Bug 8471

Summary: CRASH: KXMLCore::HashMap when using applet code + param
Product: WebKit Reporter: Thomas Stromberg <thomas+opendarwin>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Major CC: ap
Priority: P2    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://toadstool.se/software/iexploder/
Attachments:
Description Flags
Testcase: applet code + param none

Description Thomas Stromberg 2006-04-18 19:48:17 PDT 
I found this crash with iExploder 1.3.0:

<body>
<applet code>
<param>
</body>
</html>

Thread 0 Crashed:
0   com.apple.WebCore           0x01323184 KXMLCore::HashMap<WebCore::String, WebCore::String, KXMLCore::StrHash<WebCore::String>, KXMLCore::HashTraits<WebCore::String>, KXMLCore::HashTraits<WebCore::String> >::set(WebCore::String const&, WebCore::String const&) + 68
1   com.apple.WebCore           0x011a5be0 WebCore::RenderApplet::createWidgetIfNecessary() + 560
2   com.apple.WebCore           0x011a5d28 WebCore::RenderApplet::layout() + 72
3   com.apple.WebCore           0x011a20f8 WebCore::RenderBlock::layoutInlineChildren(bool) + 984
4   com.apple.WebCore           0x011b2934 WebCore::RenderBlock::layoutBlock(bool) + 740
5   com.apple.WebCore           0x011b2288 WebCore::RenderBlock::layoutBlockChildren(bool) + 856
Comment 1 Thomas Stromberg 2006-04-18 19:48:35 PDT 
Created attachment 7816 [details]
Testcase: applet code + param
Comment 2 Thomas Stromberg 2006-04-18 19:49:03 PDT 
Forgot to mention. Crash was with Safari Nightly 420+ r13911 2006-04-18
Comment 3 Eric Seidel (no email) 2006-04-18 19:58:05 PDT 
Were you using the run-iexploder-tests script which ap just landed?  I worry that you and he may be duplicating effort here.
Comment 4 Eric Seidel (no email) 2006-04-18 20:00:58 PDT 
Ahha!  It looks like you're the original author.  Great tool!

You should be aware that ap recently added this script to our svn repository:
http://trac.webkit.org/dev/browser/trunk/WebKitTools/Scripts/run-iexploder-tests?rev=13967

Alexey has been filing bugs using iExploder as well:
http://bugzilla.opendarwin.org/show_bug.cgi?id=8438
is the only one left open as far as I can tell.
Comment 5 Alexey Proskuryakov 2006-04-18 21:40:04 PDT 
Looks like a duplicate of bug 8437.

So far, I've tried tests 1 through 10204 - but I was using iExploder 1.2, which generates different tests for the same seeds.
Comment 6 Alexey Proskuryakov 2006-04-19 09:36:54 PDT 

*** This bug has been marked as a duplicate of 8437 ***