Closed
Bug 188278
Opened 22 years ago
Closed 22 years ago
Mozilla crashes upon loading encoded text
Categories
(Core :: DOM: HTML Parser, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.3beta
People
(Reporter: raccettura, Assigned: harishd)
References
()
Details
(Keywords: hang, Whiteboard: [fix in hand])
Attachments
(1 file, 1 obsolete file)
781 bytes,
patch
|
hjtoi-bugzilla
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130 I wask working on a php script when I found out that the following string loaded by mozilla results in a crash (when not surrounded by any HTML). An example is the link I made. The script outputs ONLY the text below. r:o:b:e:r:t:&# Reproducible: Always Steps to Reproduce: 1. Load URL Actual Results: Mozilla hung. It took my system (Thinkpad 1.8GHz P4 w/512MB RAM) about 4 minutes to get the Task Manager open. Despite it didn't render completely, I was able to see that the Available system memory dropped down to 4000k, and the Paging file was off the chart. CPU wasn't to bad. But my hard drive was burning. My guess is there is a memory leak or something. Expected Results: Should have displayed output without stress.
Comment 1•22 years ago
|
||
confirming with todays win2k trunk build : NTDLL! 778cbc99() NTDLL! 778cbd4e() NTDLL! 778cbbb3() _heap_alloc_base(unsigned int 4912) line 200 _heap_alloc_dbg(unsigned int 4871, int 1, const char * 0x00000000, int 0) line 378 + 9 bytes _nh_malloc_dbg(unsigned int 4871, int 0, int 1, const char * 0x00000000, int 0) line 248 + 21 bytes malloc(unsigned int 4871) line 130 + 21 bytes PR_Malloc(unsigned int 4871) line 474 + 10 bytes PL_ArenaAllocate(PLArenaPool * 0x03b9865c, unsigned int 40) line 210 + 10 bytes nsFixedSizeAllocator::Alloc(unsigned int 40) line 128 + 73 bytes CToken::operator new(unsigned int 40, nsFixedSizeAllocator & {...}) line 128 nsTokenAllocator::CreateTokenOfType(eHTMLTokenTypes eToken_entity, nsHTMLTag eHTMLTag_entity) line 1362 + 14 bytes nsHTMLTokenizer::ConsumeEntity(unsigned short 38, CToken * & 0x00000000, nsScanner & {...}) line 846 + 15 bytes nsHTMLTokenizer::ConsumeToken(nsHTMLTokenizer * const 0x03baac58, nsScanner & {...}, int & 0) line 504 + 24 bytes nsParser::Tokenize(int 1) line 2545 + 26 bytes nsParser::ResumeParse(int 1, int 1, int 1) line 1772 + 31 bytes nsParser::OnStopRequest(nsParser * const 0x03b98634, nsIRequest * 0x039cce48, nsISupports * 0x00000000, unsigned int 0) line 2453 + 21 bytes nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x03aaac50, nsIRequest * 0x039cce48, nsISupports * 0x00000000, unsigned int 0) line 257 nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03a84048, nsIRequest * 0x039cce48, nsISupports * 0x00000000, unsigned int 0) line 66 nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x039cce4c, nsIRequest * 0x03aab5ac, nsISupports * 0x00000000, unsigned int 0) line 3020 nsOnStopRequestEvent::HandleEvent() line 213 nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x03ba4edc) line 116 PL_HandleEvent(PLEvent * 0x03ba4edc) line 663 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00ea6410) line 593 + 9 bytes _md_EventReceiverProc(HWND__ * 0x002e03aa, unsigned int 49372, unsigned int 0, long 15361040) line 1379 + 9 bytes USER32! 77e2a290() USER32! 77e045b1() USER32! 77e0a752() nsAppShellService::Run(nsAppShellService * const 0x00f70f78) line 472 main1(int 2, char * * 0x00276ac8, nsISupports * 0x00276b40) line 1543 + 32 bytes main(int 2, char * * 0x00276ac8) line 1904 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e8ca90()
Reporter | ||
Comment 2•22 years ago
|
||
Should also note bug 188366
Prevent the crash/hang by consuming the entity-look-alike ( &# )as text. That is, what we initially thought of as an entity is not really an entity and hence by returning the result NS_HTMLTOKENS_NOT_AN_ENTITY we consume the markup as text.
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [fix in hand]
Target Milestone: --- → mozilla1.3beta
Attachment #111089 -
Flags: superreview?(jst)
Attachment #111089 -
Flags: review?(heikki)
Attachment #111089 -
Flags: superreview?(jst)
Attachment #111089 -
Flags: review?(heikki)
Attachment #111090 -
Flags: superreview?(jst)
Attachment #111090 -
Flags: review?(heikki)
Attachment #111089 -
Attachment is obsolete: true
Updated•22 years ago
|
Attachment #111090 -
Flags: review?(heikki) → review+
Comment 5•22 years ago
|
||
Comment on attachment 111090 [details] [diff] [review] patch v1.1 sr=jst
Attachment #111090 -
Flags: superreview?(jst) → superreview+
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•