[Webkit-unassigned] [Bug 32316] New: WebCore::RenderObject::arenaDelete ExecAV@??? (292164e5b2ee939ff3ddf062439c2a3e)

Wed Dec 9 02:27:42 PST 2009

https://bugs.webkit.org/show_bug.cgi?id=32316

           Summary: WebCore::RenderObject::arenaDelete ExecAV@???
                    (292164e5b2ee939ff3ddf062439c2a3e)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: skylined at chromium.org
                CC: eric at webkit.org

Created an attachment (id=44526)
 --> (https://bugs.webkit.org/attachment.cgi?id=44526)
Repro

Id: 'WebCore::RenderObject::arenaDelete ExecAV@???
(292164e5b2ee939ff3ddf062439c2a3e)'
Description: 'Attempt to execute non-executable arbitrary memory @ 0x02DB8AFC
in WebCore::RenderObject::arenaDelete'
Stack:
  WebCore::RenderObject::arenaDelete
  WebCore::RenderObject::destroy
  WebCore::RenderInline::destroy
  WebCore::Node::detach
  WebCore::Element::detach
  WebCore::ContainerNode::removeChild
  WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks
  WebCore::HTMLParser::popBlock
  WebCore::HTMLParser::processCloseTag
  WebCore::HTMLParser::parseToken
  WebCore::HTMLTokenizer::processToken
  WebCore::HTMLTokenizer::parseTag
  WebCore::HTMLTokenizer::write
Repro:
  <blockQuote><ruby><i><noBR><form><input type=file></i>

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.