Bug 8469 - CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed
Summary: CRASH: WebCore::CSSParser::parseDashboardRegions when attr() is passed
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Major
Assignee: Nobody
URL: http://toadstool.se/software/iexplode...
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-18 19:27 PDT by Thomas Stromberg
Modified: 2006-04-19 09:41 PDT (History)
1 user (show)

See Also:

Attachments
Testcase: table style="-webkit-dashboard-region: attr("a");" (143 bytes, text/html)
2006-04-18 19:29 PDT, Thomas Stromberg 		no flags Details
Add missing null check (3.99 KB, patch)
2006-04-19 03:43 PDT, mitz 		eric: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Stromberg 2006-04-18 19:27:58 PDT 
Using iExploder 1.3.0 I found the following crash in the Nightly-420+ r13911-2006-04-18 build:

Safari.crash.log - 2006-04-18 22:25:04.670 -0400
===================================================
Thread 0 Crashed:
0   com.apple.WebCore           0x01179810 WebCore::CSSParser::parseDashboardRegions(int, bool) + 496
1   com.apple.WebCore           0x0117d69c WebCore::CSSParser::parseValue(int, bool) + 1388
2   com.apple.WebCore           0x01289d94 cssyyparse(void*) + 7476
3   com.apple.WebCore           0x0117a560 WebCore::CSSParser::parseDeclaration(WebCore::CSSMutableStyleDeclaration*, WebCore::String const&) + 96
4   com.apple.WebCore           0x0116fbac WebCore::CSSMutableStyleDeclaration::parseDeclaration(WebCore::String const&) + 60
5   com.apple.WebCore           0x012965fc WebCore::StyledElement::parseMappedAttribute(WebCore::MappedAttribute*) + 700
Comment 1 Thomas Stromberg 2006-04-18 19:29:07 PDT 
Created attachment 7814 [details]
Testcase: table style="-webkit-dashboard-region: attr("a");"
Comment 2 Alexey Proskuryakov 2006-04-18 21:59:57 PDT 
Reproducible crash = P1.
Comment 3 mitz 2006-04-19 03:43:30 PDT 
Created attachment 7821 [details]
Add missing null check

I looked for other places missing this check and found none.
Comment 4 Eric Seidel (no email) 2006-04-19 03:45:22 PDT 
Comment on attachment 7821 [details]
Add missing null check

Looks fine. r=me.
Comment 5 Eric Seidel (no email) 2006-04-19 03:45:23 PDT 
Comment on attachment 7821 [details]
Add missing null check

Looks fine. r=me.