Summary: | Crash if <table> is removed from DOM while being parsed if it contains bogus content | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Ian 'Hixie' Hickson <ian> | ||||
Component: | Tables | Assignee: | Eric Seidel (no email) <eric> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | ||||||
Priority: | P1 | ||||||
Version: | 420+ | ||||||
Hardware: | PC | ||||||
OS: | Linux | ||||||
URL: | http://www.hixie.ch/tests/adhoc/html/parsing/error-handling/034.html | ||||||
Attachments: |
|
Description
Ian 'Hixie' Hickson
2006-02-07 13:48:38 PST
Reproducible crash -> P1. Thread 0 Crashed: 0 com.apple.WebCore 0x01b4c778 WebCore::TreeShared<WebCore::Node>::parent() const + 20 (Shared.h:57) 1 com.apple.WebCore 0x01b4c7b0 WebCore::Node::parentNode() const + 36 (Node.h:89) 2 com.apple.WebCore 0x017a9a20 WebCore::HTMLParser::handleError(WebCore::Node*, bool, WebCore::AtomicString const&, int) + 6404 (HTMLParser.cpp:490) 3 com.apple.WebCore 0x017aa760 WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 912 (HTMLParser.cpp:281) 4 com.apple.WebCore 0x017ac178 WebCore::HTMLParser::parseToken(WebCore::Token*) + 1388 (HTMLParser.cpp:208) 5 com.apple.WebCore 0x017b006c WebCore::HTMLTokenizer::processToken() + 564 (HTMLTokenizer.cpp:1628) 6 com.apple.WebCore 0x017b37c0 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7376 (HTMLTokenizer.cpp:1206) 7 com.apple.WebCore 0x017b43ec WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1744 (HTMLTokenizer.cpp:1432) 8 com.apple.WebCore 0x018a1728 WebCore::Frame::write(char const*, int) + 952 (Frame.cpp:654) Thanks for the bug. I chose not to make it match your test case for now (since both FireFox and IE fail your test), but I did fix the crash. Created attachment 7953 [details]
Fixes crash
Comment on attachment 7953 [details]
Fixes crash
r=me
|