Since it's a bit late in the release process and this is a crash on a large (>100,000 registered users) website, I decided to post this here instead of opening a report on Bugzilla. It might be possible to solve this without too much effort. THE PROBLEM: http://www.tweakers.net crashes KHTML while loading. Safari has the same problem, according to user reports on http://gathering.tweakers.net/forum/list_messages/863577. The crash only happens when loading of banners has been enabled - while I had them disabled, I experienced no crashes at all. Reportedly, the banner is loaded by some javascript-wizardry, but the crash doesn't seem to be there - though it may be that the problems already start in KJS, of course. DEBUG INFO: I created a backtrace and a valgrind log. First the backtrace (I skipped the last part, since it doesn't seem to be relevant - if you need it, just ask for it): -------------------- [New Thread 1102615200 (LWP 17538)] 0x4188f30e in __waitpid_nocancel () from /lib/tls/libpthread.so.0 #0 0x4188f30e in __waitpid_nocancel () from /lib/tls/libpthread.so.0 #1 0x408e44b4 in KCrash::defaultCrashHandler(int) (sig=11) at kcrash.cpp:246 #2 #3 0x40e008b2 in khtml::KHTMLParser::popOneBlock() (this=0x83298f8) at htmlparser.cpp:1195 #4 0x40e00aea in khtml::KHTMLParser::freeBlock() (this=0x83298f8) at htmlparser.cpp:1236 #5 0x40dfe0f9 in ~KHTMLParser (this=0x83298f8) at htmlparser.cpp:158 #6 0x40e06b58 in ~HTMLTokenizer (this=0x83297c0) at htmltokenizer.cpp:1595 #7 0x40dde672 in DOM::DocumentImpl::close() (this=0x8322838) at khtmlview.h:110 #8 0x40e0fdc8 in DOM::HTMLDocumentImpl::close() (this=0x8322838) at html_documentimpl.cpp:292 #9 0x40d9f516 in KHTMLPart::checkEmitLoadEvent() (this=0x8202a48) at khtml_part.cpp:2025 #10 0x40d9ec5a in KHTMLPart::checkCompleted() (this=0x8202a48) at khtml_part.cpp:1947 #11 0x40d9e698 in KHTMLPart::slotLoaderRequestDone(khtml::DocLoader*, khtml::CachedObject*) (this=0x8202a48, dl=0x5f006e00, obj=0x5f006e00) at khtml_part.cpp:1834 #12 0x40db94cd in KHTMLPart::qt_invoke(int, QUObject*) (this=0x8202a48, _id=57, _o=0xbfffe740) at qucom_p.h:312 #13 0x41306b47 in QObject::activate_signal(QConnectionList*, QUObject*) ( this=0x81dea50, clist=0x82f91c0, o=0xbfffe740) at kernel/qobject.cpp:2383 #14 0x40eaa765 in khtml::Loader::requestDone(khtml::DocLoader*, khtml::CachedObject*) (this=0x81dea50, t0=0x5f006e00, t1=0x5f006e00) at loader.moc:240 -------------------- The important part of the valgrind log, where it states a problem in popOneBlock() - the same function that can be seen as #3 in the backtrace above (again, the complete valgrind log can be posted upon request; I didn't do that yet since it's 26KB large): --------------------- khtml (xml): using compatibility parseMode NodeImpl::toHTML NodeImpl::toHTML khtml (css): CSSStyleDeclarationImpl::setProperty invalid property: [width] value: [-1px] khtml (css): CSSStyleDeclarationImpl::setProperty invalid property: [height] value: [-1px] NodeImpl::toHTML NodeImpl::toHTML ==19744== ==19744== Invalid read of size 4 ==19744== at 0x4997790D: khtml::KHTMLParser::popOneBlock() (shared.h:34) ==19744== by 0x49977AE9: khtml::KHTMLParser::freeBlock() (htmlparser.cpp:1236) ==19744== by 0x499750F8: khtml::KHTMLParser::~KHTMLParser() (htmlparser.cpp:158) ==19744== by 0x4997DB57: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1595) ==19744== Address 0x4D0858DC is not stack'd, malloc'd or free'd ==19744== ==19744== Invalid read of size 4 ==19744== at 0x499778AD: khtml::KHTMLParser::popOneBlock() (htmlparser.cpp:1195) ==19744== by 0x49977AE9: khtml::KHTMLParser::freeBlock() (htmlparser.cpp:1236) ==19744== by 0x499750F8: khtml::KHTMLParser::~KHTMLParser() (htmlparser.cpp:158) ==19744== by 0x4997DB57: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1595) ==19744== Address 0x4D0858D8 is not stack'd, malloc'd or free'd ==19744== ==19744== Invalid read of size 4 ==19744== at 0x499778B2: khtml::KHTMLParser::popOneBlock() (htmlparser.cpp:1195) ==19744== by 0x49977AE9: khtml::KHTMLParser::freeBlock() (htmlparser.cpp:1236) ==19744== by 0x499750F8: khtml::KHTMLParser::~KHTMLParser() (htmlparser.cpp:158) ==19744== by 0x4997DB57: khtml::HTMLTokenizer::~HTMLTokenizer() (htmltokenizer.cpp:1595) ==19744== Address 0xD0 is not stack'd, malloc'd or free'd ==19744== Warning: invalid file descriptor 821 in syscall close() ==19744== Use --logfile-fd= to select an alternative logfile fd. --------------------- VERSION: GCC 3.3.3 (or maybe 3.3.2 a week ago, don't know for sure). kdelibs/kdebase CVS HEAD about a week old. Can't test with newer versions due to problems when compiling kdelibs (that's a separate issue which surely will be solved and might be a problem on my side). There's one report of it working correctly with Konqueror 3.1.3, but I don't know for sure whether the reporter was loading banners or not. If there's anything I can do to help fixing this crash, just ask for it. If it's better to open a report on Bugzilla, even this close to the release, I'll do that instead. Jonathan Brugge