[Webkit-unassigned] [Bug 30827] Off-by-one hard-to-trigger memory corruption in CSSParser (seen only with GCC 4.4)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 27 13:18:45 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=30827
--- Comment #8 from Evan Martin <evan at chromium.org> 2009-10-27 13:18:45 PDT ---
Paste of the backtrace from that Chrome bug for the benefit of the WebKit guys:
0x01dcdb73 [chrome.dll - tokenizer.flex:21]
WebCore::CSSParser::lex()
0x01dccbe5 [chrome.dll - cssparser.cpp:4331]
WebCore::CSSParser::lex(void *)
0x01e74aa3 [chrome.dll - cssgrammar.cpp:2119] cssyyparse(void *)
0x01d86eca [chrome.dll - cssstylesheet.cpp:164]
WebCore::CSSStyleSheet::parseString(WebCore::String const &,bool)
0x01cbfd02 [chrome.dll - htmllinkelement.cpp:255]
WebCore::HTMLLinkElement::setCSSStyleSheet(WebCore::String const
&,WebCore::String const &,WebCore::CachedCSSStyleSheet const *)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list