usr/lib/libkhtml.so.4 #9 0xa5f52eb9 in EmbedLiveConnect::EmbedLiveConnect () from /usr/lib/libkhtml.so.4 #10 0xa5f66426 in EmbedLiveConnect::EmbedLiveConnect () from /usr/lib/libkhtml.so.4 #11 0xa5cb1507 in KJS::ObjectImp::getPropertyByIndex () from /usr/lib/libkjs.so.1 #12 0xa5cc57a3 in KJS::Reference::getValue () from /usr/lib/libkjs.so.1 #13 0xa5cc5d12 in KJS::Reference::getValue () from /usr/lib/libkjs.so.1 #14 0xa5cc8c7c in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1 #15 0xa5cd7829 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #16 0xa5cc6a78 in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1 #17 0xa5cd9ecf in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #18 0xa5cde9cd in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #19 0xa5cd9d2c in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #20 0xa5cda1c1 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #21 0xa5cde937 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #22 0xa5cd9d2c in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #23 0xa5cdbef3 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #24 0xa5cde9cd in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #25 0xa5cd9d2c in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #26 0xa5cdf9e9 in KJS::DeclaredFunctionImp::execute () from /usr/lib/libkjs.so.1 #27 0xa5cc60cd in KJS::FunctionImp::call () from /usr/lib/libkjs.so.1 #28 0xa5cc983c in KJS::Object::call () from /usr/lib/libkjs.so.1 #29 0xa5cd7ba2 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #30 0xa5cd9ecf in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #31 0xa5cde937 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #32 0xa5cd9d2c in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #33 0xa5cdf487 in KJS::UndefinedImp::toObject () from /usr/lib/libkjs.so.1 #34 0xa5cdf99a in KJS::Interpreter::evaluate () from /usr/lib/libkjs.so.1 #35 0xa5f88d39 in EmbedLiveConnect::toString () from /usr/lib/libkhtml.so.4 #36 0xa5e033df in KHTMLPart::executeScript () from /usr/lib/libkhtml.so.4 #37 0xa5f45d09 in EmbedLiveConnect::EmbedLiveConnect () from /usr/lib/libkhtml.so.4 #38 0xa5f8599b in EmbedLiveConnect::toString () from /usr/lib/libkhtml.so.4 #39 0xa71dd786 in QObject::event () from /usr/lib/libqt-mt.so.3 #40 0xa717687a in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #41 0xa7176a76 in QApplication::notify () from /usr/lib/libqt-mt.so.3 #42 0xa784d24e in KApplication::notify () from /usr/lib/libkdecore.so.4 #43 0xa7108001 in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #44 0xa7168305 in QEventLoop::activateTimers () from /usr/lib/libqt-mt.so.3 #45 0xa711bd2a in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3 #46 0xa718f255 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3 #47 0xa718f17a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3 #48 0xa717538d in QApplication::exec () from /usr/lib/libqt-mt.so.3 #49 0xa6623895 in kdemain () from /usr/lib/libkdeinit_konqueror.so #50 0xa7eea524 in kdeinitmain () from /usr/lib/kde3/konqueror.so #51 0x0804e216 in ?? () #52 0x00000001 in ?? () #53 0x080b9ef0 in ?? () #54 0x00000001 in ?? () #55 0x00000000 in ?? ()
I can confirm.
any progress here 4 months later ? It is still found in 3.5.4 (latest debian unstable) /Sune
This will be fixed for 3.5.6, I have a patch but didn't get enough time to give it adequate testing for 3.5.5 ---- it's very invasive, so quite high-risk.
can you release the patch somewhere? I would love to give it extra testing /Sune
SVN commit 595496 by orlovich: Improve memory management of documents: they are no longer destroyed way too early when there are out-side referenced nodes hanging around and that need them. However, since we're refcounting, the documents have to disconnect the children in that case to avoid cycles.. Should fix some crashes with some AJAXy stuff (Merged from Apple's tree) BUG:128015 CCBUG:133680 M +1 -1 ecma/kjs_traversal.cpp M +4 -4 html/html_baseimpl.cpp M +6 -6 html/html_baseimpl.h M +2 -2 html/html_blockimpl.cpp M +5 -5 html/html_blockimpl.h M +3 -3 html/html_elementimpl.cpp M +2 -2 html/html_elementimpl.h M +13 -13 html/html_formimpl.cpp M +13 -13 html/html_formimpl.h M +1 -1 html/html_headimpl.cpp M +6 -6 html/html_headimpl.h M +3 -3 html/html_imageimpl.cpp M +3 -3 html/html_imageimpl.h M +3 -3 html/html_inlineimpl.h M +6 -6 html/html_listimpl.h M +1 -1 html/html_miscimpl.cpp M +1 -1 html/html_miscimpl.h M +4 -4 html/html_objectimpl.cpp M +5 -5 html/html_objectimpl.h M +4 -4 html/html_tableimpl.cpp M +7 -7 html/html_tableimpl.h M +11 -15 html/htmlparser.cpp M +6 -6 html/htmlparser.h M +5 -5 html/htmltokenizer.cpp M +3 -3 html/htmltokenizer.h M +115 -1 misc/shared.h M +10 -10 xml/dom2_rangeimpl.cpp M +3 -3 xml/dom2_rangeimpl.h M +66 -10 xml/dom_docimpl.cpp M +19 -2 xml/dom_docimpl.h M +6 -6 xml/dom_elementimpl.cpp M +5 -5 xml/dom_elementimpl.h M +12 -16 xml/dom_nodeimpl.cpp M +6 -18 xml/dom_nodeimpl.h M +1 -1 xml/dom_textimpl.cpp M +8 -8 xml/dom_textimpl.h M +9 -9 xml/dom_xmlimpl.cpp M +9 -9 xml/dom_xmlimpl.h M +22 -26 xml/xml_tokenizer.cpp M +5 -5 xml/xml_tokenizer.h