Updates:
Labels: -Pri-2 Pri-1
Comment #2 on issue 23429 by [email protected]: XMLHttpRequest without
hostname leads to NULL pointer in chrome!v8::Value::IsString
http://code.google.com/p/chromium/issues/detail?id=23429
It seems to have more to do with recursive function calls using the
onreadystatechange event than with the hostname because I found that this
also causes
a (different) NULL pointer:
<SCRIPT>
loop();
function loop() {
var xml_http_request = new XMLHttpRequest();
xml_http_request.onreadystatechange = loop;
xml_http_request.open("", "x://x", false);
loop();
}
</SCRIPT>
Increasing priority because multiple flaws in the same area may indicate
that it's
implemented sub-optimally and that the code may have even worse issues.
Repro:
http://skypher.com/SkyLined/Repro/Chrome/Issue%2023429%20-
%20XMLHttpRequest%20without%20hostname%20leads%20to%20NULL%20pointer%20in%20chrome!v8
..Value..IsString/repro2.html
The NULL pointer is in WebCore::v8ValueToWebCoreString, stack:
Chrome!WebCore::v8ValueToWebCoreString+0x6
Chrome!WebCore::reportException+0x4e
Chrome!WebCore::V8AbstractEventListener::invokeEventHandler+0x106
Chrome!WebCore::V8AbstractEventListener::handleEvent+0xb6
Chrome!WebCore::EventTarget::fireEventListeners+0xf3
Chrome!WebCore::EventTarget::dispatchEvent+0x33
Chrome!WebCore::XMLHttpRequest::callReadyStateChangeListener+0x5c
Chrome!WebCore::XMLHttpRequest::changeState+0x19
Chrome!WebCore::XMLHttpRequest::open+0x23b
Chrome!WebCore::V8Custom::v8XMLHttpRequestOpenCallback+0x238
Chrome!v8::internal::Builtin_HandleApiCall+0x218
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
