[Webkit-unassigned] [Bug 20515] New: Crash upon parsing CSS: unicode-range: searchfield-cancel-buttonpt=-webkit-dashboard-region=

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 25 13:26:37 PDT 2008 

https://bugs.webkit.org/show_bug.cgi?id=20515

           Summary: Crash upon parsing CSS: unicode-range: searchfield-
                    cancel-buttonpt=-webkit-dashboard-region=
           Product: WebKit
           Version: 526+ (Nightly build)
          Platform: PC
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: robert.swiecki+wkbugs at gmail.com


Webkit: 35904

Crash on the following code:

<html>
<style>
body {
        unicode-range: searchfield-cancel-buttonpt=-webkit-dashboard-region=
}
</style>
</html>


Seems similar (according to the stacktrace) to
https://bugs.webkit.org/show_bug.cgi?id=20513

(994.de8): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=7fd225e0 ecx=00000000 edx=0012f65c esi=7fd52338 edi=00000000
eip=00b4f1c2 esp=0012f610 ebp=0012f8f4 iopl=0         nv up ei ng nz ac po cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000293
WebKit!WebCore::CSSStyleSelector::resolveVariablesForDeclaration+0xc3:
00b4f1c2 8b07            mov     eax,dword ptr [edi]  ds:0023:00000000=????????
0:000> kb
ChildEBP RetAddr  Args to Child              
0012f8f4 00aa2fa1 7fd22600 7fd225e0 0012f918
WebKit!WebCore::CSSStyleSelector::resolveVariablesForDeclaration+0xc3
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\css\cssstyleselector.cpp
@ 547]
0012f944 00796977 7fd22600 ffffffff 7fed8780
WebKit!WebCore::CSSStyleSelector::addMatchedDeclaration+0x315141
0012f968 00797785 0012f9a8 0012f9a4 7fd4e448
WebKit!WebCore::CSSStyleSelector::matchRules+0x127
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\css\cssstyleselector.cpp
@ 618]
0012f998 007902f4 7fd3f9b0 00000001 00000001
WebKit!WebCore::CSSStyleSelector::styleForElement+0x165
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\css\cssstyleselector.cpp
@ 1137]
0012f9ac 00791f9c 7fd4e448 7fd3f9b0 0012fa28
WebKit!WebCore::Element::styleForRenderer+0x14
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\dom\element.cpp
@ 672]
0012f9cc 00790bbb 7fe93320 7fd3f9b0 0076f0f0
WebKit!WebCore::Node::createRendererIfNeeded+0x5c
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\dom\node.cpp
@ 1015]
0012f9d8 0076f0f0 7ff0b800 0000000a 7ff9005c
WebKit!WebCore::Element::attach+0xb
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\dom\element.cpp
@ 718]
0012fa04 00769873 00000000 0012fa28 00000000
WebKit!WebCore::ContainerNode::appendChild+0xf0
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\dom\containernode.cpp
@ 574]
0012fa40 009387fd 7febf6a8 7fe91250 00938ec8
WebKit!WebCore::Document::implicitClose+0x283
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\dom\document.cpp
@ 1540]
0012fa4c 00938ec8 7fe91250 7ff0b82c 007ea32b
WebKit!WebCore::FrameLoader::checkCompleted+0x9d
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\loader\frameloader.cpp
@ 1295]
0012fa58 007ea32b 00000000 7fd3a428 00007f1e
WebKit!WebCore::FrameLoader::finishedParsing+0x28
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\loader\frameloader.cpp
@ 1243]
0012fa70 007e4f27 00c49174 0000001e 00007f1e
WebKit!WebCore::Document::finishedParsing+0x4b
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\dom\document.cpp
@ 3779]
0012fa94 007dc65e 7fd3a428 7fef6434 7fef6400
WebKit!WebCore::HTMLParser::finished+0xc7
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\html\htmlparser.cpp
@ 1538]
0012fab4 007f4a21 7fd3cc00 7febf6a8 7fe91250
WebKit!WebCore::HTMLTokenizer::end+0x12e
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\html\htmltokenizer.cpp
@ 1851]
0012fb08 00938e67 7fecca00 7febf6a8 00938b2b
WebKit!WebCore::HTMLTokenizer::finish+0x51
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\html\htmltokenizer.cpp
@ 1889]
0012fb14 00938b2b 7ff01a00 7fecca00 0486ca50
WebKit!WebCore::FrameLoader::endIfNotLoadingMainResource+0x47
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\loader\frameloader.cpp
@ 1076]
0012fb24 009f2243 7fd2c450 045abcf0 009f4e67
WebKit!WebCore::FrameLoader::finishedLoading+0x2b
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\loader\frameloader.cpp
@ 2914]
0012fb30 009f4e67 00944e11 7fd2c450 045abcf0
WebKit!WebCore::MainResourceLoader::didFinishLoading+0x23
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\loader\mainresourceloader.cpp
@ 321]
0012fb34 00944e11 7fd2c450 045abcf0 6a535f00
WebKit!WebCore::ResourceLoader::didFinishLoading+0x7
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\loader\resourceloader.cpp
@ 399]
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for
C:\Program Files\Safari\CFNetwork.dll - 
0012fb40 6a535f00 045abcf0 7fd2c450 0486ca50
WebKit!WebCore::didFinishLoading+0x21
[c:\cygwin\home\buildbot\slave\win32-release-archive\build\opensource\webcore\platform\network\cf\resourcehandlecfnet.cpp
@ 119]


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list