[Webkit-unassigned] [Bug 84980] New: Random crashes in webkit if a compiler addresses C++ defect #391
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 26 11:44:58 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=84980
Summary: Random crashes in webkit if a compiler addresses C++
defect #391
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Critical
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: abaldeva at ea.com
The compiler I have addresses C++ core language defect 391 mentioned at http://www.open-std.org/jtc1/sc22/wg21/docs/cwg_defects.html#391
There is code in the webcore/dom/Element.cpp that is relying on the old behavior by keeping a reference to a temporary object (It works only if the reference was created by calling the copy ctor). If the compiler fixes the defect mentioned, following code becomes unsafe (results in random memory corruption).
line 661 - const AtomicString& localName = shouldIgnoreAttributeCase(this) ? name.lower() : name;
After changing the code as follows, the problem goes away (Basically, removing the reference).
const AtomicString localName = shouldIgnoreAttributeCase(this) ? name.lower() : name;
It is possible that there are other places in the code affected by the same bug.
Thanks.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list