[Webkit-unassigned] [Bug 21797] New: Crash in CFHTTPCookieStorageCopy beneath WebCore::cookies() when running fast/dom/document-attribute-js-null.html and http/tests/security/cookies/create-document.html
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Oct 22 08:56:55 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=21797
Summary: Crash in CFHTTPCookieStorageCopy beneath
WebCore::cookies() when running fast/dom/document-
attribute-js-null.html and
http/tests/security/cookies/create-document.html
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: NEW
Keywords: LayoutTestFailure
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
To reproduce:
1. Run fast/dom/document-attribute-js-null.html or
http/tests/security/cookies/create-document.html
You'll crash in the call to CFHTTPCookieStorageCopy beneath WebCore::cookies().
The problem is that url is null. Here's the backtrace:
...CFNetwork frames elided...
> WebKit_debug.dll!WebCore::cookies(const WebCore::Document * __formal=0x023a88a0, const WebCore::KURL & url={ReadArbitraryDebuggeeMemory failed (impl->characters()) = 0x80004005}) Line 82 + 0x19 bytes C++
WebKit_debug.dll!WebCore::Document::cookie() Line 2886 + 0x16 bytes
C++
WebKit_debug.dll!WebCore::jsDocumentCookie(JSC::ExecState *
exec=0x03ba02a8, const JSC::Identifier & __formal={...}, const
JSC::PropertySlot & slot={...}) Line 330 + 0x10 bytes C++
WebKit_debug.dll!JSC::PropertySlot::getValue(JSC::ExecState *
exec=0x03ba02a8, const JSC::Identifier & propertyName={...}) Line 62 + 0x19
bytes C++
WebKit_debug.dll!JSC::JSValue::get(JSC::ExecState * exec=0x03ba02a8,
const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})
Line 465 + 0x14 bytes C++
WebKit_debug.dll!JSC::JSValue::get(JSC::ExecState * exec=0x03ba02a8,
const JSC::Identifier & propertyName={...}) Line 451 + 0x18 bytes C++
WebKit_debug.dll!JSC::Machine::cti_op_get_by_val(void * *
args=0x0012ead8) Line 5010 + 0x1b bytes C++
WebKit_debug.dll!JSC::Machine::cti_op_convert_this() + 0xff bytes
C++
WebKit_debug.dll!JSC::Machine::execute(JSC::FunctionBodyNode *
functionBodyNode=0x022d1270, JSC::ExecState * callFrame=0x0236b6dc,
JSC::JSFunction * function=0x02993d00, JSC::JSObject * thisObj=0x02990000,
const JSC::ArgList & args={...}, JSC::ScopeChainNode * scopeChain=0x023a9bc8,
JSC::JSValuePtr * exception=0x021ec91c) Line 993 + 0x26 bytes C++
WebKit_debug.dll!JSC::JSFunction::call(JSC::ExecState *
exec=0x0236b6dc, JSC::JSValuePtr thisValue={...}, const JSC::ArgList &
args={...}) Line 82 + 0x54 bytes C++
WebKit_debug.dll!JSC::call(JSC::ExecState * exec=0x0236b6dc,
JSC::JSValuePtr functionObject={...}, JSC::CallType callType=CallTypeJS, const
JSC::CallData & callData={...}, JSC::JSValuePtr thisValue={...}, const
JSC::ArgList & args={...}) Line 39 + 0x23 bytes C++
WebKit_debug.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event *
event=0x023abf00, bool isWindowEvent=true) Line 98 + 0x32 bytes C++
WebKit_debug.dll!WebCore::Document::handleWindowEvent(WebCore::Event *
evt=0x023abf00, bool useCapture=false) Line 2714 + 0x2e bytes C++
WebKit_debug.dll!WebCore::EventTargetNode::dispatchWindowEvent(WTF::PassRefPtr<WebCore::Event>
e={...}) Line 412 C++
WebKit_debug.dll!WebCore::EventTargetNode::dispatchWindowEvent(const
WebCore::AtomicString & eventType={...}, bool canBubbleArg=false, bool
cancelableArg=false) Line 420 C++
WebKit_debug.dll!WebCore::Document::implicitClose() Line 1581 C++
WebKit_debug.dll!WebCore::FrameLoader::checkCallImplicitClose() Line
1354 C++
WebKit_debug.dll!WebCore::FrameLoader::checkCompleted() Line 1309
C++
WebKit_debug.dll!WebCore::FrameLoader::finishedParsing() Line 1257
C++
WebKit_debug.dll!WebCore::Document::finishedParsing() Line 3837
C++
WebKit_debug.dll!WebCore::HTMLParser::finished() Line 1556 C++
WebKit_debug.dll!WebCore::HTMLTokenizer::end() Line 1854 C++
WebKit_debug.dll!WebCore::HTMLTokenizer::finish() Line 1894 C++
WebKit_debug.dll!WebCore::Document::finishParsing() Line 1723 + 0x15
bytes C++
WebKit_debug.dll!WebCore::FrameLoader::endIfNotLoadingMainResource()
Line 1085 C++
WebKit_debug.dll!WebCore::FrameLoader::end() Line 1063 C++
WebKit_debug.dll!WebCore::DocumentLoader::finishedLoading() Line 345
C++
WebKit_debug.dll!WebCore::FrameLoader::finishedLoading() Line 2976
C++
WebKit_debug.dll!WebCore::MainResourceLoader::didFinishLoading() Line
334 C++
WebKit_debug.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle
* __formal=0x0222b880) Line 398 + 0xf bytes C++
WebKit_debug.dll!WebCore::didFinishLoading(_CFURLConnection *
conn=0x0231a6e0, const void * clientInfo=0x0222b880) Line 119 + 0x1e bytes
C++
...CFNetwork frames elided...
user32.dll!_InternalCallWinProc at 20() + 0x28 bytes
user32.dll!_UserCallWinProcCheckWow at 32() + 0xb7 bytes
user32.dll!_DispatchMessageWorker at 8() + 0xdc bytes
user32.dll!_DispatchMessageW at 4() + 0xf bytes
DumpRenderTree_debug.exe!runTest(const char * pathOrURL=0x0012f6e8)
Line 751 + 0xc bytes C++
DumpRenderTree_debug.exe!main(int argc=2, char * * argv=0x01bf1208)
Line 1088 + 0xc bytes C++
DumpRenderTree_debug.exe!__tmainCRTStartup() Line 597 + 0x19 bytes
C
DumpRenderTree_debug.exe!mainCRTStartup() Line 414 C
kernel32.dll!_BaseProcessStart at 4() + 0x23 bytes
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list