Version: (using KDE KDE 3.2.0) Installed from: Gentoo Packages OS: Linux Konqueror crashes when I delete all items from a select box from JavaScript from the onchange event (possibly also from other events). I've created a small test case: <html> <body> <form name="test"> <select name="test" size="10" multiple="multiple" onchange="javascript:document.test.test.options.length = 0;"> <option value="27">TEST</option> </select> </form> </body> </html> When clicking the select box Konqueror crashes with the following backtrace: Using host libthread_db library "/lib/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 20607)] 0x412c6cc8 in waitpid () from /lib/libpthread.so.0 #0 0x412c6cc8 in waitpid () from /lib/libpthread.so.0 #1 0x4089cc54 in __JCR_LIST__ () from /usr/kde/3.2/lib/libkdecore.so.4 #2 0x407d8fbe in KCrash::defaultCrashHandler(int) (sig=8) at kcrash.cpp:246 #3 0x412c5af5 in __pthread_sighandler () from /lib/libpthread.so.0 #4 <signal handler called> #5 0x40ca21e3 in QListBox::itemRect(QListBoxItem*) const () from /usr/qt/3/lib/libqt-mt.so.3 #6 0x40c9b707 in QListBox::setCurrentItem(QListBoxItem*) () from /usr/qt/3/lib/libqt-mt.so.3 #7 0x40c9bfa2 in QListBox::mousePressEventEx(QMouseEvent*) () from /usr/qt/3/lib/libqt-mt.so.3 #8 0x40c9bd06 in QListBox::mousePressEvent(QMouseEvent*) () from /usr/qt/3/lib/libqt-mt.so.3 #9 0x40c033c6 in QWidget::event(QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3 #10 0x40b72abf in QApplication::internalNotify(QObject*, QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3 #11 0x40b71f80 in QApplication::notify(QObject*, QEvent*) () from /usr/qt/3/lib/libqt-mt.so.3 #12 0x4074e5b5 in KApplication::notify(QObject*, QEvent*) (this=0xbffff0d0, receiver=0x82b7ac0, event=0xbfffe840) at kapplication.cpp:506 #13 0x40b09c80 in QETWidget::translateMouseEvent(_XEvent const*) () from /usr/qt/3/lib/libqt-mt.so.3 #14 0x40b07910 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/qt/3/lib/libqt-mt.so.3 #15 0x40b1e811 in QEventLoop::processEvents(unsigned) () from /usr/qt/3/lib/libqt-mt.so.3 #16 0x40b84ad8 in QEventLoop::enterLoop() () from /usr/qt/3/lib/libqt-mt.so.3 #17 0x40b84988 in QEventLoop::exec() () from /usr/qt/3/lib/libqt-mt.so.3 #18 0x40b72d11 in QApplication::exec() () from /usr/qt/3/lib/libqt-mt.so.3 #19 0x415f0c52 in kdemain () from /usr/kde/3.2/lib/libkdeinit_konqueror.so #20 0x408e493a in kdeinitmain () from /usr/kde/3.2/lib/kde3/konqueror.so #21 0x0804e3d1 in launch (argc=4, _name=0x8063d5c "konqueror", args=0x8063d9e "/home/sharky", cwd=0x8063d9e "/home/sharky", envc=49, envs=0x8064646 "", reset_env=true, tty=0x0, avoid_loops=false, startup_id_str=0x806464a "senote;1077878214;572494;2363") at kinit.cpp:604 #22 0x0804f6ea in handle_launcher_request (sock=4) at kinit.cpp:1167 #23 0x0804fcb9 in handle_requests (waitForPid=0) at kinit.cpp:1334 #24 0x080513c7 in main (argc=3, argv=0xbffff744, envp=0xbffff754) at kinit.cpp:1797
I forgot to mention that it does only happen with multiple="multiple" for the select box.
*bang* (with 3.2.1)
*** Bug 81955 has been marked as a duplicate of this bug. ***
Created attachment 7660 [details] Attaching testcase #4 0x411bbf05 in pthread_sighandler () from /lib/i686/libpthread.so.0 #5 <signal handler called> #6 0x40c641f0 in QListBox::itemRect (this=0x85daa80, item=0x86bcd60) at widgets/qlistbox.cpp:3919 #7 0x40c5c5ad in QListBox::setCurrentItem (this=0x85daa80, i=0x86bcd60) at widgets/qlistbox.cpp:1828 #8 0x40c5d279 in QListBox::mousePressEventEx (this=0x85daa80, e=0xbfffe710) at widgets/qlistbox.cpp:2077 #9 0x40c5cc76 in QListBox::mousePressEvent (this=0x85daa80, e=0xbfffe710) at widgets/qlistbox.cpp:2000 #10 0x40bbc106 in QWidget::event (this=0x85daa80, e=0xbfffe710) at kernel/qwidget.cpp:4665 #11 0x40b28442 in QApplication::internalNotify (this=0xbffff090, receiver=0x85daa80, e=0xbfffe710) at kernel/qapplication.cpp:2620 #12 0x40b27a0a in QApplication::notify (this=0xbffff090, receiver=0x85db2a8, e=0xbfffe920) at kernel/qapplication.cpp:2406 #13 0x406c8faa in KApplication::notify (this=0xbffff090, receiver=0x85db2a8, event=0xbfffe920) at kapplication.cpp:507 #14 0x40ac017e in QApplication::sendSpontaneousEvent (receiver=0x85db2a8, event=0xbfffe920) at kernel/qapplication.h:494 #15 0x40ab88b3 in QETWidget::translateMouseEvent (this=0x85db2a8, event=0xbfffec90) at kernel/qapplication_x11.cpp:4270 #16 0x40ab626f in QApplication::x11ProcessEvent (this=0xbffff090, event=0xbfffec90) at kernel/qapplication_x11.cpp:3421 #17 0x40ad0d2a in QEventLoop::processEvents (this=0x80a6358, flags=4) at kernel/qeventloop_x11.cpp:192 #18 0x40b3af91 in QEventLoop::enterLoop (this=0x80a6358) at kernel/qeventloop.cpp:198 #19 0x40b3aeb4 in QEventLoop::exec (this=0x80a6358) at kernel/qeventloop.cpp:145 #20 0x40b285db in QApplication::exec (this=0xbffff090) at kernel/qapplication.cpp:2743
Qt bug. Fixed in qt-copy and patch sent to trolltech.