Closed Bug 746323 Opened 12 years ago Closed 12 years ago

Closing a tag and beginning a new one on the same line is crashing in View Source.

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Version:
11 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 742414

People

(Reporter: deadowlsurvivor, Unassigned)

Details

(Keywords: crash, reproducible)

Crash Data

Attachments

(1 file)

Testcase from comment#0
297 bytes, text/html
Details 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:11.0) Gecko/20100101 Firefox/11.0
Build ID: 20120310010757

Steps to reproduce:

To try to better manage whitespace, I started coding such that the following pattern occurred a lot.
m/\s*></
I tried to view source in Firefox to review my code. I am using the Ubuntu 11.04 distro, but I also had a co-worker reproduce this on his Windows 7 machine with Firefox. It's also valid tag markup according to some XML documentation I read, though I don't know how directly XML tag markup is related to HTML tag markup.

The source:
<!DOCTYPE html>
<html
	><head
		><meta
			http-equiv="Content-Type"
			content="text/html; charset=utf-8"
		/><script
			></script
		><script
			></script
		><script
			></script
		><script
			></script
		><title
			>Firefox Fail Test</title
		></head
	><body 
	></body
></html>


Actual results:

Firefox crashed, although if I reduce the number of "/\s*></", the size off the text in the source view merely increases following.


Expected results:

Firefox should show my source code as-is and not crash.
OS: Linux → All
bp-868ec539-6a7e-4a55-ac6c-96c102120417
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [@ nsHtml5TreeOpStage::MoveSpeculativeLoadsFrom(nsTArray<nsHtml5SpeculativeLoad, nsTArrayDefaultAllocator>&) ]
Component: Untriaged → HTML: Parser
Ever confirmed: true
Keywords: crash, reproducible
Product: Firefox → Core
QA Contact: untriaged → parser
Summary: Closing a tag and beginning a new one on the same line breaks Firefox's View Source. → Closing a tag and beginning a new one on the same line is crashing in View Source.
Henri, can you please take a look?  Looks like a null deref...
The fix is already in mozilla-inbound.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: