WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
176061
Assertion failure when opening a file with a missing tag closing bracket
https://bugs.webkit.org/show_bug.cgi?id=176061
Summary
Assertion failure when opening a file with a missing tag closing bracket
Said Abou-Hallawa
Reported
2017-08-29 11:31:21 PDT
Open the following page in WebKit: <!DOCTYPE html> <html> <body> <script> </script </body> </html> Notice the "</script" does not have a closing bracket. Result: Assertion failure with the following call stack: #1 0x00000001c8d61f39 in WebCore::SegmentedString::advancePastNonNewline() at /Volumes/Data/WebKit/OpenSource/Source/WebCore/platform/text/SegmentedString.h:242 #2 0x00000001c8e4ebc9 in WebCore::HTMLTokenizer::commitToPartialEndTag(WebCore::SegmentedString&, unsigned short, WebCore::HTMLTokenizer::State) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLTokenizer.cpp:162 #3 0x00000001c8e50d4d in WebCore::HTMLTokenizer::processToken(WebCore::SegmentedString&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLTokenizer.cpp:469 #4 0x00000001c8d42a9f in WebCore::HTMLTokenizer::nextToken(WebCore::SegmentedString&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLTokenizer.h:284 #5 0x00000001c8df7711 in WebCore::HTMLMetaCharsetParser::checkForMetaCharset(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/html/parser/HTMLMetaCharsetParser.cpp:158 #6 0x00000001cabb2198 in WebCore::TextResourceDecoder::checkForMetaCharset(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/TextResourceDecoder.cpp:559 #7 0x00000001cabb2100 in WebCore::TextResourceDecoder::checkForHeadCharset(char const*, unsigned long, bool&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/TextResourceDecoder.cpp:554 #8 0x00000001cabb2a6a in WebCore::TextResourceDecoder::decode(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/TextResourceDecoder.cpp:617 #9 0x00000001c8719cad in WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter&, char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/dom/DecodedDataDocumentParser.cpp:45 #10 0x00000001c885e879 in WebCore::DocumentWriter::addData(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentWriter.cpp:253 #11 0x00000001c88155af in WebCore::DocumentLoader::commitData(char const*, unsigned long) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:914 #12 0x00000001094606af in WebKit::WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:975 #13 0x00000001c88182cd in WebCore::DocumentLoader::commitLoad(char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:832 #14 0x00000001c88181ef in WebCore::DocumentLoader::dataReceived(char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:947 #15 0x00000001c8818924 in WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/DocumentLoader.cpp:920 #16 0x00000001c8290e98 in WebCore::CachedRawResource::notifyClientsDataWasReceived(char const*, unsigned int) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedRawResource.cpp:115 #17 0x00000001c8290cfd in WebCore::CachedRawResource::addDataBuffer(WebCore::SharedBuffer&) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/cache/CachedRawResource.cpp:64 #18 0x00000001ca9dbd3a in WebCore::SubresourceLoader::didReceiveDataOrBuffer(char const*, int, WTF::RefPtr<WebCore::SharedBuffer>&&, long long, WebCore::DataPayloadType) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:406 #19 0x00000001ca9dbb02 in WebCore::SubresourceLoader::didReceiveData(char const*, unsigned int, long long, WebCore::DataPayloadType) at /Volumes/Data/WebKit/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:374 #20 0x000000010983f014 in WebKit::WebResourceLoader::didReceiveData(IPC::DataReference const&, long long) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/Network/WebResourceLoader.cpp:135 #21 0x00000001098429f0 in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, 0ul, 1ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul>) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:40 #22 0x00000001098427c0 in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long), std::__1::tuple<IPC::DataReference, long long>, std::__1::integer_sequence<unsigned long, 0ul, 1ul> >(std::__1::tuple<IPC::DataReference, long long>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:46 #23 0x0000000109841c11 in void IPC::handleMessage<Messages::WebResourceLoader::DidReceiveData, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)>(IPC::Decoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(IPC::DataReference const&, long long)) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/HandleMessage.h:126 #24 0x00000001098413d6 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::Decoder&) at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/DerivedSources/WebKit2/WebResourceLoaderMessageReceiver.cpp:61 #25 0x0000000108f975a9 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::Decoder&) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/WebProcess/Network/NetworkProcessConnection.cpp:68 #26 0x0000000108d33983 in IPC::Connection::dispatchMessage(IPC::Decoder&) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:901 #27 0x0000000108d28ea8 in IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:928 #28 0x0000000108d33f8a in IPC::Connection::dispatchOneMessage() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:959 #29 0x0000000108d4c4bd in IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14::operator()() at /Volumes/Data/WebKit/OpenSource/Source/WebKit/Platform/IPC/Connection.cpp:895 #30 0x0000000108d4c419 in WTF::Function<void ()>::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_14>::call() at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/Function.h:101 #31 0x00000001d60efe2b in WTF::Function<void ()>::operator()() const at /volumes/Data/WebKit/OpenSource/WebKitBuild/Debug/usr/local/include/wtf/Function.h:56 #32 0x00000001d61112e3 in WTF::RunLoop::performWork() at /Volumes/Data/WebKit/OpenSource/Source/WTF/wtf/RunLoop.cpp:106 #33 0x00000001d6111b64 in WTF::RunLoop::performWork(void*) at /Volumes/Data/WebKit/OpenSource/Source/WTF/wtf/cf/RunLoopCF.cpp:38
Attachments
Patch
(3.08 KB, patch)
2017-08-29 17:12 PDT
,
Said Abou-Hallawa
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2017-08-29 11:31:51 PDT
<
rdar://problem/34137537
>
Darin Adler
Comment 2
2017-08-29 16:08:14 PDT
The bug here is in HTMLTokenizer::commitToPartialEndTag, which calls SegmentedString ::advancePastNonNewline, but instead it needs to call SegmentedString::advance. That's all it will take to fix this; just call advance instead of advancePastNonNewline.
Said Abou-Hallawa
Comment 3
2017-08-29 17:12:46 PDT
Created
attachment 319313
[details]
Patch
WebKit Commit Bot
Comment 4
2017-08-29 19:26:46 PDT
Comment on
attachment 319313
[details]
Patch Clearing flags on attachment: 319313 Committed
r221335
: <
http://trac.webkit.org/changeset/221335
>
WebKit Commit Bot
Comment 5
2017-08-29 19:26:48 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug