1235878 - Firefox Network Monitor crash on XML with recursive entities

Status: NEW

(Core :: XML, defect)

Description

[amlnspqr]

Attachment: firefox.wmv

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151223140742

Steps to reproduce:

1. Open Network Monitor
2. Go to http://spqr.zz.mu/test.xml
3. Resend the request via the Network Monitor

PoC video attached


Actual results:

The application crashes. Even though Firefox itself is ok with such XMLs.


Expected results:

The request resent successfully.

Comment 1

[amlnspqr]

Attachment: Crash details

Comment 2

[:Gijs (he/him)]

I can't reproduce this on Nightly or Firefox 44 beta. Does this reproduce on Nightly for you? ( https://nightly.mozilla.org/ )

If so, can you link to a crashreport from about:crashes ?

Comment 3

[amlnspqr]

Hello,

Looks like no crashes on Nightly 46.0a1 (Windows 6.1.7601 Service Pack 1), just the current tab stops working (see nightly.wmv attached).

Comment 4

[amlnspqr]

P.S. My FF 43 crash just in case: https://crash-stats.mozilla.com/report/index/3e34d53e-ea8c-48f9-baa8-48e4e2151231

Comment 5

[amlnspqr]

Attachment: nightly.wmv

Comment 6

[:Gijs (he/him)]

Attachment: Testcase

Comment 7

[:Gijs (he/him)]

That crashreport is an OOM condition. Looks like a bug in expat to me.

The weird thing is that when I try to reproduce, sometimes I get the XML error "recursive entity" page, and sometimes it just shows me the "result" of parsing the XML document, with lots of 1234567890 repeated. I still haven't managed to crash, but it's possible that that's related to e.g. the amount of RAM in a machine.

Either way, this is buggy.