6236 2005-12-24 14:08:28 -0800 REGRESSION: Crash in DOMString::replace() in ToT (12/25/05) 2006-01-31 21:20:39 -0800 1 1 1 Unclassified WebKit Layout and Rendering 420+ Mac OS X 10.4 RESOLVED FIXED http://ishi.blog2.fc2.com/blog-entry-158.html P1 Normal --- 1 webkit-bugs webkit-unassigned mitz oldest_to_newest 26498 0 webkit-bugs 2005-12-24 14:08:28 -0800 Crashes when connecting to the aforementioned URL. Special because said URL was on fark.com today. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.WebCore 0x018b710c DOM::DOMStringImpl::replace(QChar, QChar) + 156 (dom_stringimpl.cpp:456) 1 com.apple.WebCore 0x01a95408 DOM::DOMString::replace(QChar, QChar) + 76 (dom_string.h:76) 2 com.apple.WebCore 0x0184ddc4 khtml::RenderLineEdit::updateFromElement() + 296 (render_form.cpp:298) 3 com.apple.WebCore 0x017d9c04 DOM::HTMLGenericFormElementImpl::attach() + 160 (html_formimpl.cpp:798) 4 com.apple.WebCore 0x017eb340 DOM::HTMLInputElementImpl::attach() + 796 (html_formimpl.cpp:1753) 5 com.apple.WebCore 0x01814240 HTMLParser::insertNode(DOM::NodeImpl*, bool) + 636 (htmlparser.cpp:286) 6 com.apple.WebCore 0x01814c5c HTMLParser::parseToken(khtml::Token*) + 1216 (htmlparser.cpp:231) 7 com.apple.WebCore 0x018178e0 khtml::HTMLTokenizer::processToken() + 564 (htmltokenizer.cpp:1724) 8 com.apple.WebCore 0x0181b698 khtml::HTMLTokenizer::parseTag (khtml::TokenizerString&, khtml::HTMLTokenizer::State) + 7424 (htmltokenizer.cpp:1282) 9 com.apple.WebCore 0x0181c158 khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) + 1784 (htmltokenizer.cpp:1497) 10 com.apple.WebCore 0x01737da8 KHTMLPart::write(char const*, int) + 860 (khtml_part.cpp:966) 11 com.apple.WebCore 0x016b4984 KWQKHTMLPart::addData(char const*, int) + 320 (KWQKHTMLPart.mm:683) 12 com.apple.WebCore 0x01724554 -[WebCoreBridge addData:] + 220 (WebCoreBridge.mm:389) 13 com.apple.WebKit 0x00333e7c -[WebBridge receivedData:textEncodingName:] + 236 (WebBridge.m:494) 14 com.apple.WebKit 0x0036eb08 -[WebHTMLRepresentation receivedData:withDataSource:] + 248 (WebHTMLRepresentation.m:122) 15 com.apple.WebKit 0x0035812c -[WebDataSource(WebPrivate) _commitLoadWithData:] + 164 (WebDataSource.m:1033) 16 com.apple.WebKit 0x00356780 -[WebDataSource(WebPrivate) _receivedData:] + 196 (WebDataSource.m:773) 17 com.apple.WebKit 0x00393450 -[WebMainResourceLoader addData:] + 136 (WebMainResourceLoader.m:163) 18 com.apple.WebKit 0x003502b8 -[WebLoader didReceiveData:lengthReceived:] + 108 (WebLoader.m:535) 19 com.apple.WebKit 0x00394a54 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 724 (WebMainResourceLoader.m:378) 20 com.apple.WebKit 0x00350e1c -[WebLoader connection:didReceiveData:lengthReceived:] + 