Changeset 49788 in webkit


Ignore:
Timestamp:
Oct 19, 2009 9:18:19 AM (14 years ago)
Author:
eric@webkit.org
Message:

2009-10-19 Dimitri Glazkov <Dimitri Glazkov>

Reviewed by Darin Adler.

Fix hard-to-reproduce crash in HTMLTokenizer by avoiding a rare
fastRealloc edge case.
https://bugs.webkit.org/show_bug.cgi?id=29313

No test, the crash shows up occasionally in crash dumps, we weren't able
to reproduce it locally.

  • html/HTMLTokenizer.cpp: (WebCore::HTMLTokenizer::enlargeScriptBuffer): Added an early exit to

avoid calling fastRealloc with the size of 0.

Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/WebCore/ChangeLog

    r49787 r49788  
     12009-10-19  Dimitri Glazkov  <dglazkov@chromium.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        Fix hard-to-reproduce crash in HTMLTokenizer by avoiding a rare
     6        fastRealloc edge case.
     7        https://bugs.webkit.org/show_bug.cgi?id=29313
     8
     9        No test, the crash shows up occasionally in crash dumps, we weren't able
     10        to reproduce it locally.
     11
     12        * html/HTMLTokenizer.cpp:
     13        (WebCore::HTMLTokenizer::enlargeScriptBuffer): Added an early exit to
     14            avoid calling fastRealloc with the size of 0.
     15
    1162009-10-19  Andrew Scherkus  <scherkus@chromium.org>
    217
  • trunk/WebCore/html/HTMLTokenizer.cpp

    r49394 r49788  
    19871987
    19881988    int newSize = m_scriptCodeCapacity + delta;
     1989    // If we allow fastRealloc(ptr, 0), it will call CRASH(). We run into this
     1990    // case if the HTML being parsed begins with "<!--" and there's more data
     1991    // coming.
     1992    if (!newSize) {
     1993        ASSERT(!m_scriptCode);
     1994        return;
     1995    }
     1996
    19891997    m_scriptCode = static_cast<UChar*>(fastRealloc(m_scriptCode, newSize * sizeof(UChar)));
    19901998    m_scriptCodeCapacity = newSize;
Note: See TracChangeset for help on using the changeset viewer.