[Webkit-unassigned] [Bug 33759] New: [iexploder] DoS in Gtk/Qt port on painting text from test=81
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jan 16 07:12:39 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33759
Summary: [iexploder] DoS in Gtk/Qt port on painting text from
test=81
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Mac OS X 10.5
Status: NEW
Keywords: Qt
Severity: Normal
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: zecke at selfish.org
Created an attachment (id=46739)
--> (https://bugs.webkit.org/attachment.cgi?id=46739)
iexploder test=81.
In my case the test 81 is generating HTML that both Qt and Cairo do not manage
to render. The painting is blocked for several minutes before I cancel it.
A backtrace from Qt looks like this:
#0 0xb63fdbc1 in IntersectBB (a=..., b=...) at
/home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:616
#1 0xb6400959 in RecursivelyIntersect (a=<value optimized out>,
t0=0.12261581420898438, t1=0.12261962890625, deptha=<value optimized out>,
b=..., u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:739
#2 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>,
t0=0.12261199951171875, t1=0.12261962890625, deptha=<value optimized out>,
b=..., u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#3 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>,
t0=0.1226043701171875, t1=0.12261962890625, deptha=<value optimized out>,
b=..., u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#4 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>,
t0=0.122589111328125, t1=0.12261962890625, deptha=<value optimized out>, b=...,
u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#5 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>,
t0=0.12255859375, t1=0.12261962890625, deptha=<value optimized out>, b=...,
u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#6 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>,
t0=0.12255859375, t1=0.1226806640625, deptha=<value optimized out>, b=...,
u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#7 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>,
t0=0.12255859375, t1=0.122802734375, deptha=<value optimized out>, b=..., u0=0,
u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#8 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>,
t0=0.12255859375, t1=0.123046875, deptha=<value optimized out>, b=..., u0=0,
u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#9 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>,
t0=0.1220703125, t1=0.123046875, deptha=<value optimized out>, b=..., u0=0,
u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#10 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>, t0=0.12109375,
t1=0.123046875, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#11 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>, t0=0.12109375,
t1=0.125, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#12 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>, t0=0.1171875,
t1=0.125, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#13 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>, t0=0.109375,
t1=0.125, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#14 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>, t0=0.09375,
t1=0.125, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#15 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>, t0=0.0625,
t1=0.125, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#16 0xb6400a0c in RecursivelyIntersect (a=<value optimized out>, t0=0,
t1=0.125, deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6,
t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:748
#17 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>, t0=0, t1=0.25,
deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#18 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>, t0=0, t1=0.5,
deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#19 0xb64009a3 in RecursivelyIntersect (a=<value optimized out>, t0=0, t1=1,
deptha=<value optimized out>, b=..., u0=0, u1=1, depthb=-6, t=0xbfffa1cc)
at /home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:741
#20 0xb6400ca6 in QBezier::findIntersections (a=..., b=..., t=0xbfffa1cc) at
/home/ich/source/nokia/qt/src/gui/painting/qbezier.cpp:859
#21 0xb646f3c1 in QIntersectionFinder::intersectBeziers (this=0xbfffa26f,
one=..., two=..., t=..., intersections=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpathclipper.cpp:210
#22 0xb646fa80 in QIntersectionFinder::produceIntersections (this=0xbfffa26f,
segments=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpathclipper.cpp:482
#23 0xb64712cc in QWingedEdge::intersectAndAdd (this=0xbfffa2f0) at
/home/ich/source/nokia/qt/src/gui/painting/qpathclipper.cpp:710
#24 0xb6471abc in QWingedEdge (this=0xbfffa2f0, subject=..., clip=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpathclipper.cpp:796
#25 0xb6471e26 in QPathClipper::clip (this=0xbfffa3fc,
operation=QPathClipper::BoolAnd) at
/home/ich/source/nokia/qt/src/gui/painting/qpathclipper.cpp:1776
#26 0xb6461e44 in QPainterPath::intersected (this=0xbfffa4ec, p=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpainterpath.cpp:3189
#27 0xb650a6fe in QX11PaintEnginePrivate::fillPath (this=0x8199148, path=...,
gc_mode=QX11PaintEnginePrivate::PenGC, transform=true) at
/home/ich/source/nokia/qt/src/gui/painting/qpaintengine_x11.cpp:1738
#28 0xb650b5d3 in QX11PaintEngine::drawPath (this=0x80fcae8, path=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpaintengine_x11.cpp:1805
#29 0xb6459d6f in QPainter::drawPath (this=0xbfffd2ac, path=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpainter.cpp:3352
#30 0xb645c241 in QPainter::strokePath (this=0xbfffd2ac, path=..., pen=...) at
/home/ich/source/nokia/qt/src/gui/painting/qpainter.cpp:3264
#31 0xb79004a3 in WebCore::Font::drawComplexText(WebCore::GraphicsContext*,
WebCore::TextRun const&, WebCore::FloatPoint const&, int, int) const ()
from
/home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list