Summary: | Assertion failure when loading http://www.html5rocks.com | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Alexander Pavlov (apavlov) <apavlov> | ||||||
Component: | DOM | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Major | CC: | ap, darin, joepeck, kenneth, tkent | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | PC | ||||||||
OS: | Windows 7 | ||||||||
Attachments: |
|
The assertion was added by http://trac.webkit.org/changeset/56242. Created attachment 62152 [details]
Reduction
Created attachment 62158 [details]
Patch
Comment on attachment 62158 [details]
Patch
What about InputElement::updateValueIfNeeded? Is that function used anywhere?
(In reply to comment #4) > (From update of attachment 62158 [details]) > What about InputElement::updateValueIfNeeded? Is that function used anywhere? Yes. It is used by InputElement::parsemaxLengthAttribute(). This call is harmless because maxLength doesn't affect to type=range. I'll refactor sanitization code in dom/InputElement and html/HTMLInputElement. They are confusing. Retitled since an assertion failure is not a crash. Comment on attachment 62158 [details] Patch Clearing flags on attachment: 62158 Committed r63876: <http://trac.webkit.org/changeset/63876> All reviewed patches have been landed. Closing bug. |
I'm observing a crash while loading certain HTML5 pages. www.html5rocks.com/ is one example. Unhandled exception at 0x571f3fee (WebKit.dll) in Safari.exe: 0xC0000005: Access violation writing location 0xbbadbeef. > WebKit.dll!WebCore::HTMLInputElement::rangeUnderflow() Line 348 + 0x87 bytes C++ WebKit.dll!WebCore::ValidityState::rangeUnderflow() Line 131 C++ WebKit.dll!WebCore::ValidityState::valid() Line 150 + 0x26 bytes C++ WebKit.dll!WebCore::HTMLFormControlElement::setNeedsValidityCheck() Line 338 + 0xf bytes C++ WebKit.dll!WebCore::HTMLInputElement::setInputType(const WebCore::String & t={...}) Line 895 C++ WebKit.dll!WebCore::HTMLInputElement::parseMappedAttribute(WebCore::Attribute * attr=0x07da56f8) Line 1112 + 0x18 bytes C++ WebKit.dll!WebCore::StyledElement::attributeChanged(WebCore::Attribute * attr=0x07da56f8, bool preserveDecls=false) Line 183 + 0x16 bytes C++ WebKit.dll!WebCore::Element::setAttribute(const WebCore::AtomicString & name={...}, const WebCore::AtomicString & value={...}, int & ec=0) Line 562 + 0x18 bytes C++ WebKit.dll!WebCore::jsElementPrototypeFunctionSetAttribute(JSC::ExecState * exec=0x078f0278) Line 1422 + 0x2c bytes C++