Closed
Bug 280079
Opened 20 years ago
Closed 20 years ago
hang when webpage has missing ">" character in "</html>"
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: ptw, Assigned: mrbkap)
References
()
Details
(Keywords: hang, regression, testcase)
Attachments
(2 files)
14 bytes,
text/html
|
Details | |
1.41 KB,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050125 Firefox/1.0+ Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b) Gecko/20050125 Firefox/1.0+ I'v found libcgi.sf.net to crash my browser. Stripping down the site focused my attention to code, which tries to hang Firefox: <html></html Closing '>' character ich missing. Subtags or any other content of <html> does not have any matter. Reproducible: Always Steps to Reproduce: 1. Go to libcgi.sf.net website Actual Results: Firefox crashed.
Comment 1•20 years ago
|
||
Can you post Talkback ID "firefox/components/talkback/talkback" or a GDB stacktrace if you built Firefox yourself for this crash ? Firefox 1.0 on WinXP doesn't crash but doesn't show the source right: </html></<html> instead of </html perhaps because of bug 57717. Use http://web-sniffer.net/ to see the real HTML sent.
Keywords: crash,
stackwanted
different behavior on my mozilla 1.8a6 nightly build 2005011906 Win XP: while loading that url the browser hangs, nothing is being displayed, and there's no way to restore the control on mozilla but it doesn't crash. Task manager says the application is not responding and the cpu usage is at 99% (but memory usage is not growing). There's nothing that can be done other than to manually kill the mozilla process.
(In reply to comment #2) > different behavior on my mozilla 1.8a6 ops, i mean 1.8b Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050119
Comment 4•20 years ago
|
||
The testcase just consists of: <html> </html and that makes my 2004-01-27 trunk build become unresponsive taking 100% cpu.
Updated•20 years ago
|
Component: General → HTML: Parser
Product: Firefox → Core
Version: unspecified → Trunk
Updated•20 years ago
|
Assignee: firefox → parser
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: testcase
QA Contact: general → mrbkap
Comment 5•20 years ago
|
||
The bug does not occur in: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8a6) Gecko/20050111 Firefox/1.0+ But the bug does occur in: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b) Gecko/20050116 Firefox/1.0+ My guess is this is a regression from the fix for bug 274786.
Keywords: regression
Assignee | ||
Comment 6•20 years ago
|
||
Taking. I'll attach a patch in a couple of hours (I know what's causing this).
Assignee: parser → mrbkap
Assignee | ||
Comment 7•20 years ago
|
||
I missed an early return, so we were not adding the second token (and returning kEOF from ConsumeEndTag). This meant that when my last-ditch attempt to consume all content took effect, we were calling CTextToken::Consume() with the scanner already at the end of the document, the first thing that CTextToken::Consume() does is to set the position to one past the current, causing bad things to happen. I've added an assert to catch related problems (which shouldn't exist).
Assignee | ||
Updated•20 years ago
|
Attachment #172635 -
Flags: review?(jst)
Assignee | ||
Comment 8•20 years ago
|
||
Tweaking summary and keywords to reflect that this is a *hang*, not a crash. (I've also removed stackwanted since I know what's happening).
Summary: crash when webpage has missing ">" character in "</html>" → hang when webpage has missing ">" character in "</html>"
Assignee | ||
Comment 9•20 years ago
|
||
*** Bug 280564 has been marked as a duplicate of this bug. ***
Comment 10•20 years ago
|
||
Comment on attachment 172635 [details] [diff] [review] patch v1 r+sr=jst
Attachment #172635 -
Flags: superreview+
Attachment #172635 -
Flags: review?(jst)
Attachment #172635 -
Flags: review+
Assignee | ||
Comment 11•20 years ago
|
||
Fix checked in. Sorry for the inconvenience!
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Comment 12•20 years ago
|
||
*** Bug 280690 has been marked as a duplicate of this bug. ***
The testcase https://bugzilla.mozilla.org/attachment.cgi?id=172622 now works fine for me with build 2005-02-01-06 using Seamonkey trunk on Windows XP. Verified FIXED.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•