[prev in list] [next in list] [prev in thread] [next in thread]
List: konq-bugs
Subject: [Bug 182907] Crash in khtml::RenderTableCell::section due to null
From: Viacheslav Tokarev <tsjoker () gmail ! com>
Date: 2009-03-30 16:45:40
Message-ID: 20090330164540.780FB15BB9 () immanuel ! kde ! org
[Download RAW message or body]
https://bugs.kde.org/show_bug.cgi?id=182907
Viacheslav Tokarev <tsjoker@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tsjoker@gmail.com
--- Comment #5 from Viacheslav Tokarev <tsjoker gmail com> 2009-03-30 18:45:36 ---
vg report
==6815== Invalid read of size 4
==6815== at 0xB2836DD: khtml::RenderTableCell::collapsedTopBorder() const
(render_style.h:257)
==6815== by 0xB2839D6: khtml::RenderTableCell::borderTop() const
(render_table.cpp:2681)
==6815== by 0xB25F25E: khtml::RenderBox::overflowClipRect(int, int)
(render_box.cpp:861)
==6815== by 0xB27724E: khtml::RenderLayer::calculateRects(khtml::RenderLayer
const*, QRect const&, QRect&, QRect&, QRect&) (render_layer.cpp:1306)
==6815== by 0xB2779C0: khtml::RenderLayer::repaint(Priority, bool)
(render_layer.cpp:225)
==6815== by 0xB277902: khtml::RenderLayer::repaint(Priority, bool)
(render_layer.cpp:223)
==6815== by 0xB25ABA9: khtml::RenderObject::setStyle(khtml::RenderStyle*)
(render_object.cpp:2170)
==6815== by 0xB25BB05: khtml::RenderContainer::setStyle(khtml::RenderStyle*)
(render_container.cpp:236)
==6815== by 0xB260137: khtml::RenderBox::setStyle(khtml::RenderStyle*)
(render_box.cpp:153)
==6815== by 0xB2374AB: khtml::RenderBlock::setStyle(khtml::RenderStyle*)
(render_block.cpp:128)
==6815== by 0xB282B22: khtml::RenderTable::setStyle(khtml::RenderStyle*)
(render_table.cpp:89)
==6815== by 0xB1873BF:
DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(dom_elementimpl.cpp:942)
==6815== by 0xB1E8B68:
DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(html_elementimpl.cpp:269)
==6815== by 0xB18740E:
DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(dom_elementimpl.cpp:962)
==6815== by 0xB1E8B68:
DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(html_elementimpl.cpp:269)
==6815== by 0xB18740E:
DOM::ElementImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(dom_elementimpl.cpp:962)
==6815== by 0xB1E8B68:
DOM::HTMLElementImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(html_elementimpl.cpp:269)
==6815== by 0xB173211:
DOM::DocumentImpl::recalcStyle(DOM::NodeImpl::StyleChange)
(dom_docimpl.cpp:1445)
==6815== by 0xB15EDE7: DOM::DocumentImpl::updateRendering()
(dom_docimpl.cpp:1474)
==6815== by 0xB16BE82: DOM::DocumentImpl::updateLayout()
(dom_docimpl.cpp:1503)
==6815== by 0xB35A44F: KJS::DOMNode::getValueProperty(KJS::ExecState*, int)
const (kjs_dom.cpp:365)
==6815== by 0xB3698E0: KJS::JSValue*
KJS::staticValueGetter<KJS::DOMNode>(KJS::ExecState*, KJS::JSObject*,
KJS::Identifier const&, KJS::PropertySlot const&) (lookup.h:147)
==6815== by 0xB7D6543: KJS::JSObject::get(KJS::ExecState*, KJS::Identifier
const&) const (property_slot.h:46)
==6815== by 0xB7EFBEF: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:715)
==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7A6504: KJS::FunctionBodyNode::execute(KJS::ExecState*)
(nodes.cpp:927)
==6815== by 0xB7D9A69: KJS::Interpreter::evaluate(KJS::UString const&, int,
KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553)
==6815== by 0xB7D9BF6: KJS::Interpreter::evaluate(KJS::UString const&, int,
KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493)
==6815== by 0xB3B3548: KJS::KJSProxyImpl::evaluate(QString, int, QString
const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158)
==6815== by 0xB1E3FB9: DOM::HTMLScriptElementImpl::evaluateScript(QString
const&, DOM::DOMString const&) (html_headimpl.cpp:479)
==6815== by 0xB1E4265:
DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*)
(html_headimpl.cpp:463)
==6815== by 0xB317DAC: khtml::CachedScript::checkNotify() (loader.cpp:391)
==6815== by 0xB31B35B: khtml::CachedScript::data(QBuffer&, bool)
(loader.cpp:383)
==6815== by 0xB31AF81: khtml::Loader::slotFinished(KJob*) (loader.cpp:1409)
==6815== by 0xB3225E6: khtml::Loader::qt_metacall(QMetaObject::Call, int,
void**) (loader.moc:131)
==6815== by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in
/home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815== by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815== by 0x4AEDF32: KJob::result(KJob*) (kjob.moc:188)
==6815== by 0x4AEE3D8: KJob::emitResult() (kjob.cpp:294)
