Too many nested tags cause Firefox to crash

RESOLVED DUPLICATE of bug 485941

Status

()

Core
XML
RESOLVED DUPLICATE of bug 485941
3 years ago
3 years ago

People

(Reporter: ghuysmans99, Unassigned)

Tracking

33 Branch
x86_64
Windows 8.1
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

3 years ago
Created attachment 8523471 [details]
Shortest XML crashing the parser

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 20141106120505

Steps to reproduce:

Open the enclosed file. Tested with Firefox (32-bit on Windows 8.1 x64)


Actual results:

Firefox crashes.


Expected results:

Maybe Firefox should have displayed an error message about a maximum depth...
(Reporter)

Comment 1

3 years ago
I don't know whether this bug could be exploited, so I marked it as critical (sorry for the inconvenience if it can't).
The HTML parser caps the depth.

Pretty sure we have existing bugs for this for the XML parser, and pretty sure this just leads to a stack overflow recursing down the tree, which is not exploitable...
(Reporter)

Comment 3

3 years ago
Created attachment 8523472 [details]
Bisection for creating the shortest sample

Maybe this could be useful for testing different builds
The first attachment doesn't have enough levels to crash me (I guess I have more memory than you do) but yes, this will eventually crash us.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 485941

Comment 5

3 years ago
Maybe is duplicate but still works and crash Firefox 36.More then 4 years.
You need to log in before you can comment on or make changes to this bug.