[Webkit-unassigned] [Bug 13495] REPRODUCIBLE CRASH: Referencing an undefined entity in an XHTML document

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 25 21:03:05 PDT 2007 

http://bugs.webkit.org/show_bug.cgi?id=13495


ddkilzer at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|0                           |1
           Priority|P2                          |P1
            Summary|Crash when referencing an   |REPRODUCIBLE CRASH:
                   |undefined entity in an XHTML|Referencing an undefined
                   |document                    |entity in an XHTML document




------- Comment #2 from ddkilzer at webkit.org  2007-04-25 21:03 PDT -------
Confirmed with a local debug build of WebKit r21103 with Safari 2.0.4 (419.3)
on Mac OS X 10.4.9 (8P135).

Stack:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000030

Thread 0 Crashed:
0   com.apple.WebCore           0x0103bd88 WebCore::getEntityHandler(void*,
unsigned char const*) + 220 (XMLTokenizer.cpp:1089)
1   libxml2.2.dylib             0x91d68784 xmlParseEntityRef + 208
2   libxml2.2.dylib             0x91d68020 xmlParseReference + 324
3   libxml2.2.dylib             0x91d6d704 xmlParseDocument + 4416
4   libxml2.2.dylib             0x91d51c0c xmlParseChunk + 424
5   com.apple.WebCore           0x010383ac
WebCore::XMLTokenizer::write(WebCore::SegmentedString const&, bool) + 416
(XMLTokenizer.cpp:569)
6   com.apple.WebCore           0x0149364c WebCore::FrameLoader::write(char
const*, int, bool) + 1212 (FrameLoader.cpp:929)
7   com.apple.WebCore           0x014937b8 WebCore::FrameLoader::addData(char
const*, int) + 320 (FrameLoader.cpp:1608)
8   com.apple.WebCore           0x0111b0a4 -[WebCoreFrameBridge addData:] + 232
(WebCoreFrameBridge.mm:291)
9   com.apple.WebCore           0x0111fd54 -[WebCoreFrameBridge
receivedData:textEncodingName:] + 316 (WebCoreFrameBridge.mm:1477)
10  com.apple.WebKit            0x0034396c -[WebHTMLRepresentation
receivedData:withDataSource:] + 296 (WebHTMLRepresentation.mm:175)
11  com.apple.WebKit            0x0033cc34 -[WebDataSource(WebInternal)
_receivedData:] + 116 (WebDataSource.mm:178)
12  com.apple.WebKit            0x003c6ab8
WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 184
13  com.apple.WebCore           0x0148f204
WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int)
+ 92 (FrameLoader.cpp:3021)
14  com.apple.WebCore           0x014a4290
WebCore::DocumentLoader::commitLoad(char const*, int) + 104
(DocumentLoader.cpp:347)
15  com.apple.WebCore           0x014a4318
WebCore::DocumentLoader::receivedData(char const*, int) + 104
(DocumentLoader.cpp:360)
16  com.apple.WebCore           0x0148df54
WebCore::FrameLoader::receivedData(char const*, int) + 60
(FrameLoader.cpp:2044)
17  com.apple.WebCore           0x014a62ec
WebCore::MainResourceLoader::addData(char const*, int, bool) + 92
(MainResourceLoader.cpp:134)
18  com.apple.WebCore           0x014a8e08
WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) +
104
19  com.apple.WebCore           0x014a6698
WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool)
+ 288 (MainResourceLoader.cpp:289)
20  com.apple.WebCore           0x014a877c
WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*,
int, int) + 108
21  com.apple.WebCore           0x0147dbbc -[WebCoreResourceHandleAsDelegate
connection:didReceiveData:lengthReceived:] + 240 (ResourceHandleMac.mm:352)
22  com.apple.Foundation        0x92c15624
-[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
23  com.apple.Foundation        0x92c13ac4
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
24  com.apple.Foundation        0x92c13860 _sendCallbacks + 156
25  com.apple.CoreFoundation    0x907df4fc __CFRunLoopDoSources0 + 384
26  com.apple.CoreFoundation    0x907dea2c __CFRunLoopRun + 452
27  com.apple.CoreFoundation    0x907de4ac CFRunLoopRunSpecific + 268
28  com.apple.HIToolbox         0x9329bb20 RunCurrentEventLoopInMode + 264
29  com.apple.HIToolbox         0x9329b1b4 ReceiveNextEventCommon + 380
30  com.apple.HIToolbox         0x9329b020
BlockUntilNextEventMatchingListInMode + 96
31  com.apple.AppKit            0x937a1ae4 _DPSNextEvent + 384
32  com.apple.AppKit            0x937a17a8 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
33  com.apple.Safari            0x00006740 0x1000 + 22336
34  com.apple.AppKit            0x9379dcec -[NSApplication run] + 472
35  com.apple.AppKit            0x9388e87c NSApplicationMain + 452
36  com.apple.Safari            0x0005c77c 0x1000 + 374652
37  com.apple.Safari            0x0005c624 0x1000 + 374308


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list