162564 – Konqueror crashes when clicking on Gmail's "labels"

Bug 162564 - Konqueror crashes when clicking on Gmail's "labels"

Summary: Konqueror crashes when clicking on Gmail's "labels"

Status:	RESOLVED FIXED

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	khtml renderer (show other bugs)
Version:	SVN
Platform:	unspecified Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Duplicates (6):	165158 168671 171104 177070 188093 251159 (view as bug list)
Depends on:
Blocks:

Reported:	2008-05-24 18:13 UTC by Christophe Marin
Modified:	2013-11-16 00:27 UTC (History)
CC List:	15 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Full backtrace of comment #13 (40.17 KB, application/x-bzip2) 2008-06-28 15:33 UTC, Bram Schoenmakers	Details
Possible patch (811 bytes, patch) 2008-07-04 14:26 UTC, Allan Sandfeld	Details
xsession-errors excerpt. (44.34 KB, text/plain) 2009-06-25 00:21 UTC, Raúl	Details
Reproducer (106 bytes, text/plain) 2013-06-10 12:40 UTC, Martin Bříza	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Christophe Marin 2008-05-24 18:13:02 UTC

Version:           4.00.80 (KDE 4.0.80 >= (KDE 4.1 Beta1) (using 4.00.80 (KDE 4.0.80 >= (KDE 4.1 Beta1), compiled sources)
Compiler:          gcc
OS:                Linux (i686) release 2.6.25.3-mokona

kdelibs rev. 811943.

Testcase :
- Open Gmail,
- Click on any "label" folder on the left

=> Konqueror crashes.

I tried with & without ua faking.