==6815== Address 0xda49a0c is 36 bytes inside a block of size 64 free'd
==6815== at 0x40249DA: operator delete(void*) (vg_replace_malloc.c:342)
==6815== by 0xB24F5E7: khtml::RenderObject::~RenderObject() (shared.h:41)
==6815== by 0xB25FE77: khtml::RenderBox::~RenderBox()
(render_container.h:39)
==6815== by 0xB2385E9: khtml::RenderBlock::~RenderBlock() (render_flow.h:44)
==6815== by 0xB289C0C: khtml::RenderTableCell::~RenderTableCell()
(render_table.h:324)
==6815== by 0xB24E3B7: khtml::RenderObject::arenaDelete(khtml::RenderArena*,
void*) (render_object.cpp:2444)
==6815== by 0xB252804: khtml::RenderObject::detach()
(render_object.cpp:2435)
==6815== by 0xB25FDAA: khtml::RenderBox::detach() (render_box.cpp:224)
==6815== by 0xB269B8F: khtml::RenderFlow::detach() (render_flow.cpp:366)
==6815== by 0xB27E468: khtml::RenderTableCell::detach()
(render_table.cpp:2178)
==6815== by 0xB1789CB: DOM::NodeImpl::detach() (dom_nodeimpl.cpp:1018)
==6815== by 0xB17914B: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1738)
==6815== by 0xB1875AA: DOM::ElementImpl::detach() (dom_elementimpl.cpp:857)
==6815== by 0xB17913F: DOM::NodeBaseImpl::detach() (dom_nodeimpl.cpp:1736)
==6815== by 0xB1875AA: DOM::ElementImpl::detach() (dom_elementimpl.cpp:857)
==6815== by 0xB17DE2A: DOM::NodeBaseImpl::removeChild(DOM::NodeImpl*, int&)
(dom_nodeimpl.cpp:1521)
==6815== by 0xB218CC3: DOM::HTMLTableSectionElementImpl::deleteRow(long,
int&) (html_tableimpl.cpp:752)
==6815== by 0xB21A8D6: DOM::HTMLTableElementImpl::deleteRow(long, int&)
(html_tableimpl.cpp:293)
==6815== by 0xB37A287:
KJS::HTMLElementFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (kjs_html.cpp:2221)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7D3021: KJS::FunctionImp::callAsFunction(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) (function.cpp:144)
==6815== by 0xB7D6DAC: KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) (object.cpp:69)
==6815== by 0xB7F3240: KJS::Machine::runBlock(KJS::ExecState*,
WTF::Vector<unsigned char, 0u> const&, KJS::ExecState*) (codes.def:1192)
==6815== by 0xB7A6504: KJS::FunctionBodyNode::execute(KJS::ExecState*)
(nodes.cpp:927)
==6815== by 0xB7D9A69: KJS::Interpreter::evaluate(KJS::UString const&, int,
KJS::UChar const*, int, KJS::JSValue*) (interpreter.cpp:553)
==6815== by 0xB7D9BF6: KJS::Interpreter::evaluate(KJS::UString const&, int,
KJS::UString const&, KJS::JSValue*) (interpreter.cpp:493)
==6815== by 0xB3B3548: KJS::KJSProxyImpl::evaluate(QString, int, QString
const&, DOM::Node const&, KJS::Completion*) (kjs_proxy.cpp:158)
==6815== by 0xB1E3FB9: DOM::HTMLScriptElementImpl::evaluateScript(QString
const&, DOM::DOMString const&) (html_headimpl.cpp:479)
==6815== by 0xB1E4265:
DOM::HTMLScriptElementImpl::notifyFinished(khtml::CachedObject*)
(html_headimpl.cpp:463)
==6815== by 0xB317DAC: khtml::CachedScript::checkNotify() (loader.cpp:391)
==6815== by 0xB31B35B: khtml::CachedScript::data(QBuffer&, bool)
(loader.cpp:383)
==6815== by 0xB31AF81: khtml::Loader::slotFinished(KJob*) (loader.cpp:1409)
==6815== by 0xB3225E6: khtml::Loader::qt_metacall(QMetaObject::Call, int,
void**) (loader.moc:131)
==6815== by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in
/home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815== by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815== by 0x4AEDF32: KJob::result(KJob*) (kjob.moc:188)
==6815== by 0x4AEE3D8: KJob::emitResult() (kjob.cpp:294)
==6815== by 0x42E9A44: KIO::SimpleJob::slotFinished() (job.cpp:485)
==6815== by 0x42EACB2: KIO::TransferJob::slotFinished() (job.cpp:962)
==6815== by 0x42EBDA2: KIO::TransferJob::qt_metacall(QMetaObject::Call, int,
void**) (jobclasses.moc:343)
==6815== by 0x4E16E27: QMetaObject::activate(QObject*, int, int, void**) (in
/home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815== by 0x4E17401: QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) (in /home/vtokarev/kde/src/qt-copy/lib/libQtCore.so.4.5.0)
==6815== by 0x43B1776: KIO::SlaveInterface::finished()
(slaveinterface.moc:165)
==6815== by 0x43B54B6: KIO::SlaveInterface::dispatch(int, QByteArray const&)
(slaveinterface.cpp:175)
==6815== by 0x43B1C56: KIO::SlaveInterface::dispatch()
(slaveinterface.cpp:91)
==6815== by 0x43A204C: KIO::Slave::gotInput() (slave.cpp:322)
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
_______________________________________________
Konq-bugs mailing list
Konq-bugs@mail.kde.org
https://mail.kde.org/mailman/listinfo/konq-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic