run-webkit-tests fast/events/event-targets.html --guard-malloc This happens because the test for end of buffer is incorrect - it is not actually null terminated. Same problem is present elsewhere in this function, and I'm not sure if the code was buggy from the beginning, or some refactoring rendered it wrong.
Created attachment 12900 [details] proposed fix
Small style snafu, a double space snuck in between the < and the pEnd. - while (ptr != pEnd) { + while (ptr + 7 < pEnd) { // +7 guarantees that "<!--" and "<?xml" fit in the buffer - and certainly we aren't going to lose any "charset" that way.
Comment on attachment 12900 [details] proposed fix r=me
Committed revision 19387.