[Webkit-unassigned] [Bug 55062] New: Crash beneath EditingDelegate::checkSpellingOfString when running fast/forms/input-text-maxlength.html on Windows with full page heap enabled
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 23 11:01:36 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=55062
Summary: Crash beneath EditingDelegate::checkSpellingOfString
when running fast/forms/input-text-maxlength.html on
Windows with full page heap enabled
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows XP
Status: NEW
Keywords: LayoutTestFailure, NeedsRadar, PlatformOnly
Severity: Normal
Priority: P2
Component: Tools / Tests
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: aroben at apple.com
CC: sfalken at apple.com
To reproduce:
1. gflags /p /enable dumprendertree.exe /full
2. run-webkit-tests fast/forms/input-text-maxlength.html
You'll crash inside isalpha beneath EditingDelegate::checkSpellingOfString. Looks like we're passing a non-ASCII character to isalpha, which isn't allowed. Here's the backtrace:
msvcr80.dll!_isalpha_l(int c=773, localeinfo_struct * plocinfo=0x00000000) Line 60 + 0x2b bytes C++
msvcr80.dll!isalpha(int c=773) Line 73 + 0xb bytes C++
DumpRenderTree.exe!wordLength(const wchar_t * text=0x0012dd5c) Line 368 + 0x19 bytes C++
> DumpRenderTree.exe!EditingDelegate::checkSpellingOfString(IWebView * view=0x08af6ee8, const wchar_t * text=0x1f712fec, int length=7, int * misspellingLocation=0x0012de0c, int * misspellingLength=0x0012de00) Line 414 + 0x1e bytes C++
WebKit.dll!WebEditorClient::checkSpellingOfString(const wchar_t * text=0x1f712fec, int length=7, int * misspellingLocation=0x0012de0c, int * misspellingLength=0x0012de00) Line 666 + 0x32 bytes C++
WebKit.dll!WebCore::TextCheckingHelper::findFirstMisspelling(int & firstMisspellingOffset=0, bool markAll=true, WTF::RefPtr<WebCore::Range> & firstMisspellingRange=0x00000000 {m_ownerDocument={...} m_start={...} m_end={...} }) Line 183 + 0x54 bytes C++
WebKit.dll!WebCore::TextCheckingHelper::markAllMisspellings(WTF::RefPtr<WebCore::Range> & firstMisspellingRange=0x00000000 {m_ownerDocument={...} m_start={...} m_end={...} }) Line 590 + 0x16 bytes C++
WebKit.dll!WebCore::Editor::markMisspellingsOrBadGrammar(const WebCore::VisibleSelection & selection={...}, bool checkSpelling=true, WTF::RefPtr<WebCore::Range> & firstMisspellingRange=0x00000000 {m_ownerDocument={...} m_start={...} m_end={...} }) Line 2199 C++
WebKit.dll!WebCore::Editor::markMisspellings(const WebCore::VisibleSelection & selection={...}, WTF::RefPtr<WebCore::Range> & firstMisspellingRange=0x00000000 {m_ownerDocument={...} m_start={...} m_end={...} }) Line 2227 C++
WebKit.dll!WebCore::Editor::markMisspellingsAndBadGrammar(const WebCore::VisibleSelection & spellingSelection={...}, bool markGrammar=false, const WebCore::VisibleSelection & grammarSelection={...}) Line 2514 C++
WebKit.dll!WebCore::Editor::respondToChangedSelection(const WebCore::VisibleSelection & oldSelection={...}, unsigned int options=3) Line 3537 C++
WebKit.dll!WebCore::SelectionController::setSelection(const WebCore::VisibleSelection & s={...}, unsigned int options=3, WebCore::SelectionController::CursorAlignOnScroll align=AlignCursorOnScrollIfNeeded, WebCore::TextGranularity granularity=CharacterGranularity, WebCore::DirectionalityPolicy directionalityPolicy=MakeDirectionalSelection) Line 191 C++
WebKit.dll!WebCore::SelectionController::clear() Line 955 + 0x19 bytes C++
WebKit.dll!WebCore::clearSelectionIfNeeded(WebCore::Frame * oldFocusedFrame=0x08d268a8, WebCore::Frame * newFocusedFrame=0x08d268a8, WebCore::Node * newFocusedNode=0x214e2f78) Line 347 C++
WebKit.dll!WebCore::FocusController::setFocusedNode(WebCore::Node * node=0x214e2f78, WTF::PassRefPtr<WebCore::Frame> newFocusedFrame={...}) Line 364 + 0x1b bytes C++
WebKit.dll!WebCore::Element::focus(bool restorePreviousSelection=true) Line 1508 + 0x24 bytes C++
WebKit.dll!WebCore::jsElementPrototypeFunctionFocus(JSC::ExecState * exec=0x131e0198) Line 1755 + 0x14 bytes C++
0ff737ce()
JavaScriptCore.dll!cti_vm_lazyLinkCall() Line 2031 + 0x1c bytes C++
JavaScriptCore.dll!JSC::Interpreter::execute(JSC::EvalExecutable * eval=0x22b7efa8, JSC::ExecState * callFrame=0x131e0088, JSC::JSObject * thisObj=0x13601020, int globalRegisterOffset=32, JSC::ScopeChainNode * scopeChain=0x22b74fe8) Line 1153 + 0x2b bytes C++
JavaScriptCore.dll!JSC::Interpreter::callEval(JSC::ExecState * callFrame=0x131e0088, JSC::RegisterFile * registerFile=0x11b31fcc, JSC::Register * argv=0x131e00c0, int argc=2, int registerOffset=15) Line 418 + 0x71 bytes C++
JavaScriptCore.dll!cti_op_call_eval(void * * args=0x0012e820) Line 3125 C++
JavaScriptCore.dll!@cti_op_create_this at 4() + 0x1cf bytes C++
JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x11b31fcc, JSC::ExecState * callFrame=0x131e0038, JSC::JSGlobalData * globalData=0x127b0e78) Line 77 + 0x22 bytes C++
JavaScriptCore.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x1f8e1fa8, JSC::ExecState * callFrame=0x1b8c6e78, JSC::ScopeChainNode * scopeChain=0x1b91cfe8, JSC::JSObject * thisObj=0x13601020) Line 780 + 0x25 bytes C++
JavaScriptCore.dll!JSC::evaluate(JSC::ExecState * exec=0x1b8c6e78, JSC::ScopeChain & scopeChain={...}, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 64 C++
WebKit.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec=0x1b8c6e78, JSC::ScopeChain & chain={...}, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}) Line 54 + 0x1d bytes C++
WebKit.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld * world=0x11b7cf20) Line 142 + 0x2f bytes C++
WebKit.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode={...}) Line 165 + 0x16 bytes C++
WebKit.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode={...}) Line 256 + 0x17 bytes C++
WebKit.dll!WebCore::ScriptElement::prepareScript(const WTF::TextPosition<WTF::OneBasedNumber> & scriptStartPosition={...}, WebCore::ScriptElement::LegacyTypeSupport supportLegacyTypes=DisallowLegacyTypeInTypeAttribute) Line 213 + 0x35 bytes C++
WebKit.dll!WebCore::HTMLScriptRunner::runScript(WebCore::Element * script=0x1f1bafa0, const WTF::TextPosition<WTF::OneBasedNumber> & scriptStartPosition={...}) Line 291 C++
WebKit.dll!WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element> scriptElement={...}, const WTF::TextPosition<WTF::OneBasedNumber> & scriptStartPosition={...}) Line 175 C++
WebKit.dll!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() Line 200 + 0x23 bytes C++
WebKit.dll!WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield, WebCore::PumpSession & session={...}) Line 211 + 0x8 bytes C++
WebKit.dll!WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield) Line 249 + 0x10 bytes C++
WebKit.dll!WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield) Line 171 C++
WebKit.dll!WebCore::HTMLDocumentParser::append(const WebCore::SegmentedString & source={...}) Line 338 C++
WebKit.dll!WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter * writer=0x175929c4, const char * data=0x1c2800b0, int length=3909, bool shouldFlush=false) Line 54 + 0x1f bytes C++
WebKit.dll!WebCore::DocumentWriter::addData(const char * str=0x1c2800b0, int len=3909, bool flush=false) Line 201 + 0x1f bytes C++
WebKit.dll!WebCore::DocumentLoader::commitData(const char * bytes=0x1c2800b0, int length=3909) Line 317 C++
WebKit.dll!WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader * loader=0x17592908, const char * data=0x1c2800b0, int length=3909) Line 499 C++
WebKit.dll!WebCore::DocumentLoader::commitLoad(const char * data=0x1c2800b0, int length=3909) Line 302 + 0x29 bytes C++
WebKit.dll!WebCore::DocumentLoader::receivedData(const char * data=0x1c2800b0, int length=3909) Line 329 C++
WebKit.dll!WebCore::MainResourceLoader::addData(const char * data=0x1c2800b0, int length=3909, bool allAtOnce=false) Line 159 C++
WebKit.dll!WebCore::ResourceLoader::didReceiveData(const char * data=0x1c2800b0, int length=3909, __int64 lengthReceived=3909, bool allAtOnce=false) Line 279 + 0x1b bytes C++
WebKit.dll!WebCore::MainResourceLoader::didReceiveData(const char * data=0x1c2800b0, int length=3909, __int64 lengthReceived=3909, bool allAtOnce=false) Line 444 C++
WebKit.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle * __formal=0x20264ff0, const char * data=0x1c2800b0, int length=3909, int lengthReceived=3909) Line 430 + 0x1f bytes C++
WebKit.dll!WebCore::didReceiveData(_CFURLConnection * conn=0x2273efe0, const __CFData * data=0x1c280090, long originalLength=3909, const void * clientInfo=0x20264ff0) + 0x2a bytes C++
CFNetwork.dll!URLConnectionClient::_clientDidReceiveData() + 0x4c bytes C++
CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload() C++
CFNetwork.dll!URLConnectionClient::processEvents() + 0x21 bytes C++
CFNetwork.dll!URLConnectionWndProc() C++
user32.dll!_InternalCallWinProc at 20() + 0x28 bytes
user32.dll!_UserCallWinProcCheckWow at 32() + 0xb7 bytes
user32.dll!_DispatchMessageWorker at 8() + 0xdc bytes
user32.dll!_DispatchMessageW at 4() + 0xf bytes
DumpRenderTree.exe!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & testPathOrURL="c:\Documents and Settings\Adam Roben\dev\WebKit\OpenSource\LayoutTests\fast\forms\input-text-maxlength.html") Line 1002 + 0xf bytes C++
DumpRenderTree.exe!main(int argc=2, char * * argv=0x07c57f98) Line 1379 + 0x28 bytes C++
DumpRenderTree.exe!__tmainCRTStartup() Line 597 + 0x17 bytes C
kernel32.dll!_BaseProcessStart at 4() + 0x23 bytes
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list