[Webkit-unassigned] [Bug 49331] chrome.dll!WebCore::SVGLengthInternal::valueInSpecifiedUnitsAttrGetter ReadAV at NULL (4cf97a4f3ebe8006a2f5ffcc5bc10aeb)

Wed Nov 10 11:23:32 PST 2010

https://bugs.webkit.org/show_bug.cgi?id=49331


--- Comment #2 from SkyLined <skylined at chromium.org>  2010-11-10 11:23:32 PST ---
Created an attachment (id=73518)
 --> (https://bugs.webkit.org/attachment.cgi?id=73518&action=review)
Repro that causes memory corruption

Attached is a less reduced repro that clearly shows memory corruption:
Total runs: 10 in 70 seconds.
Application always crashed
Crashes found:
     1 * chrome.dll!UserScriptSlave::InjectScripts ReadAV at Arbitrary (71775ecbf4044267a332d6599baf2140)
        Security: Attempt to read from unallocated arbitrary memory @ 0x63F00000 in chrome.dll!UserScriptSlave::InjectScripts
     6 * chrome.dll!WTF::HashTableConstIterator<...>::skipEmptyBuckets ReadAV at NULL (579c0460b1440b111006318660e37f93)
        Attempt to read from unallocated NULL pointer in chrome.dll!WTF::HashTableConstIterator<...>::skipEmptyBuckets
     1 * chrome.dll!WebCore::SVGPointInternal::matrixTransformCallback ExecAV at Arbitrary (1eaca1a96ee24ae6ad2a72f1bdf9bc9d)
        Security: Attempt to execute non-executable arbitrary memory @ 0x054E2740 in chrome.dll!WebCore::SVGPointInternal::matrixTransformCallback
     1 * chrome.dll!WebCore::SVGPointInternal::matrixTransformCallback ExecAV at Arbitrary (90ec5bffff13d6ca587e31fbdb4f35df)
        Security: Attempt to execute non-executable arbitrary memory @ 0x01215640 in chrome.dll!WebCore::SVGPointInternal::matrixTransformCallback
     1 * chrome.dll!WebCore::V8SVGNumberList::derefObject ExecAV at Arbitrary (57bae9f6d936615d0a358043cd182b82)
        Security: Attempt to execute non-executable arbitrary memory @ 0x00C254E0 in chrome.dll!WebCore::V8SVGNumberList::derefObject

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.