6494 2006-01-11 09:09:19 -0800 Crash when assigning a new function to a DOMParser object 2006-01-12 14:39:09 -0800 1 1 1 Unclassified WebKit JavaScriptCore 420+ Mac OS X 10.4 RESOLVED FIXED P1 Critical --- 1 mike andersca oldest_to_newest 28243 0 mike 2006-01-11 09:09:19 -0800 When I assign a new function to an instance of the DOMParser class Safari crashes. This crash also happens on OSX 10.3 w/ Webkit 312. To reproduce: var parser = new DOMParser(); parser.loadXML = function(document_string) { return parser.parseFromString(document_string, 'text/xml'); } To work-around: var parser = new function {} var dom_parser = new DOMParser(); parser.loadXML = function(document_string) { return dom_parser.parseFromString(document_string, 'text/xml'); } 28321 1 ap 2006-01-12 13:18:39 -0800 Confirmed on ToT. Since there exists a workaround, should this really be critical severity? 0 findEntry(KJS::HashTable const*, unsigned, KJS::UChar const*, unsigned) + 156 (lookup.cpp:56) 1 KJS::Lookup::findEntry(KJS::HashTable const*, KJS::Identifier const&) + 108 (lookup.cpp:73) 2 KJS::JSObject::findPropertyHashEntry(KJS::Identifier const&) const + 108 (object.cpp:382) 3 KJS::JSObject::getPropertyAttributes(KJS::Identifier const&, int&) const + 112 (object.cpp:475) 4 KJS::JSObject::canPut(KJS::ExecState*, KJS::Identifier const&) const + 48 (object.cpp:285) 5 KJS::JSObject::put(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int) + 232 (object.cpp:214) 6 KJS::AssignDotNode::evaluate(KJS::ExecState*) + 1740 (nodes.cpp:1350) ... 28330 2 5631 andersca 2006-01-12 14:30:48 -0800 Created attachment 5631 Fix The problem here is that the DOMParserTable hash table is empty, which leads to modulo by zero in Lookup::findEntry. 5631 2006-01-12 14:30:48 -0800 2006-01-12 14:38:23 -0800 Fix jscore-hash-fix.txt text/plain 4090 andersca SW5kZXg6IEphdmFTY3JpcHRDb3JlL2tqcy9sb29rdXAuY3BwCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEphdmFT Y3JpcHRDb3JlL2tqcy9sb29rdXAuY3BwCShyZXZpc2lvbiAxMjAzNCkKKysrIEphdmFTY3JpcHRD b3JlL2tqcy9sb29rdXAuY3BwCShhcmJldHNrb3BpYSkKQEAgLTQ5LDcgKzQ5LDExIEBAIHN0YXRp YyBpbmxpbmUgY29uc3QgSGFzaEVudHJ5KiBmaW5kRW50cnkKICAgICByZXR1cm4gMDsKICAgfQog I2VuZGlmCisgIGlmICh0YWJsZS0+aGFzaFNpemUgPT0gMCkKKyAgICByZXR1cm4gMDsKKwogICBo YXNoICU9IHRhYmxlLT5oYXNoU2l6ZTsKKwogICBjb25zdCBIYXNoRW50cnkgKmUgPSAmdGFibGUt