Bug 20539

Summary:	HTML/JavaScript causes stack exhaustion
Product:	WebKit	Reporter:	Berend-Jan Wever <skylined>
Component:	New Bugs	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED WORKSFORME
Severity:	Critical	CC:	ap
Priority:	P2	Keywords:	HasReduction, InRadar
Version:	525.x (Safari 3.1)
Hardware:	PC
OS:	Windows Vista
URL:	http://skypher.com/SkyLined/Repro/Safari/Safari%203.1.2%20(525.21)%20WebKit%20525.19%20-%20SE%20%23a2819cb7/repro.html

Berend-Jan Wever

Reported 2008-08-27 03:55:34 PDT

The following HTML causes a stack exhaustion in WebKit: <BODY></BODY> <SCRIPT> oHEAD=document.body.parentElement.firstChild; document.addEventListener("DOMNodeInserted",function(){ event.relatedNode.innerHTML="]\x3ctd]\x3cstyle link>]"; },true); oHEAD.innerHTML="["; </SCRIPT>

Attachments
Add attachment proposed patch, testcase, etc.

Mark Rowe (bdash)

Comment 1 2008-08-27 12:09:42 PDT

<rdar://problem/6180068>

Alexey Proskuryakov

Comment 2 2008-08-28 03:39:27 PDT

Could you please try this with a nightly build (http://nightly.webkit.org)? We could not reproduce this yet.

Berend-Jan Wever

Comment 3 2008-08-28 08:53:55 PDT

Does indeed not repro in nightly, closing the bug.

Note You need to log in before you can comment on or make changes to this bug.