Comment #55 on issue 23362 by [email protected]: glibc assert in
WebCore::CSSParser::~CSSParser() (double free) -- gcc 4.4-specific?
http://code.google.com/p/chromium/issues/detail?id=23362
How did you go?
I had some notes that I wanted to post (I imagine you've got further than
this
already):
UChar is a 16-bit type. That's why the |prefix| and |suffix| are copied in
for loops,
and |string| can be memcpy'd - String::characters() returns UChars.
Initially I
thought the bug was related to 16 bit/8 bit char confusion, but I don't
think this is
the case.
Attached is some info I got from observing the crash under gdb, while
running
valgrind. 0x102dfda6 was is the last byte in m_data, so yy_cp = 0x102dfda8
is the
location where the invalid write is happening.
Attachments:
valgrinding.log 2.0 KB
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
