Bug 14578

Summary: [S60][3.1A][3.2] - Browser crashes in www.vertaa.fi
Product: WebKit Reporter: Joseph Ligman <joseph.ligman>
Component: WebCore JavaScriptAssignee: Joseph Ligman <joseph.ligman>
Status: CLOSED FIXED    
Severity: Critical CC: S60webkit
Priority: P2 Keywords: PlatformOnly
Version: 523.x (Safari 3)   
Hardware: S60 Hardware   
OS: S60 3rd edition   
URL: http://www.vertaa.fi
Attachments:
Description Flags
create program node on the heap to avoid an overflow when parsing a large stringnode.
joseph.ligman: review-
delete all the ArgumentListNode's self elements in a loop to avoid recursion yongjun.zhang: review+

Joseph Ligman
Reported 2007-07-10 14:00:36 PDT
TSW ID: SLON-73XDUZ Error description & actions how to produce the error: Open www.vertaa.fi and click "lentoliput" which is located under "matkustus" -> after a while browser crashes.
Attachments
create program node on the heap to avoid an overflow when parsing a large stringnode. (2.15 KB, patch)
2007-07-10 14:12 PDT, Joseph Ligman 		joseph.ligman: review-
DetailsFormatted DiffDiff
delete all the ArgumentListNode's self elements in a loop to avoid recursion (2.29 KB, patch)
2007-07-12 11:44 PDT, Joseph Ligman 		yongjun.zhang: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Joseph Ligman
Comment 1 2007-07-10 14:12:42 PDT
Created attachment 15466 [details] create program node on the heap to avoid an overflow when parsing a large stringnode. I'm assuming the memory allocated will be cleaned up by the garbage collector.
Joseph Ligman
Comment 2 2007-07-10 14:21:40 PDT
The patch is no good. It creates a memory leak.
Joseph Ligman
Comment 3 2007-07-12 11:44:01 PDT
Created attachment 15488 [details] delete all the ArgumentListNode's self elements in a loop to avoid recursion The ArgumentListNode contains a pointer to itself, which makes a chain of elements. When the node is deleted it deletes itself which deletes itself recursively. When this recursion becomes large enough the crash occurs. To avoid this delete all the nodes in a loop and set them to null when the destructor is called.
Yongjun Zhang
Comment 4 2007-07-13 13:27:10 PDT
Comment on attachment 15488 [details] delete all the ArgumentListNode's self elements in a loop to avoid recursion r = me
Yongjun Zhang
Comment 5 2007-07-13 13:27:30 PDT
landed on r24270 for ccb.
Yongjun Zhang
Comment 6 2007-07-13 13:29:02 PDT
landed on r24271 for 31m.
Bradley Morrison
Comment 7 2008-04-09 11:39:24 PDT
Bulk closing of all s60 platform bugs. Sorry for the noise!
Joel Parks
Comment 8 2011-03-21 11:53:34 PDT
re-purposing InTSW keyword for use by QtWebkit team
Note You need to log in before you can comment on or make changes to this bug.