Version: 4.2.00 (KDE 4.2.0) (using 4.2.00 (KDE 4.2.0), Debian packages) Compiler: cc OS: Linux (i686) release 2.6.28-2.slh.5-sidux-686 An improperly formatted style block (where the curly braces for for CSS styles are improperly closed) will make kde crash. The attached file demonstrates the issue. Note: bug located while trying to display an HTML email in kmail, which prompted kmail to crash.
Maybe someone can change the type of the bug to "crash"?
Created attachment 30841 [details] HTML test case. This HTML file makes konqueror crash. Fixing the CSS rules in the style element prevents the crash.
Can confirm; I think I saw something related reported earlier... ==16324== Invalid read of size 2 ==16324== at 0xB6A2790: DOM::CSSParser::lex() (tokenizer.cpp:723) ==16324== by 0xB6A3C24: DOM::CSSParser::lex(void*) (cssparser.cpp:2572) ==16324== by 0xB6CD059: cssyyparse(void*) (parser.cpp:356) ==16324== by 0xB6A33A1: DOM::CSSParser::runParser(int) (cssparser.cpp:166) ==16324== by 0xB6A39EF: DOM::CSSParser::parseSheet(DOM::CSSStyleSheetImpl*, DOM::DOMString const&) (cssparser.cpp:184) ==16324== by 0xB68B94B: DOM::CSSStyleSheetImpl::parseString(DOM::DOMString const&, bool) (css_stylesheetimpl.cpp:286) ==16324== by 0xB5ACE67: DOM::HTMLStyleElementImpl::parseText() (html_headimpl.cpp:666) ==16324== by 0xB553236: DOM::NodeBaseImpl::addChild(DOM::NodeImpl*) (dom_nodeimpl.cpp:1709) ==16324== by 0xB593896: khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (htmlparser.cpp:415) ==16324== by 0xB596565: khtml::KHTMLParser::parseToken(khtml::Token*) (htmlparser.cpp:303) ==16324== by 0xB596EDB: khtml::HTMLTokenizer::processToken() (htmltokenizer.cpp:2053) ==16324== by 0xB59DD0D: khtml::HTMLTokenizer::parseSpecial(khtml::TokenizerString&) (htmltokenizer.cpp:370) ==16324== Address 0x6353eee is 0 bytes after a block of size 422 alloc'd ==16324== at 0x4025D2E: malloc (vg_replace_malloc.c:207) ==16324== by 0xB6A39AF: DOM::CSSParser::parseSheet(DOM::CSSStyleSheetImpl*, DOM::DOMString const&) (cssparser.cpp:178) ==16324== by 0xB68B94B: DOM::CSSStyleSheetImpl::parseString(DOM::DOMString const&, bool) (css_stylesheetimpl.cpp:286) ==16324== by 0xB5ACE67: DOM::HTMLStyleElementImpl::parseText() (html_headimpl.cpp:666) ==16324== by 0xB553236: DOM::NodeBaseImpl::addChild(DOM::NodeImpl*) (dom_nodeimpl.cpp:1709) ==16324== by 0xB593896: khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (htmlparser.cpp:415) ==16324== by 0xB596565: khtml::KHTMLParser::parseToken(khtml::Token*) (htmlparser.cpp:303) ==16324== by 0xB596EDB: khtml::HTMLTokenizer::processToken() (htmltokenizer.cpp:2053) ==16324== by 0xB59DD0D: khtml::HTMLTokenizer::parseSpecial(khtml::TokenizerString&) (htmltokenizer.cpp:370) ==16324== by 0xB59FEC0: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1558) ==16324== by 0xB5A15C5: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1807) ==16324== by 0xB4D6AF6: KHTMLPart::write(char const*, int) (khtml_part.cpp:2080)
*** This bug has been marked as a duplicate of bug 167318 ***