| Summary: | Division by zero in fast-dtoa.cc. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | peavo | ||||
| Component: | Web Template Framework | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | RESOLVED INVALID | ||||||
| Severity: | Normal | CC: | achristensen, ap, benjamin, bfulgham, cmarcelo, commit-queue, darin | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
Created attachment 235127 [details]
Patch
Comment on attachment 235127 [details]
Patch
Could you also supply a test case? How did you discover this problem?
(In reply to comment #2) > (From update of attachment 235127 [details]) > Could you also supply a test case? How did you discover this problem? I don't have a testcase available currently, but I can see if I can come up with one. Before adding the check, I got the crash fairly often during "normal" browsing. I don't remember any specific sites, though. (In reply to comment #3) > Before adding the check, I got the crash fairly often during "normal" browsing. I don’t think we have reports of this crash on Mac. I believe Intel processors raise an exception on division by zero, and that’s what Macs use. Is this code that’s not used in the Mac port? Comment on attachment 235127 [details]
Patch
First, I agree with Darin: this must have a test.
But even with the test, I do not believe this would be the right fix. If divisor is zero, that likely means the input is invalid. If that happen, we should handle that earlier in the stack (or maybe an early return in DigitGen()). I don't think you can just ignore this loop.
(In reply to comment #5) Thanks for reviewing :) > (From update of attachment 235127 [details]) > First, I agree with Darin: this must have a test. > > But even with the test, I do not believe this would be the right fix. If divisor is zero, that likely means the input is invalid. If that happen, we should handle that earlier in the stack (or maybe an early return in DigitGen()). I don't think you can just ignore this loop. Sounds good, I will try get some more details on the crash, but "unfortunately" I haven't seen the crash the last couple of days ... I haven't seen this crash in a long time now, so I believe it has been fixed. |
I occasionally get a divison by zero exception on line 445 in fast-dtoa.cc. 444 while (*kappa > 0) { 445 int digit = integrals / divisor; 446 buffer[*length] = '0' + digit;