[Webkit-unassigned] [Bug 16906] Crash below ResourceHandleManager::setupPOST when job->request().httpBody() is NULL
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 17 23:02:04 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=16906
mrowe at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Component|Web Template Framework |Page Loading
Ever Confirmed|0 |1
Keywords| |Curl
Summary|Crash in |Crash below
|JavaScriptCore/wtf/Vector.h |ResourceHandleManager::setup
| |POST when job-
| |>request().httpBody() is
| |NULL
------- Comment #3 from mrowe at apple.com 2008-01-17 23:02 PDT -------
This is unlikely to be a bug in Vector.
Frame 0 in the backtrace is:
#0 Vector (this=0xbfaad424, other=@0x8) at ../JavaScriptCore/wtf/Vector.h:513
which indicates a very low memory address, 0x8, is being passed to the copy
constructor of Vector.
Frame 1 in the backtrace is:
#1 0xb6421785 in WebCore::ResourceHandleManager::setupPOST (this=0x80d04a8,
job=0x868c688, headers=0xbfaad54c)
at ../WebCore/platform/network/curl/ResourceHandleManager.cpp:367
Line 367 of ResourceHandleManager.cpp is the following:
Vector<FormDataElement> elements = job->request().httpBody()->elements();
The httpBody() method of ResourceRequest returns a FormData*. If this return
value is 0, then retrieving the m_elements member of it will result in a very
small offset from 0, rather than a small offset from the address of the object.
The bug here is either that job->request().httpBody() is returning 0, or that
the code in setupPOST does not handle that case correctly.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list