13942 2007-05-30 16:36:04 -0700 ASSERTION FAILED: !attrName.contains('/') in HTMLTokenizer.cpp:132 when loading http://bamanzi.blogeden.cn/ 2008-05-15 13:03:51 -0700 1 1 1 Unclassified WebKit Page Loading 523.x (Safari 3) Mac OS X 10.4 RESOLVED FIXED P2 Normal --- 1 andersca jchaffraix ddkilzer eric jchaffraix oldest_to_newest 8675 0 andersca 2007-05-30 16:36:04 -0700 Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x01392b92 in WebCore::Token::addAttribute (this=0x212c014, doc=0x212b600, attrName=@0x212c03c, v=@0x14dbff0, viewSourceMode=false) at /Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:132 132 ASSERT(!attrName.contains('/')); (gdb) print attrName.m_string.ascii() $3 = { m_size = 12, m_impl = { m_buffer = 0x16fdef20 "(??\"/?????\"", m_capacity = 16 } } 58153 1 ddkilzer 2007-10-09 07:05:41 -0700 More sites that trip this assertion failure: http://www.allaboutolive.com.au/ [per Bug 14620 Comment #3] http://students.hamilton.edu/rugby/ http://www.gameres.com/ http://www.tf1.fr/ 58156 2 ddkilzer 2007-10-09 08:11:41 -0700 (In reply to comment #1) > http://www.allaboutolive.com.au/ [per Bug 14620 Comment #3] Many instances of: <href ='http://www.allaboutolive.com.au/wp-content/uploads/2007/10/didnt-hear-again.jpg' title='didnt-hear-again.jpg'> > http://students.hamilton.edu/rugby/ <td ALIGN=CENTER VALIGN=CENTER WIDTH="9%" HEIGHT="50%" ="http://students.hamilton.edu/rugby/rugby_ball.gif"> > http://www.gameres.com/ I can't figure out where the string below is located in the document, but it appears to be within gb2312-encoded text. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x016136f0 in WebCore::Token::addAttribute (this=0x2822818, doc=0x2844400, attrName=@0x2822848, v=@0x18fa3e8, viewSourceMode=false) at /Users/ddkilzer/Projects/Cocoa/WebKit/WebCore/html/HTMLTokenizer.cpp:133 133 ASSERT(!attrName.contains('/')); (gdb) p attrName.m_string.ascii() $1 = { m_size = 21, m_impl = { m_buffer = 0x2436bd0 "express/??(microsoft", m_capacity = 21 } } Current language: auto; currently c++ > http://www.tf1.fr/ <style ="text/css"> 72919 3 mitz 2008-03-06 10:11:38 -0800 *** Bug 17695 has been marked as a duplicate of this bug. *** 72922 4 ddkilzer 2008-03-06 10:51:04 -0800 *** Bug 14620 has been marked as a duplicate of this bug. *** 78325 5 20706 jchaffraix 2008-04-20 14:07:24 -0700 Created attachment 20706 Check for '/' when assigning value to attribute to avoid triggering the assertion 79090 6 20706 darin 2008-04-27 23:42:56 -0700 Comment on attachment 20706 Check for '/' when assigning value to attribute to avoid triggering the assertion Is the "/" character the only bad character for an attribute name? This change seems fine as far as it goes, but I'm surprised that this is the only character that