[Webkit-unassigned] [Bug 46695] [Qt] Invalid pointer access & incomplete memcmp in setUpIterator

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 28 01:00:55 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=46695





--- Comment #1 from Manuel Lazzari <manuel.lazzari at mirial.com>  2010-12-28 01:00:55 PST ---
I managed to verify problem (2) using debugging tool for windows and enabling global flags:

- page heap
- heap tail check
- heap free checking
- heap parameters checking
- heap validation on call

To reproduce the problem and have the program to crash you can simply start to type in an input field, delete all the input via backspace and type something else: when you start retyping the program crashes. 

Calls stack following:

5caf8f50 MSVCR90D!free+0x00000010
    10c9fe6d QtWebKitd4!WTF::fastFree+0x0000000d
    1008af7d QtWebKitd4!WTF::FastAllocBase::operator delete+0x0000001d
    1008af40 QtWebKitd4!WebCore::StringImpl::`scalar deleting destructor'+0x00000020
    1008aeef QtWebKitd4!WebCore::StringImpl::deref+0x0000003f
    1008aea1 QtWebKitd4!WTF::derefIfNotNull<WebCore::StringImpl>+0x00000011
    1008ae52 QtWebKitd4!WTF::RefPtr<WebCore::StringImpl>::~RefPtr<WebCore::StringImpl>+0x00000012
    1008ad5f QtWebKitd4!WebCore::String::~String+0x0000000f
    108e3d08 QtWebKitd4!WebCore::RenderText::~RenderText+0x00000038
    108e3848 QtWebKitd4!WebCore::RenderBR::~RenderBR+0x00000018
    108e3c9f QtWebKitd4!WebCore::RenderBR::`scalar deleting destructor'+0x0000000f
    1092df7b QtWebKitd4!WebCore::RenderObject::arenaDelete+0x0000013b
    1092de3b QtWebKitd4!WebCore::RenderObject::destroy+0x0000013b
    1095021a QtWebKitd4!WebCore::RenderText::destroy+0x000000ca
    1053b93f QtWebKitd4!WebCore::Node::detach+0x0000003f
    104e41d9 QtWebKitd4!WebCore::ContainerNode::detach+0x00000049
    1052241a QtWebKitd4!WebCore::Element::detach+0x0000003a
    104e3457 QtWebKitd4!WebCore::ContainerNode::removeChild+0x00000157
    1053a4da QtWebKitd4!WebCore::Node::remove+0x0000003a
    105e2a9f QtWebKitd4!WebCore::RemoveNodeCommand::doApply+0x0000008f
    105aafa8 QtWebKitd4!WebCore::EditCommand::apply+0x000000c8
    105959ff QtWebKitd4!WebCore::CompositeEditCommand::applyCommandToComposite+0x0000004f
    105964e4 QtWebKitd4!WebCore::CompositeEditCommand::removeNode+0x00000074
    10598988 QtWebKitd4!WebCore::CompositeEditCommand::removePlaceholderAt+0x00000048
    105d4f53 QtWebKitd4!WebCore::InsertTextCommand::input+0x00000463
    10601769 QtWebKitd4!WebCore::TypingCommand::insertTextRunWithoutNewlines+0x00000119

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list