RESOLVED FIXED 6494
Crash when assigning a new function to a DOMParser object 
https://bugs.webkit.org/show_bug.cgi?id=6494
Summary Crash when assigning a new function to a DOMParser object
Michael Gauthier
Reported 2006-01-11 09:09:19 PST
When I assign a new function to an instance of the DOMParser class Safari crashes. This crash also happens on OSX 10.3 w/ Webkit 312. To reproduce: var parser = new DOMParser(); parser.loadXML = function(document_string) { return parser.parseFromString(document_string, 'text/xml'); } To work-around: var parser = new function {} var dom_parser = new DOMParser(); parser.loadXML = function(document_string) { return dom_parser.parseFromString(document_string, 'text/xml'); }
Attachments
Fix (3.99 KB, patch)
2006-01-12 14:30 PST, Anders Carlsson 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-01-12 13:18:39 PST
Confirmed on ToT. Since there exists a workaround, should this really be critical severity? 0 findEntry(KJS::HashTable const*, unsigned, KJS::UChar const*, unsigned) + 156 (lookup.cpp:56) 1 KJS::Lookup::findEntry(KJS::HashTable const*, KJS::Identifier const&) + 108 (lookup.cpp:73) 2 KJS::JSObject::findPropertyHashEntry(KJS::Identifier const&) const + 108 (object.cpp:382) 3 KJS::JSObject::getPropertyAttributes(KJS::Identifier const&, int&) const + 112 (object.cpp:475) 4 KJS::JSObject::canPut(KJS::ExecState*, KJS::Identifier const&) const + 48 (object.cpp:285) 5 KJS::JSObject::put(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int) + 232 (object.cpp:214) 6 KJS::AssignDotNode::evaluate(KJS::ExecState*) + 1740 (nodes.cpp:1350) ...
Anders Carlsson
Comment 2 2006-01-12 14:30:48 PST
Created attachment 5631 [details] Fix The problem here is that the DOMParserTable hash table is empty, which leads to modulo by zero in Lookup::findEntry.
Note You need to log in before you can comment on or make changes to this bug.