188 (WebLoader.m:645) 21 com.apple.Foundation 0x92918a64 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 22 com.apple.Foundation 0x92916f04 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488 23 com.apple.Foundation 0x92916ca0 _sendCallbacks + 156 24 com.apple.CoreFoundation 0x9075da68 __CFRunLoopDoSources0 + 384 25 com.apple.CoreFoundation 0x9075cf98 __CFRunLoopRun + 452 26 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 27 com.apple.HIToolbox 0x9318e1e0 RunCurrentEventLoopInMode + 264 28 com.apple.HIToolbox 0x9318d874 ReceiveNextEventCommon + 380 29 com.apple.HIToolbox 0x9318d6e0 BlockUntilNextEventMatchingListInMode + 96 30 com.apple.AppKit 0x9368c104 _DPSNextEvent + 384 31 com.apple.AppKit 0x9368bdc8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 32 com.apple.Safari 0x000072f4 0x1000 + 25332 33 com.apple.AppKit 0x9368830c -[NSApplication run] + 472 34 com.apple.AppKit 0x93778e60 NSApplicationMain + 452 35 com.apple.Safari 0x0005d028 0x1000 + 376872 36 com.apple.Safari 0x0005cecc 0x1000 + 376524 26500 1 mitz 2005-12-24 14:28:22 -0800 The new method DOMString::replace() is missing a null check for m_impl. 26505 2 5275 mitz 2005-12-24 15:27:43 -0800 Created attachment 5275 Add missing null check 26506 3 5275 eric 2005-12-24 16:07:13 -0800 Comment on attachment 5275 Add missing null check Once again, mitz cleaning up my mess. Thanks mitz. r=me. 26516 4 mitz 2005-12-24 22:38:58 -0800 Eric committed the fix. 29392 5 joost 2006-01-22 04:56:14 -0800 Removing keyword(s) since bug is fixed. 29416 6 joost 2006-01-22 05:00:28 -0800 Removing keyword(s) since bug is fixed. 30859 7 eric 2006-01-31 21:20:39 -0800 Removing Regression keyword from bugs already fixed. 5275 2005-12-24 15:27:43 -0800 2005-12-24 16:07:13 -0800 Add missing null check 6236_r1.patch text/plain 4534 mitz SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAvY3ZzL3Jv b3QvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nLHYKcmV0cmlldmluZyByZXZpc2lvbiAxLjE4NApkaWZm IC1wIC11IC1yMS4xODQgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCi0tLSBMYXlvdXRUZXN0cy9DaGFu Z2VMb2cJMjMgRGVjIDIwMDUgMDg6MzU6MzggLTAwMDAJMS4xODQKKysrIExheW91dFRlc3RzL0No YW5nZUxvZwkyNCBEZWMgMjAwNSAyMzozNDoxNSAtMDAwMApAQCAtMSwzICsxLDEzIEBACisyMDA1 LTEyLSMjICBNaXR6IFBldHRlbCAgPG9wZW5kYXJ3aW4ub3JnQG1pdHpwZXR0ZWwuY29tPgorCisg ICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWShPT1BTISkuCisKKyAgICAgICAgLSB0ZXN0IGZvciBo dHRwOi8vYnVnemlsbGEub3BlbmRhcndpbi5vcmcvc2hvd19idWcuY2dpP2lkPTYyMzYKKyAgICAg ICAgICBSRUdSRVNTSU9OOiBDcmFzaCBpbiBET01TdHJpbmc6OnJlcGxhY2UoKSBpbiBUb1QgKDEy LzI1LzA1KQorCisgICAgICAgICogZmFzdC9mb3Jtcy9kb21zdHJpbmctcmVwbGFjZS1jcmFzaC1l eHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGZhc3QvZm9ybXMvZG9tc3RyaW5nLXJlcGxh Y2UtY3Jhc2guaHRtbDogQWRkZWQuCisKIDIwMDUtMTItMjIgIEFsZXhleSBQcm9za3VyeWFrb3Yg IDxhcEBueXBvcC5jb20+DQ0gICAgICAgIFJldmlld2VkIGJ5IERhcmluIEFkbGVyLg0NICAgICAg ICAtIGZpeCBodHRwOi8vYnVnemlsbGEub3BlbmRhcndpbi5vcmcvc2hvd19idWcuY2dpP2lkPTYx MTgNICAgICAgICBJbnZlc3RpZ2F0ZSBub3QgdXNpbmcgdGhlIGZyYW1lc2V0IGNoYXJzZXQgYXMg YSBkZWZhdWx0IGZvciBmcmFtZXMNDSAgICAgICAgKiBmYXN0L2VuY29kaW5nL2ZyYW1lLWRlZmF1 bHQtZW5jLWV4cGVjdGVkLmNoZWNrc3VtOiBBZGRlZC4NICAgICAgICAqIGZhc3QvZW5jb2Rpbmcv ZnJhbWUtZGVmYXVsdC1lbmMtZXhwZWN0ZWQucG5nOiBBZGRlZC4NICAgICAgICAqIGZhc3QvZW5j b2RpbmcvZnJhbWUtZGVmYXVsdC1lbmMtZXhwZWN0ZWQudHh0OiBBZGRlZC4NICAgICAgICAqIGZh c3QvZW5jb2RpbmcvZnJhbWUtZGVmYXVsdC1lbmMuaHRtbDogQWRkZWQuDSAgICAgICAgKiBmYXN0 L2VuY29kaW5nL3Jlc291cmNlcy9mcmFtZS1kZWZhdWx0LWVuYy1mcmFtZS5odG1sOiBBZGRlZC4N CiAKIDIwMDUtMTItMjIgIEp1c3RpbiBHYXJjaWEgIDxqdXN0aW4uZ2FyY2lhQGFwcGxlLmNvbT4K SW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZm9ybXMvZG9tc3RyaW5nLXJlcGxhY2UtY3Jhc2gtZXhw ZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT0KZGlmZiAtTnB1IExheW91dFRlc3RzL2Zhc3QvZm9ybXMvZG9t c3RyaW5nLXJlcGxhY2UtY3Jhc2gtZXhwZWN0ZWQudHh0Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2Zv cm1zL2RvbXN0cmluZy1yZXBsYWNlLWNyYXNoLWV4cGVjdGVkLnR4dAkxIEphbiAxOTcwIDAwOjAw OjAwIC0wMDAwCisrKyBMYXlvdXRUZXN0cy9mYXN0L2Zvcm1zL2RvbXN0cmluZy1yZXBsYWNlLWNy YXNoLWV4cGVjdGVkLnR4dAkyNCBEZWMgMjAwNSAyMzoyMDo0MyAtMDAwMApAQCAtMCwwICsxLDQg QEAKK1RoaXMgdGVzdCBjaGVja3MgZm9yIGEgcmVncmVzc2lvbiBhZ2FpbnN0IGh0dHA6Ly9idWd6 aWxsYS5vcGVuZGFyd2luLm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NjIzNiBSRUdSRVNTSU9OOiBDcmFz aCBpbiBET01TdHJpbmc6OnJlcGxhY2UoKSBpbiBUb1QgKDEyLzI1LzA1KS4KKworTm8gY3Jhc2gg PSB0ZXN0IFBBU1MuCisKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZm9ybXMvZG9tc3RyaW5nLXJl cGxhY2UtY3Jhc2guaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09CmRpZmYgLU5wdSBMYXlvdXRUZXN0cy9mYXN0L2Zv cm1zL2RvbXN0cmluZy1yZXBsYWNlLWNyYXNoLmh0bWwKLS0tIExheW91dFRlc3RzL2Zhc3QvZm9y bXMvZG9tc3RyaW5nLXJlcGxhY2UtY3Jhc2guaHRtbAkxIEphbiAxOTcwIDAwOjAwOjAwIC0wMDAw CisrKyBMYXlvdXRUZXN0cy9mYXN0L2Zvcm1zL2RvbXN0cmluZy1yZXBsYWNlLWNyYXNoLmh0bWwJ MjQgRGVjIDIwMDUgMjM6MDQ6MjggLTAwMDAKQEAgLTAsMCArMSwyMiBAQAorPD94bWwgdmVyc2lv bj0iMS4wIiBlbmNvZGluZz0iRVVDLUpQIj8+PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0Mv L0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFsLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3ho dG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25hbC5kdGQiPgorPGh0bWwgeG1sbnM9Imh0dHA6Ly93 d3cudzMub3JnLzE5OTkveGh0bWwiIGxhbmc9ImVuIj4KKzxoZWFkPgorPHNjcmlwdCB0eXBlPSJ0 ZXh0L2phdmFzY3JpcHQiPgoraWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikKKyAgICBs YXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cis8L3NjcmlwdD4KKzx0aXRsZT4KKzwv dGl0bGU+Cis8L2hlYWQ+Cis8Ym9keT4KKzxwPgorVGhpcyB0ZXN0IGNoZWNrcyBmb3IgYSByZWdy ZXNzaW9uIGFnYWluc3QKKzxpPjxhIGhyZWY9Imh0dHA6Ly9idWd6aWxsYS5vcGVuZGFyd2luLm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9NjIzNiI+aHR0cDovL2J1Z3ppbGxhLm9wZW5kYXJ3aW4ub3JnL3No b3dfYnVnLmNnaT9pZD02MjM2PC9hPiBSRUdSRVNTSU9OOiBDcmFzaCBpbiBET01TdHJpbmc6OnJl cGxhY2UoKSBpbiBUb1QgKDEyLzI1LzA1KTwvaT4uCis8L3A+CitObyBjcmFzaCA9IHRlc3QgUEFT Uy4KKzwvcD4KKzxmb3JtPgorPGlucHV0IHR5cGU9InRleHQiLz4KKzwvZm9ybT4KKzwvYm9keT4K KzwvaHRtbD4KSW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9j dnMvcm9vdC9XZWJDb3JlL0NoYW5nZUxvZyx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS4zNwpkaWZm IC1wIC11IC1yMS4zNyBXZWJDb3JlL0NoYW5nZUxvZwotLS0gV2ViQ29yZS9DaGFuZ2VMb2cJMjQg RGVjIDIwMDUgMTA6MDI6MjEgLTAwMDAJMS4zNworKysgV2ViQ29yZS9DaGFuZ2VMb2cJMjQgRGVj IDIwMDUgMjM6MzQ6MzggLTAwMDAKQEAgLTEsMyArMSwxNSBAQAorMjAwNS0xMi0jIyAgTWl0eiBQ ZXR0ZWwgIDxvcGVuZGFyd2luLm9yZ0BtaXR6cGV0dGVsLmNvbT4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkoT09QUyEpLgorICAgICAgICAKKyAgICAgICAgVGVzdDogZmFzdC9mb3Jtcy9k b21zdHJpbmctcmVwbGFjZS1jcmFzaC5odG1sCisKKyAgICAgICAgLSBmaXggaHR0cDovL2J1Z3pp bGxhLm9wZW5kYXJ3aW4ub3JnL3Nob3dfYnVnLmNnaT9pZD02MjM2CisgICAgICAgICAgUkVHUkVT U0lPTjogQ3Jhc2ggaW4gRE9NU3RyaW5nOjpyZXBsYWNlKCkgaW4gVG9UICgxMi8yNS8wNSkKKwor ICAgICAgICAqIGtodG1sL2RvbS9kb21fc3RyaW5nLmg6CisgICAgICAgIChET01TdHJpbmc6OnJl cGxhY2UpOiBBZGRlZCBjaGVjayBmb3IgbnVsbCBtX2ltcGwuCisKIDIwMDUtMTItMjQgIE1pdHog UGV0dGVsICA8b3BlbmRhcndpbi5vcmdAbWl0enBldHRlbC5jb20+CiAKICAgICAgICAgUmV2aWV3 ZWQgYnkgTWFjaWVqLgpJbmRleDogV2ViQ29yZS9raHRtbC9kb20vZG9tX3N0cmluZy5oCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KUkNTIGZpbGU6IC9jdnMvcm9vdC9XZWJDb3JlL2todG1sL2RvbS9kb21fc3RyaW5nLmgs dgpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMTcKZGlmZiAtcCAtdSAtcjEuMTcgV2ViQ29yZS9raHRt bC9kb20vZG9tX3N0cmluZy5oCi0tLSBXZWJDb3JlL2todG1sL2RvbS9kb21fc3RyaW5nLmgJMjMg RGVjIDIwMDUgMTg6NDQ6MDggLTAwMDAJMS4xNworKysgV2ViQ29yZS9raHRtbC9kb20vZG9tX3N0 cmluZy5oCTI0IERlYyAyMDA1IDIzOjM0OjQxIC0wMDAwCkBAIC03Myw3ICs3Myw3IEBAIHB1Ymxp YzoKICAgICBjb25zdCBRQ2hhciAmb3BlcmF0b3IgW10odW5zaWduZWQgaW50IGkpIGNvbnN0Owog CiAgICAgaW50IGZpbmQoY29uc3QgUUNoYXIgYywgaW50IHN0YXJ0ID0gMCkgY29uc3Q7Ci0gICAg RE9NU3RyaW5nICZyZXBsYWNlKFFDaGFyIGEsIFFDaGFyIGIpIHsgbV9pbXBsID0gbV9pbXBsLT5y ZXBsYWNlKGEsIGIpOyByZXR1cm4gKnRoaXM7IH0KKyAgICBET01TdHJpbmcgJnJlcGxhY2UoUUNo YXIgYSwgUUNoYXIgYikgeyBpZiAobV9pbXBsKSBtX2ltcGwgPSBtX2ltcGwtPnJlcGxhY2UoYSwg Yik7IHJldHVybiAqdGhpczsgfQogCiAgICAgdWludCBsZW5ndGgoKSBjb25zdDsKICAgICB2b2lk IHRydW5jYXRlKCB1bnNpZ25lZCBpbnQgbGVuICk7Cg==