[Webkit-unassigned] [Bug 56699] inspector/console tests sometimes crash in JSC::Lexer::setOffset on Windows XP Debug (Tests)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 1 09:10:44 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=56699
Adam Roben (:aroben) <aroben at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group| |Security-Sensitive
--- Comment #7 from Adam Roben (:aroben) <aroben at apple.com> 2011-04-01 09:10:44 PST ---
We're crashing on this line:
FAULTING_SOURCE_CODE:
70: void setOffset(int offset)
71: {
72: m_error = 0;
73: m_code = m_codeStart + offset;
> 74: m_current = *m_code;
75: m_buffer8.resize(0);
76: m_buffer16.resize(0);
77: if (UNLIKELY(m_code == m_codeEnd))
78: m_current = -1;
79: }
At this point, m_code is equal to m_codeEnd. So we're dereferencing off the end of the code buffer.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list