is allowed in attribute values but can cause us trouble in attribute names. Maybe ":"? r=me, but lets consider further testing with other characters 80538 7 jchaffraix 2008-05-15 13:03:51 -0700 (In reply to comment #6) > (From update of attachment 20706 [edit]) > Is the "/" character the only bad character for an attribute name? No. > This change seems fine as far as it goes, but I'm surprised that this is the > only character that is allowed in attribute values but can cause us trouble in > attribute names. Maybe ":"? > r=me, but lets consider further testing with other characters Filed Bug 19084 to cover the other wrong characters (FYI ':' is not a problem according to HTML5). Committed in r33492. 20706 2008-04-20 14:07:24 -0700 2008-04-27 23:42:56 -0700 Check for '/' when assigning value to attribute to avoid triggering the assertion bug13942-CL.patch text/plain 5374 jchaffraix ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCBmZWRmY2IyLi43MDMxMzIzIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMDgtMDQt MjAgIEp1bGllbiBDaGFmZnJhaXggIDxqY2hhZmZyYWl4QHdlYmtpdC5vcmc+CisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGVzdCBjYXNlIGZvciBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM5NDIKKyAgICAgICAgQVNTRVJU SU9OIEZBSUxFRDogIWF0dHJOYW1lLmNvbnRhaW5zKCcvJykgaW4gSFRNTFRva2VuaXplci5jcHA6 MTMyIHdoZW4gbG9hZGluZyBodHRwOi8vYmFtYW56aS5ibG9nZWRlbi5jbi8KKworICAgICAgICAq IGZhc3QvcGFyc2VyL2Fzc2VydGlvbi1lbXB0eS1hdHRyaWJ1dGUtZXhwZWN0ZWQudHh0OiBBZGRl ZC4KKyAgICAgICAgKiBmYXN0L3BhcnNlci9hc3NlcnRpb24tZW1wdHktYXR0cmlidXRlLmh0bWw6 IEFkZGVkLgorCiAyMDA4LTA0LTE5ICBCcmFkeSBFaWRzb24gIDxiZWlkc29uQGFwcGxlLmNvbT4K IAogICAgICAgICBVcGRhdGUgd2luZG93LXByb3BlcnRpZXMgdG8gYWRkIHRoZSBwcm9maWxlciBh bmQgZml4IGEgbGF5b3V0IHRlc3QKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvcGFyc2Vy L2Fzc2VydGlvbi1lbXB0eS1hdHRyaWJ1dGUtZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvZmFz dC9wYXJzZXIvYXNzZXJ0aW9uLWVtcHR5LWF0dHJpYnV0ZS1leHBlY3RlZC50eHQKbmV3IGZpbGUg bW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMC4uZDYyMDQyZgotLS0gL2Rldi9udWxsCisrKyBiL0xh eW91dFRlc3RzL2Zhc3QvcGFyc2VyL2Fzc2VydGlvbi1lbXB0eS1hdHRyaWJ1dGUtZXhwZWN0ZWQu dHh0CkBAIC0wLDAgKzEsNyBAQAorVGVzdCBjYXNlIGZvciBCdWcgMTM5NDIgOiBBU1NFUlRJT04g RkFJTEVEOiAhYXR0ck5hbWUuY29udGFpbnMoJy8nKSBpbiBIVE1MVG9rZW5pemVyLmNwcDoxMzIg d2hlbiBsb2FkaW5nIGh0dHA6Ly9iYW1hbnppLmJsb2dlZGVuLmNuLworCitUbyBwYXNzIHRoaXMg dGVzdCwgdGhlcmUgc2hvdWxkIGJlIG5vIGFzc2VydGlvbiBmYWlsdXJlIGFuZCB5b3Ugc2hvdWxk IFBBU1MgdGhyZWUgdGltZXMuCisKK1BBU1MgCitQQVNTIAorUEFTUwpkaWZmIC0tZ2l0IGEvTGF5 b3V0VGVzdHMvZmFzdC9wYXJzZXIvYXNzZXJ0aW9uLWVtcHR5LWF0dHJpYnV0ZS5odG1sIGIvTGF5 b3V0VGVzdHMvZmFzdC9wYXJzZXIvYXNzZXJ0aW9uLWVtcHR5LWF0dHJpYnV0ZS5odG1sCm5ldyBm aWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAuLmMzMjVkNmQKLS0tIC9kZXYvbnVsbAorKysg