Backtrace : 
Application: Konqueror (konqueror), signal SIGSEGV
[Thread debugging using libthread_db enabled]
[New Thread 0xb61e2940 (LWP 25529)]
[KCrash handler]
#6  0x00000016 in ?? ()
#7  0xb3d52d7b in khtml::InlineFlowBox::deleteLine (this=0x9018c64, 
    arena=0x8a4d720)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_line.cpp:209
#8  0xb3cd87fa in khtml::RenderBlock::determineStartPosition (this=0x9017854, 
    fullLayout=true, start=@0xbf8584f8, bidi=@0xbf858478)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1733
#9  0xb3cd98bc in khtml::RenderBlock::layoutInlineChildren (this=0x9017854, 
    relayoutChildren=false, breakBeforeLine=0)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/bidi.cpp:1467
#10 0xb3ce51ee in khtml::RenderBlock::layoutBlock (this=0x9017854, 
    relayoutChildren=false)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:782
#11 0xb3ce5709 in khtml::RenderBlock::layout (this=0x9017854)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:685
#12 0xb3d4c8c4 in khtml::RenderBody::layout (this=0x9017854)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_body.cpp:96
#13 0xb3bcfe91 in khtml::RenderObject::layoutIfNeeded (this=0x9017854)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:455
#14 0xb3ce4a31 in khtml::RenderBlock::layoutBlockChildren (this=0x901776c, 
    relayoutChildren=false)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1505
#15 0xb3ce51ff in khtml::RenderBlock::layoutBlock (this=0x901776c, 
    relayoutChildren=false)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:784
#16 0xb3ce5709 in khtml::RenderBlock::layout (this=0x901776c)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:685
#17 0xb3bcfe91 in khtml::RenderObject::layoutIfNeeded (this=0x901776c)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_object.h:455
#18 0xb3ce4a31 in khtml::RenderBlock::layoutBlockChildren (this=0x9017630, 
    relayoutChildren=false)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:1505
#19 0xb3ce51ff in khtml::RenderBlock::layoutBlock (this=0x9017630, 
    relayoutChildren=false)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_block.cpp:784
#20 0xb3d47ea9 in khtml::RenderCanvas::layout (this=0x9017630)
    at /media/kde/src/KDE/kdelibs/khtml/rendering/render_canvas.cpp:187
#21 0xb3bcd0bc in KHTMLView::layout (this=0x8558928)
    at /media/kde/src/KDE/kdelibs/khtml/khtmlview.cpp:966
#22 0xb3c3cdfa in DOM::DocumentImpl::updateLayout (this=0x9cac9e8)
    at /media/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1314
#23 0xb3c3cd99 in DOM::DocumentImpl::updateLayout (this=0xa1de580)
    at /media/kde/src/KDE/kdelibs/khtml/xml/dom_docimpl.cpp:1301
#24 0xb3dd14ff in KJS::DOMNode::getValueProperty (this=0xb1d947e0, 
    exec=0xbf8596ac, token=60)
    at /media/kde/src/KDE/kdelibs/khtml/ecma/kjs_dom.cpp:347
#25 0xb4023ea2 in KJS::PropertySlot::getValue (this=0xbf858a80, 
    exec=0xbf8596ac, originalObject=0xb1d947e0, propertyName=@0xbf8595dc)
    at /media/kde/src/KDE/kdelibs/kjs/property_slot.h:46
#26 0xb4022898 in KJS::JSObject::get (this=0xb1d947e0, exec=0xbf8596ac, 
    propertyName=@0xbf8595dc) at /media/kde/src/KDE/kdelibs/kjs/object.cpp:166
#27 0xb403d05a in KJS::Machine::runBlock (exec=0xbf8596ac, block=@0x9e353f0)
    at codes.def:696
#28 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9e353a0, 
    exec=0xbf8596ac) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#29 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1de1ac0, 
    exec=0xbf85a3cc, thisObj=0xb1e90040, args=@0xbf85a338)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#30 0xb4022f8d in KJS::JSObject::call (this=0xb1de1ac0, exec=0xbf85a3cc, 
    thisObj=0xb1e90040, args=@0xbf85a338)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#31 0xb404541b in KJS::Machine::runBlock (exec=0xbf85a3cc, block=@0xa00ffb8)
    at codes.def:1154
#32 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0xa00ff68, 
    exec=0xbf85a3cc) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#33 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1dc9d00, 
    exec=0xbf85b11c, thisObj=0xb1d94160, args=@0xbf85b088)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#34 0xb4022f8d in KJS::JSObject::call (this=0xb1dc9d00, exec=0xbf85b11c, 
    thisObj=0xb1d94160, args=@0xbf85b088)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#35 0xb401eb4a in KJS::FunctionImp::construct (this=0xb1dc9d00, 
    exec=0xbf85b11c, args=@0xbf85b088)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:297
#36 0xb40455a5 in KJS::Machine::runBlock (exec=0xbf85b11c, block=@0xa36e590)
    at codes.def:1175
#37 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0xa36e540, 
    exec=0xbf85b11c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#38 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1dca020, 
    exec=0xbf85be3c, thisObj=0xb1d955c0, args=@0xbf85bda8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#39 0xb4022f8d in KJS::JSObject::call (this=0xb1dca020, exec=0xbf85be3c, 
    thisObj=0xb1d955c0, args=@0xbf85bda8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#40 0xb404541b in KJS::Machine::runBlock (exec=0xbf85be3c, block=@0x8e541a0)
    at codes.def:1154
#41 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x8e54150, 
    exec=0xbf85be3c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#42 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1db7080, 
    exec=0xbf85cb5c, thisObj=0xb1d955c0, args=@0xbf85cac8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#43 0xb4022f8d in KJS::JSObject::call (this=0xb1db7080, exec=0xbf85cb5c, 
    thisObj=0xb1d955c0, args=@0xbf85cac8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#44 0xb404541b in KJS::Machine::runBlock (exec=0xbf85cb5c, block=@0x9f53aa0)
    at codes.def:1154
#45 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9f53a50, 
    exec=0xbf85cb5c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#46 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1ddc2c0, 
    exec=0xbf85d87c, thisObj=0xb1d954c0, args=@0xbf85d7e8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#47 0xb4022f8d in KJS::JSObject::call (this=0xb1ddc2c0, exec=0xbf85d87c, 
    thisObj=0xb1d954c0, args=@0xbf85d7e8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#48 0xb404541b in KJS::Machine::runBlock (exec=0xbf85d87c, block=@0x9a9b0d0)
    at codes.def:1154
#49 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9a9b080, 
    exec=0xbf85d87c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#50 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1ddc8e0, 
    exec=0xbf85e59c, thisObj=0xb1d954c0, args=@0xbf85e508)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#51 0xb4022f8d in KJS::JSObject::call (this=0xb1ddc8e0, exec=0xbf85e59c, 
    thisObj=0xb1d954c0, args=@0xbf85e508)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#52 0xb404541b in KJS::Machine::runBlock (exec=0xbf85e59c, block=@0x954bb18)
    at codes.def:1154
#53 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x954bac8, 
    exec=0xbf85e59c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#54 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1ddcb80, 
    exec=0xbf85f2bc, thisObj=0xb1e90040, args=@0xbf85f228)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#55 0xb4022f8d in KJS::JSObject::call (this=0xb1ddcb80, exec=0xbf85f2bc, 
    thisObj=0xb1e90040, args=@0xbf85f228)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#56 0xb404541b in KJS::Machine::runBlock (exec=0xbf85f2bc, block=@0x9f44d68)
    at codes.def:1154
#57 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9f44d18, 
    exec=0xbf85f2bc) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#58 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1da9740, 
    exec=0xbf85ffdc, thisObj=0xb1e90040, args=@0xbf85ff48)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#59 0xb4022f8d in KJS::JSObject::call (this=0xb1da9740, exec=0xbf85ffdc, 
    thisObj=0xb1e90040, args=@0xbf85ff48)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#60 0xb404541b in KJS::Machine::runBlock (exec=0xbf85ffdc, block=@0x9a857d8)
    at codes.def:1154
#61 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9a85788, 
    exec=0xbf85ffdc) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#62 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1da8de0, 
    exec=0xbf860cfc, thisObj=0xb1e90040, args=@0xbf860c68)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#63 0xb4022f8d in KJS::JSObject::call (this=0xb1da8de0, exec=0xbf860cfc, 
    thisObj=0xb1e90040, args=@0xbf860c68)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#64 0xb404541b in KJS::Machine::runBlock (exec=0xbf860cfc, block=@0x9db8980)
    at codes.def:1154
#65 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9db8930, 
    exec=0xbf860cfc) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#66 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1e8d800, 
    exec=0xbf861a1c, thisObj=0xb1e90040, args=@0xbf861988)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#67 0xb4022f8d in KJS::JSObject::call (this=0xb1e8d800, exec=0xbf861a1c, 
    thisObj=0xb1e90040, args=@0xbf861988)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#68 0xb404541b in KJS::Machine::runBlock (exec=0xbf861a1c, block=@0x97f5190)
    at codes.def:1154
#69 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x97f5140, 
    exec=0xbf861a1c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#70 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1e8d860, 
