Closed
Bug 536097
Opened 15 years ago
Closed 14 years ago
[HTML5][Patch] spinning in nsHtml5TreeBuilder::startTag()?
Categories
(Core :: DOM: HTML Parser, defect, P1)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jrmuizel, Assigned: hsivonen)
Details
Attachments
(2 files, 1 obsolete file)
|
1.18 KB,
patch
|
Details | Diff | Splinter Review | |
|
886 bytes,
patch
|
jrmuizel
:
review+
|
Details | Diff | Splinter Review |
I think this has happened to me a couple of times and seems related to using facebook. Shark gives a call stack of: 98.3% 98.3% nsHtml5TreeBuilder::startTag(nsHtml5ElementName*, nsHtml5HtmlAttributes*, int) 0.0% 98.3% nsHtml5Tokenizer::emitCurrentTagToken(int, int) 0.0% 98.3% nsHtml5Tokenizer::stateLoop(int, unsigned short, int, unsigned short*, int, int, int) 0.0% 98.3% nsHtml5Tokenizer::tokenizeBuffer(nsHtml5UTF16Buffer*) 0.0% 98.3% nsHtml5StreamParser::ParseAvailableData() 0.0% 98.3% nsHtml5StreamParserContinuation::Run() 0.0% 98.3% nsThread::ProcessNextEvent(int, int*) 0.0% 98.3% NS_ProcessNextEvent_P(nsIThread*, int)
|
Assignee | |
Comment 1•15 years ago
|
||
Do you mean spinning as in infinite loop or spinning that eventually stops?
|
|
Assignee | |
Updated•15 years ago
|
Priority: -- → P1
|
Reporter | |
Comment 2•15 years ago
|
||
I've never seen it stop, but I haven't waited more than a couple minutes.
|
|
Assignee | |
Comment 3•15 years ago
|
||
For now, I'll assume this is an infinite loop, because finite but long spinning in that method makes no sense.
|
|
Assignee | |
Updated•15 years ago
|
|
|
Reporter | |
Comment 4•15 years ago
|
||
Happened again when logging out of facebook. Same stack.
|
|
Reporter | |
Comment 5•15 years ago
|
||
Here's a reproducible, though not minimal, test case: http://people.mozilla.org/~jmuizelaar/html5/600.html The test case comes from an ad iframe on facebook.
|
|
Assignee | |
Updated•15 years ago
|
Keywords: testcase-wanted
|
|
Assignee | |
Comment 6•15 years ago
|
||
Oops sorry about the keyword. Great to have a test case already!
Keywords: testcase-wanted
|
|
Assignee | |
Comment 7•15 years ago
|
||
The test case doesn't appear to spin in startTag but instead it returns to the event loop without completing the load.
|
|
Reporter | |
Comment 8•15 years ago
|
||
It still spins in startTag for me and Joe Drew with trunk. I can try to reduce the test case further if it doesn't work for you.
|
|
Reporter | |
Comment 9•14 years ago
|
||
I've reduced the test case at http://people.mozilla.org/~jmuizelaar/html5/600.html further. The problem seems related to document.write()
|
|
Assignee | |
Comment 10•14 years ago
|
||
The problem here is that the tokenizer emits a start tag token for iframe when the tree builder is in the NS_HTML5TREE_BUILDER_TEXT mode. It should be impossible for the tokenizer to emit a start tag token in that case. The document.write()-related state choreography must be faulty somehow.
|
|
Assignee | |
Comment 11•14 years ago
|
||
Assignee: nobody → hsivonen
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 12•14 years ago
|
||
Attachment #431849 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 13•14 years ago
|
||
Thanks for catching this!
Attachment #431866 -
Flags: review?(jmuizelaar)
|
|
Assignee | |
Updated•14 years ago
|
Flags: in-testsuite?
Summary: [HTML5] spinning in nsHtml5TreeBuilder::startTag()? → [HTML5][Patch] spinning in nsHtml5TreeBuilder::startTag()?
|
|
Reporter | |
Updated•14 years ago
|
Attachment #431866 -
Flags: review?(jmuizelaar) → review+
|
|
Assignee | |
Comment 14•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/d2dfc88b95d0 http://hg.mozilla.org/mozilla-central/rev/6ff8448d081e
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Flags: in-testsuite? → in-testsuite+
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•