Closed Bug 1176668 Opened 10 years ago Closed 9 years ago

Code from handling NCR overflow is bogus, especially upon EOF

Tracking

()

Status:

RESOLVED FIXED

Milestone:

mozilla43

Tracking Flags:

Tracking

Status

firefox43

---

fixed

People

(Reporter: hsivonen, Assigned: hsivonen)

References

(
URL
)

Details

Attachments

(2 files, 2 obsolete files)

htmlparser repo patch 10 years ago Henri Sivonen (:hsivonen) 7.26 KB, patch	wchen : review+	Details \| Diff \| Splinter Review
m-c patch 10 years ago Henri Sivonen (:hsivonen) 13.69 KB, patch	wchen : review+	Details \| Diff \| Splinter Review
htmlparser repo patch, review comments addressed 10 years ago Henri Sivonen (:hsivonen) 7.38 KB, patch	hsivonen : review+	Details \| Diff \| Splinter Review
m-c patch, review comments addressed 10 years ago Henri Sivonen (:hsivonen) 13.94 KB, patch	hsivonen : review+	Details \| Diff \| Splinter Review

Henri Sivonen (:hsivonen)

Assignee

Description

•

10 years ago

Steps to reproduce: 1) http://software.hixie.ch/utilities/js/live-dom-viewer/saved/3540 Actual results: Not U+FFFD. Expected result: U+FFFD.

Henri Sivonen (:hsivonen)

Assignee

Comment 1

•

10 years ago

Attached patch htmlparser repo patch (obsolete) — Details — Splinter Review

Test cases: https://github.com/html5lib/html5lib-tests/pull/59

Attachment #8625262 - Flags: review?(wchen)

Henri Sivonen (:hsivonen)

Assignee

Comment 2

•

10 years ago

Attached patch m-c patch (obsolete) — Details — Splinter Review

Attachment #8625263 - Flags: review?(wchen)

Henri Sivonen (:hsivonen)

Assignee

Updated

•

10 years ago

Blocks: 1029671

Henri Sivonen (:hsivonen)

Assignee

Comment 3

•

10 years ago

See bug 1029671 comment 36 for the big picture of the whole queue and about landing.

William Chen [:wchen]

Comment 4

•

10 years ago

Comment on attachment 8625262 [details] [diff] [review] htmlparser repo patch Review of attachment 8625262 [details] [diff] [review]: ----------------------------------------------------------------- We should also add an assertion to handleNcrValue to make sure that value is non-negative. ::: src/nu/validator/htmlparser/impl/Tokenizer.java @@ +3352,5 @@ > seenDigits = true; > + // Avoid overflow > + if (value <= 0x10FFFF) { > + value *= 16; > + value += c - '0'; trailing whitespace

Attachment #8625262 - Flags: review?(wchen) → review+

William Chen [:wchen]

Updated

•

10 years ago

Attachment #8625263 - Flags: review?(wchen) → review+

Henri Sivonen (:hsivonen)

Assignee

Comment 5

•

10 years ago

Attached patch htmlparser repo patch, review comments addressed — Details — Splinter Review

Thanks. Attaching the fix patch for the record.

Attachment #8625262 - Attachment is obsolete: true

Attachment #8644264 - Flags: review+

Henri Sivonen (:hsivonen)

Assignee

Comment 6

•

10 years ago

Attached patch m-c patch, review comments addressed — Details — Splinter Review

Attachment #8625263 - Attachment is obsolete: true

Attachment #8644265 - Flags: review+

Pulsebot

Comment 7

•

9 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/bb56d50195c4

Ryan VanderMeulen [:RyanVM]

Comment 8

•

9 years ago

https://hg.mozilla.org/mozilla-central/rev/bb56d50195c4

Status: ASSIGNED → RESOLVED

Closed: 9 years ago

status-firefox43: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla43

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Code from handling NCR overflow is bogus, especially upon EOF

Categories

(Core :: DOM: HTML Parser, defect)

Tracking

()

People

(Reporter: hsivonen, Assigned: hsivonen)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Attachments

(2 files, 2 obsolete files)

Description

Comment 1

Comment 2

Updated

Comment 3

Comment 4

Updated

Comment 5

Comment 6

Comment 7

Comment 8

Attachment

General

Description

File Name

Content Type