[Webkit-unassigned] [Bug 45074] Adding a new issue template in code.google.com crashes in HTMLElementStack::popUntil()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Sep 1 17:36:07 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=45074


Eric Seidel <eric at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |abarth at webkit.org




--- Comment #1 from Eric Seidel <eric at webkit.org>  2010-09-01 17:36:07 PST ---
Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000008
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x0000000100f8262c WebCore::HTMLElementStack::popUntil(WTF::AtomicString const&) + 28
1   com.apple.WebCore                   0x0000000100f82661 WebCore::HTMLElementStack::popUntilPopped(WTF::AtomicString const&) + 17
2   com.apple.WebCore                   0x0000000100fdd82e WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&) + 2270
3   com.apple.WebCore                   0x0000000100fe1385 WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) + 37
4   com.apple.WebCore                   0x0000000100f70a83 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 131
5   com.apple.WebCore                   0x0000000100f71a89 WebCore::HTMLDocumentParser::insert(WebCore::SegmentedString const&) + 121
6   com.apple.WebCore                   0x0000000100f70803 WebCore::HTMLDocumentParser::parseDocumentFragment(WTF::String const&, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 227
7   com.apple.WebCore                   0x0000000100f7b839 WebCore::createFragmentFromSource(WTF::String const&, WebCore::Element*, int&) + 185
8   com.apple.WebCore                   0x0000000100f7c122 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 210
9   com.apple.WebCore                   0x00000001011d2890 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 64
10  com.apple.WebCore                   0x00000001011d513a WebCore::JSHTMLElement::put(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 186
11  com.apple.WebCore                   0x0000000101230565 WebCore::JSHTMLSelectElement::put(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 149
12  com.apple.JavaScriptCore            0x0000000100825de4 cti_op_put_by_id + 100
13  ???                                 0x00003e2b8218f040 0 + 68356587188288
14  com.apple.JavaScriptCore            0x00000001007e5b88 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 888

We just need a reduction. :)  I suspect this is a parser bug.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list