WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
20396
Abort caused by failed allocation due to invalid counter/attr
https://bugs.webkit.org/show_bug.cgi?id=20396
Summary
Abort caused by failed allocation due to invalid counter/attr
Tavis Ormandy
Reported
2008-08-15 06:19:26 PDT
<style type="text/css"> body { content: counter(-7036167556735246188); } </style> (content: attr(-4687060260085016321); also works)
Attachments
Patch
(2.89 KB, patch)
2008-09-30 16:07 PDT
,
Beth Dakin
darin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1
2008-08-15 08:14:06 PDT
Safari(77064,0xa0314d00) malloc: *** mmap(size=2276515840) failed (error code=12) *** error: can't allocate region *** set a breakpoint in malloc_error_break to debug Program received signal SIGABRT, Aborted. 0x934e970a in __kill () (gdb) bt #0 0x934e970a in __kill () #1 0x934e96fd in kill$UNIX2003 () #2 0x9355d75f in raise () #3 0x9356f205 in abort () #4 0x00444080 in WTF::fastMalloc (n=2276512446) at FastMalloc.cpp:192 #5 0x0288a47f in WebCore::newUCharVector (n=3285739871) at WebCore/platform/text/StringImpl.cpp:52 #6 0x0288d3b2 in WebCore::StringImpl::StringImpl (this=0x1b2c0e70, characters=0x4745d548, length=3285739871) at WebCore/platform/text/StringImpl.cpp:79 #7 0x0288cb19 in WebCore::StringImpl::create (characters=0x4745d548, length=3285739871) at WebCore/platform/text/StringImpl.cpp:1019 #8 0x02887874 in WebCore::String::String (this=0xbfff9b5c, str=0x4745d548, len=3285739871) at WebCore/platform/text/String.cpp:50 #9 0x022b76ab in WebCore::CSSParserString::operator WebCore::String (this=0x45e32b4) at CSSParserValues.h:36 #10 0x022c8f9e in WebCore::CSSParser::parseCounterContent (this=0xbfffb2ec, args=0x45e32a0, counters=false) at WebCore/css/CSSParser.cpp:2658 #11 0x022ccd6e in WebCore::CSSParser::parseContent (this=0xbfffb2ec, propId=1036, important=false) at WebCore/css/CSSParser.cpp:1972 #12 0x022ce7fe in WebCore::CSSParser::parseValue (this=0xbfffb2ec, propId=1036, important=false) at WebCore/css/CSSParser.cpp:618 #13 0x022b63a0 in cssyyparse (parser=0xbfffb2ec) at CSSGrammar.y:1211 Confirmed with TOT WebKit.
Mark Rowe (bdash)
Comment 2
2008-08-15 08:14:54 PDT
<
rdar://problem/6152371
>
Beth Dakin
Comment 3
2008-09-30 16:07:06 PDT
Created
attachment 23958
[details]
Patch
Darin Adler
Comment 4
2008-09-30 16:16:05 PDT
Comment on
attachment 23958
[details]
Patch r=me
Beth Dakin
Comment 5
2008-09-30 16:20:20 PDT
Fixed with
r37122
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug