Patch based on the following crash triggering several times a day: Thread 1 *CRASHED* (EXCEPTION_ACCESS_VIOLATION @0x01a0b000) 0x01e97f41 [chrome.dll - textresourcedecoder.cpp:621] WebCore::TextResourceDecoder::checkForHeadCharset(char const *,unsigned int,bool &) 0x01e9832f [chrome.dll - textresourcedecoder.cpp:800] WebCore::TextResourceDecoder::decode(char const *,unsigned int) 0x01e42e05 [chrome.dll - frameloader.cpp:1813] WebCore::FrameLoader::addData(char const *,int) 0x02149041 [chrome.dll - webframe_impl.cc:1608] WebFrameImpl::DidReceiveData(WebCore::DocumentLoader *,char const *,int) Something has crashed due to crossing a page boundary. Upon inspection of the code at this location, skipComment() clearly reads past the end of the buffer. I have verified this in the debugger. No reliable test case is available because of the non-deterministic nature of reading out-of-bounds. In fact I have never observed a crash -- but it is clearly happening many times a day in the crash logs. Fix is easy / obvious -- patch upload to follow.
Created attachment 31390 [details] Fixes out-of-bounds reads.
Comment on attachment 31390 [details] Fixes out-of-bounds reads. Thanks for the patch, but we'll need to include a ChangeLog before landing this.
Also, WebKit coding style has no braces around a single line if body.
Created attachment 31528 [details] Fix out-of-bounds reads.
Request land of patch. Changes since last version: - Adhere to coding style (thanks Darin)! - Add ChangeLog entry. - Includes justification of why I can't reasonably add a test.
Comment on attachment 31528 [details] Fix out-of-bounds reads. Tabs in the ChangeLog. Otherwise this looks great. Will have to be landed manually, my script won't be able to fix the tabs (it's not that smart).
Assigned for landing.
Corrected tabs and landed in http://trac.webkit.org/changeset/44865.
PLEASE add bug numbers to ChangeLog entries in the future.
You got it. Sorry :)