    exec=0xbf86273c, thisObj=0xb1e90040, args=@0xbf8626a8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#71 0xb4022f8d in KJS::JSObject::call (this=0xb1e8d860, exec=0xbf86273c, 
    thisObj=0xb1e90040, args=@0xbf8626a8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#72 0xb404541b in KJS::Machine::runBlock (exec=0xbf86273c, block=@0x9e6b0b0)
    at codes.def:1154
#73 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9e6b060, 
    exec=0xbf86273c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#74 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1da9460, 
    exec=0xbf86345c, thisObj=0xb1e90040, args=@0xbf8633c8)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#75 0xb4022f8d in KJS::JSObject::call (this=0xb1da9460, exec=0xbf86345c, 
    thisObj=0xb1e90040, args=@0xbf8633c8)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#76 0xb404541b in KJS::Machine::runBlock (exec=0xbf86345c, block=@0x8cad268)
    at codes.def:1154
#77 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x8cad218, 
    exec=0xbf86345c) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#78 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1de4aa0, 
    exec=0xbf8641fc, thisObj=0xb1de4b40, args=@0xbf8635a4)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#79 0xb4022f8d in KJS::JSObject::call (this=0xb1de4aa0, exec=0xbf8641fc, 
    thisObj=0xb1de4b40, args=@0xbf8635a4)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#80 0xb4003104 in KJS::FunctionProtoFunc::callAsFunction (this=0xb1e8e6e0, 
    exec=0xbf8641fc, thisObj=0xb1de4aa0, args=@0xbf864168)
    at /media/kde/src/KDE/kdelibs/kjs/function_object.cpp:123
#81 0xb4022f8d in KJS::JSObject::call (this=0xb1e8e6e0, exec=0xbf8641fc, 
    thisObj=0xb1de4aa0, args=@0xbf864168)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#82 0xb404541b in KJS::Machine::runBlock (exec=0xbf8641fc, block=@0x9722468)
    at codes.def:1154
#83 0xb3febef2 in KJS::FunctionBodyNode::execute (this=0x9722418, 
    exec=0xbf8641fc) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#84 0xb401ee3f in KJS::FunctionImp::callAsFunction (this=0xb1de3ec0, 
    exec=0xbf864f48, thisObj=0xb1e90040, args=@0xbf864e88)
    at /media/kde/src/KDE/kdelibs/kjs/function.cpp:123
#85 0xb4022f8d in KJS::JSObject::call (this=0xb1de3ec0, exec=0xbf864f48, 
    thisObj=0xb1e90040, args=@0xbf864e88)
    at /media/kde/src/KDE/kdelibs/kjs/object.cpp:99
#86 0xb404541b in KJS::Machine::runBlock (exec=0xbf864f48, block=@0x9e3ea48)
    at codes.def:1154
#87 0xb3febfd4 in KJS::FunctionBodyNode::execute (this=0x9e3e9f8, 
    exec=0xbf864f48) at /media/kde/src/KDE/kdelibs/kjs/nodes.cpp:988
#88 0xb40255ce in KJS::Interpreter::evaluate (this=0x9724d98, 
    sourceURL=@0xbf865104, startingLineNumber=1070, code=0xa121268, 
    codeLength=191, thisV=0xb1e90040)
    at /media/kde/src/KDE/kdelibs/kjs/interpreter.cpp:555
#89 0xb402566e in KJS::Interpreter::evaluate (this=0x9724d98, 
    sourceURL=@0xbf865104, startingLineNumber=1070, code=@0xbf865108, 
    thisV=0xb1e90040) at /media/kde/src/KDE/kdelibs/kjs/interpreter.cpp:497
#90 0xb3e123bb in KJS::KJSProxyImpl::evaluate (this=0x9f196b8, filename=
      {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 26052}, alloc = 0, size = 0, data = 0xb7506cba, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 182}, alloc = 0, size = 0, data = 0xb7506cce, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0xbf865198, static codecForCStrings = 0x0}, 
    baseLine=1070, str=@0xbf865344, n=@0xbf8651ec, completion=0xbf865178)
    at /media/kde/src/KDE/kdelibs/khtml/ecma/kjs_proxy.cpp:157
#91 0xb3bf4e95 in KHTMLPart::executeScript (this=0x9dd26b8, 
    filename=@0xbf865208, baseLine=1070, n=@0xbf8651ec, script=@0xbf865344)
    at /media/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1189
#92 0xb3c84eb4 in khtml::HTMLTokenizer::scriptExecution (this=0xa01ec80, 
    str=@0xbf865344, scriptURL=@0xbf86533c, baseLine=1069)
    at /media/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:475
#93 0xb3c85650 in khtml::HTMLTokenizer::scriptHandler (this=0xa01ec80)
    at /media/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:428
#94 0xb3c85fd4 in khtml::HTMLTokenizer::parseSpecial (this=0xa01ec80, 
    src=@0xa01f170)
    at /media/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:344
#95 0xb3c885b3 in khtml::HTMLTokenizer::parseTag (this=0xa01ec80, 
    src=@0xa01f170)
    at /media/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1535
#96 0xb3c88d50 in khtml::HTMLTokenizer::write (this=0xa01ec80, 
    str=@0xbf865668, appendData=true)
    at /media/kde/src/KDE/kdelibs/khtml/html/htmltokenizer.cpp:1789
#97 0xb3bf0441 in KHTMLPart::write (this=0x9dd26b8, 
    data=0x9c1d418 "se this.CPb(a);if(this.B4<=0||this.bU[p]==0){this.T=2;return}if(mQ)if(se()-mQ<300000){this.T=12;return}this.Aka();if(this.pF)return;if(!this.Ocb.call(this.Fcb)){this.T=8;return}if(!this.So&&!this.ln){"..., len=3431)
    at /media/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1941
#98 0xb3bf2a94 in KHTMLPart::slotData (this=0x9dd26b8, kio_job=0xa3ab2f8, 
    data=@0xbf865b84) at /media/kde/src/KDE/kdelibs/khtml/khtml_part.cpp:1632
#99 0xb3bfa1a0 in KHTMLPart::qt_metacall (this=0x9dd26b8, 
    _c=QMetaObject::InvokeMetaMethod, _id=19, _a=0xbf8658e8)
    at /media/kde/build/KDE/kdelibs/khtml/khtml_part.moc:264
#100 0xb746c8d8 in QMetaObject::activate (sender=0xa3ab2f8, 
    from_signal_index=40, to_signal_index=40, argv=0xbf8658e8)
    at kernel/qobject.cpp:3007
#101 0xb746cd65 in QMetaObject::activate (sender=0xa3ab2f8, m=0xb7df3c30, 
    local_signal_index=0, argv=0xbf8658e8) at kernel/qobject.cpp:3080
#102 0xb7c8e849 in KIO::TransferJob::data (this=0xa3ab2f8, _t1=0xa3ab2f8, 
    _t2=@0xbf865b84) at /media/kde/build/KDE/kdelibs/kio/jobclasses.moc:356
#103 0xb7c8f27b in KIO::TransferJob::slotData (this=0xa3ab2f8, 
    _data=@0xbf865b84) at /media/kde/src/KDE/kdelibs/kio/kio/job.cpp:921
#104 0xb7c9944d in KIO::TransferJob::qt_metacall (this=0xa3ab2f8, 
    _c=QMetaObject::InvokeMetaMethod, _id=8, _a=0xbf865a2c)
    at /media/kde/build/KDE/kdelibs/kio/jobclasses.moc:337
#105 0xb746c8d8 in QMetaObject::activate (sender=0x8a0ecc0, 
    from_signal_index=4, to_signal_index=4, argv=0xbf865a2c)
    at kernel/qobject.cpp:3007
#106 0xb746cd65 in QMetaObject::activate (sender=0x8a0ecc0, m=0xb7df6604, 
    local_signal_index=0, argv=0xbf865a2c) at kernel/qobject.cpp:3080
#107 0xb7d349e3 in KIO::SlaveInterface::data (this=0x8a0ecc0, _t1=@0xbf865b84)
    at /media/kde/build/KDE/kdelibs/kio/slaveinterface.moc:136
#108 0xb7d36424 in KIO::SlaveInterface::dispatch (this=0x8a0ecc0, _cmd=100, 
    rawdata=@0xbf865b84)
    at /media/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:162
#109 0xb7d36f48 in KIO::SlaveInterface::dispatch (this=0x8a0ecc0)
    at /media/kde/src/KDE/kdelibs/kio/kio/slaveinterface.cpp:90
#110 0xb7d29b27 in KIO::Slave::gotInput (this=0x8a0ecc0)
    at /media/kde/src/KDE/kdelibs/kio/kio/slave.cpp:319
#111 0xb7d2aef3 in KIO::Slave::qt_metacall (this=0x8a0ecc0, 
    _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbf865c84)
    at /media/kde/build/KDE/kdelibs/kio/slave.moc:75
#112 0xb746c8d8 in QMetaObject::activate (sender=0x89ed298, 
    from_signal_index=4, to_signal_index=4, argv=0x0)
    at kernel/qobject.cpp:3007
#113 0xb746cd65 in QMetaObject::activate (sender=0x89ed298, m=0xb7df32c0, 
    local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3080
#114 0xb7c65a17 in KIO::Connection::readyRead (this=0x89ed298)
    at /media/kde/build/KDE/kdelibs/kio/connection.moc:84
#115 0xb7c66876 in KIO::ConnectionPrivate::dequeue (this=0x89dd018)
    at /media/kde/src/KDE/kdelibs/kio/kio/connection.cpp:82
#116 0xb7c676c6 in KIO::Connection::qt_metacall (this=0x89ed298, 
    _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x9b07688)
    at /media/kde/build/KDE/kdelibs/kio/connection.moc:72
#117 0xb7466a16 in QMetaCallEvent::placeMetaCall (this=0x96fb0a8, 
    object=0x89ed298) at kernel/qobject.cpp:535
#118 0xb746ac82 in QObject::event (this=0x89ed298, e=0x96fb0a8)
    at kernel/qobject.cpp:1137
#119 0xb68e1319 in QApplicationPrivate::notify_helper (this=0x8057be0, 
    receiver=0x89ed298, e=0x96fb0a8) at kernel/qapplication.cpp:3772
#120 0xb68e162e in QApplication::notify (this=0xbf866768, receiver=0x89ed298, 
    e=0x96fb0a8) at kernel/qapplication.cpp:3366
#121 0xb7a7abd1 in KApplication::notify (this=0xbf866768, receiver=0x89ed298, 
    event=0x96fb0a8)
    at /media/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#122 0xb74582d7 in QCoreApplication::notifyInternal (this=0xbf866768, 
    receiver=0x89ed298, event=0x96fb0a8) at kernel/qcoreapplication.cpp:583
#123 0xb745be1f in QCoreApplication::sendEvent (receiver=0x89ed298, 
    event=0x96fb0a8)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#124 0xb74587f7 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, 
    event_type=0, data=0x804acc0) at kernel/qcoreapplication.cpp:1195
#125 0xb74589b3 in QCoreApplication::sendPostedEvents (receiver=0x0, 
    event_type=0) at kernel/qcoreapplication.cpp:1091
#126 0xb74878f6 in QCoreApplication::sendPostedEvents ()
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220
#127 0xb7486b08 in postEventSourceDispatch (s=0x8059ee8)
    at kernel/qeventdispatcher_glib.cpp:211
#128 0xb63a0978 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#129 0xb63a3bce in ?? () from /usr/lib/libglib-2.0.so.0
#130 0x08059e60 in ?? ()
#131 0x00000000 in ?? ()
#0  0xb7f4b424 in __kernel_vsyscall ()

