15839 2007-11-04 22:17:45 -0800 fast/dom/xmlhttprequest-html-response-encoding.html crashes in PCRE under GuardMalloc 2007-12-03 02:23:09 -0800 1 1 1 Unclassified WebKit JavaScriptCore 523.x (Safari 3) Mac OS X 10.4 VERIFIED WORKSFORME HasReduction, InRadar P1 Normal --- 1 ap webkit-unassigned eric mitz mrowe oldest_to_newest 60274 0 ap 2007-11-04 22:17:45 -0800 run-webkit-tests -g fast/dom/xmlhttprequest-html-response-encoding.html Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0028037c jsRegExpCompile + 1744 (pcre_compile.c:2793) 1 com.apple.JavaScriptCore 0x00218b78 KJS::RegExp::RegExp[in-charge](KJS::UString const&, int) + 216 (regexp.cpp:46) 2 com.apple.JavaScriptCore 0x002490e4 KJS::RegExpObjectImp::construct(KJS::ExecState*, KJS::List const&) + 784 (regexp_object.cpp:443) 3 com.apple.JavaScriptCore 0x002369f4 KJS::RegExpNode::evaluate(KJS::ExecState*) + 192 (nodes.cpp:390) 4 com.apple.JavaScriptCore 0x00241a90 KJS::ArgumentListNode::evaluateList(KJS::ExecState*, KJS::List&) + 100 (nodes.cpp:623) ... 60275 1 ap 2007-11-04 22:24:50 -0800 This looks like a logic error in jsRegExpCompile; I'm wondering if it's been fixed in upstream PCRE already. 60277 2 ap 2007-11-04 22:42:14 -0800 At a second glance, I think it's PCRE expecting a null-terminated string - we've stopped doing that in bug 11849. 62262 3 ap 2007-11-25 00:03:00 -0800 *** Bug 16127 has been marked as a duplicate of this bug. *** 62263 4 eric 2007-11-25 00:08:27 -0800 I can look at this once I finally land all my PCRE cleanup changes. 62409 5 mrowe 2007-11-26 16:26:02 -0800 <rdar://problem/5611792> 62782 6 eric 2007-11-30 04:44:53 -0800 I can't reproduce this on TOT. 63109 7 ap 2007-12-03 02:23:09 -0800 Neither can I.