[Webkit-unassigned] [Bug 80333] New: Crash while fuzzing.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 5 15:08:48 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=80333
Summary: Crash while fuzzing.
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebKit2
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: netfuzzer at gmail.com
CC: netfuzzer at gmail.com
Tested on Apple Safari 5.1.2
Windows XP SP3
Reproduce:
1. Open PoC.html
2. See the crash.
I'm trying to get the symbols but the http://developer.apple.com/internet/safari/windows_symbols, seems broke.
Can someone give me a help on this?
Stacktrace(Without symbols):
(e7c.e88): Access violation - code c0000005 (!!! second chance !!!)
eax=00000000 ebx=00000000 ecx=0012f488 edx=00000004 esi=7fed9b90 edi=00000000
eip=10261ded esp=0012f488 ebp=0012f4fc iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Arquivos de programas\Arquivos comuns\Apple\Apple Application Support\WebKit.dll -
WebKit!setUseOpenSourceWebKit+0x5452d:
10261ded 8b4314 mov eax,dword ptr [ebx+14h] ds:0023:00000014=????????
0:000> .exr -1
ExceptionAddress: 10261ded (WebKit!setUseOpenSourceWebKit+0x0005452d)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000014
Attempt to read from address 00000014
0:000> .lastevent
Last event: e7c.e88: Access violation - code c0000005 (!!! second chance !!!)
debugger time: Mon Mar 5 20:03:42.802 2012 (GMT-3)
0:000> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0012f4fc 10262c61 WebKit!setUseOpenSourceWebKit+0x5452d
0012f560 105e6263 WebKit!setUseOpenSourceWebKit+0x553a1
0012f5b0 1025fed7 WebKit!WKURLGetTypeID+0x225b3
0012f600 1025fea3 WebKit!setUseOpenSourceWebKit+0x52617
0012f658 1025fea3 WebKit!setUseOpenSourceWebKit+0x525e3
0012f6b0 10202378 WebKit!setUseOpenSourceWebKit+0x525e3
0012f73c 102037fd WebKit!WKDownloadGetTypeID+0x1fda8
0012f750 1020c841 WebKit!WKDownloadGetTypeID+0x2122d
0012f7a0 1020c127 WebKit!WKDownloadGetTypeID+0x2a271
0012f7d4 102013f0 WebKit!WKDownloadGetTypeID+0x29b57
0012f7fc 102014ef WebKit!WKDownloadGetTypeID+0x1ee20
0012f8b4 10205779 WebKit!WKDownloadGetTypeID+0x1ef1f
0012f938 1003993b WebKit!WKDownloadGetTypeID+0x231a9
0012f940 10031e08 WebKit!WKBundleBackForwardListGetTypeID+0x229b
0012f95c 7c910098 WebKit!WebKitMain+0x1be98
0012f968 7c910021 ntdll!RtlpFreeToHeapLookaside+0x22
0012fa34 78130000 ntdll!RtlFreeHeap+0x1e9
0012fa90 10060f1a MSVCR80!_initp_heap_handler <PERF> (MSVCR80+0x0)
00000000 00000000 WebKit!WKBundleRangeHandleGetTypeID+0x1696a
0:000> u
WebKit!setUseOpenSourceWebKit+0x5452d:
10261ded 8b4314 mov eax,dword ptr [ebx+14h]
10261df0 8b80b4070000 mov eax,dword ptr [eax+7B4h]
10261df6 50 push eax
10261df7 e86454f1ff call WebKit!WKGraphicsContextGetTypeID+0x7a50 (10177260)
10261dfc 5f pop edi
10261dfd 5e pop esi
10261dfe 5b pop ebx
10261dff 8be5 mov esp,ebp
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list