[Webkit-unassigned] [Bug 80333] New: Crash while fuzzing.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 5 15:08:48 PST 2012


https://bugs.webkit.org/show_bug.cgi?id=80333

           Summary: Crash while fuzzing.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit2
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: netfuzzer at gmail.com
                CC: netfuzzer at gmail.com


Tested on Apple Safari 5.1.2
Windows XP SP3 

Reproduce:
1. Open PoC.html
2. See the crash.

I'm trying to get the symbols but the http://developer.apple.com/internet/safari/windows_symbols, seems broke.
Can someone give me a help on this?

Stacktrace(Without symbols):

(e7c.e88): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=00000000 ecx=0012f488 edx=00000004 esi=7fed9b90 edi=00000000
eip=10261ded esp=0012f488 ebp=0012f4fc iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit.dll - 
WebKit!setUseOpenSourceWebKit+0x5452d:
10261ded 8b4314          mov     eax,dword ptr [ebx+14h] ds:0023:00000014=????????
0:000> .exr -1
ExceptionAddress: 10261ded (WebKit!setUseOpenSourceWebKit+0x0005452d)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000014
Attempt to read from address 00000014
0:000> .lastevent
Last event: e7c.e88: Access violation - code c0000005 (!!! second chance !!!)
  debugger time: Mon Mar  5 20:03:42.802 2012 (GMT-3)
0:000> k
ChildEBP RetAddr  
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f4fc 10262c61 WebKit!setUseOpenSourceWebKit+0x5452d
0012f560 105e6263 WebKit!setUseOpenSourceWebKit+0x553a1
0012f5b0 1025fed7 WebKit!WKURLGetTypeID+0x225b3
0012f600 1025fea3 WebKit!setUseOpenSourceWebKit+0x52617
0012f658 1025fea3 WebKit!setUseOpenSourceWebKit+0x525e3
0012f6b0 10202378 WebKit!setUseOpenSourceWebKit+0x525e3
0012f73c 102037fd WebKit!WKDownloadGetTypeID+0x1fda8
0012f750 1020c841 WebKit!WKDownloadGetTypeID+0x2122d
0012f7a0 1020c127 WebKit!WKDownloadGetTypeID+0x2a271
0012f7d4 102013f0 WebKit!WKDownloadGetTypeID+0x29b57
0012f7fc 102014ef WebKit!WKDownloadGetTypeID+0x1ee20
0012f8b4 10205779 WebKit!WKDownloadGetTypeID+0x1ef1f
0012f938 1003993b WebKit!WKDownloadGetTypeID+0x231a9
0012f940 10031e08 WebKit!WKBundleBackForwardListGetTypeID+0x229b
0012f95c 7c910098 WebKit!WebKitMain+0x1be98
0012f968 7c910021 ntdll!RtlpFreeToHeapLookaside+0x22
0012fa34 78130000 ntdll!RtlFreeHeap+0x1e9
0012fa90 10060f1a MSVCR80!_initp_heap_handler <PERF> (MSVCR80+0x0)
00000000 00000000 WebKit!WKBundleRangeHandleGetTypeID+0x1696a
0:000> u
WebKit!setUseOpenSourceWebKit+0x5452d:
10261ded 8b4314          mov     eax,dword ptr [ebx+14h]
10261df0 8b80b4070000    mov     eax,dword ptr [eax+7B4h]
10261df6 50              push    eax
10261df7 e86454f1ff      call    WebKit!WKGraphicsContextGetTypeID+0x7a50 (10177260)
10261dfc 5f              pop     edi
10261dfd 5e              pop     esi
10261dfe 5b              pop     ebx
10261dff 8be5            mov     esp,ebp

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list