Bug 155973 - Konqueror version 4.00.00 crashes on BBC.co.uk site
Summary: Konqueror version 4.00.00 crashes on BBC.co.uk site
Status: RESOLVED FIXED
Alias: None
Product: konqueror
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: Konqueror Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-17 09:59 UTC by Sandra Large
Modified: 2008-01-17 18:47 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Sandra Large 2008-01-17 09:59:41 UTC 
Version:            (using KDE 4.0.0)
Installed from:    Ubuntu Packages
Compiler:          gcc 
OS:                Linux

After loading up the new beta version of BBC.co.uk, konqueror crashes after imputting your location in the 'Set your location' tab.
When using Firefox which has not problem with this page or tab, a small window pops up after the user has input their location, asking if you wish to save the location that you have put in. It is this which crashes Konqueror every time. 
I am enclosing the backtrace 

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread 0xb64356c0 (LWP 6718)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
0xffffe410 in __kernel_vsyscall ()
[Current thread is 0 (process 6718)]

Thread 1 (Thread 0xb64356c0 (LWP 6718)):
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7dd6ba6 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
#2  0xb7dd69b7 in sleep () from /lib/tls/i686/cmov/libc.so.6
#3  0xb78ce6b0 in ?? () from /usr/lib/kde4/lib/libkdeui.so.5
#4  0x00000001 in ?? ()
#5  0x00000000 in ?? ()
#0  0xffffe410 in __kernel_vsyscall ()
Comment 1 Maksim Orlovich 2008-01-17 16:48:04 UTC 
Confirm, seems like need to vg it, though.. Doing now..

