[Webkit-unassigned] [Bug 32316] New: WebCore::RenderObject::arenaDelete ExecAV@??? (292164e5b2ee939ff3ddf062439c2a3e)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 9 02:27:42 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=32316
Summary: WebCore::RenderObject::arenaDelete ExecAV@???
(292164e5b2ee939ff3ddf062439c2a3e)
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Created an attachment (id=44526)
--> (https://bugs.webkit.org/attachment.cgi?id=44526)
Repro
Id: 'WebCore::RenderObject::arenaDelete ExecAV@???
(292164e5b2ee939ff3ddf062439c2a3e)'
Description: 'Attempt to execute non-executable arbitrary memory @ 0x02DB8AFC
in WebCore::RenderObject::arenaDelete'
Stack:
WebCore::RenderObject::arenaDelete
WebCore::RenderObject::destroy
WebCore::RenderInline::destroy
WebCore::Node::detach
WebCore::Element::detach
WebCore::ContainerNode::removeChild
WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks
WebCore::HTMLParser::popBlock
WebCore::HTMLParser::processCloseTag
WebCore::HTMLParser::parseToken
WebCore::HTMLTokenizer::processToken
WebCore::HTMLTokenizer::parseTag
WebCore::HTMLTokenizer::write
Repro:
<blockQuote><ruby><i><noBR><form><input type=file></i>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list