[Webkit-unassigned] [Bug 10157] New: REPRO: SVG code crashes on string copy inside KCanvasRenderingStyle paint code
bugzilla-daemon at opendarwin.org
bugzilla-daemon at opendarwin.org
Sat Jul 29 22:29:30 PDT 2006
http://bugzilla.opendarwin.org/show_bug.cgi?id=10157
Summary: REPRO: SVG code crashes on string copy inside
KCanvasRenderingStyle paint code
Product: WebKit
Version: 420+ (nightly)
Platform: Macintosh
URL: http://www.logarithmic.net/ghost.xhtml
OS/Version: Mac OS X 10.4
Status: NEW
Severity: normal
Priority: P1
Component: SVG
AssignedTo: webkit-unassigned at opendarwin.org
ReportedBy: macdome at opendarwin.org
http://www.logarithmic.net/ghost.xhtml
Crashes after repeated presses of "random" button.
It crashes on line 111 of KCanvasRenderingStyle.cpp:
strokePaintServer = getPaintServerById(item->document(),
AtomicString(id.substring(1)));
It crashes when trying to copy the id string.
the string returned by stroke->uri() on the previous line:
String id(stroke->uri());
ends up being length 715872576 which is oddly enough equal to
(((unsigned)(-1)/6) - 6)
--
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list