Using host libthread_db library "/lib/i686/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1242990896 (LWP 5981)]
[KCrash handler]
#6  0x00170017 in ?? ()
#7  0xb2518214 in khtml::RenderWidget::shouldPaintBorder (this=0x89fdeac)
    at /home/maksim/kde4/src/kdelibs/khtml/rendering/render_replaced.h:137
#8  0xb2516ae9 in khtml::RenderWidget::updateFromElement (this=0x89fdeac)
    at /home/maksim/kde4/src/kdelibs/khtml/rendering/render_replaced.cpp:420
#9  0xb2520587 in khtml::RenderFormElement::updateFromElement (this=0x89fdeac)
    at /home/maksim/kde4/src/kdelibs/khtml/rendering/render_form.cpp:174
#10 0xb2520b00 in khtml::RenderRadioButton::updateFromElement (this=0x89fdeac)
    at /home/maksim/kde4/src/kdelibs/khtml/rendering/render_form.cpp:313
#11 0xb2497d96 in DOM::HTMLInputElementImpl::setChecked (this=0x867bbb0, 
    _checked=32)
    at /home/maksim/kde4/src/kdelibs/khtml/html/html_formimpl.cpp:1722
#12 0xb25a8099 in KJS::HTMLElement::putValueProperty (this=0xb0991c20, 
    exec=0xbfbec928, token=79, value=0x6)
    at /home/maksim/kde4/src/kdelibs/khtml/ecma/kjs_html.cpp:2499
#13 0xb25a8c83 in KJS::HTMLElement::put (this=0xb0991c20, exec=0xbfbec928, 
    propertyName=@0x8e23b94, value=0x6, attr=0)
    at /home/maksim/kde4/src/kdelibs/khtml/ecma/kjs_html.cpp:2365
#14 0xb28809f1 in KJS::AssignDotNode::evaluate (this=0x8e23b88, 
    exec=0xbfbec928) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1830
#15 0xb28783ab in KJS::ExprStatementNode::execute (this=0x8e23ba8, 
    exec=0xbfbec928) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2168
#16 0xb28778d7 in KJS::SourceElementsNode::execute (this=0x8e23bc0, 
    exec=0xbfbec928) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2973
#17 0xb28743ac in KJS::BlockNode::execute (this=0x8e23be0, exec=0xbfbec928)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#18 0xb287d410 in KJS::IfNode::execute (this=0x8e23bf8, exec=0xbfbec928)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2200
#19 0xb28778d7 in KJS::SourceElementsNode::execute (this=0x8e23c18, 
    exec=0xbfbec928) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2973
#20 0xb28743ac in KJS::BlockNode::execute (this=0x8e23c38, exec=0xbfbec928)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#21 0xb287ca66 in KJS::ForNode::execute (this=0x8e23c50, exec=0xbfbec928)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2322
#22 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8caaa00, 
    exec=0xbfbec928) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#23 0xb28743ac in KJS::BlockNode::execute (this=0x8e23c98, exec=0xbfbec928)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#24 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb0ae9840, 
    exec=0xbfbec928) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#25 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb0ae9840, 
    exec=0xbfbecca8, thisObj=0xb0ae98c0, args=@0xbfbec9d0)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#26 0xb28bdc5d in KJS::JSObject::call (this=0xb0ae9840, exec=0xbfbecca8, 
    thisObj=0xb0ae98c0, args=@0xbfbec9d0)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#27 0xb287ba0a in KJS::FunctionCallDotNode::evaluate (this=0x8dcf728, 
    exec=0xbfbecca8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1141
#28 0xb28783ab in KJS::ExprStatementNode::execute (this=0x8dcf748, 
    exec=0xbfbecca8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2168
#29 0xb28778d7 in KJS::SourceElementsNode::execute (this=0x8dcf760, 
    exec=0xbfbecca8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2973
#30 0xb28743ac in KJS::BlockNode::execute (this=0x8dcf938, exec=0xbfbecca8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#31 0xb287d410 in KJS::IfNode::execute (this=0x8dcfb20, exec=0xbfbecca8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2200
#32 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8d03320, 
    exec=0xbfbecca8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#33 0xb28743ac in KJS::BlockNode::execute (this=0x8afd8e8, exec=0xbfbecca8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#34 0xb287d410 in KJS::IfNode::execute (this=0x8afd900, exec=0xbfbecca8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2200
#35 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8d03010, 
    exec=0xbfbecca8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#36 0xb28743ac in KJS::BlockNode::execute (this=0x8c655f0, exec=0xbfbecca8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#37 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb0ae99e0, 
    exec=0xbfbecca8) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#38 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb0ae99e0, 
    exec=0xbfbeced8, thisObj=0xb0ae9a60, args=@0xbfbecd50)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#39 0xb28bdc5d in KJS::JSObject::call (this=0xb0ae99e0, exec=0xbfbeced8, 
    thisObj=0xb0ae9a60, args=@0xbfbecd50)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#40 0xb287ba0a in KJS::FunctionCallDotNode::evaluate (this=0x91c0140, 
    exec=0xbfbeced8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1141
#41 0xb28794f6 in KJS::ReturnNode::execute (this=0x91c0160, exec=0xbfbeced8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2474
#42 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8e02f30, 
    exec=0xbfbeced8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#43 0xb28743ac in KJS::BlockNode::execute (this=0x91c0198, exec=0xbfbeced8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#44 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb0ae9780, 
