RESOLVED FIXED 14894
Malformed table innerHTML causes Safari to crash in HTMLParser::handleError 
https://bugs.webkit.org/show_bug.cgi?id=14894
Summary Malformed table innerHTML causes Safari to crash in HTMLParser::handleError
Glan Thomas
Reported 2007-08-07 04:45:27 PDT
When using javascript to set the interHTML of a table to '<tr>some content</tr>' Note the missing '<td>...</td>' tags cause the browser to crash.
Attachments
Sample HTML (WARNING! this will crash Webkit!) (416 bytes, text/html)
2007-08-07 04:47 PDT, Glan Thomas 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Glan Thomas
Comment 1 2007-08-07 04:47:38 PDT
Created attachment 15857 [details] Sample HTML (WARNING! this will crash Webkit!) WARNING! this will crash Safari/Webkit
Alexey Proskuryakov
Comment 2 2007-08-07 05:38:29 PDT
Confirmed with r24875. Thread 0 Crashed: 0 com.apple.WebCore 0x0101b55c WebCore::HTMLParser::handleError(WebCore::Node*, bool, WebCore::AtomicString const&, int) + 3836 1 com.apple.WebCore 0x0101bb2d WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 509 2 com.apple.WebCore 0x0101c0fe WebCore::HTMLParser::parseToken(WebCore::Token*) + 606 3 com.apple.WebCore 0x0101f102 WebCore::HTMLTokenizer::processToken() + 626 4 com.apple.WebCore 0x01024b2c WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 780 5 com.apple.WebCore 0x0102522f WebCore::parseHTMLDocumentFragment(WebCore::String const&, WebCore::DocumentFragment*) + 191 6 com.apple.WebCore 0x01012df5 WebCore::HTMLElement::createContextualFragment(WebCore::String const&) + 229 7 com.apple.WebCore 0x010132c0 WebCore::HTMLElement::setInnerHTML(WebCore::String const&, int&) + 32
Geoffrey Garen
Comment 3 2007-08-07 08:05:27 PDT
<rdar://problem/5391576>
mitz
Comment 4 2007-08-09 12:42:02 PDT
Fixed by Antti in <http://trac.webkit.org/projects/webkit/changeset/24936>.
Note You need to log in before you can comment on or make changes to this bug.