PmVudHJpZXNbaGFzaF07CiAKICAgLy8gZW1wdHkgYnVja2V0ID8KSW5kZXg6IEphdmFTY3JpcHRD b3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBKYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cJKHJl dmlzaW9uIDEyMDM3KQorKysgSmF2YVNjcmlwdENvcmUvQ2hhbmdlTG9nCShhcmJldHNrb3BpYSkK QEAgLTEsMyArMSwxNyBAQAorMjAwNi0wMS0xMiAgQW5kZXJzIENhcmxzc29uICA8YW5kZXJzY2FA bWFjLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICAtIGZpeCBodHRwOi8vYnVnemlsbGEub3BlbmRhcndpbi5vcmcvc2hvd19idWcuY2dpP2lkPTY0 OTQKKyAgICAgICAgQ3Jhc2ggd2hlbiBhc3NpZ25pbmcgYSBuZXcgZnVuY3Rpb24gdG8gYSBET01Q YXJzZXIgb2JqZWN0CisgICAgICAgIAorICAgICAgICAqIEphdmFTY3JpcHRDb3JlLnhjb2RlcHJv ai9wcm9qZWN0LnBieHByb2o6CisgICAgICAgIE1vdmUgbG9va3VwLmNwcCBiZWZvcmUgbG9va3Vw LmgKKyAgICAgICAgCisgICAgICAgICoga2pzL2xvb2t1cC5jcHA6CisgICAgICAgIChmaW5kRW50 cnkpOgorICAgICAgICBJZiB0aGUgaGFzaCB0YWJsZSBpcyBlbXB0eSwgcmV0dXJuIDAgZWFybHku CisKIDIwMDYtMDEtMTIgIEdlb3JnZSBTdGFpa29zIDxzdGFpa29zQGtkZS5vcmc+CiAKICAgICAg ICAgUmV2aWV3ZWQgYnkgRGFyaW4uCkluZGV4OiBKYXZhU2NyaXB0Q29yZS9KYXZhU2NyaXB0Q29y ZS54Y29kZXByb2ovcHJvamVjdC5wYnhwcm9qCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIEphdmFTY3JpcHRDb3Jl L0phdmFTY3JpcHRDb3JlLnhjb2RlcHJvai9wcm9qZWN0LnBieHByb2oJKHJldmlzaW9uIDEyMDM0 KQorKysgSmF2YVNjcmlwdENvcmUvSmF2YVNjcmlwdENvcmUueGNvZGVwcm9qL3Byb2plY3QucGJ4 cHJvagkoYXJiZXRza29waWEpCkBAIC01NjAsMTAgKzU2MCwxMCBAQAogCQkJCUY2OTJBODYxMDI1 NTU5N0QwMUZGNjBGNyAvKiBpbnRlcm5hbC5jcHAgKi8sCiAJCQkJRjY5MkE4NjMwMjU1NTk3RDAx RkY2MEY3IC8qIGludGVycHJldGVyLmNwcCAqLywKIAkJCQlGNjkyQTg2NDAyNTU1OTdEMDFGRjYw RjcgLyogaW50ZXJwcmV0ZXIuaCAqLywKLQkJCQlGNjkyQTg2ODAyNTU1OTdEMDFGRjYwRjcgLyog bG9va3VwLmNwcCAqLywKIAkJCQk5MzFDNkNFRjAzOEVFOERFMDA4NjM1Q0UgLyogbGlzdC5oICov LAogCQkJCTkzMUM2Q0YwMDM4RUU4REUwMDg2MzVDRSAvKiBsaXN0LmNwcCAqLywKIAkJCQlGNjky QTg2OTAyNTU1OTdEMDFGRjYwRjcgLyogbG9va3VwLmggKi8sCisJCQkJRjY5MkE4NjgwMjU1NTk3 RDAxRkY2MEY3IC8qIGxvb2t1cC5jcHAgKi8sCiAJCQkJRjY5MkE4NkEwMjU1NTk3RDAxRkY2MEY3 IC8qIG1hdGhfb2JqZWN0LmNwcCAqLywKIAkJCQlGNjkyQTg2QjAyNTU1OTdEMDFGRjYwRjcgLyog bWF0aF9vYmplY3QuaCAqLywKIAkJCQlGNjkyQTg2RTAyNTU1OTdEMDFGRjYwRjcgLyogbm9kZXMu aCAqLywKSW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRU ZXN0cy9DaGFuZ2VMb2cJKHJldmlzaW9uIDEyMDM3KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9n CShhcmJldHNrb3BpYSkKQEAgLTEsNSArMSwxNSBAQAogMjAwNi0wMS0xMiAgQW5kZXJzIENhcmxz c29uICA8YW5kZXJzY2FAbWFjLmNvbT4KIAorICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICAtIEFkZCB0ZXN0IGZvciBodHRwOi8vYnVnemlsbGEub3BlbmRhcndp bi5vcmcvc2hvd19idWcuY2dpP2lkPTY0OTQKKyAgICAgICAgQ3Jhc2ggd2hlbiBhc3NpZ25pbmcg YSBuZXcgZnVuY3Rpb24gdG8gYSBET01QYXJzZXIgb2JqZWN0CisgICAgICAgIAorICAgICAgICAq IGZhc3QvZG9tL0RPTVBhcnNlci1hc3NpZ24tdmFyaWFibGUtZXhwZWN0ZWQudHh0OiBBZGRlZC4K KyAgICAgICAgKiBmYXN0L2RvbS9ET01QYXJzZXItYXNzaWduLXZhcmlhYmxlLmh0bWw6IEFkZGVk LgorCisyMDA2LTAxLTEyICBBbmRlcnMgQ2FybHNzb24gIDxhbmRlcnNjYUBtYWMuY29tPgorCiAg ICAgICAgIFJldmlld2VkIGJ5IERhcmluLgogCiAgICAgICAgIC0gQWRkIHRlc3RzIGZvciBodHRw Oi8vYnVnemlsbGEub3BlbmRhcndpbi5vcmcvc2hvd19idWcuY2dpP2lkPTUxNTMKSW5kZXg6IExh eW91dFRlc3RzL2Zhc3QvZG9tL0RPTVBhcnNlci1hc3NpZ24tdmFyaWFibGUtZXhwZWN0ZWQudHh0 Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvZG9tL0RPTVBhcnNlci1hc3NpZ24tdmFy aWFibGUtZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVzdHMvZmFzdC9kb20v RE9NUGFyc2VyLWFzc2lnbi12YXJpYWJsZS1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0w LDAgKzEsMiBAQAorVGhpcyBjcmVhdGVzIGEgRE9NUGFyc2VyIG9iamVjdCBhbmQgdHJpZXMgdG8g YXNzaWduIGl0IHRvIGEgdmFyaWFibGUuIElmIHRoZSB0ZXN0IGlzIHN1Y2Nlc3NmdWwsIGl0IHNo b3VsZCBub3QgY3Jhc2guCisKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvZG9tL0RPTVBhcnNlci1h c3NpZ24tdmFyaWFibGUuaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2RvbS9E T01QYXJzZXItYXNzaWduLXZhcmlhYmxlLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0 cy9mYXN0L2RvbS9ET01QYXJzZXItYXNzaWduLXZhcmlhYmxlLmh0bWwJKHJldmlzaW9uIDApCkBA IC0wLDAgKzEsMjUgQEAKKzwhRE9DVFlQRSBIVE1MIFBVQkxJQyAiLS8vVzNDLy9EVEQgSFRNTCA0 LjAxIFRyYW5zaXRpb25hbC8vRU4iCisgICAgICAgICJodHRwOi8vd3d3LnczLm9yZy9UUi9odG1s NC9sb29zZS5kdGQiPgorPGh0bWw+Cis8aGVhZD4KKzxzY3JpcHQ+CitmdW5jdGlvbiBkZWJ1Zyhz dHIpIHsKKyAgICB2YXIgYyA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdjb25zb2xlJykKKyAg ICBjLmFwcGVuZENoaWxkKGRvY3VtZW50LmNyZWF0ZVRleHROb2RlKHN0ciArICdcbicpKTsKK30K KworZnVuY3Rpb24gcnVuVGVzdHMoKSB7CisgICAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJv bGxlcikgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICAgIAorICAgIHZhciBw YXJzZXIgPSBuZXcgRE9NUGFyc2VyKCk7CisgICAgcGFyc2VyLnRlc3QgPSAidGVzdCIKK30KKwor PC9zY3JpcHQ+Cis8L2hlYWQ+Cis8Ym9keSBvbmxvYWQ9InJ1blRlc3RzKCk7Ij4KK1RoaXMgY3Jl YXRlcyBhIERPTVBhcnNlciBvYmplY3QgYW5kIHRyaWVzIHRvIGFzc2lnbiBpdCB0byBhIHZhcmlh YmxlLiBJZiB0aGUgdGVzdCBpcyBzdWNjZXNzZnVsLCBpdCBzaG91bGQgbm90IGNyYXNoLiAKKzxw cmUgaWQ9ImNvbnNvbGUiPgorPC9wcmU+Cis8L2JvZHk+Cis8L2h0bWw+Cg==