[webkit-dev] CSS Parse error in <link rel> element.

Atul Sowani sowani at gmail.com
Tue Feb 7 01:55:16 PST 2017

Thanks Geoffrey, Alex, Yoav for the debugging pointer. I am debugging the
issue further using this information and will most likely need some more
help in immediate future as well.

Unfortunately, I don't have a stand-alone test case which can be tested
with qtwebkit. I am trying to load a page using PhantomJS and it's
crashing. The typical URLs which cause it to crash are http://engadget.com
and http://cnn.com - both of these load without any issue on x86 platform
though, so the issue seems to be specific to ppc64le.


On Mon, Feb 6, 2017 at 5:56 PM, Yoav Weiss <yoav at yoav.ws> wrote:

> Hi Atul,
> I second Alex's suggestion (perhaps followed by HTMLLinkElement::process()
> and other places in that file that refer to `hrefAttr`).
> If you have a test case online, I could try to take a look and maybe
> provide more guidance.
> Cheers :)
> Yoav
> On Fri, Feb 3, 2017 at 9:19 PM Alex Christensen <achristensen at apple.com>
> wrote:
>> I would start looking at HTMLLinkElement::parseAttribute.
>> LinkHeader.cpp contains parsers for link headers, which are related.
>> Yoav knows more about those.  Those parsers ought to be united more.
>> On Feb 3, 2017, at 1:17 AM, Atul Sowani <sowani at gmail.com> wrote:
>> At present I am focusing on CSSParser::findURI() particularly
>> and CSSParser::realLex() other related functionality in CSSParser.cpp
>> - hope I am on right track. ;-)
>> Please let me know if I should be looking at some other functionality as
>> well to resolve this issue.
>> Thanks!
>> Atul.
>> On Fri, Feb 3, 2017 at 2:33 PM, Atul Sowani <sowani at gmail.com> wrote:
>> Hi,
>> I came across an issue in qtwebkit CSS parser while working on a
>> PhantomJS crash. The issue seems to be with parsing of <link rel="..."
>> href="..."> type elements in an HTML page. What I observed is that the
>> parser is trying to interpret the value for href given inside
>> double-quotes. The value contains a "-" (e.g. "
>> http://some.domain.com/some-page-etc-etc"). The "-" sign is being
>> interpreted as minus and then things go wrong. In another case I found that
>> "\g" embedded in the value (e.g. "http://some.domain.com/some-
>> page/global/something") is also creating issues. In essence, the parser
>> is trying to interpret the value, which I believe, it should not.
>> I am willing to dive further into it to debug and fix the issue, but
>> looking at the complexity and size of WebCore, I think I would benefit a
>> lot to expedite a fix, if I could get some tips about which code
>> area/functionality I should specifically focus in the WebCore. Looking
>> forward to some help in this regard.
>> Thanks,
>> Atul.
>> _______________________________________________
>> webkit-dev mailing list
>> webkit-dev at lists.webkit.org
>> https://lists.webkit.org/mailman/listinfo/webkit-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-dev/attachments/20170207/8cba07b9/attachment.html>

More information about the webkit-dev mailing list