Bug 15839

Summary: fast/dom/xmlhttprequest-html-response-encoding.html crashes in PCRE under GuardMalloc
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: VERIFIED WORKSFORME    
Severity: Normal CC: eric, mitz, mrowe
Priority: P1 Keywords: HasReduction, InRadar
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   

Alexey Proskuryakov
Reported 2007-11-04 22:17:45 PST
run-webkit-tests -g fast/dom/xmlhttprequest-html-response-encoding.html Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0028037c jsRegExpCompile + 1744 (pcre_compile.c:2793) 1 com.apple.JavaScriptCore 0x00218b78 KJS::RegExp::RegExp[in-charge](KJS::UString const&, int) + 216 (regexp.cpp:46) 2 com.apple.JavaScriptCore 0x002490e4 KJS::RegExpObjectImp::construct(KJS::ExecState*, KJS::List const&) + 784 (regexp_object.cpp:443) 3 com.apple.JavaScriptCore 0x002369f4 KJS::RegExpNode::evaluate(KJS::ExecState*) + 192 (nodes.cpp:390) 4 com.apple.JavaScriptCore 0x00241a90 KJS::ArgumentListNode::evaluateList(KJS::ExecState*, KJS::List&) + 100 (nodes.cpp:623) ...
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2007-11-04 22:24:50 PST
This looks like a logic error in jsRegExpCompile; I'm wondering if it's been fixed in upstream PCRE already.
Alexey Proskuryakov
Comment 2 2007-11-04 22:42:14 PST
At a second glance, I think it's PCRE expecting a null-terminated string - we've stopped doing that in bug 11849.
Alexey Proskuryakov
Comment 3 2007-11-25 00:03:00 PST
*** Bug 16127 has been marked as a duplicate of this bug. ***
Eric Seidel (no email)
Comment 4 2007-11-25 00:08:27 PST
I can look at this once I finally land all my PCRE cleanup changes.
Mark Rowe (bdash)
Comment 5 2007-11-26 16:26:02 PST
<rdar://problem/5611792>
Eric Seidel (no email)
Comment 6 2007-11-30 04:44:53 PST
I can't reproduce this on TOT.
Alexey Proskuryakov
Comment 7 2007-12-03 02:23:09 PST
Neither can I.
Note You need to log in before you can comment on or make changes to this bug.