[Webkit-unassigned] [Bug 10061] REGRESSION: iExploder(263): Stack overflow (?) in CSS parser

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jan 21 02:55:41 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=10061


ap at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|                            |INVALID
             Status|NEW                         |RESOLVED




------- Comment #2 from ap at webkit.org  2007-01-21 02:55 PDT -------
MallocDebug is complaining about a large stack allocation, apparently performed
by bison with alloca(). This is not a regression - with release builds, the
debug message is not generated because the system malloc() is not called on
each allocation, and the stack abuse goes unnoticed.

Furthermore, there seems to be a safeguard against real stack overflow
somewhere - further increasing the number of braces makes the warning go away.

Since I cannot find any real issue related to this debug message, closing as
INVALID.

Here is a stack trace:

#3  0x9b230134 in MDprintf ()
#4  0x9b230f20 in getBacktrace ()
#5  0x9b234470 in MDmalloc ()
#6  0x0059a62c in WTF::fastMalloc (n=4) at
/Users/ap/WebKit/JavaScriptCore/wtf/FastMalloc.cpp:87
#7  0x01256ff4 in allocateHandle () at
/Users/ap/WebKit/WebCore/platform/DeprecatedString.cpp:91
#8  0x0125b2e0 in WebCore::DeprecatedString::DeprecatedString (this=0xbffed1b4,
unicode=0x6fd580, length=664) at
/Users/ap/WebKit/WebCore/platform/DeprecatedString.cpp:669
#9  0x011783c4 in WebCore::CSSParser::lex (this=0xbfffd838,
yylvalWithoutType=0xbfffc570) at
/Users/ap/WebKit/WebCore/css/cssparser.cpp:2951
#10 0x012e09ec in cssyylex (cssyylval=0xbfffc570) at CSSGrammar.y:156
#11 0x012e0e5c in cssyyparse (parser=0xbfffd838) at bison.simple:432
#12 0x01178a54 in WebCore::CSSParser::parseDeclaration (this=0xbfffd838,
declaration=0x6bc7a60, string=@0x6c0a960) at
/Users/ap/WebKit/WebCore/css/cssparser.cpp:298
#13 0x01393df0 in WebCore::CSSMutableStyleDeclaration::parseDeclaration
(this=0x6bc7a60, styleDeclaration=@0x6c0a960) at
/Users/ap/WebKit/WebCore/css/CSSMutableStyleDeclaration.cpp:507
#14 0x012eeb78 in WebCore::StyledElement::parseMappedAttribute (this=0x7291b60,
attr=0x6c0a950) at /Users/ap/WebKit/WebCore/dom/StyledElement.cpp:227
...


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list