Comment 1 A. Spehr 2008-05-27 21:50:57 UTC

None of our lovely bugsquaders from last night commented on this? 

fwiw i can't verify on 3.5.4-15, but i don't think that's very useful. 
iirc, G couldn't verify this on a very recent trunk copy.

Comment 2 Michael Leupold 2008-05-28 08:29:31 UTC

I just tried and can't reproduce the crash using 813487. It doesn't work however.. and on closing the browser it crashed for me. Strange :-)

Comment 3 Eduardo Robles Elvira 2008-06-05 16:34:50 UTC

I confirm that this crash is fixed in trunk rev 817151. The labels don't work though. Should we close this bug then?

Comment 4 Christophe Marin 2008-06-05 17:08:56 UTC

I'm still able to reproduce it. so no, it won't be closed.

Comment 5 Christophe Marin 2008-06-05 17:21:17 UTC

I could also make gdb crash while trying to reproduce this bug.

[Thread debugging using libthread_db enabled]
[New Thread 0xb6171720 (LWP 1303)]
/build/buildd/gdb-6.8/gdb/utils.c:904: internal-error: virtual memory exhausted: can't allocate 96327678 bytes.
A problem internal to GDB has been detected,
further debugging may prove unreliable.

:-)

Comment 6 David Faure 2008-06-05 21:05:06 UTC

Valgrind log at http://web.davidfaure.fr/kde/vglog-162564. Not very helpful though.

Comment 7 David Faure 2008-06-05 21:07:20 UTC

bidi.cpp:1733 is this line here: curr->deleteLine(arena);

curr is obviously not 0, but hmm, maybe already deleted (and vg ran out of frelist?) not sure.

Comment 8 Maksim Orlovich 2008-06-05 21:58:59 UTC

David: the rendering stuff goes into a special arena allocator, so valgrind doesn't known about it. Commenting our KHTML_USE_ARENA_ALLOCATOR will make the output a lot more useful.

Comment 9 David Faure 2008-06-06 15:09:58 UTC

==10501==
==10501== Invalid read of size 8
==10501==    at 0x17F51340: khtml::InlineBox::parent() const (render_line.h:96)
==10501==    by 0x17FE2F75: khtml::InlineFlowBox::deleteLine(khtml::RenderArena*) (render_line.cpp:204)
==10501==    by 0x17F4E8B0: khtml::RenderBlock::determineStartPosition(bool, khtml::BidiIterator&, khtml::BidiState&) (bidi.cpp:1733)
==10501==    by 0x17F50052: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1467)
==10501==    by 0x17F5F130: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:782)
==10501==    by 0x17F5FA09: khtml::RenderBlock::layout() (render_block.cpp:685)
==10501==    by 0x17FDBAF4: khtml::RenderBody::layout() (render_body.cpp:96)
==10501==    by 0x17E137D6: khtml::RenderObject::layoutIfNeeded() (render_object.h:455)
==10501==    by 0x17F5E5C8: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1505)
==10501==    by 0x17F5F145: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:784)
==10501==    by 0x17F5FA09: khtml::RenderBlock::layout() (render_block.cpp:685)
==10501==    by 0x17E137D6: khtml::RenderObject::layoutIfNeeded() (render_object.h:455)
==10501==    by 0x17F5E5C8: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1505)
==10501==    by 0x17F5F145: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:784)
==10501==    by 0x17FD5C53: khtml::RenderCanvas::layout() (render_canvas.cpp:187)
==10501==    by 0x17E10022: KHTMLView::layout() (khtmlview.cpp:966)
==10501==    by 0x17E90DE9: DOM::DocumentImpl::updateLayout() (dom_docimpl.cpp:1321)
==10501==    by 0x17E90D42: DOM::DocumentImpl::updateLayout() (dom_docimpl.cpp:1308)
==10501==    by 0x18079395: KJS::DOMNode::getValueProperty(KJS::ExecState*, int) const (kjs_dom.cpp:352)
==10501==    by 0x1807FD1F: KJS::JSValue* KJS::staticValueGetter<KJS::DOMNode>(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) (lookup.h:147)
==10501==    by 0x187D57D0: KJS::PropertySlot::getValue(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&) const (property_slot.h:46)
==10501==    by 0x187D4293: KJS::JSObject::get(KJS::ExecState*, KJS::Identifier const&) const (object.cpp:166)
==10501==    by 0x187F3B43: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:705)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x187D0033: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:301)
==10501==    by 0x18800832: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1184)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==  Address 0x1C705458 is 72 bytes inside a block of size 112 free'd
==10501==    at 0x4C2182B: free (vg_replace_malloc.c:233)
==10501==    by 0x17F98642: khtml::RenderArena::free(unsigned long, void*) (render_arena.cpp:122)
==10501==    by 0x17F9802D: khtml::InlineTextBox::detach(khtml::RenderArena*, bool) (render_text.cpp:82)
==10501==    by 0x17F939D6: khtml::RenderText::deleteInlineBoxes(khtml::RenderArena*) (render_text.cpp:780)
==10501==    by 0x17F958D7: khtml::RenderText::dirtyInlineBoxes(bool, bool) (render_text.cpp:789)
==10501==    by 0x17F4FF14: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1443)
==10501==    by 0x17F5F130: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:782)
==10501==    by 0x17F5FA09: khtml::RenderBlock::layout() (render_block.cpp:685)
==10501==    by 0x17FDBAF4: khtml::RenderBody::layout() (render_body.cpp:96)
==10501==    by 0x17E137D6: khtml::RenderObject::layoutIfNeeded() (render_object.h:455)
==10501==    by 0x17F5E5C8: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1505)
==10501==    by 0x17F5F145: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:784)
==10501==    by 0x17F5FA09: khtml::RenderBlock::layout() (render_block.cpp:685)
==10501==    by 0x17E137D6: khtml::RenderObject::layoutIfNeeded() (render_object.h:455)
==10501==    by 0x17F5E5C8: khtml::RenderBlock::layoutBlockChildren(bool) (render_block.cpp:1505)
==10501==    by 0x17F5F145: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:784)
==10501==    by 0x17FD5C53: khtml::RenderCanvas::layout() (render_canvas.cpp:187)
==10501==    by 0x17E10022: KHTMLView::layout() (khtmlview.cpp:966)
==10501==    by 0x17E90DE9: DOM::DocumentImpl::updateLayout() (dom_docimpl.cpp:1321)
==10501==    by 0x17E90D42: DOM::DocumentImpl::updateLayout() (dom_docimpl.cpp:1308)
==10501==    by 0x18079395: KJS::DOMNode::getValueProperty(KJS::ExecState*, int) const (kjs_dom.cpp:352)
==10501==    by 0x1807FD1F: KJS::JSValue* KJS::staticValueGetter<KJS::DOMNode>(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) (lookup.h:147)
==10501==    by 0x187D57D0: KJS::PropertySlot::getValue(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&) const (property_slot.h:46)
==10501==    by 0x187D4293: KJS::JSObject::get(KJS::ExecState*, KJS::Identifier const&) const (object.cpp:166)
==10501==    by 0x187F3B43: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:705)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x187D0033: KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) (function.cpp:301)
==10501==    by 0x18800832: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1184)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==    by 0x187995A5: KJS::FunctionBodyNode::execute(KJS::ExecState*) (nodes.cpp:989)
==10501==    by 0x187D03F4: KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (function.cpp:127)
==10501==    by 0x187D4932: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (object.cpp:99)
==10501==    by 0x188005CB: KJS::Machine::runBlock(KJS::ExecState*, WTF::Vector<unsigned char, 0l> const&) (codes.def:1163)
==10501==

Comment 10 Christophe Marin 2008-06-26 16:21:00 UTC

*** Bug 164993 has been marked as a duplicate of this bug. ***

Comment 11 Christophe Marin 2008-06-28 02:09:20 UTC

*** Bug 165158 has been marked as a duplicate of this bug. ***

Comment 12 Rafael 2008-06-28 02:31:01 UTC

I can reproduce this crash in version 4.00.83 (KDE 4.0.83 (KDE 4.1 Beta2).

Comment 13 Bram Schoenmakers 2008-06-28 15:30:44 UTC

Have found a similar bug on Facebook. When watching a photo from a photo album, you have the Previous/Next links on top of the photo. When you click next, Konqueror 3 freezes and Konqueror 4 (trunk) crashes. Snipped backtrace:

#0  0x4e20c0df in pcre_compile2 () from /usr/lib/libpcre.so.0
#1  0x4e20c9bf in pcre_compile () from /usr/lib/libpcre.so.0
#2  0xb463d12a in RegExp (this=0x9727b78, p=@0xbf56fedc, flags=0x0) at /home/bram/KDE/kdelibs/kjs/regexp.cpp:168
#3  0xb4655ef6 in KJS::RegExpObjectImp::makeEngine (exec=0xbf571424, p=@0xbf56fedc, flagsInput=0xb2a65c40) at /home/bram/KDE/kdelibs/kjs/regexp_object.cpp:453
#4  0xb4657174 in KJS::RegExpObjectImp::construct (this=0xb2f0e120, exec=0xbf571424, args=@0xbf56ffd8) at /home/bram/KDE/kdelibs/kjs/regexp_object.cpp:476
#5  0xb46818e9 in KJS::Machine::runBlock (exec=0xbf571424, codeBlock=@0x8f91d34, parentExec=0xbf572a84) at codes.def:857
#6  0xb465ce9b in KJS::FunctionImp::callAsFunction (this=0xb31914a0, exec=0xbf572a84, thisObj=0xb3196580, args=@0xbf5716dc) at /home/bram/KDE/kdelibs/kjs/function.cpp:143
#7  0xb466169f in KJS::JSObject::call (this=0xb31914a0, exec=0xbf572a84, thisObj=0xb3196580, args=@0xbf5716dc) at /home/bram/KDE/kdelibs/kjs/object.cpp:99
#8  0xb46886ee in KJS::Machine::runBlock (exec=0xbf572a84, codeBlock=@0x8f913f4, parentExec=0xbf5740e4) at codes.def:1206
#9  0xb465ce9b in KJS::FunctionImp::callAsFunction (this=0xb31914e0, exec=0xbf5740e4, thisObj=0xb3196580, args=@0xbf572d3c) at /home/bram/KDE/kdelibs/kjs/function.cpp:143
#10 0xb466169f in KJS::JSObject::call (this=0xb31914e0, exec=0xbf5740e4, thisObj=0xb3196580, args=@0xbf572d3c) at /home/bram/KDE/kdelibs/kjs/object.cpp:99

[snipped frame #11 - #5156]

