RESOLVED FIXED 42643
Assertion failure when loading http://www.html5rocks.com 
https://bugs.webkit.org/show_bug.cgi?id=42643
Summary Assertion failure when loading http://www.html5rocks.com
Alexander Pavlov (apavlov)
Reported 2010-07-20 08:09:53 PDT
I'm observing a crash while loading certain HTML5 pages. www.html5rocks.com/ is one example. Unhandled exception at 0x571f3fee (WebKit.dll) in Safari.exe: 0xC0000005: Access violation writing location 0xbbadbeef. > WebKit.dll!WebCore::HTMLInputElement::rangeUnderflow() Line 348 + 0x87 bytes C++ WebKit.dll!WebCore::ValidityState::rangeUnderflow() Line 131 C++ WebKit.dll!WebCore::ValidityState::valid() Line 150 + 0x26 bytes C++ WebKit.dll!WebCore::HTMLFormControlElement::setNeedsValidityCheck() Line 338 + 0xf bytes C++ WebKit.dll!WebCore::HTMLInputElement::setInputType(const WebCore::String & t={...}) Line 895 C++ WebKit.dll!WebCore::HTMLInputElement::parseMappedAttribute(WebCore::Attribute * attr=0x07da56f8) Line 1112 + 0x18 bytes C++ WebKit.dll!WebCore::StyledElement::attributeChanged(WebCore::Attribute * attr=0x07da56f8, bool preserveDecls=false) Line 183 + 0x16 bytes C++ WebKit.dll!WebCore::Element::setAttribute(const WebCore::AtomicString & name={...}, const WebCore::AtomicString & value={...}, int & ec=0) Line 562 + 0x18 bytes C++ WebKit.dll!WebCore::jsElementPrototypeFunctionSetAttribute(JSC::ExecState * exec=0x078f0278) Line 1422 + 0x2c bytes C++
Attachments
Reduction (109 bytes, text/html)
2010-07-21 01:28 PDT, Kent Tamura 		no flags
Details
Patch (4.41 KB, patch)
2010-07-21 02:23 PDT, Kent Tamura 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Kent Tamura
Comment 1 2010-07-21 00:31:19 PDT
The assertion was added by http://trac.webkit.org/changeset/56242.
Kent Tamura
Comment 2 2010-07-21 01:28:12 PDT
Created attachment 62152 [details] Reduction
Kent Tamura
Comment 3 2010-07-21 02:23:32 PDT
Created attachment 62158 [details] Patch
Darin Adler
Comment 4 2010-07-21 08:02:07 PDT
Comment on attachment 62158 [details] Patch What about InputElement::updateValueIfNeeded? Is that function used anywhere?
Kent Tamura
Comment 5 2010-07-21 08:07:58 PDT
(In reply to comment #4) > (From update of attachment 62158 [details]) > What about InputElement::updateValueIfNeeded? Is that function used anywhere? Yes. It is used by InputElement::parsemaxLengthAttribute(). This call is harmless because maxLength doesn't affect to type=range. I'll refactor sanitization code in dom/InputElement and html/HTMLInputElement. They are confusing.
Darin Adler
Comment 6 2010-07-21 08:08:43 PDT
Retitled since an assertion failure is not a crash.
Kent Tamura
Comment 7 2010-07-21 20:09:14 PDT
Comment on attachment 62158 [details] Patch Clearing flags on attachment: 62158 Committed r63876: <http://trac.webkit.org/changeset/63876>
Kent Tamura
Comment 8 2010-07-21 20:09:25 PDT
All reviewed patches have been landed. Closing bug.
Alexey Proskuryakov
Comment 9 2010-07-22 16:38:40 PDT
*** Bug 42823 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.