217910 – Konqueror crash when KJS engine called free

Bug 217910 - Konqueror crash when KJS engine called free

Summary: Konqueror crash when KJS engine called free

Status:	RESOLVED DUPLICATE of bug 196207

Alias:	None

Product:	konqueror
Classification:	Applications
Component:	general (show other bugs)
Version:	unspecified
Platform:	Unlisted Binaries Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Konqueror Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-12-08 20:18 UTC by Raúl
Modified:	2009-12-27 01:29 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Raúl 2009-12-08 20:18:24 UTC

Application that crashed: konqueror
Version of the application: 4.3.2 (KDE 4.3.2)
KDE Version: 4.3.2 (KDE 4.3.2)
Qt Version: 4.5.3
Operating System: Linux 2.6.32 x86_64
Distribution: Debian GNU/Linux unstable (sid)

What I was doing when the application crashed:
Hello:

I think I've found a dupe of this one with KDE 4.3.2. I was browsing the mediatomb UPnP media  server and when I performed an operation on its web interface konqueror crashed.

I'll try to reproduce with valgring and provide further information.

Thanks.

 -- Backtrace:
Application: Konqueror (kdeinit4), signal: Aborted
The current source language is "auto; currently c".
[KCrash Handler]
#5  0x00007f1c173a0f55 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00007f1c173a3d90 in *__GI_abort () at abort.c:88
#7  0x00007f1c173d658d in __libc_message (do_abort=2, 
    fmt=0x7fff88148c90 "dead882dea3570ffc31a9898cfb69-x86-64.cache-2\n7f1c1a118000-7f1c1a129000 r--s 00000000 fe:03 474906", ' ' <repeats 21 times>, "/var/cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-x86-64.cache-2\n7f1c1a129000"...) at ../sysdeps/unix/sysv/linux/libc_fatal.c:173
#8  0x00007f1c173dfd56 in malloc_printerr (action=3, str=0x7f1c1748a828 "free(): invalid next size (normal)", ptr=<value optimized out>) at malloc.c:6239
#9  0x00007f1c173e49bc in *__GI___libc_free (mem=<value optimized out>) at malloc.c:3738
#10 0x00007f1c074a52e7 in WTF::fastFree (this=0x467c150) at ../../kjs/wtf/FastMalloc.h:45
#11 KJS::UString::Rep::destroy (this=0x467c150) at ../../kjs/ustring.cpp:223
#12 0x00007f1c074c97f9 in KJS::UString::Rep::deref (this=0x7f1bfe49a040, __in_chrg=<value optimized out>) at ../../kjs/ustring.h:165
#13 ~RefPtr (this=0x7f1bfe49a040, __in_chrg=<value optimized out>) at ../../kjs/wtf/RefPtr.h:51
#14 ~UString (this=0x7f1bfe49a040, __in_chrg=<value optimized out>) at ../../kjs/ustring.h:249
#15 ~StringImp (this=0x7f1bfe49a040, __in_chrg=<value optimized out>) at ../../kjs/internal.h:49
#16 0x00007f1c074acefa in KJS::Collector::collect () at ../../kjs/collector.cpp:720
#17 0x00007f1c074ad33e in KJS::Collector::allocate (s=16) at ../../kjs/collector.cpp:330
#18 0x00007f1c074dc62e in KJS::jsOwnedString (s=...) at ../../kjs/value.cpp:202
#19 0x00007f1c074f4082 in KJS::Machine::runBlock (exec=0x7fff88149e30, codeBlock=<value optimized out>, parentExec=0x7fff8814a930) at codes.def:826
#20 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bff943c80, exec=0x7fff8814a930, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#21 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#22 0x00007f1c074f8d83 in KJS::Machine::runBlock (exec=0x7fff8814a930, codeBlock=<value optimized out>, parentExec=0x7fff8814b430) at codes.def:1192
#23 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bff943680, exec=0x7fff8814b430, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#24 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#25 0x00007f1c074f8d83 in KJS::Machine::runBlock (exec=0x7fff8814b430, codeBlock=<value optimized out>, parentExec=0x7fff8814bf30) at codes.def:1192
