Bug 8440

Summary: iExploder(#3327): Crash in StringImpl::initWithQChar()
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: DOMAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: thomas+opendarwin
Priority: P1 Keywords: Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
test case
none
proposed fix darin: review+

Alexey Proskuryakov
Reported 2006-04-17 10:01:19 PDT
run-iexploder-tests 3327 (or just open the attached test case). Thread 0 Crashed: 0 <<00000000>> 0xffff8cc8 __memcpy + 1320 (cpu_capabilities.h:189) 1 com.apple.WebCore 0x019faf38 WebCore::StringImpl::initWithQChar(QChar const*, unsigned) + 168 (StringImpl.cpp:108) 2 com.apple.WebCore 0x019faf94 WebCore::StringImpl::StringImpl[in-charge](QChar const*, unsigned) + 72 (StringImpl.cpp:67) 3 com.apple.WebCore 0x01b7bca8 WebCore::StringImpl::copy() const + 72 (StringImpl.h:75) 4 com.apple.WebCore 0x019f8f40 WebCore::String::copy() const + 96 (String.cpp:306) 5 com.apple.WebCore 0x01780f60 WebCore::HTMLMapElement::parseMappedAttribute(WebCore::MappedAttribute*) + 372 (html_imageimpl.cpp:492) 6 com.apple.WebCore 0x01a9aab8 WebCore::StyledElement::attributeChanged(WebCore::Attribute*, bool) + 772 (StyledElement.cpp:179) 7 com.apple.WebCore 0x01aa8254 WebCore::Element::setAttributeMap(WebCore::NamedAttrMap*) + 756 (Element.cpp:363) 8 com.apple.WebCore 0x0179bd88 WebCore::HTMLParser::parseToken(WebCore::Token*) + 1236 (HTMLParser.cpp:200) 9 com.apple.WebCore 0x0179fd14 WebCore::HTMLTokenizer::processToken() + 564 (HTMLTokenizer.cpp:1628) 10 com.apple.WebCore 0x017a3468 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7376 (HTMLTokenizer.cpp:1206) 11 com.apple.WebCore 0x017a4094 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1744 (HTMLTokenizer.cpp:1432) 12 com.apple.WebCore 0x01890d74 WebCore::Frame::write(char const*, int) + 952 (Frame.cpp:654) 13 com.apple.WebCore 0x01883e64 WebCore::Frame::addData(char const*, int) + 340 (Frame.cpp:2599) 14 com.apple.WebCore 0x018c7c20 -[WebCoreFrameBridge addData:] + 224 (WebCoreFrameBridge.mm:547) 15 com.apple.WebKit 0x00335008 -[WebFrameBridge receivedData:textEncodingName:] + 236 (WebFrameBridge.m:458) 16 com.apple.WebKit 0x0036da8c -[WebHTMLRepresentation receivedData:withDataSource:] + 248 (WebHTMLRepresentation.m:122)
Attachments
test case (22.81 KB, text/html)
2006-04-17 10:01 PDT, Alexey Proskuryakov 		no flags
Details
proposed fix (2.04 KB, patch)
2006-04-17 12:04 PDT, Alexey Proskuryakov 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-04-17 10:01:55 PDT
Created attachment 7767 [details] test case
Alexey Proskuryakov
Comment 2 2006-04-17 12:04:27 PDT
Created attachment 7772 [details] proposed fix
Darin Adler
Comment 3 2006-04-17 13:13:05 PDT
Comment on attachment 7772 [details] proposed fix Instead of static_cast<const String&>(m_name) it should be m_name.domString(), otherwise this is fine. r=me (even without that fix)
Alexey Proskuryakov
Comment 4 2006-04-17 21:50:57 PDT
(In reply to comment #3) > Instead of static_cast<const String&>(m_name) it should be m_name.domString(), Corrected (somehow, domString() looked deprecated to me :) ).
Alexey Proskuryakov
Comment 5 2006-04-18 21:57:00 PDT
*** Bug 8470 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.