19515 – DOM modification causes stack exhaustion (Caused by colGroup?)

RESOLVED DUPLICATE of bug 19519 19515

DOM modification causes stack exhaustion (Caused by colGroup?)

https://bugs.webkit.org/show_bug.cgi?id=19515

Summary DOM modification causes stack exhaustion (Caused by colGroup?)

Berend-Jan Wever

Reported 2008-06-12 04:16:15 PDT

I found that the following javascript causes a stack exhaustion: <BODY onload="go()"><SCRIPT> var i=0; function go() { oColGroup=document.createElement('colGroup'); document.body.appendChild(oColGroup); oComment=document.createElement('b'); document.body.insertAdjacentElement('afterBegin', oComment); } </SCRIPT></BODY> Something tells me the colGroup is the culprit, but I have no way of backing that up. Tested with Safari 3.1.1. Marked as security, I'm not sure if you treat DoS as a security issue, so erring on the safe side.

Attachments
Add attachment proposed patch, testcase, etc.

Berend-Jan Wever

Comment 1 2008-06-13 06:29:07 PDT

Changing priority and security flag

Mark Rowe (bdash)

Comment 2 2008-06-13 14:52:34 PDT

<rdar://problem/6007110>

Adam Roben (:aroben)

Comment 3 2008-06-14 08:51:20 PDT

Why is this bug marked PlatformOnly?

Kevin McCullough

Comment 4 2008-06-20 16:12:42 PDT

*** This bug has been marked as a duplicate of 19519 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 19519

Priority P1

Severity Normal

Classification Unclassified

Version 525.x (Safari 3.1)

Hardware PC

OS Windows Vista

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2008-06-12 04:16 PDT

Modified

2008-06-20 16:46 PDT History

CC List

2 users Show

URL

http://skypher.com/SkyLined/Repro/Safari/Stack%20exhaustion%20colGroup/repro.html

Keywords InRadar, PlatformOnly

Depends on

Blocks