[Webkit-unassigned] [Bug 19519] DOM modification causes stack exhaustion (BUTTON OBJECT COLGROUP)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 12 21:17:57 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=19519
ap at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|Security-Sensitive |
CC| |ap at webkit.org
Component|New Bugs |Layout and Rendering
OS/Version|Windows Vista |All
Priority|P2 |P1
Platform|PC |All
------- Comment #1 from ap at webkit.org 2008-06-12 21:17 PDT -------
We don't treat denial of service attacks as security issues (unless the bugs
are exploitable for remote code execution), but reproducible crashes are P1.
On a local debug build, I'm hitting an assertion:
ASSERTION FAILED: beforeChild->parent()->isAnonymousBlock()
0 com.apple.WebCore 0x02b4b35d
WebCore::RenderBlock::addChildToFlow(WebCore::RenderObject*,
WebCore::RenderObject*) + 297 (RenderBlock.cpp:162)
See also: bug 19220.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list