Closed Bug 294984 Opened 19 years ago Closed 19 years ago

Crash on data URI with unclosed iframe

Tracking

()

Status:

VERIFIED FIXED

People

(Reporter: bzbarsky, Assigned: mrbkap)

References

(
URL
)

Details

Attachments

(1 file)

patch v1 19 years ago Blake Kaplan (:mrbkap) (inactive) 2.32 KB, patch	bzbarsky : review+ bzbarsky : superreview+ chofmann : approval1.8b2+	Details \| Diff \| Splinter Review

Boris Zbarsky [:bzbarsky]

Reporter

Description

•

19 years ago

The URL in the URL field crashes today's build quite reliably.

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 1

•

19 years ago

I suck. There's an early return in ConsumeStartTag that doesn't enforce the
invarients that I try to.

Assignee: parser → mrbkap

Flags: blocking1.8b2?

Blake Kaplan (:mrbkap) (inactive)

Assignee

Updated

•

19 years ago

Status: NEW → ASSIGNED

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 2

•

19 years ago

Attached patch patch v1 — Details — Splinter Review

The early return was causing us to not create the text token and end tag, so my
assumptions in CNavDTD were being violated. This patch fixes the early return.
Note that Consume[Parsed]CharacterData() is protected from this case and deals
properly.

Attachment #184145 - Flags: superreview?(bzbarsky)

Attachment #184145 - Flags: review?(bzbarsky)

Boris Zbarsky [:bzbarsky]

Reporter

Updated

•

19 years ago

Attachment #184145 - Flags: superreview?(bzbarsky)

Attachment #184145 - Flags: superreview+

Attachment #184145 - Flags: review?(bzbarsky)

Attachment #184145 - Flags: review+

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 3

•

19 years ago

Comment on attachment 184145 [details] [diff] [review]
patch v1

This fixes a recent crash regression.

Attachment #184145 - Flags: approval1.8b2?

Blake Kaplan (:mrbkap) (inactive)

Assignee

Updated

•

19 years ago

Severity: normal → critical

OS: Linux → All

Hardware: PC → All

chris hofmann

Comment 4

•

19 years ago

Comment on attachment 184145 [details] [diff] [review]
patch v1

a=chofmann

Attachment #184145 - Flags: approval1.8b2? → approval1.8b2+

Blake Kaplan (:mrbkap) (inactive)

Assignee

Comment 5

•

19 years ago

Fix checked in. Sorry for the inconvenience.

Status: ASSIGNED → RESOLVED

Closed: 19 years ago

Resolution: --- → FIXED

Blake Kaplan (:mrbkap) (inactive)

Assignee

Updated

•

19 years ago

Flags: blocking1.8b2?

Stephen Donner [:stephend] Not actively reading bugmail

Updated

•

19 years ago

QA Contact: mrbkap → technutz

Stephen Donner [:stephend] Not actively reading bugmail

Comment 6

•

19 years ago

Verified FIXED with build 2005-05-22-06 on Windows XP Seamonkey trunk.

Testcase: data:text/html,<iframe

Status: RESOLVED → VERIFIED

Boris Zbarsky [:bzbarsky]

Reporter

Updated

•

19 years ago

Depends on: 295520

Boris Zbarsky [:bzbarsky]

Reporter

Updated

•

19 years ago

No longer depends on: 295520

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Crash on data URI with unclosed iframe

Categories

(Core :: DOM: HTML Parser, defect)

Tracking

()

People

(Reporter: bzbarsky, Assigned: mrbkap)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Updated

Comment 3

Updated

Comment 4

Comment 5

Updated

Updated

Comment 6

Updated

Updated

Attachment

General

Description

File Name

Content Type