Application that crashed: konqueror Version of the application: 4.3.4 (KDE 4.3.4) KDE Version: 4.3.4 (KDE 4.3.4) Qt Version: 4.5.3 Operating System: Linux 2.6.32-trunk-686 i686 Distribution: Debian GNU/Linux testing (squeeze) What I was doing when the application crashed: when I open the link : http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0407e/CACCBEEG.html konqueror crashes fully reproductible Feel free to contact me for more info Best regards Marc -- Backtrace: Application: Konqueror (kdeinit4), signal: Segmentation fault [KCrash Handler] #6 WTF::Vector<WTF::RefPtr<WebCore::SVGPODListItem<WebCore::SVGLength> >, 0u>::size (this=0xbfe47414, type=WebCore::SVGCharacterLayoutInfo::XStack, list=0x2f003a) at ../../kjs/wtf/Vector.h:432 #7 WebCore::SVGList<WTF::RefPtr<WebCore::SVGPODListItem<WebCore::SVGLength> > >::numberOfItems (this=0xbfe47414, type=WebCore::SVGCharacterLayoutInfo::XStack, list=0x2f003a) at ../../khtml/svg/SVGList.h:57 #8 WebCore::SVGCharacterLayoutInfo::addStackContent (this=0xbfe47414, type=WebCore::SVGCharacterLayoutInfo::XStack, list=0x2f003a) at ../../khtml/rendering/SVGCharacterLayoutInfo.cpp:362 #9 0xb0c8946c in WebCore::SVGCharacterLayoutInfo::addLayoutInformation (this=0xbfe47414, element=0xa440fd0) at ../../khtml/rendering/SVGCharacterLayoutInfo.cpp:323 #10 0xb0c82de6 in WebCore::SVGRootInlineBox::buildLayoutInformation (this=0xaa76434, start=0xaa763f8, info=...) at ../../khtml/rendering/SVGRootInlineBox.cpp:950 #11 0xb0c82e0b in WebCore::SVGRootInlineBox::buildLayoutInformation (this=0xaa76434, start=0xaa76434, info=...) at ../../khtml/rendering/SVGRootInlineBox.cpp:1006 #12 0xb0c83a8d in WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation (this=0xaa76434) at ../../khtml/rendering/SVGRootInlineBox.cpp:894 #13 0xb09b9d53 in khtml::RenderBlock::layoutInlineChildren (this=0xaa4e510, relayoutChildren=true, breakBeforeLine=0) at ../../khtml/rendering/bidi.cpp:1533 #14 0xb09c5217 in khtml::RenderBlock::layoutBlock (this=0xaa4e510, relayoutChildren=true) at ../../khtml/rendering/render_block.cpp:833 #15 0xb09c5509 in khtml::RenderBlock::layout (this=0xaa4e510) at ../../khtml/rendering/render_block.cpp:736 #16 0xb0c8a25f in WebCore::RenderSVGText::layout (this=0xaa4e510) at ../../khtml/rendering/RenderSVGText.cpp:103 #17 0xb0c7dea3 in khtml::RenderObject::layoutIfNeeded (this=0xaa4e288) at ../../khtml/rendering/render_object.h:477 #18 WebCore::RenderSVGContainer::layout (this=0xaa4e288) at ../../khtml/rendering/RenderSVGContainer.cpp:263 #19 0xb0c7dea3 in khtml::RenderObject::layoutIfNeeded (this=0xaa4d844) at ../../khtml/rendering/render_object.h:477 #20 WebCore::RenderSVGContainer::layout (this=0xaa4d844) at ../../khtml/rendering/RenderSVGContainer.cpp:263 #21 0xb0c77f43 in khtml::RenderObject::layoutIfNeeded (this=0xaa4ced8) at ../../khtml/rendering/render_object.h:477 #22 WebCore::RenderSVGRoot::layout (this=0xaa4ced8) at ../../khtml/rendering/RenderSVGRoot.cpp:108 #23 0xb09c48c3 in khtml::RenderObject::layoutIfNeeded (this=0xaa4cd90, relayoutChildren=<value optimized out>) at ../../khtml/rendering/render_object.h:477 #24 khtml::RenderBlock::layoutBlockChildren (this=0xaa4cd90, relayoutChildren=<value optimized out>) at ../../khtml/rendering/render_block.cpp:1555 #25 0xb09c5025 in khtml::RenderBlock::layoutBlock (this=0xaa4cd90, relayoutChildren=true) at ../../khtml/rendering/render_block.cpp:835 #26 