#26 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bff942c00, exec=0x7fff8814bf30, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#27 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#28 0x00007f1c074f8d83 in KJS::Machine::runBlock (exec=0x7fff8814bf30, codeBlock=<value optimized out>, parentExec=0x7fff8814ca30) at codes.def:1192
#29 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bff942900, exec=0x7fff8814ca30, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#30 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#31 0x00007f1c074f8d83 in KJS::Machine::runBlock (exec=0x7fff8814ca30, codeBlock=<value optimized out>, parentExec=0x7fff8814d530) at codes.def:1192
#32 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bffd73940, exec=0x7fff8814d530, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#33 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#34 0x00007f1c074f8d83 in KJS::Machine::runBlock (exec=0x7fff8814d530, codeBlock=<value optimized out>, parentExec=0x7fff8814e100) at codes.def:1192
#35 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bffd73e80, exec=0x7fff8814e100, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#36 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#37 0x00007f1c074c0e4a in KJS::FunctionProtoFunc::callAsFunction (this=<value optimized out>, exec=0x7fff8814e100, thisObj=0x7f1bffd73e80, args=...) at ../../kjs/function_object.cpp:123
#38 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#39 0x00007f1c074f8d83 in KJS::Machine::runBlock (exec=0x7fff8814e100, codeBlock=<value optimized out>, parentExec=0x43b42c0) at codes.def:1192
#40 0x00007f1c074da68c in KJS::FunctionImp::callAsFunction (this=0x7f1bfe463b40, exec=0x43b42c0, thisObj=<value optimized out>, args=...) at ../../kjs/function.cpp:144
#41 0x00007f1c074de0c9 in KJS::JSObject::call (this=0x13eb, exec=0x0, thisObj=0x6, args=...) at ../../kjs/object.cpp:69
#42 0x00007f1c07badac5 in KJS::JSEventListener::handleEvent (this=0x3eb8b00, evt=...) at ../../khtml/ecma/kjs_events.cpp:106
#43 0x00007f1c07bba83a in KJS::XMLHttpRequest::changeState (this=0x7f1c028b0b00, newState=<value optimized out>) at ../../khtml/ecma/xmlhttprequest.cpp:348
#44 0x00007f1c07bbc135 in KJS::XMLHttpRequest::slotFinished (this=0x7f1c028b0b00) at ../../khtml/ecma/xmlhttprequest.cpp:719
#45 0x00007f1c07bbcf71 in KJS::XMLHttpRequestQObject::slotFinished (this=0x46882b0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff8814e550) at ../../khtml/ecma/xmlhttprequest.cpp:93
#46 KJS::XMLHttpRequestQObject::qt_metacall (this=0x46882b0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fff8814e550) at ./xmlhttprequest.moc:72
#47 0x00007f1c19c37df2 in QMetaObject::activate (sender=0x46ae6d0, from_signal_index=<value optimized out>, to_signal_index=7, argv=0xffffffffffffffff) at kernel/qobject.cpp:3112
#48 0x00007f1c19742e52 in KJob::result (this=0x13eb, _t1=0x46ae6d0) at ./kjob.moc:188
#49 0x00007f1c197431cf in KJob::emitResult (this=0x46ae6d0) at ../../kdecore/jobs/kjob.cpp:304
#50 0x00007f1c18cf8ec0 in KIO::SimpleJob::slotFinished (this=0x46ae6d0) at ../../kio/kio/job.cpp:477
#51 0x00007f1c18cf9383 in KIO::TransferJob::slotFinished (this=0x46ae6d0) at ../../kio/kio/job.cpp:948
#52 0x00007f1c18cf409d in KIO::TransferJob::qt_metacall (this=0x46ae6d0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff8814e950) at ./jobclasses.moc:343
#53 0x00007f1c19c37df2 in QMetaObject::activate (sender=0x3f513f0, from_signal_index=<value optimized out>, to_signal_index=8, argv=0xffffffffffffffff) at kernel/qobject.cpp:3112
#54 0x00007f1c18db6021 in KIO::SlaveInterface::dispatch (this=0x3f513f0, _cmd=104, rawdata=<value optimized out>) at ../../kio/kio/slaveinterface.cpp:175
#55 0x00007f1c18db2ab2 in KIO::SlaveInterface::dispatch (this=0x3f513f0) at ../../kio/kio/slaveinterface.cpp:91
#56 0x00007f1c18da551e in KIO::Slave::gotInput (this=0x3f513f0) at ../../kio/kio/slave.cpp:322
#57 0x00007f1c18da7848 in KIO::Slave::qt_metacall (this=0x3f513f0, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x7fff8814ed70) at ./slave.moc:76
#58 0x00007f1c19c37df2 in QMetaObject::activate (sender=0x3f52790, from_signal_index=<value optimized out>, to_signal_index=4, argv=0xffffffffffffffff) at kernel/qobject.cpp:3112
#59 0x00007f1c18cc1d91 in KIO::ConnectionPrivate::dequeue (this=0x3f31ce0) at ../../kio/kio/connection.cpp:82
#60 0x00007f1c18cc21ea in KIO::Connection::qt_metacall (this=0x3f52790, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x48d00e0) at ./connection.moc:73
#61 0x00007f1c19c326c8 in QObject::event (this=0x3f52790, e=0x47364e0) at kernel/qobject.cpp:1110
#62 0x00007f1c17bab01d in QApplicationPrivate::notify_helper (this=0xc562c0, receiver=0x3f52790, e=0x47364e0) at kernel/qapplication.cpp:4065
#63 0x00007f1c17bb307a in QApplication::notify (this=0x7fff8814fbf0, receiver=0x3f52790, e=0x47364e0) at kernel/qapplication.cpp:4030
#64 0x00007f1c188040db in KApplication::notify (this=0x7fff8814fbf0, receiver=0x3f52790, event=0x47364e0) at ../../kdeui/kernel/kapplication.cpp:302
#65 0x00007f1c19c22c9c in QCoreApplication::notifyInternal (this=0x7fff8814fbf0, receiver=0x3f52790, event=0x47364e0) at kernel/qcoreapplication.cpp:610
#66 0x00007f1c19c238e4 in QCoreApplication::sendEvent (receiver=0x0, event_type=0, data=0xbbff80) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213
#67 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0xbbff80) at kernel/qcoreapplication.cpp:1247
#68 0x00007f1c19c4f380 in QEventDispatcherUNIX::processEvents (this=0xbc2850, flags=...) at kernel/qeventdispatcher_unix.cpp:884
#69 0x00007f1c17c42ee2 in QEventDispatcherX11::processEvents (this=0xbc2850, flags=...) at kernel/qeventdispatcher_x11.cpp:152
#70 0x00007f1c19c21562 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#71 0x00007f1c19c21934 in QEventLoop::exec (this=0x7fff8814f990, flags=...) at kernel/qeventloop.cpp:201
#72 0x00007f1c19c23ba4 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#73 0x00007f1c0ecb20c9 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at ../../../../apps/konqueror/src/konqmain.cpp:257
#74 0x0000000000407264 in launch (argc=3, _name=0xc112b8 "konqueror", args=<value optimized out>, cwd=0x0, envc=0, envs=0xc1130b "", reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x40a0ff "0") at ../../kinit/kinit.cpp:677
#75 0x0000000000407a28 in handle_launcher_request (sock=7, who=<value optimized out>) at ../../kinit/kinit.cpp:1169
#76 0x0000000000407fae in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1362
#77 0x000000000040863b in main (argc=2, argv=0x7fff881511e8, envp=0x7fff88151200) at ../../kinit/kinit.cpp:1793

This bug may be a duplicate of or related to bug 195390

Reported using DrKonqi

Comment 1 Dario Andres 2009-12-19 16:09:35 UTC

"malloc_printer" after a "free" could be related to bug 196207.
- If you can reproduce the issue, try running konqueror as  "MALLOC_CHECK_=   konqueror" and check if it crashes or not
Thanks

Comment 2 Pino Toscano 2009-12-27 01:29:29 UTC


*** This bug has been marked as a duplicate of bug 196207 ***