Version: 4.2.00 (KDE 4.2.0) (using 4.2.00 (KDE 4.2.0), 4.2.0-10.fc10 Fedora) Compiler: gcc OS: Linux (i686) release 2.6.27.12-170.2.5.fc10.i686 How to reproduce: * Go to meneame.net * Click on a link that goes outside the webpage (those on the right of XXX meneos square) * Go back * Crash Happens with both fedora and kubuntu binaries Backtrace: Program received signal SIGSEGV, Segmentation fault. KJS::PropertyMap::get (this=0x4, name=@0x891ee38) at /usr/src/debug/kdelibs-4.2.0/kjs/property_map.cpp:215 215 if (!m_usingTable) { Current language: auto; currently c++ (gdb) bt #0 KJS::PropertyMap::get (this=0x4, name=@0x891ee38) at /usr/src/debug/kdelibs-4.2.0/kjs/property_map.cpp:215 #1 0x03bf1be9 in KJS::JSObject::getDirect () at /usr/src/debug/kdelibs-4.2.0/kjs/object.h:439 #2 cacheGlobalObject<KJS::HTMLDocumentProto> () at /usr/src/debug/kdelibs-4.2.0/kjs/lookup.h:325 #3 KJS::HTMLDocumentProto::self (exec=0xbfffdcb0) at /usr/src/debug/kdelibs-4.2.0/khtml/ecma/kjs_html.cpp:78 #4 0x03bf1c95 in HTMLDocument (this=0xb351f120, exec=0xbfffdcb0, d=0x8c6d9e8) at /usr/src/debug/kdelibs-4.2.0/khtml/ecma/kjs_html.cpp:202 #5 0x03be236f in KJS::getDOMNode (exec=0xbfffdcb0, n=0x8c6d9f4) at /usr/src/debug/kdelibs-4.2.0/khtml/ecma/kjs_dom.cpp:1760 #6 0x03c17cb5 in KJS::Window::getValueProperty (this=0xb3520000, exec=0xbfffdcb0, token=4) at /usr/src/debug/kdelibs-4.2.0/khtml/ecma/kjs_window.cpp:734 #7 0x024941c4 in KJS::PropertySlot::getValue () at /usr/src/debug/kdelibs-4.2.0/kjs/property_slot.h:46 #8 KJS::JSObject::get (this=0xb3520000, exec=0xbfffdcb0, propertyName=@0x88301f4) at /usr/src/debug/kdelibs-4.2.0/kjs/object.cpp:166 #9 0x024a991d in KJS::Machine::runBlock (exec=0xbfffdcb0, codeBlock=@0x8830058, parentExec=0x0) at codes.def:673 #10 0x02464340 in KJS::FunctionBodyNode::execute (this=0x86e74e8, exec=0xbfffdcb0) at /usr/src/debug/kdelibs-4.2.0/kjs/nodes.cpp:927 #11 0x0249770a in KJS::Interpreter::evaluate (this=0x89b1588, sourceURL=@0xbfffde14, startingLineNumber=7, code=0x88daf70, codeLength=998, thisV=0xb3520040) at /usr/src/debug/kdelibs-4.2.0/kjs/interpreter.cpp:550 #12 0x02497887 in KJS::Interpreter::evaluate (this=0x89b1588, sourceURL=@0xbfffde14, startingLineNumber=7, code=@0xbfffde18, thisV=0xb3520040) at /usr/src/debug/kdelibs-4.2.0/kjs/interpreter.cpp:493 #13 0x03c2cfac in KJS::KJSProxyImpl::evaluate (this=0x87f68c0, filename= {static null = {<No data fields>}, static shared_null = {ref = {_q_value = 9203}, alloc = 0, size = 0, data = 0x62aee9a, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, static shared_empty = {ref = {_q_value = 200}, alloc = 0, size = 0, data = 0x62aeeae, clean = 0, simpletext = 0, righttoleft = 0, asciiCache = 0, capacity = 0, reserved = 0, array = {0}}, d = 0x8c4fa28, static codecForCStrings = 0x0}, baseLine=7, str=@0xbfffe0c8, n=@0xbfffdefc, completion=0xbfffde7c) at /usr/src/debug/kdelibs-4.2.0/khtml/ecma/kjs_proxy.cpp:158 #14 0x039c79e4 in KHTMLPart::executeScript (this=0x87a0cf0, filename=@0xbfffdf18, baseLine=7, n=@0xbfffdefc, script=@0xbfffe0c8) at /usr/src/debug/kdelibs-4.2.0/khtml/khtml_part.cpp:1303 #15 0x03a7f649 in khtml::HTMLTokenizer::scriptExecution (this=0x8de1130, str=@0xbfffe0c8, scriptURL=@0xbfffe0c4, baseLine=7) at /usr/src/debug/kdelibs-4.2.0/khtml/html/htmltokenizer.cpp:498 #16 0x03a844a4 in khtml::HTMLTokenizer::scriptHandler (this=0x8de1130) at /usr/src/debug/kdelibs-4.2.0/khtml/html/htmltokenizer.cpp:451 #17 0x03a860ad in khtml::HTMLTokenizer::parseSpecial (this=0x8de1130, src=@0x8de1630) at /usr/src/debug/kdelibs-4.2.0/khtml/html/htmltokenizer.cpp:367 ---Type <return> to continue, or q <return> to quit--- #18 0x03a8808b in khtml::HTMLTokenizer::parseTag (this=0x8de1130, src=@0x8de1630) at /usr/src/debug/kdelibs-4.2.0/khtml/html/htmltokenizer.cpp:1548 #19 0x03a8969e in khtml::HTMLTokenizer::write (this=0x8de1130, str=@0xbfffe428, appendData=true) at /usr/src/debug/kdelibs-4.2.0/khtml/html/htmltokenizer.cpp:1807 #20 0x039cdcb5 in KHTMLPart::write (this=0x87a0cf0, data=0x89b04b8 "<html>\n<head>\n<style>\nbody {margin: 0;padding: 0;}\n</style>\n</head>\n<body>\n<script type='text/javascript'>\n<!--//<![CDATA[\nvar zone = '1296';\nvar ord = '8476457022352357';\nvar source = parent.media_so"..., len=1388) at /usr/src/debug/kdelibs-4.2.0/khtml/khtml_part.cpp:2070 #21 0x039c5f38 in KHTMLPart::slotRestoreData (this=0x87a0cf0, data=@0xbfffe624) at /usr/src/debug/kdelibs-4.2.0/khtml/khtml_part.cpp:1778 #22 0x039eaf07 in KHTMLPart::qt_metacall (this=0x87a0cf0, _c=QMetaObject::InvokeMetaMethod, _id=21, _a=0xbfffe5ec) at /usr/src/debug/kdelibs-4.2.0/i386-redhat-linux-gnu/khtml/khtml_part.moc:266 #23 0x061dbdf0 in QMetaObject::activate (sender=0x8d9c030, from_signal_index=4, to_signal_index=4, argv=0xbfffe5ec) at kernel/qobject.cpp:3031 #24 0x061dcb72 in QMetaObject::activate (sender=0x8d9c030, m=0x3eae4a8, local_signal_index=0, argv=0xbfffe5ec) at kernel/qobject.cpp:3101 #25 0x03a15fc3 in KHTMLPageCacheDelivery::emitData (this=0x8d9c030, _t1=@0xbfffe624) at /usr/src/debug/kdelibs-4.2.0/i386-redhat-linux-gnu/khtml/khtml_pagecache.moc:131 #26 0x03a1677f in KHTMLPageCache::sendData (this=0x84d5930) at /usr/src/debug/kdelibs-4.2.0/khtml/khtml_pagecache.cpp:250 #27 0x03a1735d in KHTMLPageCache::qt_metacall (this=0x84d5930, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xbfffe6d8) at /usr/src/debug/kdelibs-4.2.0/i386-redhat-linux-gnu/khtml/khtml_pagecache.moc:68 #28 0x061dbdf0 in QMetaObject::activate (sender=0x8a938c0, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3031 #29 0x061dcb72 in QMetaObject::activate (sender=0x8a938c0, m=0x62ad368, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3101 #30 0x061e2147 in QSingleShotTimer::timeout (this=0x8a938c0) at .moc/release-shared/qtimer.moc:74 #31 0x061e226c in QSingleShotTimer::timerEvent (this=0x8a938c0) at kernel/qtimer.cpp:294 #32 0x061d68cf in QObject::event (this=0x8a938c0, e=0xbfffeb6c) at kernel/qobject.cpp:1120 #33 0x0671a68c in QApplicationPrivate::notify_helper (this=0x805a728, receiver=0x8a938c0, e=0xbfffeb6c) at kernel/qapplication.cpp:3803 #34 0x067224ce in QApplication::notify (this=0xbfffef70, receiver=0x8a938c0, e=0xbfffeb6c) at kernel/qapplication.cpp:3393 #35 0x070abfdd in KApplication::notify (this=0xbfffef70, receiver=0x8a938c0, event=0xbfffeb6c) at /usr/src/debug/kdelibs-4.2.0/kdeui/kernel/kapplication.cpp:307 ---Type <return> to continue, or q <return> to quit--- #36 0x061c71c1 in QCoreApplication::notifyInternal (this=0xbfffef70, receiver=0x8a938c0, event=0xbfffeb6c) at kernel/qcoreapplication.cpp:587 #37 0x061f5081 in QCoreApplication::sendEvent () at ../../src/corelib/kernel/qcoreapplication.h:209 #38 QTimerInfoList::activateTimers (this=0x805d6f4) at kernel/qeventdispatcher_unix.cpp:557 #39 0x061f18a0 in timerSourceDispatch (source=0x805d6c0) at kernel/qeventdispatcher_glib.cpp:160 #40 0x0045a238 in g_main_dispatch () at gmain.c:2144 #41 IA__g_main_context_dispatch (context=0x805ca98) at gmain.c:2697 #42 0x0045d8e3 in g_main_context_iterate (context=0x805ca98, block=1, dispatch=1, self=0x80593e8) at gmain.c:2778 #43 0x0045daa1 in IA__g_main_context_iteration (context=0x805ca98, may_block=1) at gmain.c:2841 #44 0x061f17f8 in QEventDispatcherGlib::processEvents (this=0x805a6a8, flags={i = 4}) at kernel/qeventdispatcher_glib.cpp:319 #45 0x067b3515 in QGuiEventDispatcherGlib::processEvents (this=0x805a6a8, flags={i = 4}) at kernel/qguieventdispatcher_glib.cpp:198 #46 0x061c588a in QEventLoop::processEvents (this=0xbfffed90, flags={i = 4}) at kernel/qeventloop.cpp:143 #47 0x061c5a4a in QEventLoop::exec (this=0xbfffed90, flags={i = 0}) at kernel/qeventloop.cpp:194 #48 0x061c8105 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:845 #49 0x0671a507 in QApplication::exec () at kernel/qapplication.cpp:3331 #50 0x003a79df in kdemain () from /usr/lib/libkdeinit4_konqueror.so #51 0x080486e2 in _start () valgrind trace: ==8884== Conditional jump or move depends on uninitialised value(s) ==8884== at 0x246219F: KJS::Collector::markStackObjectsConservatively(void*, void*) (RefPtr.h:116) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Conditional jump or move depends on uninitialised value(s) ==8884== at 0x24621A3: KJS::Collector::markStackObjectsConservatively(void*, void*) (RefPtr.h:117) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Conditional jump or move depends on uninitialised value(s) ==8884== at 0x24621EC: KJS::AssignNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Conditional jump or move depends on uninitialised value(s) ==8884== at 0x24621F7: KJS::AssignNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:116) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Use of uninitialised value of size 4 ==8884== at 0x2462218: KJS::AssignNode::recurseVisit(KJS::NodeVisitor*) (nodes.h:137) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Use of uninitialised value of size 4 ==8884== at 0x2462227: KJS::AssignNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Conditional jump or move depends on uninitialised value(s) ==8884== at 0x246222E: KJS::AssignNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:116) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297) ==8884== ==8884== Use of uninitialised value of size 4 ==8884== at 0x2462230: KJS::AssignNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:116) ==8884== by 0x24629EA: KJS::BinaryLogicalNode::recurseVisit(KJS::NodeVisitor*) (RefPtr.h:115) ==8884== by 0x2462A26: KJS::Collector::markStackObjectsConservatively() (nodes.h:134) ==8884== by 0x2462A6E: KJS::Collector::collect() (nodes.h:138) ==8884== by 0x2463029: KJS::LocationNode::~LocationNode() (nodes.cpp:85) ==8884== by 0x2492A2C: KJS::JSCell::operator new(unsigned) (interpreter.cpp:384) ==8884== by 0x247B19A: KJS::ExecState::setAbruptCompletion(KJS::Completion) (ExecState.cpp:198) ==8884== by 0x24A5375: KJS::JSImmediate::toObject(KJS::JSValue const*, KJS::ExecState*) (machine.cpp.in:73) ==8884== by 0x24AF625: KJS::SwitchNode::generateExecCode(KJS::CompileState*) (RefPtr.h:55) ==8884== by 0x2490C82: KJS::Interpreter::~Interpreter() (interpreter.cpp:285) ==8884== by 0x2494A2C: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) (protect.h:59) ==8884== by 0x24B137A: KJS::VarAccessNode::generateEvalCode(KJS::CompileState*) (CompileState.h:297)
That's what you get for not building from source :) *** This bug has been marked as a duplicate of bug 170185 ***