[Webkit-unassigned] [Bug 42448] New: crash in JSC::UString::toUInt32(bool * ok, bool tolerateEmptyString=true)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 16 05:05:23 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=42448

           Summary: crash in JSC::UString::toUInt32(bool * ok, bool
                    tolerateEmptyString=true)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: stawel at gmail.com


I'm getting a crash in toUInt32(...) method.


in the trunk version (Revision 63120) the bug should still be present.

callstack:
>	QtWebKit4.dll!JSC::UString::toUInt32(bool * ok=0x0192a484, bool tolerateEmptyString=true)  Line 1488 + 0x20 bytes	C++
     QtWebKit4.dll!WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::ExecState * exec=0x13de0048, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 174    C++
     QtWebKit4.dll!JSC::JSValue::get(JSC::ExecState * exec=0x13de0048, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...})  Line 611 + 0xe3 bytes    C++
     QtWebKit4.dll!JSC::Interpreter::privateExecute(JSC::Interpreter::ExecutionFlag flag=Normal, JSC::RegisterFile * registerFile=0x03adcbf4, JSC::ExecState * callFrame=0x13de0048, JSC::JSValue * exception=0x0192af00)  Line 2081    C++
     msvcr80.dll!free(void * pBlock=0x0192af08)  Line 110    C
     QtWebKit4.dll!JSC::evaluate(JSC::ExecState * exec=0x03d5f298, JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...})  Line 62    C++
     QtWebKit4.dll!WebCore::evaluateInWorld(JSC::ExecState * exec=0x03ba1df8, JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode & sourceCode={...}, JSC::JSValue thisValue={...}, WebCore::DOMWrapperWorld * isolatedWorld=0x03ba1e30)  Line 834 + 0x27 
.
.
.

Output:
Unhandled exception at 0x019f540f (QtWebKit4.dll) in 2.dmp: 0xC0000090: Floating-point invalid operation.


The problem:
uint32_t UString::toUInt32(bool* ok, bool tolerateEmptyString) const
{
    double d = toDouble(false, tolerateEmptyString);
    bool b = true;

    if (d != static_cast<uint32_t>(d)) {         <------------- crash
        b = false;
        d = 0;
    }

    if (ok)
        *ok = b;

    return static_cast<uint32_t>(d);
}


the method toDouble() probably returned a "NaN" value
and the static_cast<uint32_t>(d) threw an error.


Best Regards

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list