Bug 40195 - HTML5 parser crashes on failblog.org
Summary: HTML5 parser crashes on failblog.org
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.6
: P2 Normal
Assignee: Nobody
URL: http://failblog.org
Keywords:
Depends on:
Blocks:
 
Reported: 2010-06-04 18:09 PDT by Jon
Modified: 2010-08-30 17:15 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jon 2010-06-04 18:09:29 PDT 
Seeing the following crash when I enable the HTML5 parser on ToT. Failblog FAIL!

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000100bfc4a2 WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 162 (HTMLParser.cpp:392)
1   com.apple.WebCore             	0x0000000100bfcd84 WebCore::HTMLParser::parseToken(WebCore::Token*) + 868 (HTMLParser.cpp:319)
2   com.apple.WebCore             	0x0000000100ba2648 WebCore::HTML5TreeBuilder::passTokenToLegacyParser(WebCore::HTML5Token&) + 152 (HTML5TreeBuilder.cpp:150)
3   com.apple.WebCore             	0x0000000100ba3581 WebCore::HTML5TreeBuilder::constructTreeFromToken(WebCore::HTML5Token&) + 17 (HTML5TreeBuilder.cpp:200)
4   com.apple.WebCore             	0x0000000100ba09fc WebCore::HTML5Tokenizer::pumpLexer() + 108 (PassRefPtr.h:80)
5   com.apple.WebCore             	0x0000000100a15728 WebCore::Document::write(WebCore::SegmentedString const&, WebCore::Document*) + 120 (OwnPtr.h:69)
6   com.apple.WebCore             	0x0000000100d9c8c4 WebCore::documentWrite(JSC::ExecState*, WebCore::HTMLDocument*, WebCore::NewlineRequirement) + 900 (Deque.h:344)
7   com.apple.WebCore             	0x0000000100d9cfa5 WebCore::JSHTMLDocument::write(JSC::ExecState*) + 21 (JSHTMLDocumentCustom.cpp:163)
8   com.apple.WebCore             	0x0000000100d992dc WebCore::jsHTMLDocumentPrototypeFunctionWrite(JSC::ExecState*) + 124 (JSHTMLDocument.cpp:419)
9   ???                           	0x00004e3dbee0017a 0 + 86027102323066
10  com.apple.JavaScriptCore      	0x0000000100643b56 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) + 518 (JITCode.h:77)
11  ???                           	0x0000000103f4e900 0 + 4361349376
Comment 1 Alexey Proskuryakov 2010-08-30 17:12:10 PDT 
I suspect that this has been fixed already, but CC'ing Adam and Eric anyway.
Comment 2 Adam Barth 2010-08-30 17:15:30 PDT 
That codepath no longer exists and we no longer crash.  Thanks for the report!  Let us know if the issue recurs in the future.