'[Bug 62723] some DHTML causes segfault in konqueror [TESTCASE]'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 62723] some DHTML causes segfault in konqueror [TESTCASE]
From:       Maksim Orlovich <mo002j () mail ! rochester ! edu>
Date:       2003-08-15 17:12:58
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
     
http://bugs.kde.org/show_bug.cgi?id=62723     
mo002j@mail.rochester.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
          Component|khtml                       |kjs
            Summary|some DHTML causes segfault  |some DHTML causes segfault
                   |in konqueror                |in konqueror [TESTCASE]



------- Additional Comments From mo002j@mail.rochester.edu  2003-08-15 19:12 -------
Testcase (confirm in HEAD): 
--------------------------------------------------------------------- 
<script type="text/javascript"> 
 
function preload_images() { 
  i = new Image(); 
  i.onload = progress; 
  i.src     = 'img/vinkje.gif'; 
} 
 
 
function progress() { 
  this.onload = null; 
} 
 
</script> 
<body onload="preload_images()">  
</body> 
------------------------------------------------------------------------------------------------ 
VG log (no line numbers, but gives the idea -- null pointer access): 
==32002== Invalid read of size 4 
==32002==    at 0x46A94573: KJS::Image::putValueProperty(KJS::ExecState*, 
int, KJS::Value const&, int) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) 
==32002==    by 0x46A95BC2: void KJS::DOMObjectLookupPut<KJS::Image, 
KJS::DOMObject>(KJS::ExecState*, KJS::Identifier const&, KJS::Value const&, int, 
KJS::HashTable const*, KJS::Image*) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) 
==32002==    by 0x46A944E2: KJS::Image::tryPut(KJS::ExecState*, KJS::
Identifier const&, KJS::Value const&, int) (in /code/opt/kde3/lib/libkhtml.
so.4.2.0) 
==32002==    by 0x46A65060: KJS::DOMObject::put(KJS::ExecState*, KJS::
Identifier const&, KJS::Value const&, int) (in /code/opt/kde3/lib/libkhtml.
so.4.2.0) 
==32002==    by 0x46EE49F9: KJS::Reference::putValue(KJS::ExecState*, KJS::
Value const&) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46EB013D: KJS::AssignNode::evaluate(KJS::ExecState*) 
const (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46EB1D69: KJS::ExprStatementNode::execute(KJS::
ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46EB8685: KJS::SourceElementsNode::execute(KJS::
ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46EB1B7E: KJS::BlockNode::execute(KJS::ExecState*) (in /
code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46EB7B12: KJS::FunctionBodyNode::execute(KJS::
ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46ED843B: KJS::DeclaredFunctionImp::execute(KJS::
ExecState*) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46ED77CE: KJS::FunctionImp::call(KJS::ExecState*, KJS::
Object&, KJS::List const&) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46EDD40C: KJS::Object::call(KJS::ExecState*, KJS::Object&, 
KJS::List const&) (in /code/opt/kde3/lib/libkjs.so.1.2.0) 
==32002==    by 0x46ABC62D: KJS::JSEventListener::handleEvent(DOM::
Event&) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) 
==32002==    by 0x46A94767: KJS::Image::notifyFinished(khtml::
CachedObject*) (in /code/opt/kde3/lib/libkhtml.so.4.2.0) 
==32002==    by 0x46A5EB89: khtml::CachedImage::error(int, char const*) 
(in /code/opt/kde3/lib/libkhtml.so.4.2.0) 
==32002==    Address 0x4 is not stack'd, malloc'd or free'd
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic