Bug 135049

Summary: Division by zero in fast-dtoa.cc.
Product: WebKit Reporter: peavo
Component: Web Template FrameworkAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: achristensen, ap, benjamin, bfulgham, cmarcelo, commit-queue, darin
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch benjamin: review-

peavo
Reported 2014-07-18 07:36:08 PDT
I occasionally get a divison by zero exception on line 445 in fast-dtoa.cc. 444 while (*kappa > 0) { 445 int digit = integrals / divisor; 446 buffer[*length] = '0' + digit;
Attachments
Patch (1.20 KB, patch)
2014-07-18 07:39 PDT, peavo 		benjamin: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
peavo
Comment 1 2014-07-18 07:39:27 PDT
Created attachment 235127 [details] Patch
Darin Adler
Comment 2 2014-07-18 08:26:36 PDT
Comment on attachment 235127 [details] Patch Could you also supply a test case? How did you discover this problem?
peavo
Comment 3 2014-07-18 10:32:10 PDT
(In reply to comment #2) > (From update of attachment 235127 [details]) > Could you also supply a test case? How did you discover this problem? I don't have a testcase available currently, but I can see if I can come up with one. Before adding the check, I got the crash fairly often during "normal" browsing. I don't remember any specific sites, though.
Darin Adler
Comment 4 2014-07-18 12:16:54 PDT
(In reply to comment #3) > Before adding the check, I got the crash fairly often during "normal" browsing. I don’t think we have reports of this crash on Mac. I believe Intel processors raise an exception on division by zero, and that’s what Macs use. Is this code that’s not used in the Mac port?
Benjamin Poulain
Comment 5 2014-07-20 23:47:09 PDT
Comment on attachment 235127 [details] Patch First, I agree with Darin: this must have a test. But even with the test, I do not believe this would be the right fix. If divisor is zero, that likely means the input is invalid. If that happen, we should handle that earlier in the stack (or maybe an early return in DigitGen()). I don't think you can just ignore this loop.
peavo
Comment 6 2014-07-21 11:08:26 PDT
(In reply to comment #5) Thanks for reviewing :) > (From update of attachment 235127 [details]) > First, I agree with Darin: this must have a test. > > But even with the test, I do not believe this would be the right fix. If divisor is zero, that likely means the input is invalid. If that happen, we should handle that earlier in the stack (or maybe an early return in DigitGen()). I don't think you can just ignore this loop. Sounds good, I will try get some more details on the crash, but "unfortunately" I haven't seen the crash the last couple of days ...
peavo
Comment 7 2015-01-27 23:03:01 PST
I haven't seen this crash in a long time now, so I believe it has been fixed.
Note You need to log in before you can comment on or make changes to this bug.