#5157 0xb46886ee in KJS::Machine::runBlock (exec=0xbfd69244, codeBlock=@0x8977384, parentExec=0xbfd6a8a4) at codes.def:1206
#5158 0xb465ce9b in KJS::FunctionImp::callAsFunction (this=0xb2d96de0, exec=0xbfd6a8a4, thisObj=0xb2d96f80, args=@0xbfd694fc) at /home/bram/KDE/kdelibs/kjs/function.cpp:143
#5159 0xb466169f in KJS::JSObject::call (this=0xb2d96de0, exec=0xbfd6a8a4, thisObj=0xb2d96f80, args=@0xbfd694fc) at /home/bram/KDE/kdelibs/kjs/object.cpp:99
#5160 0xb46886ee in KJS::Machine::runBlock (exec=0xbfd6a8a4, codeBlock=@0x8977384, parentExec=0xbfd6bf04) at codes.def:1206
#5161 0xb465ce9b in KJS::FunctionImp::callAsFunction (this=0xb2d96de0, exec=0xbfd6bf04, thisObj=0xb2d96f80, args=@0xbfd6ab5c) at /home/bram/KDE/kdelibs/kjs/function.cpp:143
#5162 0xb466169f in KJS::JSObject::call (this=0xb2d96de0, exec=0xbfd6bf04, thisObj=0xb2d96f80, args=@0xbfd6ab5c) at /home/bram/KDE/kdelibs/kjs/object.cpp:99
#5163 0xb46886ee in KJS::Machine::runBlock (exec=0xbfd6bf04, codeBlock=@0x8f4b06c, parentExec=0x83b7488) at codes.def:1206
#5164 0xb465ce9b in KJS::FunctionImp::callAsFunction (this=0xb2d96e20, exec=0x83b7488, thisObj=0xb31a0000, args=@0x8e69b1c) at /home/bram/KDE/kdelibs/kjs/function.cpp:143
#5165 0xb466169f in KJS::JSObject::call (this=0xb2d96e20, exec=0x83b7488, thisObj=0xb31a0000, args=@0x8e69b1c) at /home/bram/KDE/kdelibs/kjs/object.cpp:99
#5166 0xb4a748d9 in KJS::ScheduledAction::execute (this=0x8e69b18, window=0xb31a0000) at /home/bram/KDE/kdelibs/khtml/ecma/kjs_window.cpp:2179
#5167 0xb4a74b9c in KJS::WindowQObject::timerEvent (this=0x85b2250) at /home/bram/KDE/kdelibs/khtml/ecma/kjs_window.cpp:2355
#5168 0xb71c22f2 in QObject::event (this=0x85b2250, e=0xbfd6c6b4) at /home/bram/KDE/qt-copy/src/corelib/kernel/qobject.cpp:1105
#5169 0xb668b175 in QApplicationPrivate::notify_helper (this=0x80577a0, receiver=0x85b2250, e=0xbfd6c6b4) at /home/bram/KDE/qt-copy/src/gui/kernel/qapplication.cpp:3772
#5170 0xb668b48b in QApplication::notify (this=0xbfd6ca14, receiver=0x85b2250, e=0xbfd6c6b4) at /home/bram/KDE/qt-copy/src/gui/kernel/qapplication.cpp:3366
#5171 0xb77e4872 in KApplication::notify (this=0xbfd6ca14, receiver=0x85b2250, event=0xbfd6c6b4) at /home/bram/KDE/kdelibs/kdeui/kernel/kapplication.cpp:311
#5172 0xb71ac991 in QCoreApplication::notifyInternal (this=0xbfd6ca14, receiver=0x85b2250, event=0xbfd6c6b4) at /home/bram/KDE/qt-copy/src/corelib/kernel/qcoreapplication.cpp:587
#5173 0xb71b0e1d in QCoreApplication::sendEvent (receiver=0x85b2250, event=0xbfd6c6b4) at ../../include/QtCore/../../../../qt-copy/src/corelib/kernel/qcoreapplication.h:215
#5174 0xb71e3feb in QTimerInfoList::activateTimers (this=0x805a7bc) at /home/bram/KDE/qt-copy/src/corelib/kernel/qeventdispatcher_unix.cpp:563
#5175 0xb71e0fe6 in timerSourceDispatch (source=0x805a788) at /home/bram/KDE/qt-copy/src/corelib/kernel/qeventdispatcher_glib.cpp:166
#5176 0x4e264ccd in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#5177 0x4e267ee3 in ?? () from /usr/lib/libglib-2.0.so.0
#5178 0x08059c20 in ?? ()
#5179 0x00000000 in ?? ()

Comment 14 Bram Schoenmakers 2008-06-28 15:33:08 UTC

Created attachment 25664 [details]
Full backtrace of comment #13

Comment 15 Maksim Orlovich 2008-06-28 17:47:27 UTC

Re: comment #13: that's completely unrelated. Please file a separate bug report.

Comment 16 Bram Schoenmakers 2008-06-28 18:42:26 UTC

Then probably the duplicates aren't right either, because that's why I ended up here.

Comment 17 Allan Sandfeld 2008-07-04 14:26:15 UTC

Created attachment 25835 [details]
Possible patch

I think this the solution to this crash, but I can't currently reproduce it
iwht the unpatched version, so I am a little unsure.

Comment 18 A. Spehr 2008-07-15 23:29:32 UTC

libs:r832279 base:r832331

I'm not getting this or any of the related label crashes... Have I just not poked at it hard enough? 

(I take it this is different from bug #165158...)

Comment 19 Christophe Marin 2008-07-16 00:49:43 UTC

> I'm not getting this or any of the related label crashes... Have I just not
> poked at it hard enough?


Indeed, you didn't... or you didn't get the correct gmail version.

I tested this bug again two days ago.

Comment 20 Jure Repinc 2008-07-23 10:11:42 UTC

I think I get the same crash on Akademy 2008 website by visiting it, then clicking on Boat Trip link in the menu on the left. If it doesn't crash the first time click the link again and it should crash. This is with Konqueror 4.00.98 (KDE 4.0.98 (4.1 RC1)) from 64-bit Mandriva 2009 (Cooker) packages.

Comment 21 Christophe Marin 2008-08-08 01:05:29 UTC

*** Bug 168671 has been marked as a duplicate of this bug. ***

Comment 22 Andre Woebbeking 2008-12-23 12:46:04 UTC

I've the same crash on http://www.musterhausparks.de/html/ostbevern.html if I click on another location in the left menu.

Comment 23 Andre Woebbeking 2008-12-23 12:51:33 UTC

I forgot to mention that I'm using recent 4.1 branch.

Comment 24 Tommi Tervo 2008-12-23 14:03:41 UTC

4.1.3 crashes, but trunk doesn't (r897k). VG complains a bit but it seems unrelated. 

==32563== Invalid read of size 4
==32563==    at 0x14666717: khtmlImLoad::ScaledImagePlane::ensureUpToDate(unsigned, unsigned, khtmlImLoad::PixmapTile*) (scaledimageplane.cpp:53)
==32563==    by 0x14667171: khtmlImLoad::PixmapPlane::paint(int, int, QPainter*, int, int, int, int) (pixmapplane.cpp:102)
==32563==    by 0x14667812: khtmlImLoad::ImagePainter::paint(int, int, QPainter*, int, int, int, int) (imagepainter.cpp:126)
==32563==    by 0x144CD92A: khtml::RenderImage::paint(khtml::RenderObject::PaintInfo&, int, int) (render_image.cpp:331)
==32563==    by 0x1450A031: khtml::InlineBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:141)
==32563==    by 0x14508241: khtml::InlineFlowBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:826)
==32563==    by 0x145083B7: khtml::RootInlineBox::paint(khtml::RenderObject::PaintInfo&, int, int) (render_line.cpp:1134)
==32563==    by 0x144BF022: khtml::RenderFlow::paintLines(khtml::RenderObject::PaintInfo&, int, int) (render_flow.cpp:389)
==32563==    by 0x14491D0D: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1730)
==32563==    by 0x144D61F8: khtml::RenderTableSection::paint(khtml::RenderObject::PaintInfo&, int, int) (render_table.cpp:1802)
==32563==    by 0x144D1144: khtml::RenderTable::paint(khtml::RenderObject::PaintInfo&, int, int) (render_table.cpp:496)
==32563==    by 0x14491E58: khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo&, int, int, bool) (render_block.cpp:1734)
==32563==  Address 0xe00b524 is 0 bytes after a block of size 4 alloc'd
==32563==    at 0x4C265AE: malloc (vg_replace_malloc.c:207)
==32563==    by 0x7C5B07A: (within /usr/lib/libQtGui.so.4.4.3)
==32563==    by 0x7C5B54B: QImage::QImage(int, int, QImage::Format) (in /usr/lib/libQtGui.so.4.4.3)
==32563==    by 0x14666DB6: khtmlImLoad::ImageFormat::makeImage(int, int) const (imageformat.h:74)
==32563==    by 0x1466A003: khtmlImLoad::Image::notifyAppendFrame(int, int, khtmlImLoad::ImageFormat const&) (image.cpp:249)
==32563==    by 0x1466F6EF: khtmlImLoad::GIFLoader::processEOF() (imageloader.h:62)
==32563==    by 0x14668549: khtmlImLoad::Image::processEOF() (image.cpp:206)
==32563==    by 0x145674AE: khtml::Loader::slotFinished(KJob*) (loader.cpp:1402)
==32563==    by 0x1456E946: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:129)
==32563==    by 0x7501133: QMetaObject::activate(QObject*, int, int, void**) (in /usr/lib/libQtCore.so.4.4.3)
==32563==    by 0x6D9F041: KJob::result(KJob*) (kjob.moc:186)
==32563==    by 0x6D9F40E: KJob::emitResult() (kjob.cpp:294)