Yi9MYXlvdXRUZXN0cy9mYXN0L3BhcnNlci9hc3NlcnRpb24tZW1wdHktYXR0cmlidXRlLmh0bWwK QEAgLTAsMCArMSwyOSBAQAorPGh0bWw+Cis8aGVhZD4KKzx0aXRsZT4gVGVzdCBjYXNlIGJ1ZyAx Mzk0MiA8L3RpdGxlPgorPHNjcmlwdD4KK2lmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIp IHsKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cit9Cis8L3NjcmlwdD4K KzwvaGVhZD4KKzxib2R5PgorPHA+IFRlc3QgY2FzZSBmb3IgPGEgaHJlZj0iaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTEzOTQyIj4gQnVnIDEzOTQyIDwvYT46IEFTU0VS VElPTiBGQUlMRUQ6ICFhdHRyTmFtZS5jb250YWlucygnLycpIGluIEhUTUxUb2tlbml6ZXIuY3Bw OjEzMiB3aGVuIGxvYWRpbmcgaHR0cDovL2JhbWFuemkuYmxvZ2VkZW4uY24vIDwvcD4KKzxwPiBU byBwYXNzIHRoaXMgdGVzdCwgdGhlcmUgc2hvdWxkIGJlIG5vIGFzc2VydGlvbiBmYWlsdXJlIGFu ZCB5b3Ugc2hvdWxkIFBBU1MgdGhyZWUgdGltZXMuIDwvcD4KKzxocmVmID0naHR0cDovL3dlYmtp dC5vcmcnIGlkPSd0ZXN0Jz4gUEFTUyA8L2hyZWY+Cis8c2NyaXB0IHR5cGU9J3RleHQvamF2YXNj cmlwdCc+CisvLyBDaGVjayB0aGF0IHdlIGhhdmUgcmVjb3ZlcmVkIGZyb20gdGhlIGVycm9yCisv LyBhbmQgdGFrZW4gJ2lkJyBpbnRvIGFjY291bnQuCit2YXIgdGVzdCA9IGRvY3VtZW50LmdldEVs ZW1lbnRCeUlkKCd0ZXN0Jyk7CitpZiAodGVzdCkgeworICAgIHRlc3QuYXBwZW5kQ2hpbGQoZG9j dW1lbnQuY3JlYXRlRWxlbWVudCgnYnInKSk7CisgICAgdGVzdC5hcHBlbmRDaGlsZChkb2N1bWVu dC5jcmVhdGVUZXh0Tm9kZSgnUEFTUycpKTsKK30gZWxzZSB7CisgICAgZG9jdW1lbnQuYm9keS5h cHBlbmRDaGlsZChkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdicicpKTsKKyAgICBkb2N1bWVudC5i b2R5LmFwcGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZVRleHROb2RlKCdGQUlMRUQnKSk7Cit9Cis8 L3NjcmlwdD4KKzxici8+Cis8YSA9J2h0dHA6Ly93ZWJraXQub3JnPlBBU1M8L2E+Cis8L2JvZHk+ Cis8L2h0bWw+CmRpZmYgLS1naXQgYS9XZWJDb3JlL0NoYW5nZUxvZyBiL1dlYkNvcmUvQ2hhbmdl TG9nCmluZGV4IGYzZDQ2ZDkuLmQ1MmFjNWMgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUvQ2hhbmdlTG9n CisrKyBiL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMjQgQEAKKzIwMDgtMDQtMjAgIEp1 bGllbiBDaGFmZnJhaXggIDxqY2hhZmZyYWl4QHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTEzOTQyCisgICAgICAgIEFTU0VSVElPTiBGQUlMRUQ6ICFhdHRyTmFt ZS5jb250YWlucygnLycpIGluIEhUTUxUb2tlbml6ZXIuY3BwOjEzMiB3aGVuIGxvYWRpbmcgaHR0 cDovL2JhbWFuemkuYmxvZ2VkZW4uY24vCisKKyAgICAgICAgSW4gSFRNTCwgd2hlbiBhbiBhdHRy aWJ1dGUgd2FzIG51bGwgKGZvciBleGFtcGxlIHdoZW4gd2UgcGFyc2UgJz0ic29tZXZhbHVlIicK KyAgICAgICAgKGF0dHJpYnV0ZSBmb3Jnb3R0ZW4gb3IgdGhlcmUgaXMgYSBzcGFjZSBiZXR3ZWVu IHRoZSBhdHRyaWJ1dGUgYW5kIHRoZSAnPScpKSwKKyAgICAgICAgdGhlIGZhbGxiYWNrIHdhcyB0 byBhc3NpZ24gdGhlIHZhbHVlIHRvIHRoZSBhdHRyaWJ1dGUuIEhvd2V2ZXIgaWYgdGhlIHZhbHVl IHdhcworICAgICAgICBhIHVybCBvciBkaWQgY29udGFpbiBhICcvJywgd2Ugd291bGQgdHJpZ2dl ciB0aGUgYXNzZXJ0aW9uLgorCisgICAgICAgIFRvIGF2b2lkIHRoYXQsIHdlIGNoZWNrIHRoZSB2 YWx1ZSBiZWZvcmUgYXNzaWduaW5nIGl0IG5vdyBhbmQgZG8gbm90IGFzc2lnbiBpdAorICAgICAg ICBpZiBpdCBtZWFucyBhZGRpbmcgYSAnLycuCisKKyAgICAgICAgVGVzdDogZmFzdC9wYXJzZXIv