    exec=0xbfbeced8) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#45 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb0ae9780, 
    exec=0xbfbed1a8, thisObj=0xb0ae9a60, args=@0xbfbecf80)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#46 0xb28bdc5d in KJS::JSObject::call (this=0xb0ae9780, exec=0xbfbed1a8, 
    thisObj=0xb0ae9a60, args=@0xbfbecf80)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#47 0xb287ba0a in KJS::FunctionCallDotNode::evaluate (this=0x8ca4040, 
    exec=0xbfbed1a8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1141
#48 0xb28783ab in KJS::ExprStatementNode::execute (this=0x8ca4060, 
    exec=0xbfbed1a8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2168
#49 0xb28778d7 in KJS::SourceElementsNode::execute (this=0x8ca4078, 
    exec=0xbfbed1a8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2973
#50 0xb28743ac in KJS::BlockNode::execute (this=0x8ca4098, exec=0xbfbed1a8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#51 0xb287d410 in KJS::IfNode::execute (this=0x89c4ac8, exec=0xbfbed1a8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2200
#52 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8ca3780, 
    exec=0xbfbed1a8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#53 0xb28743ac in KJS::BlockNode::execute (this=0x89c4b58, exec=0xbfbed1a8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#54 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb0aeab80, 
    exec=0xbfbed1a8) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#55 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb0aeab80, 
    exec=0xbfbed478, thisObj=0xb0aeae00, args=@0xbfbed250)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#56 0xb28bdc5d in KJS::JSObject::call (this=0xb0aeab80, exec=0xbfbed478, 
    thisObj=0xb0aeae00, args=@0xbfbed250)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#57 0xb287ba0a in KJS::FunctionCallDotNode::evaluate (this=0x8cc6540, 
    exec=0xbfbed478) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1141
#58 0xb28783ab in KJS::ExprStatementNode::execute (this=0x8cc6560, 
    exec=0xbfbed478) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2168
#59 0xb28778d7 in KJS::SourceElementsNode::execute (this=0x8cc6578, 
    exec=0xbfbed478) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2973
#60 0xb28743ac in KJS::BlockNode::execute (this=0x8cc6598, exec=0xbfbed478)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#61 0xb287d410 in KJS::IfNode::execute (this=0x8cc6898, exec=0xbfbed478)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2200
#62 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8cc61c8, 
    exec=0xbfbed478) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#63 0xb28743ac in KJS::BlockNode::execute (this=0x8cc6928, exec=0xbfbed478)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#64 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb0997f40, 
    exec=0xbfbed478) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#65 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb0997f40, 
    exec=0xbfbed8d8, thisObj=0xb0997fe0, args=@0xbfbed514)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#66 0xb28bdc5d in KJS::JSObject::call (this=0xb0997f40, exec=0xbfbed8d8, 
    thisObj=0xb0997fe0, args=@0xbfbed514)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#67 0xb289c6fd in KJS::FunctionProtoFunc::callAsFunction (this=0xb099d760, 
    exec=0xbfbed8d8, thisObj=0xb0997f40, args=@0xbfbed5a0)
    at /home/maksim/kde4/src/kdelibs/kjs/function_object.cpp:123
#68 0xb28bdc5d in KJS::JSObject::call (this=0xb099d760, exec=0xbfbed8d8, 
    thisObj=0xb0997f40, args=@0xbfbed5a0)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#69 0xb287ba0a in KJS::FunctionCallDotNode::evaluate (this=0x8cf7930, 
    exec=0xbfbed8d8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1141
#70 0xb287f127 in KJS::BinaryOperatorNode::evaluate (this=0x8cf7968, 
    exec=0xbfbed8d8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1498
#71 0xb287d42f in KJS::IfNode::execute (this=0x8661608, exec=0xbfbed8d8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2187
#72 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8cf7698, 
    exec=0xbfbed8d8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#73 0xb28743ac in KJS::BlockNode::execute (this=0x8661648, exec=0xbfbed8d8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#74 0xb287b547 in KJS::ForInNode::execute (this=0x8661660, exec=0xbfbed8d8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2411
#75 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8c1f3f8, 
    exec=0xbfbed8d8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#76 0xb28743ac in KJS::BlockNode::execute (this=0x8661a58, exec=0xbfbed8d8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#77 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb09830c0, 
    exec=0xbfbed8d8) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#78 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb09830c0, 
    exec=0xbfbedba8, thisObj=0xb0997fe0, args=@0xbfbed974)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#79 0xb28bdc5d in KJS::JSObject::call (this=0xb09830c0, exec=0xbfbedba8, 
    thisObj=0xb0997fe0, args=@0xbfbed974)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#80 0xb289c6fd in KJS::FunctionProtoFunc::callAsFunction (this=0xb099d760, 
    exec=0xbfbedba8, thisObj=0xb09830c0, args=@0xbfbeda00)