Comment 25 Andre Woebbeking 2008-12-23 14:30:47 UTC

AFAIK, "Invalid read" could also crash any time. But yes, the backtrace looks unrelated.

Comment 26 Andre Woebbeking 2008-12-23 15:11:17 UTC

FYI, I just tried today's trunk and got the same crash, but I had to click several links from the left menu.

Comment 27 Andre Woebbeking 2008-12-23 15:25:05 UTC

Allan, I tried your patch on 4.1.3 but still get the same crash.

Comment 28 FiNeX 2009-01-12 14:00:09 UTC

*** Bug 171104 has been marked as a duplicate of this bug. ***

Comment 29 FiNeX 2009-01-12 14:02:12 UTC

*** Bug 177070 has been marked as a duplicate of this bug. ***

Comment 30 FiNeX 2009-02-01 00:38:41 UTC

*** Bug 177070 has been marked as a duplicate of this bug. ***

Comment 31 Raúl 2009-06-25 00:20:37 UTC

I got this crash on 4.2.4 (Debian sid). Couldn't tell how to reproduce, but I'm attaching an excerpt of the xsession-errors.

When it crashed, I could restore the previous session with the automatic session saving feature. I restarted konqueror recovering previous session and after some little time it crashed. This happend a couple of times, until I tried again and session was restored correctly with no crash.

The bactrace is this:

Aplicación: Konqueror (konqueror), señal SIGSEGV
0x00007f1c2fff4831 in nanosleep () from /lib/libc.so.6
Current language:  auto; currently c
[Current thread is 1 (Thread 0x7f1c30675760 (LWP 5351))]

