crash on conference2006.kde.org

Leo Savernik l.savernik at aon.at
Tue Jun 6 19:33:56 BST 2006 

Hello,

Since KDE 3.5.3 I keep getting crashes on 
http://conference2006.kde.org/organization/location.php when scrolling 
towards the end of the document.

Steps to reproduce:
1. Load http://conference2006.kde.org/organization/location.php
2. Scroll to the end of the document (or hit "End").

Valgrind delivers BTs looking like this:

==2391== Invalid read of size 4
==2391==    at 0x700FEC7: 
khtml::RenderStyle::setBorderBottomStyle(khtml::EBorderStyle) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_style.h:1164)
==2391==    by 0x6EA9F77: 
khtml::RenderText::paint(khtml::RenderObject::PaintInfo &, int, int) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_text.cpp:991)
==2391==    by 0x6E8B55A: 
khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo &, int, int, 
bool) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_block.cpp:1662)

or this

==2706== Use of uninitialised value of size 4
==2706==    at 0x6E9260D: 
khtml::StyleSurroundData::StyleSurroundData(khtml::StyleSurroundData const &) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_style.cpp:46)
==2706==    by 0x7011B4C: 
khtml::DataRef<khtml::StyleSurroundData>::access(void) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_style.h:113)
==2706==    by 0x700FEDF: 
khtml::RenderStyle::setBorderBottomStyle(khtml::EBorderStyle) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_style.h:1164)
==2706==    by 0x6EA9F77: 
khtml::RenderText::paint(khtml::RenderObject::PaintInfo &, int, int) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_text.cpp:991)
==2706==    by 0x6E8B55A: 
khtml::RenderBlock::paintObject(khtml::RenderObject::PaintInfo &, int, int, 
bool) 
(/leo/projekte/Fremde/kde-3.5/src/kdelibs/khtml/rendering/render_block.cpp:1662)


Can anybody reproduce?

A minimal testcase is attached. Warning! May crash your Konqueror.

I couldn't check for precedents as bko is currently dead.

mfg
	Leo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20060606/149be3c3/attachment.html>

More information about the kfm-devel mailing list