    at /home/maksim/kde4/src/kdelibs/kjs/function_object.cpp:123
#81 0xb28bdc5d in KJS::JSObject::call (this=0xb099d760, exec=0xbfbedba8, 
    thisObj=0xb09830c0, args=@0xbfbeda00)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#82 0xb287ba0a in KJS::FunctionCallDotNode::evaluate (this=0x84607c0, 
    exec=0xbfbedba8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1141
#83 0xb288e9fa in KJS::LocalAssignNode::evaluate (this=0x90616e0, 
    exec=0xbfbedba8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:1749
#84 0xb28783ab in KJS::ExprStatementNode::execute (this=0x8460800, 
    exec=0xbfbedba8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2168
#85 0xb28779c6 in KJS::SourceElementsNode::execute (this=0x8c25ae0, 
    exec=0xbfbedba8) at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2979
#86 0xb28743ac in KJS::BlockNode::execute (this=0x8460898, exec=0xbfbedba8)
    at /home/maksim/kde4/src/kdelibs/kjs/nodes.cpp:2145
#87 0xb28b53b1 in KJS::DeclaredFunctionImp::execute (this=0xb0997de0, 
    exec=0xbfbedba8) at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:373
#88 0xb28b69cf in KJS::FunctionImp::callAsFunction (this=0xb0997de0, 
    exec=0x85b5d64, thisObj=0xb0997fe0, args=@0xbfbedc58)
    at /home/maksim/kde4/src/kdelibs/kjs/function.cpp:161
#89 0xb28bdc5d in KJS::JSObject::call (this=0xb0997de0, exec=0x85b5d64, 
    thisObj=0xb0997fe0, args=@0xbfbedc58)
    at /home/maksim/kde4/src/kdelibs/kjs/object.cpp:99
#90 0xb25ed0db in KJS::JSEventListener::handleEvent (this=0x8cc59a8, 
    evt=@0xbfbedca4)
    at /home/maksim/kde4/src/kdelibs/khtml/ecma/kjs_events.cpp:100
#91 0xb2448b1b in DOM::NodeImpl::handleLocalEvents (this=0x8d66478, 
    evt=0x8bcfe98, useCapture=false)
    at /home/maksim/kde4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:700
#92 0xb244a2c9 in DOM::NodeImpl::dispatchGenericEvent (this=0x8d664e0, 
    evt=0x8bcfe98)
    at /home/maksim/kde4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:480
#93 0xb2448c6b in DOM::NodeImpl::dispatchEvent (this=0x8d664e0, 
    evt=0x8bcfe98, exceptioncode=@0xbfbede78, tempEvent=true)
    at /home/maksim/kde4/src/kdelibs/khtml/xml/dom_nodeimpl.cpp:421
#94 0xb23b5dee in KHTMLView::dispatchMouseEvent (this=0x8486ec8, eventId=4, 
    targetNode=0x8d664e0, targetNodeNonShared=0x8d664e0, 
    cancelable=<value optimized out>, detail=1, _mouse=0xbfbedf20, 
    setUnder=true, mouseEventType=1, orient=0)
    at /home/maksim/kde4/src/kdelibs/khtml/khtmlview.cpp:3544
#95 0xb23bbff0 in KHTMLView::mouseReleaseEvent (this=0x8486ec8, 
    _mouse=0xbfbee6f8)
    at /home/maksim/kde4/src/kdelibs/khtml/khtmlview.cpp:1485
#96 0xb6791123 in QWidget::event (this=0x8486ec8, event=0xbfbee6f8)
    at kernel/qwidget.cpp:6139
#97 0xb6ae0a28 in QFrame::event (this=0x8486ec8, e=0xbfbee6f8)
    at widgets/qframe.cpp:655
#98 0xb23bb30f in KHTMLView::widgetEvent (this=0x8486ec8, e=0xbfbee6f8)
    at /home/maksim/kde4/src/kdelibs/khtml/khtmlview.cpp:2241
#99 0xb23be2b1 in KHTMLView::eventFilter (this=0x8486ec8, o=0x8487318, 
    e=0xbfbee6f8) at /home/maksim/kde4/src/kdelibs/khtml/khtmlview.cpp:2109
#100 0xb673d0ca in QApplicationPrivate::notify_helper (this=0x805b070, 
    receiver=0x8487318, e=0xbfbee6f8) at kernel/qapplication.cpp:3548
#101 0xb673dd2a in QApplication::notify (this=0xbfbeefec, receiver=0x8487318, 
    e=0xbfbee6f8) at kernel/qapplication.cpp:3255
#102 0xb7744de3 in KApplication::notify (this=0xbfbeefec, receiver=0x8487318, 
    event=0xbfbee6f8)
    at /home/maksim/kde4/src/kdelibs/kdeui/kernel/kapplication.cpp:314
#103 0xb701cdd2 in QCoreApplication::notifyInternal (this=0xbfbeefec, 
    receiver=0x8487318, event=0xbfbee6f8) at kernel/qcoreapplication.cpp:530
#104 0xb67487e5 in QCoreApplication::sendSpontaneousEvent (
    receiver=0x8487318, event=0xbfbee6f8)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:203
#105 0xb67aed93 in QETWidget::translateMouseEvent (this=0x8487318, 
    event=0xbfbeeb60) at kernel/qapplication_x11.cpp:3868
#106 0xb67aca79 in QApplication::x11ProcessEvent (this=0xbfbeefec, 
    event=0xbfbeeb60) at kernel/qapplication_x11.cpp:2919
#107 0xb67d6ee2 in x11EventSourceDispatch (s=0x805e1f0, callback=0, 
    user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:135
#108 0xb6048f1e in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#109 0xb604c38a in ?? () from /usr/lib/libglib-2.0.so.0
#110 0xb604c8bc in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#111 0xb7046f60 in QEventDispatcherGlib::processEvents (this=0x805afb0, 
    flags=@0xbfbeed08) at kernel/qeventdispatcher_glib.cpp:338
#112 0xb67d6780 in QGuiEventDispatcherGlib::processEvents (this=0x805afb0, 
    flags=@0xbfbeed38) at kernel/qguieventdispatcher_glib.cpp:191
#113 0xb7019bb2 in QEventLoop::processEvents (this=0xbfbeedb0, 
    flags=@0xbfbeed74) at kernel/qeventloop.cpp:140
#114 0xb7019d34 in QEventLoop::exec (this=0xbfbeedb0, flags=@0xbfbeedb8)
    at kernel/qeventloop.cpp:182
#115 0xb701d51f in QCoreApplication::exec ()
    at kernel/qcoreapplication.cpp:759
#116 0xb673ccb0 in QApplication::exec () at kernel/qapplication.cpp:3053
#117 0xb7f02936 in kdemain (argc=2, argv=0xbfbef314)
    at /home/maksim/kde4/src/kdebase/apps/konqueror/src/konqmain.cpp:218
#118 0x08048772 in main (argc=)
    at /home/maksim/kde4/build/kdebase/apps/konqueror/src/konqueror_dummy.cpp:3
#0  0xffffe410 in __kernel_vsyscall ()
Comment 2 Maksim Orlovich 2008-01-17 18:14:29 UTC 
Patch likely upcoming..
Comment 3 Maksim Orlovich 2008-01-17 18:33:29 UTC 
SVN commit 762684 by orlovich:

