Bug 8803 - XPath query for empty attributes crashes in XPath::StringExpression::StringExpression
Summary: XPath query for empty attributes crashes in XPath::StringExpression::StringEx...
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Major
Assignee: Anders Carlsson
Depends on:
Reported: 2006-05-09 00:03 PDT by Timothy Hatcher
Modified: 2019-02-06 09:03 PST (History)
1 user (show)

See Also:

Fix bug (3.49 KB, patch)
2006-05-09 01:09 PDT, Anders Carlsson
mjs: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Timothy Hatcher 2006-05-09 00:03:49 PDT
Go to any site, then paste the following in the location bar to evaluate an Xpath.


You will crash with the following trace:

#0	0x01ab497a in WebCore::XPath::StringExpression::StringExpression at Shared.h:31
#1	0x01ab9d1b in xpathyyparse at XPathGrammar.y:291
#2	0x01ab291e in WebCore::XPath::Parser::parseStatement at XPathParser.cpp:438
#3	0x01ab7c2d in WebCore::XPathExpression::createExpression at XPathExpression.cpp:51
#4	0x01ab7a5d in WebCore::XPathEvaluator::createExpression at XPathEvaluator.cpp:47
#5	0x01ab7b39 in WebCore::XPathEvaluator::evaluate at XPathEvaluator.cpp:67
#6	0x018ff13f in WebCore::Document::evaluate at Document.cpp:3129
#7	0x01a6ee14 in WebCore::JSDocumentProtoFunc::callAsFunction at JSDocument.cpp:463
#8	0x010324be in KJS::JSObject::call at object.cpp:96
#9	0x01025a6b in KJS::FunctionCallDotNode::evaluate at nodes.cpp:758
#10	0x01029ad1 in KJS::ExprStatementNode::execute at nodes.cpp:1712
#11	0x0102c612 in KJS::SourceElementsNode::execute at nodes.cpp:2452
#12	0x010299f3 in KJS::BlockNode::execute at nodes.cpp:1688
#13	0x0101ad05 in KJS::InterpreterImp::evaluate at internal.cpp:514
#14	0x0101e620 in KJS::Interpreter::evaluate at interpreter.cpp:120
#15	0x01a99fbb in WebCore::KJSProxy::evaluate at kjs_proxy.cpp:68
#16	0x018e4c3d in WebCore::Frame::executeScript at Frame.cpp:383
#17	0x01914880 in -[WebCoreFrameBridge stringByEvaluatingJavaScriptFromString:forceUserGesture:] at WebCoreFrameBridge.mm:1229
#18	0x0190ed8e in -[WebCoreFrameBridge stringByEvaluatingJavaScriptFromString:] at WebCoreFrameBridge.mm:1223
Comment 1 Anders Carlsson 2006-05-09 01:09:29 PDT
Created attachment 8183 [details]
Fix bug
Comment 2 Maciej Stachowiak 2006-05-09 01:14:00 PDT
Comment on attachment 8183 [details]
Fix bug

Comment 3 Lucas Forschler 2019-02-06 09:03:14 PST
Mass moving XML DOM bugs to the "DOM" Component.