YXNzZXJ0aW9uLWVtcHR5LWF0dHJpYnV0ZS5odG1sCisKKyAgICAgICAgKiBodG1sL0hUTUxUb2tl bml6ZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6SFRNTFRva2VuaXplcjo6cGFyc2VUYWcpOiBB ZGQgY2hlY2sgZm9yICcvJyBpbiB2YWx1ZSBiZWZvcmUKKyAgICAgICAgYXNzaWduaW5nIGl0IHRv IGFuIGF0dHJpYnV0ZSB3aGVuIHRoZSBhdHRyaWJ1dGUgaXMgbnVsbC4KKwogMjAwOC0wNC0xOSAg QWxwIFRva2VyICA8YWxwQG51YW50aS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTmlrb2xh cy4KZGlmZiAtLWdpdCBhL1dlYkNvcmUvaHRtbC9IVE1MVG9rZW5pemVyLmNwcCBiL1dlYkNvcmUv aHRtbC9IVE1MVG9rZW5pemVyLmNwcAppbmRleCAyMzZlYWY1Li40YmVlZWQxIDEwMDY0NAotLS0g YS9XZWJDb3JlL2h0bWwvSFRNTFRva2VuaXplci5jcHAKKysrIGIvV2ViQ29yZS9odG1sL0hUTUxU b2tlbml6ZXIuY3BwCkBAIC0xMzU1LDcgKzEzNTUsOCBAQCBIVE1MVG9rZW5pemVyOjpTdGF0ZSBI VE1MVG9rZW5pemVyOjpwYXJzZVRhZyhTZWdtZW50ZWRTdHJpbmcgJnNyYywgU3RhdGUgc3RhdGUp CiAgICAgICAgICAgICAgICAgICAgICAgICB3aGlsZSAoZGVzdCA+IGJ1ZmZlciArIDEgJiYgKGRl c3RbLTFdID09ICdcbicgfHwgZGVzdFstMV0gPT0gJ1xyJykpCiAgICAgICAgICAgICAgICAgICAg ICAgICAgICAgZGVzdC0tOyAvLyByZW1vdmUgdHJhaWxpbmcgbmV3bGluZXMKICAgICAgICAgICAg ICAgICAgICAgICAgIEF0b21pY1N0cmluZyB2KGJ1ZmZlciArIDEsIGRlc3QgLSBidWZmZXIgLSAx KTsKLSAgICAgICAgICAgICAgICAgICAgICAgIGF0dHJOYW1lID0gdjsgLy8gSnVzdCBtYWtlIHRo ZSBuYW1lL3ZhbHVlIG1hdGNoLiAoRklYTUU6IElzIHRoaXMgc29tZSBXaW5JRSBxdWlyaz8pCisg ICAgICAgICAgICAgICAgICAgICAgICBpZiAoIXYuY29udGFpbnMoJy8nKSkKKyAgICAgICAgICAg ICAgICAgICAgICAgICAgICBhdHRyTmFtZSA9IHY7IC8vIEp1c3QgbWFrZSB0aGUgbmFtZS92YWx1 ZSBtYXRjaC4gKEZJWE1FOiBJcyB0aGlzIHNvbWUgV2luSUUgcXVpcms/KQogICAgICAgICAgICAg ICAgICAgICAgICAgY3VyclRva2VuLmFkZEF0dHJpYnV0ZShtX2RvYywgYXR0ck5hbWUsIHYsIGlu Vmlld1NvdXJjZU1vZGUoKSk7CiAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoaW5WaWV3U291 cmNlTW9kZSgpKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgIGN1cnJUb2tlbi5hZGRWaWV3 U291cmNlQ2hhcigneCcpOwpAQCAtMTM3Niw3ICsxMzc3LDcgQEAgSFRNTFRva2VuaXplcjo6U3Rh dGUgSFRNTFRva2VuaXplcjo6cGFyc2VUYWcoU2VnbWVudGVkU3RyaW5nICZzcmMsIFN0YXRlIHN0 YXRlKQogICAgICAgICAgICAgICAgICAgICAgICAgd2hpbGUgKGRlc3QgPiBidWZmZXIgKyAxICYm IChkZXN0Wy0xXSA9PSAnXG4nIHx8IGRlc3RbLTFdID09ICdccicpKQogICAgICAgICAgICAgICAg ICAgICAgICAgICAgIGRlc3QtLTsgLy8gcmVtb3ZlIHRyYWlsaW5nIG5ld2xpbmVzCiAgICAgICAg ICAgICAgICAgICAgICAgICBBdG9taWNTdHJpbmcgdihidWZmZXIgKyAxLCBkZXN0IC0gYnVmZmVy IC0gMSk7Ci0gICAgICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ck5hbWUuaXNFbXB0eSgpKSB7 CisgICAgICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ck5hbWUuaXNFbXB0eSgpICYmICF2LmNv bnRhaW5zKCcvJykpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgICBhdHRyTmFtZSA9IHY7 IC8vIE1ha2UgdGhlIG5hbWUgbWF0Y2ggdGhlIHZhbHVlLiAoRklYTUU6IElzIHRoaXMgYSBXaW5J RSBxdWlyaz8pCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgaWYgKGluVmlld1NvdXJjZU1v ZGUoKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY3VyclRva2VuLmFkZFZpZXdT b3VyY2VDaGFyKCd4Jyk7Cg==