Do not emit onchange on synthetic toggling of radio buttons and checkboxes.
That's incompatible, and also led to #155973, crash on the beta BBC's page
location selector, as we have the following scenario:

1. JS sets checked.
2. We do updateFromElement, ask Qt to update the widget
3. The widget emits the change signal
4. The change signal handler does ref() [rc = 2]
5. The change signal handler does onchange(). The event running
causes a detach, which does a deref() [rc = 1]
6. The change signal handler does deref() [rc = 0], so the Render* gets destroyed
7. The common parts of updateFromElement, such as RenderWidget::updateFromElement, etc.,
run on a deleted RenderCheckBox/RadioButton, trying to access deleted
RenderStyle, etc. boom.

BUG: 155973

 M  +14 -2     render_form.cpp  
 M  +4 -0      render_form.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=762684
Comment 4 Maksim Orlovich 2008-01-17 18:47:23 UTC 
SVN commit 762692 by orlovich:

Regression tests for #155973, including onchange emission and the crasher.
Seems like checkbox_onchange covered what I wanted to cover 
for onchange-synthetic.html (Though for radio button only), but clearly it didn't help,
so a little redunancy wouldn't hurt.
CCBUG:155973


 M  +0 -3      baseline/forms/checkbox_onchange.html-dom  
 M             baseline/forms/checkbox_onchange.html-dump.png  
 M  +5 -8      baseline/forms/checkbox_onchange.html-render  
 A             baseline/forms/onchange-synthetic-crash.html-dom  
 A             baseline/forms/onchange-synthetic-crash.html-render  
 A             baseline/forms/onchange-synthetic.html-dom  
 AM            baseline/forms/onchange-synthetic.html-dump.png  
 A             baseline/forms/onchange-synthetic.html-render  
 M  +1 -0      baseline/forms/svnignore  
 A             tests/forms/onchange-synthetic-crash.html  
 A             tests/forms/onchange-synthetic.html  


WebSVN link: http://websvn.kde.org/?view=rev&revision=762692