Bug 13942

Summary: ASSERTION FAILED: !attrName.contains('/') in HTMLTokenizer.cpp:132 when loading http://bamanzi.blogeden.cn/
Product: WebKit Reporter: Anders Carlsson <andersca>
Component: Page LoadingAssignee: Julien Chaffraix <jchaffraix>
Status: RESOLVED FIXED    
Severity: Normal CC: ddkilzer, eric, jchaffraix
Priority: P2    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
Check for '/' when assigning value to attribute to avoid triggering the assertion darin: review+

Anders Carlsson
Reported 2007-05-30 16:36:04 PDT
Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x01392b92 in WebCore::Token::addAttribute (this=0x212c014, doc=0x212b600, attrName=@0x212c03c, v=@0x14dbff0, viewSourceMode=false) at /Volumes/Shared/WebKit/OpenSource/WebCore/html/HTMLTokenizer.cpp:132 132 ASSERT(!attrName.contains('/')); (gdb) print attrName.m_string.ascii() $3 = { m_size = 12, m_impl = { m_buffer = 0x16fdef20 "(??\"/?????\"", m_capacity = 16 } }
Attachments
Check for '/' when assigning value to attribute to avoid triggering the assertion (5.25 KB, patch)
2008-04-20 14:07 PDT, Julien Chaffraix 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-10-09 07:05:41 PDT
More sites that trip this assertion failure: http://www.allaboutolive.com.au/ [per Bug 14620 Comment #3] http://students.hamilton.edu/rugby/ http://www.gameres.com/ http://www.tf1.fr/
David Kilzer (:ddkilzer)
Comment 2 2007-10-09 08:11:41 PDT
(In reply to comment #1) > http://www.allaboutolive.com.au/ [per Bug 14620 Comment #3] Many instances of: <href ='http://www.allaboutolive.com.au/wp-content/uploads/2007/10/didnt-hear-again.jpg' title='didnt-hear-again.jpg'> > http://students.hamilton.edu/rugby/ <td ALIGN=CENTER VALIGN=CENTER WIDTH="9%" HEIGHT="50%" ="http://students.hamilton.edu/rugby/rugby_ball.gif"> > http://www.gameres.com/ I can't figure out where the string below is located in the document, but it appears to be within gb2312-encoded text. Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x016136f0 in WebCore::Token::addAttribute (this=0x2822818, doc=0x2844400, attrName=@0x2822848, v=@0x18fa3e8, viewSourceMode=false) at /Users/ddkilzer/Projects/Cocoa/WebKit/WebCore/html/HTMLTokenizer.cpp:133 133 ASSERT(!attrName.contains('/')); (gdb) p attrName.m_string.ascii() $1 = { m_size = 21, m_impl = { m_buffer = 0x2436bd0 "express/??(microsoft", m_capacity = 21 } } Current language: auto; currently c++ > http://www.tf1.fr/ <style ="text/css">
mitz
Comment 3 2008-03-06 10:11:38 PST
*** Bug 17695 has been marked as a duplicate of this bug. ***
David Kilzer (:ddkilzer)
Comment 4 2008-03-06 10:51:04 PST
*** Bug 14620 has been marked as a duplicate of this bug. ***
Julien Chaffraix
Comment 5 2008-04-20 14:07:24 PDT
Created attachment 20706 [details] Check for '/' when assigning value to attribute to avoid triggering the assertion
Darin Adler
Comment 6 2008-04-27 23:42:56 PDT
Comment on attachment 20706 [details] Check for '/' when assigning value to attribute to avoid triggering the assertion Is the "/" character the only bad character for an attribute name? This change seems fine as far as it goes, but I'm surprised that this is the only character that is allowed in attribute values but can cause us trouble in attribute names. Maybe ":"? r=me, but lets consider further testing with other characters
Julien Chaffraix
Comment 7 2008-05-15 13:03:51 PDT
(In reply to comment #6) > (From update of attachment 20706 [details] [edit]) > Is the "/" character the only bad character for an attribute name? No. > This change seems fine as far as it goes, but I'm surprised that this is the > only character that is allowed in attribute values but can cause us trouble in > attribute names. Maybe ":"? > r=me, but lets consider further testing with other characters Filed Bug 19084 to cover the other wrong characters (FYI ':' is not a problem according to HTML5). Committed in r33492.
Note You need to log in before you can comment on or make changes to this bug.