[Webkit-unassigned] [Bug 16127] New: Reproducible crash inside PCRE under guard malloc
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Nov 24 22:24:00 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=16127
Summary: Reproducible crash inside PCRE under guard malloc
Product: WebKit
Version: 525+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Major
Priority: P2
Component: JavaScriptCore
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mrowe at apple.com
Loading a JavaScript snippet containing the following regexp literal will cause
a crash under guard malloc:
/\)[;\s]+/
This leads to indexing off the end of an array. My reading of the PCRE 7.4
sources suggest that they also have this problem. I recall seeing valgrind
warnings in similar places when playing with it on Linux recently.
Steps to reproduce:
1) Save attachment as test.js.
2) DYLD_INSERT_LIBRARIES=/usr/lib/libgmalloc.dylib
DYLD_FRAMEWORK_PATH=WebKitBuild/Debug ./WebitBuild/Debug/testkjs test.js
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list