Bug 16358
| Summary: | [WIN] Spontaneous crashes in get2ByteOpcodeValueAtOffset | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Matt Lilek <dev+webkit> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | ||
| Priority: | P1 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | Windows XP | ||
Matt Lilek
I keep getting a crash in get2ByteOpcodeValueAtOffset (pcre_internal.h:229) that seems to happen rather spontaneously. I've had it happen twice on startup (loading <http://www.apple.com/startpage/>) and twice more while entering a new bug here in Bugzilla.
WebKit.dll!get2ByteOpcodeValueAtOffset(const unsigned char * opcodePtr=0x050b5ffb, unsigned int offset=4) Line 229 + 0x12 bytes C++
WebKit.dll!is_anchored(const unsigned char * code=0x050b5ff8, int options=0, unsigned int bracket_map=536870944, unsigned int backref_map=0) Line 2086 + 0xb bytes C++
WebKit.dll!is_anchored(const unsigned char * code=0x050b5ff5, int options=0, unsigned int bracket_map=536870912, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++
WebKit.dll!is_anchored(const unsigned char * code=0x050b5ff2, int options=0, unsigned int bracket_map=536870912, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++
WebKit.dll!is_anchored(const unsigned char * code=0x050b5fef, int options=0, unsigned int bracket_map=536870912, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++
WebKit.dll!is_anchored(const unsigned char * code=0x050b5fec, int options=0, unsigned int bracket_map=0, unsigned int backref_map=0) Line 2088 + 0x15 bytes C++
WebKit.dll!jsRegExpCompile(const wchar_t * pattern=0x0012fa89, int patternLength=2, JSRegExpIgnoreCaseOption ignoreCase=JSRegExpDoNotIgnoreCase, JSRegExpMultilineOption multiline=JSRegExpSingleLine, unsigned int * numSubpatterns=0x00000000, const char * * errorptr=0x0012f9f0) Line 2848 + 0x15 bytes C++
WebKit.dll!WebCore::RegularExpression::Private::compile(bool caseSensitive=true, bool glob=false) Line 107 + 0x2b bytes C++
WebKit.dll!WebCore::RegularExpression::Private::Private(WebCore::DeprecatedString p={...}, bool caseSensitive=true, bool glob=false) Line 66 C++
WebKit.dll!WebCore::RegularExpression::RegularExpression(const char * cpattern=0x0117ab18) Line 127 + 0x4a bytes C++
WebKit.dll!WebCore::Frame::matchLabelsAgainstElement(const WTF::Vector<WebCore::String,0> & labels={...}, WebCore::Element * element=0x04e1b638) Line 497 + 0x27 bytes C++
WebKit.dll!WebFrame::matchLabelsAgainstElement(wchar_t * const * labels=0x04f6b898, int cLabels=3, IDOMElement * againstElement=0x04cffcc4, wchar_t * * result=0x0012fc4c) Line 1282 C++
WebKit.dll!WebHTMLRepresentation::matchLabels(wchar_t * * labels=0x04f6b898, int cLabels=3, IDOMElement * againstElement=0x04cffcc4, wchar_t * * result=0x0012fc4c) Line 214 C++
Safari.exe!004726a5()
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Matt Lilek
Closing this since Darin removed get2ByteOpcodeValueAtOffset in r28793 <http://trac.webkit.org/projects/webkit/changeset/28793> (but I think it was fixed in another pcre patch before that).