[Webkit-unassigned] [Bug 8803] New: XPath query for empty attributes crashes in XPath::StringExpression::StringExpression

bugzilla-daemon at opendarwin.org bugzilla-daemon at opendarwin.org
Tue May 9 00:03:50 PDT 2006 

http://bugzilla.opendarwin.org/show_bug.cgi?id=8803

           Summary: XPath query for empty attributes crashes in
                    XPath::StringExpression::StringExpression
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: major
          Priority: P1
         Component: XML DOM
        AssignedTo: webkit-unassigned at opendarwin.org
        ReportedBy: timothy at hatcher.name


Go to any site, then paste the following in the location bar to evaluate an
Xpath.

javascript:document.evaluate("//a[@id='']",document)

You will crash with the following trace:

#0      0x01ab497a in WebCore::XPath::StringExpression::StringExpression at
Shared.h:31
#1      0x01ab9d1b in xpathyyparse at XPathGrammar.y:291
#2      0x01ab291e in WebCore::XPath::Parser::parseStatement at
XPathParser.cpp:438
#3      0x01ab7c2d in WebCore::XPathExpression::createExpression at
XPathExpression.cpp:51
#4      0x01ab7a5d in WebCore::XPathEvaluator::createExpression at
XPathEvaluator.cpp:47
#5      0x01ab7b39 in WebCore::XPathEvaluator::evaluate at
XPathEvaluator.cpp:67
#6      0x018ff13f in WebCore::Document::evaluate at Document.cpp:3129
#7      0x01a6ee14 in WebCore::JSDocumentProtoFunc::callAsFunction at
JSDocument.cpp:463
#8      0x010324be in KJS::JSObject::call at object.cpp:96
#9      0x01025a6b in KJS::FunctionCallDotNode::evaluate at nodes.cpp:758
#10     0x01029ad1 in KJS::ExprStatementNode::execute at nodes.cpp:1712
#11     0x0102c612 in KJS::SourceElementsNode::execute at nodes.cpp:2452
#12     0x010299f3 in KJS::BlockNode::execute at nodes.cpp:1688
#13     0x0101ad05 in KJS::InterpreterImp::evaluate at internal.cpp:514
#14     0x0101e620 in KJS::Interpreter::evaluate at interpreter.cpp:120
#15     0x01a99fbb in WebCore::KJSProxy::evaluate at kjs_proxy.cpp:68
#16     0x018e4c3d in WebCore::Frame::executeScript at Frame.cpp:383
#17     0x01914880 in -[WebCoreFrameBridge
stringByEvaluatingJavaScriptFromString:forceUserGesture:] at
WebCoreFrameBridge.mm:1229
#18     0x0190ed8e in -[WebCoreFrameBridge
stringByEvaluatingJavaScriptFromString:] at WebCoreFrameBridge.mm:1223


-- 
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list