[Webkit-unassigned] [Bug 20401] New: String out of bounds segfault in WebCore/platform/text/String.cpp:608

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 15 07:42:24 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=20401

           Summary: String out of bounds segfault in
                    WebCore/platform/text/String.cpp:608
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: fhimpe at telenet.be


When starting up liferea with webkit gtk svn 35718 on Mandriva Linux Cooker
x86_64, it immediately crashes with this backtrace:

(gdb) bt
#0  0x00007fd945c80b30 in strlen () from /lib64/libc.so.6
#1  0x00007fd93e519006 in WebCore::String::fromUTF8 (
    string=0x61726f65685420 <Address 0x61726f65685420 out of bounds>)
    at WebCore/platform/text/String.cpp:608
#2  0x00007fd93e73a69a in WebCore::PluginPackage::fetchInfo (
    this=0x7fd93bd70000) at WebCore/plugins/gtk/PluginPackageGtk.cpp:78
#3  0x00007fd93e531294 in WebCore::PluginPackage::createPackage (
    path=@0x7fd93bd10168, lastModified=@0x7fff51b0cda8)
    at WebCore/plugins/PluginPackage.cpp:149
#4  0x00007fd93e52a660 in WebCore::PluginDatabase::refresh (
    this=0x7fd93bd3ce10) at WebCore/plugins/PluginDatabase.cpp:109
#5  0x00007fd93e52b3b3 in WebCore::PluginDatabase::installedPlugins ()
    at WebCore/plugins/PluginDatabase.cpp:44
#6  0x00007fd93e73982b in WebCore::PluginData::initPlugins (
    this=0x61726f65685420) at WebCore/plugins/gtk/PluginDataGtk.cpp:32
#7  0x00007fd93e527574 in PluginData (this=0x61726f65685420, 
    page=0x61726f65685420) at WebCore/plugins/PluginData.cpp:32
#8  0x00007fd93e4da5e8 in WebCore::Page::pluginData (this=0x7fd93bd0bea0)
    at WebCore/plugins/PluginData.h:49
#9  0x00007fd93e2e62e0 in WebCore::DOMImplementation::createDocument (
    type=@0x7fd93bd139a0, frame=0x7fd93bd0a1a0, 
    inViewSourceMode=<value optimized out>)
    at WebCore/dom/DOMImplementation.cpp:320
---Type <return> to continue, or q <return> to quit---
#10 0x00007fd93e450343 in WebCore::FrameLoader::begin (this=0x7fd93bd13848, 
    url=@0x7fd93bd139e8, dispatch=<value optimized out>, origin=0x0)
    at WebCore/loader/FrameLoader.cpp:935
#11 0x00007fd93e45ead2 in WebCore::FrameLoader::receivedFirstData (
    this=0x61726f65685420) at WebCore/loader/FrameLoader.cpp:868
#12 0x00007fd93e45ef74 in WebCore::FrameLoader::setEncoding (
    this=0x7fd93bd13848, name=@0x7fff51b0d210, userChosen=false)
    at WebCore/loader/FrameLoader.cpp:1853
#13 0x00007fd93e21dc81 in WebKit::FrameLoaderClient::committedLoad (
    this=0x7fd93bd12f00, loader=<value optimized out>, 
    data=0x7fd93bd8f400 "<?xml version=\"1.0\" encoding=\"utf-8\"?><!DOCTYPE
html PUBLIC \"-//W3C//DTD XHTML 1.0
Transitional//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html
xmlns=\"http://www.w3.org/1999/xhtm"..., length=6178) at
WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:179
#14 0x00007fd93e43a0bd in WebCore::DocumentLoader::commitLoad (
    this=0x7fd93bd3b100, 
    data=0x7fd93bd8f400 "<?xml version=\"1.0\" encoding=\"utf-8\"?><!DOCTYPE
html PUBLIC \"-//W3C//DTD XHTML 1.0
Transitional//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html
xmlns=\"http://www.w3.org/1999/xhtm"..., length=6178) at
WebCore/loader/DocumentLoader.cpp:355
#15 0x00007fd93e469f99 in WebCore::ResourceLoader::didReceiveData (
    this=0x7fd93bd77800, 
    data=0x7fd93bd8f400 "<?xml version=\"1.0\" encoding=\"utf-8\"?><!DOCTYPE
htm---Type <return> to continue, or q <return> to quit---
l PUBLIC \"-//W3C//DTD XHTML 1.0
Transitional//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n<html
xmlns=\"http://www.w3.org/1999/xhtm"..., length=6178, lengthReceived=6178,
allAtOnce=false)
    at WebCore/loader/ResourceLoader.cpp:251
#16 0x00007fd93e462f5e in WebCore::MainResourceLoader::didReceiveData (
    this=0x61726f65685420, 
    data=0x61726f65685420 <Address 0x61726f65685420 out of bounds>, 
    length=14409792, lengthReceived=0, allAtOnce=32)
    at WebCore/loader/MainResourceLoader.cpp:305
#17 0x00007fd93e464407 in
WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x7fd93bd77800,
contentPolicy=<value optimized out>, 
    r=<value optimized out>) at WebCore/loader/MainResourceLoader.cpp:248
#18 0x00007fd93e464826 in
WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x7fd93bd77800,
policy=WebCore::PolicyUse)
    at WebCore/loader/MainResourceLoader.cpp:265
#19 0x00007fd93e4638f3 in WebCore::MainResourceLoader::didReceiveResponse (
    this=0x7fd93bd77800, r=@0x7fff51b0d440)
    at WebCore/loader/MainResourceLoader.cpp:292
#20 0x00007fd93e464b7b in WebCore::MainResourceLoader::handleDataLoadNow (
    this=0x7fd93bd77800) at WebCore/loader/MainResourceLoader.cpp:361
#21 0x00007fd93e4f33aa in WebCore::TimerBase::fireTimers (
    fireTime=1218810674.186157, firingTimers=@0x7fff51b0d5d0)
    at WebCore/platform/Timer.cpp:347
---Type <return> to continue, or q <return> to quit---
#22 0x00007fd93e4f345e in WebCore::TimerBase::sharedTimerFired ()
    at WebCore/platform/Timer.cpp:368
#23 0x00007fd93e754c52 in timeout_cb ()
    at WebCore/platform/gtk/SharedTimerGtk.cpp:48
#24 0x00007fd945f9c9d2 in IA__g_main_context_dispatch (context=0xd42a80)
    at gmain.c:2072
#25 0x00007fd945fa016d in g_main_context_iterate (context=0xd42a80, block=1, 
    dispatch=1, self=<value optimized out>) at gmain.c:2705
#26 0x00007fd945fa069d in IA__g_main_loop_run (loop=0x12382f0) at gmain.c:2928
#27 0x00007fd94888cf97 in gtk_main () from /usr/lib64/libgtk-x11-2.0.so.0
#28 0x0000000000431cf0 in main (argc=1, argv=0x7fff51b0d918) at main.c:318


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list