Closed Bug 185092 Opened 23 years ago Closed 22 years ago

Treewalker crashes on evil code

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
Other Branch
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: doronr, Assigned: sicking)

References

Details

The following evil (ie totally invalid) code crashes mozilla. Not sure if this is fixable, caillin and peterv said I should file a bug :) function doGetInnerText(){ var walker; var resultString = ""; function acceptNode(node) { resultString += node.nodeValue; walker.nextNode(); // ********EVIL CODE LINE************* return NodeFilter.FILTER_ACCEPT; }; walker = document.createTreeWalker(document.getElementById('myHTML'), NodeFilter.SHOW_TEXT, acceptNode, true); var node = walker.firstChild(); while (node) { node =walker.nextNode(); } alert(resultString); } Stack: nsScriptSecurityManager::CheckPropertyAccessImpl [c:/builds/seamonkey/mozilla/caps/src/nsScriptSecurityManager.cpp, line 605] nsScriptSecurityManager::CanAccess [c:/builds/seamonkey/mozilla/caps/src/nsScriptSecurityManager.cpp, line 2431] XPCWrappedNative::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 1685] XPC_WN_GetterSetter [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1316] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 841] js_InternalInvoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 932] js_GetProperty [c:/builds/seamonkey/mozilla/js/src/jsobj.c, line 2549] js_Interpret [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 2640] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 857] nsXPCWrappedJSClass::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1202] nsXPCWrappedJS::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 430] PrepareAndDispatch [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 117] SharedStub [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 139] nsTreeWalker::TestNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 598] nsTreeWalker::ChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 535] nsTreeWalker::FirstChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 319] nsTreeWalker::NextInDocumentOrderOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 405] nsTreeWalker::NextNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 269] XPTC_InvokeByIndex [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 106] XPCWrappedNative::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2018] XPC_WN_CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1284] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 841] js_Interpret [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 2804] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 857] nsXPCWrappedJSClass::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1202] nsXPCWrappedJS::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 430] PrepareAndDispatch [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 117] SharedStub [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 139] nsTreeWalker::TestNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 598] nsTreeWalker::ChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 535] nsTreeWalker::FirstChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 319] nsTreeWalker::NextInDocumentOrderOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 405] nsTreeWalker::NextNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 269] XPTC_InvokeByIndex [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 106] XPCWrappedNative::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2018] XPC_WN_CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1284] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 841] js_Interpret [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 2804] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 857] nsXPCWrappedJSClass::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1202] nsXPCWrappedJS::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 430] PrepareAndDispatch [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 117] SharedStub [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 139] nsTreeWalker::TestNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 598] nsTreeWalker::ChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 535] nsTreeWalker::FirstChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 319] nsTreeWalker::NextInDocumentOrderOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 405] nsTreeWalker::NextNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 269] XPTC_InvokeByIndex [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 106] XPCWrappedNative::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2018] XPC_WN_CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1284] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 841] js_Interpret [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 2804] js_Invoke [c:/builds/seamonkey/mozilla/js/src/jsinterp.c, line 857] nsXPCWrappedJSClass::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1202] nsXPCWrappedJS::CallMethod [c:/builds/seamonkey/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 430] PrepareAndDispatch [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 117] SharedStub [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 139] nsTreeWalker::TestNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 598] nsTreeWalker::ChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 535] nsTreeWalker::FirstChildOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 319] nsTreeWalker::NextInDocumentOrderOf [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 405] nsTreeWalker::NextNode [c:/builds/seamonkey/mozilla/content/base/src/nsTreeWalker.cpp, line 269] XPTC_InvokeByIndex [c:/builds/seamonkey/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 106]
Sicking ownz treewalker.
Assignee: anthonyd → bugmail
What happens here is that we recurse to death. I guess one way to fix it is to disallow calling the walker while the filter is being executed. A workaround in the meantime: DON'T FRICKIN' DO THAT! ;-)
works fine in IE, unacceptable ;p
oh, and you shouldn't do the resultString += node.nodeValue; inside the filter. The filter is only supposed to do filtering, nothing else. There is nothing that guerentees that the filterfunction is called in any perticular order or that it is only called once for each node. Instead do the loop something like: while (node) { resultString += node.nodeValue; node =walker.nextNode(); } DON'T MAKE ME COME OVER THERE ;-)
Fixed by bug 220408.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Component: DOM: Traversal-Range → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.