Malformed XML (with CSS stylesheet specified) causes crash

RESOLVED WORKSFORME

Status

()

Core
XML
P1
critical
RESOLVED WORKSFORME
16 years ago
15 years ago

People

(Reporter: D Holroyd, Assigned: Heikki Toivonen (remove -bugzilla when emailing directly))

Tracking

({crash})

Trunk
mozilla1.0
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

16 years ago
Using Build ID: 2001112012 on Linux, I find that an XML file with too many close
tags causes a crash.  A correctly formed file works fine.

I can always cause the crash with the file I'll attach.  It's rather long, but
I've had trouble cutting it down to a simple case.  I found that there was no
crash if the xml-stylesheet PI is removed, but if it's left it the crash happens
even if the referenced file doesn't exist.  I can cut out parts of the file and
reproduce the crash: I got to the point where adding a single character to the
file (even in a comment) would cause a crash.  Removing any large amount of
content appears to prevent the crash.

Talkback Ids TB38479107Q, TB38478585K and TB38478414W were generated by this.
(Reporter)

Comment 1

16 years ago
Created attachment 59124 [details]
testcase XML: causes crash

The file is badly formed.  Mozilla generates the following text before
crashing:

XML Error in file 'file:///home/dave/gt/stylesheet-test.xml', Line Number: 857,
Col Number: 3, Description: mismatched tag. Expected: </chapter>.
Source Line: </para>

Comment 2

16 years ago
I get the error you showed, but i dont get a crash. I am using CVS compiled this
afternoon in linux

Updated

16 years ago
Severity: normal → critical
Keywords: crash
No crash in CVS debug build.  In CVS opt:

#0  0x40781fc0 in little2_updatePosition ()
#1  0x407749c1 in XML_GetCurrentLineNumber ()
#2  0x40751a91 in nsExpatTokenizer::PushXMLErrorTokens ()
#3  0x40751e67 in nsExpatTokenizer::ParseXMLBuffer ()
#4  0x40752124 in nsExpatTokenizer::DidTokenize ()
#5  0x4076b629 in nsParser::DidTokenize ()
#6  0x4076b5a8 in nsParser::Tokenize ()
#7  0x4076902a in nsParser::ResumeParse ()
#8  0x407686a0 in nsParser::ContinueParsing ()
#9  0x40a5a5fe in CSSLoaderImpl::Cleanup ()
#10 0x40a5aea3 in CSSLoaderImpl::DidLoadStyle ()
#11 0x40a5a433 in SheetLoadData::OnStreamComplete ()
#12 0x4069daf9 in nsStreamLoader::OnStopRequest ()
#13 0x406ce061 in nsHttpChannel::OnStopRequest ()
#14 0x406df7ed in nsOnStopRequestEvent::HandleEvent ()
#15 0x4068fa63 in nsARequestObserverEvent::HandlePLEvent ()
#16 0x40145616 in PL_HandleEvent ()
#17 0x40145523 in PL_ProcessPendingEvents ()
#18 0x40146539 in nsEventQueueImpl::ProcessPendingEvents ()
#19 0x407c972a in event_processor_callback ()
#20 0x407c9462 in our_gdk_io_invoke ()
#21 0x4036baca in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#22 0x4036d186 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: mozilla1.0
Target Milestone: --- → mozilla1.0
(Reporter)

Comment 4

16 years ago
I still see this crash in Mozilla 0.9.7 -- Build ID: 2001122108

Talkback incedent ID: TB909042M
Could somebody try this with a recent build, I am having trouble compiling an
optimized mozilla on Linux? I could not crash on Windows, debug or opt.
Priority: -- → P1
This works fine for me, opt & debug Linux & Windows.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → WORKSFORME

Updated

15 years ago
QA Contact: petersen → rakeshmishra
You need to log in before you can comment on or make changes to this bug.