Bug 11414

Summary:

[s60]China Variant Crashes

Product:

WebKit

Reporter:

Rasvan Alexandrescu <rasvan.alexandrescu>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

CLOSED FIXED

Severity:

Normal

Keywords:

PlatformOnly

Priority:

Version:

420+

Hardware:

S60 Emulator

OS:

S60 3rd edition

Attachments:

Description	Flags
changes to the hbuf max size	zalan: review+
check for more reallocation condition	none
check for more reallocation condition	zalan: review-
modified as suggested	zalan: review-
latest changes	zalan: review-
modified and tested	zalan: review+

Description Rasvan Alexandrescu 2006-10-25 07:50:47 PDT

Browser Crash when search with Google using chinese characters and spaces

Comment 1 Rasvan Alexandrescu 2006-10-25 07:53:41 PDT

Created attachment 11209 [details]
changes to the hbuf max size

Comment 2 zalan 2006-10-26 12:12:56 PDT

Comment on attachment 11209 [details]
changes to the hbuf max size

r=me

Comment 3 zalan 2006-10-26 12:31:06 PDT

3.1m r17335
3.2 r17336

Comment 4 Rasvan Alexandrescu 2006-11-08 12:07:02 PST

Created attachment 11427 [details]
check for more reallocation condition

Comment 5 Rasvan Alexandrescu 2006-11-08 13:22:49 PST

Created attachment 11429 [details]
check for more reallocation condition

Comment 6 zalan 2006-11-08 13:45:12 PST

Comment on attachment 11429 [details]
check for more reallocation condition

checkRealloc should take two parameters, the current buffer and the length you want to expand to and return the new buffer.
so instead of
TBool checkRealloc( HBufC8*  aBuf, TPtr8& aPtr, TInt aLen )
you should have something like
HBufC8* checkRealloc( TPtrC8& , TInt  ) 

then you dont have to do tricks like this
//
HBufC8* temp = aBuf->ReAlloc( maxlen + (len == maxlen ? 1 : aLen) );

Comment 7 Rasvan Alexandrescu 2006-11-09 08:24:55 PST

Created attachment 11438 [details]
modified as suggested

Comment 8 zalan 2006-11-09 08:43:18 PST

Comment on attachment 11438 [details]
modified as suggested

1, ptr.Length() + tmpBuf.Length() should be passed to checkRealloc instead of tmpBuf.Length()
2, outBuf->Des().Copy( aPtr ) should be used instead of outBuf->operator=(aPtr);
as the buffer that aPtr points to is destroyed right after checkRealloc returns (delete outBuf;)
3, checkRealloc should not leave, it should return null in case of oom.

Comment 9 Rasvan Alexandrescu 2006-11-09 09:29:15 PST

Created attachment 11441 [details]
latest changes

Comment 10 zalan 2006-11-09 09:36:58 PST

Comment on attachment 11441 [details]
latest changes

checkRealloc still leaves. please either trap NewMaxL or use a non-leaving version of it.
please also make sure that this patch fixes your test case

Comment 11 Rasvan Alexandrescu 2006-11-09 12:36:06 PST

Created attachment 11445 [details]
modified and tested

Comment 12 zalan 2006-11-09 13:45:12 PST

Comment on attachment 11445 [details]
modified and tested 

r=me

Comment 13 zalan 2006-11-09 13:49:12 PST

3.1m r17692
3.2 r17693

Comment 14 Joel Parks 2011-03-21 11:52:43 PDT

re-purposing InTSW keyword for use by QtWebkit team