Summary: | Konqueror crash when loading an invalid style element | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Emmanuel Surleau <emmanuel.surleau> |
Component: | general | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED DUPLICATE | ||
Severity: | crash | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: | |||
Attachments: | HTML test case. |
Description
Emmanuel Surleau
2009-02-01 22:05:15 UTC
Maybe someone can change the type of the bug to "crash"? Created attachment 30841 [details]
HTML test case.
This HTML file makes konqueror crash. Fixing the CSS rules in the style element prevents the crash.
Can confirm; I think I saw something related reported earlier... ==16324== Invalid read of size 2 ==16324== at 0xB6A2790: DOM::CSSParser::lex() (tokenizer.cpp:723) ==16324== by 0xB6A3C24: DOM::CSSParser::lex(void*) (cssparser.cpp:2572) ==16324== by 0xB6CD059: cssyyparse(void*) (parser.cpp:356) ==16324== by 0xB6A33A1: DOM::CSSParser::runParser(int) (cssparser.cpp:166) ==16324== by 0xB6A39EF: DOM::CSSParser::parseSheet(DOM::CSSStyleSheetImpl*, DOM::DOMString const&) (cssparser.cpp:184) ==16324== by 0xB68B94B: DOM::CSSStyleSheetImpl::parseString(DOM::DOMString const&, bool) (css_stylesheetimpl.cpp:286) ==16324== by 0xB5ACE67: DOM::HTMLStyleElementImpl::parseText() (html_headimpl.cpp:666) ==16324== by 0xB553236: DOM::NodeBaseImpl::addChild(DOM::NodeImpl*) (dom_nodeimpl.cpp:1709) ==16324== by 0xB593896: khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (htmlparser.cpp:415) ==16324== by 0xB596565: khtml::KHTMLParser::parseToken(khtml::Token*) (htmlparser.cpp:303) ==16324== by 0xB596EDB: khtml::HTMLTokenizer::processToken() (htmltokenizer.cpp:2053) ==16324== by 0xB59DD0D: khtml::HTMLTokenizer::parseSpecial(khtml::TokenizerString&) (htmltokenizer.cpp:370) ==16324== Address 0x6353eee is 0 bytes after a block of size 422 alloc'd ==16324== at 0x4025D2E: malloc (vg_replace_malloc.c:207) ==16324== by 0xB6A39AF: DOM::CSSParser::parseSheet(DOM::CSSStyleSheetImpl*, DOM::DOMString const&) (cssparser.cpp:178) ==16324== by 0xB68B94B: DOM::CSSStyleSheetImpl::parseString(DOM::DOMString const&, bool) (css_stylesheetimpl.cpp:286) ==16324== by 0xB5ACE67: DOM::HTMLStyleElementImpl::parseText() (html_headimpl.cpp:666) ==16324== by 0xB553236: DOM::NodeBaseImpl::addChild(DOM::NodeImpl*) (dom_nodeimpl.cpp:1709) ==16324== by 0xB593896: khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (htmlparser.cpp:415) ==16324== by 0xB596565: khtml::KHTMLParser::parseToken(khtml::Token*) (htmlparser.cpp:303) ==16324== by 0xB596EDB: khtml::HTMLTokenizer::processToken() (htmltokenizer.cpp:2053) ==16324== by 0xB59DD0D: khtml::HTMLTokenizer::parseSpecial(khtml::TokenizerString&) (htmltokenizer.cpp:370) ==16324== by 0xB59FEC0: khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) (htmltokenizer.cpp:1558) ==16324== by 0xB5A15C5: khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) (htmltokenizer.cpp:1807) ==16324== by 0xB4D6AF6: KHTMLPart::write(char const*, int) (khtml_part.cpp:2080) *** This bug has been marked as a duplicate of bug 167318 *** |