Bug 14578 - [S60][3.1A][3.2] - Browser crashes in www.vertaa.fi
Summary: [S60][3.1A][3.2] - Browser crashes in www.vertaa.fi
Status: CLOSED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 523.x (Safari 3)
Hardware: S60 Hardware S60 3rd edition
: P2 Critical
Assignee: Joseph Ligman
URL: http://www.vertaa.fi
Keywords: PlatformOnly
Depends on:
Blocks:
 
Reported: 2007-07-10 14:00 PDT by Joseph Ligman
Modified: 2011-03-21 11:53 PDT (History)
1 user (show)

See Also:

Attachments
create program node on the heap to avoid an overflow when parsing a large stringnode. (2.15 KB, patch)
2007-07-10 14:12 PDT, Joseph Ligman 		joseph.ligman: review-
Details | Formatted Diff | Diff
delete all the ArgumentListNode's self elements in a loop to avoid recursion (2.29 KB, patch)
2007-07-12 11:44 PDT, Joseph Ligman 		yongjun.zhang: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Ligman 2007-07-10 14:00:36 PDT 
TSW ID: SLON-73XDUZ

Error description & actions how to produce the error:
Open www.vertaa.fi and click "lentoliput" which is located under "matkustus" -> after a while browser crashes.
Comment 1 Joseph Ligman 2007-07-10 14:12:42 PDT 
Created attachment 15466 [details]
create program node on the heap to avoid an overflow when parsing a large stringnode.

I'm assuming the memory allocated will be cleaned up by the garbage collector.
Comment 2 Joseph Ligman 2007-07-10 14:21:40 PDT 
The patch is no good. It creates a memory leak.
Comment 3 Joseph Ligman 2007-07-12 11:44:01 PDT 
Created attachment 15488 [details]
delete all the ArgumentListNode's self elements in a loop to avoid recursion

The ArgumentListNode contains a pointer to itself, which makes a chain of elements. When the node is deleted it deletes itself which deletes itself recursively. When this recursion becomes large enough the crash occurs. To avoid this delete all the nodes in a loop and set them to null when the destructor is called.
Comment 4 Yongjun Zhang 2007-07-13 13:27:10 PDT 
Comment on attachment 15488 [details]
delete all the ArgumentListNode's self elements in a loop to avoid recursion

r = me
Comment 5 Yongjun Zhang 2007-07-13 13:27:30 PDT 
landed on r24270 for ccb.
Comment 6 Yongjun Zhang 2007-07-13 13:29:02 PDT 
landed on r24271 for 31m.
Comment 7 Bradley Morrison 2008-04-09 11:39:24 PDT 
Bulk closing of all s60 platform bugs. 

Sorry for the noise!
Comment 8 Joel Parks 2011-03-21 11:53:34 PDT 
re-purposing InTSW keyword for use by QtWebkit team