0xb0a21425 in khtml::RenderCanvas::layout (this=0xaa4cd90) at ../../khtml/rendering/render_canvas.cpp:187 #27 0xb087b1b3 in KHTMLView::layout (this=0xa9d0848) at ../../khtml/khtmlview.cpp:1010 #28 0xb087b7e1 in KHTMLView::timerEvent (this=0xa9d0848, e=0xbfe480ec) at ../../khtml/khtmlview.cpp:4160 #29 0xb767539f in QObject::event (this=0xa9d0848, e=0xbfe480ec) at kernel/qobject.cpp:1074 #30 0xb6345300 in QWidget::event (this=0xa9d0848, event=0xbfe480ec) at kernel/qwidget.cpp:7951 #31 0xb66eb543 in QFrame::event (this=0xa9d0848, e=0xbfe480ec) at widgets/qframe.cpp:559 #32 0xb678a09d in QAbstractScrollArea::event (this=0xa9d0848, e=0xbfe480ec) at widgets/qabstractscrollarea.cpp:918 #33 0xb678f0ad in QScrollArea::event (this=0xa9d0848, e=0xbfe480ec) at widgets/qscrollarea.cpp:314 #34 0xb087db8c in KHTMLView::event (this=0xa9d0848, e=0xbfe480ec) at ../../khtml/khtmlview.cpp:546 #35 0xb62efa94 in QApplicationPrivate::notify_helper (this=0x9ed8448, receiver=0xa9d0848, e=0xbfe480ec) at kernel/qapplication.cpp:4065 #36 0xb62f7cc2 in QApplication::notify (this=0xbfe4847c, receiver=0xa9d0848, e=0xbfe480ec) at kernel/qapplication.cpp:4030 #37 0xb6d3ae2a in KApplication::notify (this=0xbfe4847c, receiver=0xa9d0848, event=0xbfe480ec) at ../../kdeui/kernel/kapplication.cpp:302 #38 0xb76651eb in QCoreApplication::notifyInternal (this=0xbfe4847c, receiver=0xa9d0848, event=0xbfe480ec) at kernel/qcoreapplication.cpp:610 #39 0xb7693e21 in QCoreApplication::sendEvent (this=0x9edb474) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #40 QTimerInfoList::activateTimers (this=0x9edb474) at kernel/qeventdispatcher_unix.cpp:580 #41 0xb7690317 in timerSourceDispatch (source=0x9edb4b0) at kernel/qeventdispatcher_glib.cpp:184 #42 idleTimerSourceDispatch (source=0x9edb4b0) at kernel/qeventdispatcher_glib.cpp:231 #43 0xb5ed5b38 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #44 0xb5ed93d0 in ?? () from /lib/libglib-2.0.so.0 #45 0xb5ed9503 in g_main_context_iteration () from /lib/libglib-2.0.so.0 #46 0xb7690041 in QEventDispatcherGlib::processEvents (this=0x9e58c18, flags=...) at kernel/qeventdispatcher_glib.cpp:407 #47 0xb638f305 in QGuiEventDispatcherGlib::processEvents (this=0x9e58c18, flags=...) at kernel/qguieventdispatcher_glib.cpp:202 #48 0xb766383a in QEventLoop::processEvents (this=0xbfe48360, flags=...) at kernel/qeventloop.cpp:149 #49 0xb7663c82 in QEventLoop::exec (this=0xbfe48360, flags=...) at kernel/qeventloop.cpp:201 #50 0xb76660d9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888 #51 0xb62ef917 in QApplication::exec () at kernel/qapplication.cpp:3525 #52 0xb424a639 in kdemain (argc=4, argv=0x9e91738) at ../../../../apps/konqueror/src/konqmain.cpp:257 #53 0x0804de39 in launch (argc=<value optimized out>, _name=<value optimized out>, args=<value optimized out>, cwd=0x9e854cf "/home/pim", envc=29, envs=0x9e854dd "KDE_FULL_SESSION=true", reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x9e85905 "pim-linux;1269443325;787833;824_TIME205349061") at ../../kinit/kinit.cpp:677 #54 0x0804e9ad in handle_launcher_request (sock=<value optimized out>, who=<value optimized out>) at ../../kinit/kinit.cpp:1169 #55 0x0804ee03 in handle_requests (waitForPid=<value optimized out>) at ../../kinit/kinit.cpp:1353 #56 0x0804f657 in main (argc=2, argv=0xbfe48f14, envp=0xbfe48f20) at ../../kinit/kinit.cpp:1793 Reported using DrKonqi
Confirmed. Thanks for the report.
I can reproduce here using 4.5 trunk. Valgrind log: konqueror(24863)/khtml DOM::DocumentImpl::createElementNS: svg element "style" either is not supported by khtml or it's not a proper svg element konqueror(24863)/khtml DOM::DocumentImpl::createElementNS: svg element "marker" either is not supported by khtml or it's not a proper svg element konqueror(24863)/khtml DOM::DocumentImpl::createElementNS: svg element "marker" either is not supported by khtml or it's not a proper svg element konqueror(24863)/khtml DOM::DocumentImpl::createElementNS: svg element "marker" either is not supported by khtml or it's not a proper svg element konqueror(24863)/khtml DOM::DocumentImpl::createElementNS: svg element "marker" either is not supported by khtml or it's not a proper svg element ==24863== Invalid read of size 4 ==24863== at 0xB6BFBB4: WTF::RefPtr<WebCore::SVGLengthList>::get() const (RefPtr.h:55) ==24863== by 0xB6BB651: WebCore::SVGTextPositioningElement::x() const (SVGTextPositioningElement.cpp:49) ==24863== by 0xB7046F6: WebCore::SVGCharacterLayoutInfo::addLayoutInformation(WebCore::SVGTextPositioningElement*) (SVGCharacterLayoutInfo.cpp:323) ==24863== by 0xB6F9717: WebCore::SVGRootInlineBox::buildLayoutInformation(khtml::InlineFlowBox*, WebCore::SVGCharacterLayoutInfo&) (SVGRootInlineBox.cpp:954) ==24863== by 0xB6F99ED: WebCore::SVGRootInlineBox::buildLayoutInformation(khtml::InlineFlowBox*, WebCore::SVGCharacterLayoutInfo&) (SVGRootInlineBox.cpp:1010) ==24863== by 0xB6F9318: WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation() (SVGRootInlineBox.cpp:898) ==24863== by 0xB3F712F: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1535) ==24863== by 0xB400019: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:834) ==24863== by 0xB3FF910: khtml::RenderBlock::layout() (render_block.cpp:737) ==24863== by 0xB706494: WebCore::RenderSVGText::layout() (RenderSVGText.cpp:103) ==24863== by 0xB2B3B78: khtml::RenderObject::layoutIfNeeded() (render_object.h:480) ==24863== by 0xB6F6203: WebCore::RenderSVGContainer::layout() (RenderSVGContainer.cpp:267) ==24863== Address 0xae6f554 is 20 bytes inside a block of size 60 free'd ==24863== at 0x4023516: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==24863== by 0x5A66AFB: qFree(void*) (qmalloc.cpp:60) ==24863== by 0x5AD1452: QVectorData::free(QVectorData*, int) (qvector.cpp:82) ==24863== by 0xB62C17F: QVectorTypedData<khtmlImLoad::GIFFrameInfo>::free(QVectorTypedData<khtmlImLoad::GIFFrameInfo>*, int) (qvector.h:96) ==24863== by 0xB62BD9F: QVector<khtmlImLoad::GIFFrameInfo>::free(QVectorTypedData<khtmlImLoad::GIFFrameInfo>*) (qvector.h:438) ==24863== by 0xB62BA04: QVector<khtmlImLoad::GIFFrameInfo>::~QVector() (qvector.h:119) ==24863== by 0xB62B970: khtmlImLoad::GIFLoader::processEOF() (gifloader.cpp:547) ==24863== by 0xB62416E: khtmlImLoad::Image::processEOF() (image.cpp:212) ==24863== by 0xB5049CD: khtml::CachedImage::data(QBuffer&, bool) (loader.cpp:746) ==24863== by 0xB507EB9: khtml::Loader::slotFinished(KJob*) (loader.cpp:1237) ==24863== by 0xB50A67F: khtml::Loader::qt_metacall(QMetaObject::Call, int, void**) (loader.moc:141) ==24863== by 0x5B8BED7: QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) (qmetaobject.cpp:237) ==24863== ==24863== Invalid read of size 4 ==24863== at 0xB6C859A: WTF::Vector<WTF::RefPtr<WebCore::SVGPODListItem<WebCore::SVGLength> >, 0u>::size() const (Vector.h:432) ==24863== by 0xB7053E9: WebCore::SVGList<WTF::RefPtr<WebCore::SVGPODListItem<WebCore::SVGLength> > >::numberOfItems() const (SVGList.h:57) ==24863== by 0xB70492A: WebCore::SVGCharacterLayoutInfo::addStackContent(WebCore::SVGCharacterLayoutInfo::StackType, WebCore::SVGLengthList*) (SVGCharacterLayoutInfo.cpp:362) ==24863== by 0xB70470D: WebCore::SVGCharacterLayoutInfo::addLayoutInformation(WebCore::SVGTextPositioningElement*) (SVGCharacterLayoutInfo.cpp:323) ==24863== by 0xB6F9717: WebCore::SVGRootInlineBox::buildLayoutInformation(khtml::InlineFlowBox*, WebCore::SVGCharacterLayoutInfo&) (SVGRootInlineBox.cpp:954) ==24863== by 0xB6F99ED: WebCore::SVGRootInlineBox::buildLayoutInformation(khtml::InlineFlowBox*, WebCore::SVGCharacterLayoutInfo&) (SVGRootInlineBox.cpp:1010) ==24863== by 0xB6F9318: WebCore::SVGRootInlineBox::computePerCharacterLayoutInformation() (SVGRootInlineBox.cpp:898) ==24863== by 0xB3F712F: khtml::RenderBlock::layoutInlineChildren(bool, int) (bidi.cpp:1535) ==24863== by 0xB400019: khtml::RenderBlock::layoutBlock(bool) (render_block.cpp:834) ==24863== by 0xB3FF910: khtml::RenderBlock::layout() (render_block.cpp:737) ==24863== by 0xB706494: WebCore::RenderSVGText::layout() (RenderSVGText.cpp:103) ==24863== by 0xB2B3B78: khtml::RenderObject::layoutIfNeeded() (render_object.h:480) ==24863== Address 0xd is not stack'd, malloc'd or (recently) free'd ==24863== KCrash: crashing... crashRecursionCounter = 2 KCrash: Application Name = konqueror path = /home/kde-devel/kde/bin pid = 24863 KCrash: Attempting to start /home/kde-devel/kde/lib/kde4/libexec/drkonqi from kdeinit sock_file=/home/kde-devel/.kde4/socket-emiDell/kdeinit4__0 ==24863== ==24863== HEAP SUMMARY: ==24863== in use at exit: 22,186,756 bytes in 211,928 blocks ==24863== total heap usage: 1,473,001 allocs, 1,261,073 frees, 394,624,850 bytes allocated ==24863== ==24863== LEAK SUMMARY: ==24863== definitely lost: 8,932 bytes in 202 blocks ==24863== indirectly lost: 59,524 bytes in 1,994 blocks ==24863== possibly lost: 19,253,749 bytes in 182,979 blocks ==24863== still reachable: 2,864,551 bytes in 26,753 blocks ==24863== suppressed: 0 bytes in 0 blocks ==24863== Rerun with --leak-check=full to see details of leaked memory ==24863== ==24863== For counts of detected and suppressed errors, rerun with: -v ==24863== Use --track-origins=yes to see where uninitialised values come from ==24863== ERROR SUMMARY: 132 errors from 16 contexts (suppressed: 263 from 14)
Created attachment 42303 [details] Non-reduced testcase (website save)
[Comment from a bug triager] Bug 248827 and bug 252757 mention another pages of the same site: http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0388f/index.html (I click in the 'Cortex-A9 Technical Reference Manual -> Functional Description -> Power management -> Cortex-A9 voltage domains' link in the left panel and it crashes.) http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0211k/Cacjibda.html
*** Bug 248827 has been marked as a duplicate of this bug. ***
*** Bug 252757 has been marked as a duplicate of this bug. ***
Thank you for the crash report, Marc. As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved. I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Dear Bug Submitter, This bug has been in NEEDSINFO status with no change for at least 15 days. Please provide the requested information as soon as possible and set the bug status as REPORTED. Due to regular bug tracker maintenance, if the bug is still in NEEDSINFO status with no change in 30 days the bug will be closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging If you have already provided the requested information, please mark the bug as REPORTED so that the KDE team knows that the bug is ready to be confirmed. Thank you for helping us make KDE software even better for everyone!
This bug has been in NEEDSINFO status with no change for at least 30 days. The bug is now closed as RESOLVED > WORKSFORME due to lack of needed information. For more information about our bug triaging procedures please read the wiki located here: https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging Thank you for helping us make KDE software even better for everyone!