RESOLVED FIXED 10681
REGRESSION: Reproducible crash at Wikipedia 
https://bugs.webkit.org/show_bug.cgi?id=10681
Summary REGRESSION: Reproducible crash at Wikipedia
Daniele Metilli
Reported 2006-09-01 14:44:39 PDT
Follow these steps: 1 - Go to http://en.wikipedia.org/w/index.php?title=Italy&action=edit 2 - Click on the "Show preview" button 3 - WebKit crashes This happens using TOT (r16179). It seems to have a problem with text areas containing a large amount of text.
Attachments
Crash log (20.46 KB, text/plain)
2006-09-01 19:18 PDT, Matt Lilek 		no flags
Details
proposed fix (6.18 KB, patch)
2006-09-02 01:47 PDT, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2006-09-01 19:18:44 PDT
Created attachment 10356 [details] Crash log Crash log from r16187
Mark Rowe (bdash)
Comment 2 2006-09-01 23:13:41 PDT
This looks _very_ similar to bug 10681. The steps to reproduce are very similar, hitting submit on different sites with text areas containing large amounts of text results in a crash. The backtrace is similar in parts, but the actual crash happens at a different place in the code.
Alexey Proskuryakov
Comment 3 2006-09-02 01:13:10 PDT
This buffer overrun happens for non-ASCII text in forms (more precisely, for text that looks like it may need Unicode normalization). I'm preparing a patch. The regression started with r15449 - previously, this ICU code path was under an #ifndef __APPLE__, and Mac builds used a CFString one.
Alexey Proskuryakov
Comment 4 2006-09-02 01:47:01 PDT
Created attachment 10361 [details] proposed fix
Darin Adler
Comment 5 2006-09-03 12:14:16 PDT
Comment on attachment 10361 [details] proposed fix r=me, but maybe we could do this after I land my upcoming changes, since I suspect DeprecatedString isn't even involved any more.
Darin Adler
Comment 6 2006-09-03 23:14:57 PDT
I now have a version of this proposed fix integrated with the rest of my changes.
Darin Adler
Comment 7 2006-09-04 16:10:06 PDT
See bug 10728 for my patch.
Darin Adler
Comment 8 2006-09-05 23:03:37 PDT
Fixed along with bug 10728.
Note You need to log in before you can comment on or make changes to this bug.