[Webkit-unassigned] [Bug 35044] New: Crash in XML tokenizer

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 17 10:36:35 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=35044

           Summary: Crash in XML tokenizer
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: XML
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: simon.fraser at apple.com


While debugging some SVG entity issues, I've twice hit a crash in XMLTokenizer
because m_currentNode is null here:

#0  0x03e31619 in WebCore::Node::isTextNode (this=0x0) at Node.h:166
#1  0x047dfa10 in WebCore::XMLTokenizer::characters (this=0x1f6d4320,
s=0x2540a880 "\n    ", len=5) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/dom/XMLTokenizerLibxml2.cpp:903
#2  0x047e2ed5 in WebCore::PendingCallbacks::PendingCharactersCallback::call
(this=0x2540ad10, tokenizer=0x1f6d4320) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/dom/XMLTokenizerLibxml2.cpp:246
#3  0x047e0d57 in WebCore::PendingCallbacks::callAndRemoveFirstCallback
(this=0x1f6b33d0, tokenizer=0x1f6d4320) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/dom/XMLTokenizerLibxml2.cpp:188
#4  0x047dc303 in WebCore::XMLTokenizer::resumeParsing (this=0x1f6d4320) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/dom/XMLTokenizerLibxml2.cpp:1375
#5  0x047dbcfd in WebCore::XMLTokenizer::notifyFinished (this=0x1f6d4320,
unusedResource=0x81ff800) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/dom/XMLTokenizer.cpp:334
#6  0x03d4217c in WebCore::CachedScript::checkNotify (this=0x81ff800) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/loader/CachedScript.cpp:105
#7  0x03d42242 in WebCore::CachedScript::data (this=0x81ff800,
data=@0xbfffe3d0, allDataReceived=true) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/loader/CachedScript.cpp:95
#8  0x0440a46e in WebCore::Loader::Host::didFinishLoading (this=0xc94220,
loader=0x8437200) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/loader/loader.cpp:397
#9  0x0467c002 in WebCore::SubresourceLoader::didFinishLoading (this=0x8437200)
at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/loader/SubresourceLoader.cpp:184
#10 0x045daf5a in WebCore::ResourceLoader::didFinishLoading (this=0x8437200) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/loader/ResourceLoader.cpp:403
#11 0x045d7497 in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] (self=0x2055a3c0, _cmd=0x9344e564,
connection=0x20559180) at
/Volumes/InternalData/Development/WebKit/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:789
#12 0x906e9497 in -[NSURLConnection(NSURLConnectionReallyInternal)
sendDidFinishLoading] ()
#13 0x906e9403 in _NSURLConnectionDidFinishLoading ()
#14 0x91979ba4 in URLConnectionClient::_clientDidFinishLoading ()
#15 0x9197a8fa in
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
()
#16 0x9197abaa in
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
()
#17 0x91979370 in URLConnectionClient::processEvents ()
#18 0x91926d03 in MultiplexerSource::perform ()
#19 0x9183640f in CFRunLoopRunSpecific ()
#20 0x91836aa8 in CFRunLoopRunInMode ()
#21 0x93d542ac in RunCurrentEventLoopInMode ()
#22 0x93d53ffe in ReceiveNextEventCommon ()
#23 0x93d53f39 in BlockUntilNextEventMatchingListInMode ()
#24 0x959236d5 in _DPSNextEvent ()
#25 0x95922f88 in -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#26 0x0000c045 in ?? ()
#27 0x9591bf9f in -[NSApplication run] ()
#28 0x958e91d8 in NSApplicationMain ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list