[Webkit-unassigned] [Bug 17655] New: Reproducible crash calling querySelector on viewless Document
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 3 14:59:00 PST 2008
http://bugs.webkit.org/show_bug.cgi?id=17655
Summary: Reproducible crash calling querySelector on viewless
Document
Product: WebKit
Version: 525+ (Nightly build)
Platform: Macintosh
OS/Version: Mac OS X 10.5
Status: NEW
Keywords: NeedsRadar, ReviewedForRadar
Severity: Normal
Priority: P1
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mrowe at apple.com
After fixing the main crash reported on bug 17313, the original test case still
crashes. This is because a document is created via DOMParser.parseFromString
and is then queried with querySelectorAll. As the document is not attached to
any view it has no style selector, which leads to a null dereference.
Top of backtrace is as follows:
Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000000000e8
Crashed Thread: 0
Thread 0 Crashed:
0 com.apple.WebCore 0x00e3745a
WebCore::CSSStyleSelector::initElementAndPseudoState(WebCore::Element*) + 26
(CSSStyleSelector.cpp:535)
1 com.apple.WebCore 0x011192be
WebCore::Node::querySelector(WebCore::String const&, int&) + 542
(Node.cpp:1225)
2 com.apple.WebCore 0x01036aee
WebCore::jsDocumentPrototypeFunctionQuerySelector(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) + 142 (PassRefPtr.h:49)
3 com.apple.JavaScriptCore 0x00487228
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 696 (object.cpp:99)
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list