RESOLVED CONFIGURATION CHANGED 20540
HTML/JavaScript causes Read AV[3c]@WebKit.dll+4c00 #bd95c6be 
https://bugs.webkit.org/show_bug.cgi?id=20540
Summary HTML/JavaScript causes Read AV[3c]@WebKit.dll+4c00 #bd95c6be
Berend-Jan Wever
Reported 2008-08-27 04:08:06 PDT
The following HTML file triggers a NULL pointer AV: <BODY onload=go()></BODY> <SCRIPT> function go() { var oOldBody = document.body; document.addEventListener("DOMNodeRemoved", function () { event.relatedNode.parentElement.removeChild(event.relatedNode); },true); document.body.parentElement.removeChild(document.body); oOldBody.innerHTML = "x<l><html>"; } </SCRIPT>
Attachments
Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-08-27 12:09:51 PDT
<rdar://problem/6180069>
Alexey Proskuryakov
Comment 2 2008-08-28 03:38:09 PDT
Could you please try this with a nightly build (http://nightly.webkit.org)? We could not reproduce this yet.
Berend-Jan Wever
Comment 3 2008-08-28 08:52:52 PDT
I tested it in nightly and it does indeed not repro - but... I open Safari (with webkit nightly) and drag the URL in. The page opens fine. I drag the URL in again and I see this: (f6c.df0): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. WebKit!WebCore::DragController::concludeDrag+0x3a: 00000000`6d4a0cda 8b03 mov eax,dword ptr [ebx] ds:002b:00000000`00000000=???????? So something is still messed up in nightly, but it doesn't repro until you do a drag and drop.
Berend-Jan Wever
Comment 4 2008-08-28 09:08:36 PDT
This same drag and drop problem happens with the repro for bug 19516
Alexey Proskuryakov
Comment 5 2008-08-28 09:16:49 PDT
That certainly sounds bad - but probably a separate problem.
Berend-Jan Wever
Comment 6 2008-08-28 09:35:50 PDT
Do I need to file a new bug or can we reuse this one?
Mark Rowe (bdash)
Comment 7 2008-08-28 18:16:14 PDT
A new bug report would be preferred since it appears to be a separate issue.
Berend-Jan Wever
Comment 8 2008-08-29 01:28:59 PDT
Ok, if we're going to be bueaucratic about it: I opened bug 20565 :)
Note You need to log in before you can comment on or make changes to this bug.