RESOLVED FIXED16358
[WIN] Spontaneous crashes in get2ByteOpcodeValueAtOffset 
https://bugs.webkit.org/show_bug.cgi?id=16358
Summary [WIN] Spontaneous crashes in get2ByteOpcodeValueAtOffset
Matt Lilek
Reported 2007-12-08 19:47:34 PST
I keep getting a crash in get2ByteOpcodeValueAtOffset (pcre_internal.h:229) that seems to happen rather spontaneously. I've had it happen twice on startup (loading <http://www.apple.com/startpage/>) and twice more while entering a new bug here in Bugzilla. WebKit.dll!get2ByteOpcodeValueAtOffset(const unsigned char * opcodePtr=0x050b5ffb, unsigned int offset=4) Line 229 + 0x12 bytes C++ WebKit.dll!is_anchored(const unsigned char * code=0x050b5ff8, int options=0, unsigned int bracket_map=536870944, unsigned int backref_map=0) Line 2086 + 0xb bytes C++ WebKit.dll!is_anchored(const unsigned char * code=0x050b5ff5, int options=0, unsigned int bracket_map=536870912, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++ WebKit.dll!is_anchored(const unsigned char * code=0x050b5ff2, int options=0, unsigned int bracket_map=536870912, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++ WebKit.dll!is_anchored(const unsigned char * code=0x050b5fef, int options=0, unsigned int bracket_map=536870912, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++ WebKit.dll!is_anchored(const unsigned char * code=0x050b5fec, int options=0, unsigned int bracket_map=0, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++ WebKit.dll!jsRegExpCompile(const wchar_t * pattern=0x0012fa89, int patternLength=2, JSRegExpIgnoreCaseOption ignoreCase=JSRegExpDoNotIgnoreCase, JSRegExpMultilineOption multiline=JSRegExpSingleLine, unsigned int * numSubpatterns=0x00000000, const char * * errorptr=0x0012f9f0) Line 2848 + 0x15 bytes C++ WebKit.dll!WebCore::RegularExpression::Private::compile(bool caseSensitive=true, bool glob=false) Line 107 + 0x2b bytes C++ WebKit.dll!WebCore::RegularExpression::Private::Private(WebCore::DeprecatedString p={...}, bool caseSensitive=true, bool glob=false) Line 66 C++ WebKit.dll!WebCore::RegularExpression::RegularExpression(const char * cpattern=0x0117ab18) Line 127 + 0x4a bytes C++ WebKit.dll!WebCore::Frame::matchLabelsAgainstElement(const WTF::Vector<WebCore::String,0> & labels={...}, WebCore::Element * element=0x04e1b638) Line 497 + 0x27 bytes C++ WebKit.dll!WebFrame::matchLabelsAgainstElement(wchar_t * const * labels=0x04f6b898, int cLabels=3, IDOMElement * againstElement=0x04cffcc4, wchar_t * * result=0x0012fc4c) Line 1282 C++ WebKit.dll!WebHTMLRepresentation::matchLabels(wchar_t * * labels=0x04f6b898, int cLabels=3, IDOMElement * againstElement=0x04cffcc4, wchar_t * * result=0x0012fc4c) Line 214 C++ Safari.exe!004726a5()
Attachments
Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2007-12-26 14:35:47 PST
Closing this since Darin removed get2ByteOpcodeValueAtOffset in r28793 <http://trac.webkit.org/projects/webkit/changeset/28793> (but I think it was fixed in another pcre patch before that).
Note You need to log in before you can comment on or make changes to this bug.