Thread 2 (Thread 0x7f1c1b0db950 (LWP 9786)):
#0  0x00007f1c3001daf2 in select () from /lib/libc.so.6
#1  0x00007f1c2dc11936 in QProcessManager::run (this=0x9ecba0) at io/qprocess_unix.cpp:305
#2  0x00007f1c2db4a742 in QThreadPrivate::start (arg=0x9ecba0) at thread/qthread_unix.cpp:189
#3  0x00007f1c29b00faa in start_thread (arg=<value optimized out>) at pthread_create.c:300
#4  0x00007f1c3002429d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f1c30675760 (LWP 5351)):
[KCrash Handler]
#5  0x0000000000000000 in ?? ()
#6  0x00007f1c20e04b48 in khtml::InlineFlowBox::deleteLine (this=0x58c3328, arena=0x392d820) at ../../khtml/rendering/render_line.cpp:209
#7  0x00007f1c20d96c60 in khtml::RenderBlock::layoutInlineChildren (this=0x6a27c80, relayoutChildren=false, breakBeforeLine=0) at ../../khtml/rendering/bidi.cpp:1460
#8  0x00007f1c20da2d1b in khtml::RenderBlock::layoutBlock (this=0x6a27c80, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:833
#9  0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x6a27b48, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#10 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x6a27b48, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#11 0x00007f1c20dd6517 in khtml::RenderTableCell::layout (this=0x58c32c8) at ../../khtml/rendering/render_table.cpp:2406
#12 0x00007f1c20dd975a in khtml::RenderTableRow::layout (this=0x6a27ac8) at ../../khtml/rendering/render_table.cpp:2187
#13 0x00007f1c20db9f4c in khtml::RenderContainer::layout (this=0x6a26578) at ../../khtml/rendering/render_object.h:477
#14 0x00007f1c20ddef24 in khtml::RenderTable::layout (this=0x6a26468) at ../../khtml/rendering/render_table.cpp:346
#15 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x6a26390, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#16 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x6a26390, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#17 0x00007f1c20dd6517 in khtml::RenderTableCell::layout (this=0x58c32c8) at ../../khtml/rendering/render_table.cpp:2406
#18 0x00007f1c20dd975a in khtml::RenderTableRow::layout (this=0x6a25460) at ../../khtml/rendering/render_table.cpp:2187
#19 0x00007f1c20db9f4c in khtml::RenderContainer::layout (this=0x6a253c8) at ../../khtml/rendering/render_object.h:477
#20 0x00007f1c20ddef24 in khtml::RenderTable::layout (this=0x6a252b8) at ../../khtml/rendering/render_table.cpp:346
#21 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x6a251f0, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#22 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x6a251f0, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#23 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x6a25128, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#24 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x6a25128, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#25 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x6a25060, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#26 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x6a25060, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#27 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x5c1fb08, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#28 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x5c1fb08, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#29 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x5c1e960, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#30 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x5c1e960, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#31 0x00007f1c20dd6517 in khtml::RenderTableCell::layout (this=0x58c32c8) at ../../khtml/rendering/render_table.cpp:2406
#32 0x00007f1c20dd975a in khtml::RenderTableRow::layout (this=0x5c1e8e0) at ../../khtml/rendering/render_table.cpp:2187
#33 0x00007f1c20db9f4c in khtml::RenderContainer::layout (this=0x5c1e848) at ../../khtml/rendering/render_object.h:477
#34 0x00007f1c20ddef24 in khtml::RenderTable::layout (this=0x5c1e738) at ../../khtml/rendering/render_table.cpp:346
#35 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x5c1ccb8, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#36 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x5c1ccb8, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#37 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x32a3f88, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#38 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x32a3f88, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#39 0x00007f1c20dd6517 in khtml::RenderTableCell::layout (this=0x58c32c8) at ../../khtml/rendering/render_table.cpp:2406
#40 0x00007f1c20dd975a in khtml::RenderTableRow::layout (this=0x32a3f08) at ../../khtml/rendering/render_table.cpp:2187
#41 0x00007f1c20db9f4c in khtml::RenderContainer::layout (this=0x32a3e70) at ../../khtml/rendering/render_object.h:477
#42 0x00007f1c20ddef24 in khtml::RenderTable::layout (this=0x32a3c98) at ../../khtml/rendering/render_table.cpp:346
#43 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x32a3b10, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#44 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x32a3b10, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#45 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x32a25b0, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#46 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x32a25b0, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#47 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x32a2408, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#48 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x32a2408, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#49 0x00007f1c20e0112c in khtml::RenderBody::layout (this=0x32a2408) at ../../khtml/rendering/render_body.cpp:91
#50 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x32a2290, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#51 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x32a2290, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#52 0x00007f1c20da2685 in khtml::RenderBlock::layoutBlockChildren (this=0x32a20a0, relayoutChildren=false) at ../../khtml/rendering/render_object.h:477
#53 0x00007f1c20da2fd2 in khtml::RenderBlock::layoutBlock (this=0x32a20a0, relayoutChildren=false) at ../../khtml/rendering/render_block.cpp:835
#54 0x00007f1c20dfbf72 in khtml::RenderCanvas::layout (this=0x32a20a0) at ../../khtml/rendering/render_canvas.cpp:193
#55 0x00007f1c20c680b0 in KHTMLView::layout (this=0x3c26710) at ../../khtml/khtmlview.cpp:1085
#56 0x00007f1c20c6870e in KHTMLView::timerEvent (this=0x3c26710, e=<value optimized out>) at ../../khtml/khtmlview.cpp:4244
#57 0x00007f1c2dc42b43 in QObject::event (this=0x3c26710, e=0x392d820) at kernel/qobject.cpp:1082
#58 0x00007f1c2d0c0f7d in QWidget::event (this=0x3c26710, event=0x7fff387b3170) at kernel/qwidget.cpp:7918
#59 0x00007f1c2d45d83b in QFrame::event (this=0x3c26710, e=0x7fff387b3170) at widgets/qframe.cpp:559
#60 0x00007f1c2d4eedd9 in QAbstractScrollArea::event (this=0x3c26710, e=0x7fff387b3170) at widgets/qabstractscrollarea.cpp:918
#61 0x00007f1c20c6b301 in KHTMLView::event (this=0x3c26710, e=0x7fff387b3170) at ../../khtml/khtmlview.cpp:596
#62 0x00007f1c2d0704fd in QApplicationPrivate::notify_helper (this=0x9e8930, receiver=0x3c26710, e=0x7fff387b3170) at kernel/qapplication.cpp:4057
#63 0x00007f1c2d07877a in QApplication::notify (this=0x7fff387b3690, receiver=0x3c26710, e=0x7fff387b3170) at kernel/qapplication.cpp:4022
#64 0x00007f1c2e82f38b in KApplication::notify (this=0x7fff387b3690, receiver=0x3c26710, event=0x7fff387b3170) at ../../kdeui/kernel/kapplication.cpp:307
#65 0x00007f1c2dc32e4c in QCoreApplication::notifyInternal (this=0x7fff387b3690, receiver=0x3c26710, event=0x7fff387b3170) at kernel/qcoreapplication.cpp:610
#66 0x00007f1c2dc60036 in QTimerInfoList::activateTimers (this=0x9ec5c0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#67 0x00007f1c2dc5c55d in timerSourceDispatch (source=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:164
#68 0x00007f1c29d4ef7a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#69 0x00007f1c29d525f8 in ?? () from /usr/lib/libglib-2.0.so.0
#70 0x00007f1c29d527bc in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#71 0x00007f1c2dc5c4bf in QEventDispatcherGlib::processEvents (this=0x9d4410, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:324
#72 0x00007f1c2d108c7f in QGuiEventDispatcherGlib::processEvents (this=0x58c32c8, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#73 0x00007f1c2dc316f2 in QEventLoop::processEvents (this=<value optimized out>, flags={i = 947598304}) at kernel/qeventloop.cpp:149
#74 0x00007f1c2dc31abd in QEventLoop::exec (this=0x7fff387b3420, flags={i = 947598384}) at kernel/qeventloop.cpp:200
#75 0x00007f1c2dc33d84 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#76 0x00007f1c3036d679 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at ../../../../apps/konqueror/src/konqmain.cpp:257
#77 0x00007f1c2ff745a6 in __libc_start_main (main=0x4006f0 <main>, argc=3, ubp_av=0x7fff387b4108, init=0x400720 <__libc_csu_init>, fini=<value optimized out>, rtld_fini=<value optimized out>, 
    stack_end=0x7fff387b40f8) at libc-start.c:222
#78 0x0000000000400629 in _start () at ../sysdeps/x86_64/elf/start.S:113

Comment 32 Raúl 2009-06-25 00:21:52 UTC

Created attachment 34794 [details]
xsession-errors excerpt.

Comment 33 FiNeX 2010-09-18 22:13:54 UTC

*** Bug 251159 has been marked as a duplicate of this bug. ***

Comment 34 FiNeX 2010-09-18 22:14:39 UTC

*** Bug 165158 has been marked as a duplicate of this bug. ***

Comment 35 FiNeX 2010-09-18 22:15:06 UTC

*** Bug 188093 has been marked as a duplicate of this bug. ***

Comment 36 Christophe Marin 2011-05-13 18:37:43 UTC

I cannot reproduce the crash with the original steps.

Also tried to reproduce with a few URLs from the duplicate bugs without success. Closing.

Comment 37 Martin Bříza 2013-06-10 11:51:36 UTC

This bug is still present in 4.10.4 using the KHTML backend instead of WebKit...
Which version did you test on, Christophe? I'd like to backport the patch if it works in newer branches.

Comment 38 Martin Bříza 2013-06-10 11:52:38 UTC

Oh man, I reopened the bug unintentionally, sorry. Please, close it if it actually works, thank you.

Comment 39 Christophe Marin 2013-06-10 12:21:39 UTC

well, can you reproduce or not ? :)

Comment 40 Martin Bříza 2013-06-10 12:22:39 UTC

Yes, I can, I just didn't want to reopen the bug as I'm not sure which version you tested against.

Comment 41 Christophe Marin 2013-06-10 12:27:12 UTC

tested again with master & both engines, no crash.

Comment 42 Martin Bříza 2013-06-10 12:40:10 UTC

Created attachment 80425 [details]
Reproducer

Yeah, you're right it doesn't crash with the original reproducers. Yet, I got a pretty similar backtrace when opening the attached file in Konqueror. Maybe it's another bug, I don't know. It's interesting to note that if you increase the size of the canvas, you're actually reproducing Bug 314985 which has a completely different backtrace.

Comment 43 Andrea Iacovitti 2013-11-16 00:27:41 UTC

Wrongly reopened: closing.