[Webkit-unassigned] [Bug 24883] New: Bad success test in parseXMLDocumentFragment in XMLTokenizerLibxml2.cpp
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Mar 27 06:50:56 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=24883
Summary: Bad success test in parseXMLDocumentFragment in
XMLTokenizerLibxml2.cpp
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: kai at granus.net
parseXMLDocumentFragment in XMLTokenizerLibxml2.cpp contains the following
clause:
if (bytesProcessed == -1 || ((unsigned long)bytesProcessed) ==
sizeof(UChar) * chunk.length())
return false;
The second term probably meant to test for !=. As it stands, this term almost
never evaluates to true due to a second mistake: 'chunk' is UTF8, therefore
multiplying with sizeof(UChar) is wrong.
I hit a case in which the term evaluates to true and thereby makes the function
fail: if 'chunk' contains a single non breaking space (or any other character
which use two bytes in UTF8).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list