Closed Bug 12608 Opened 21 years ago Closed 21 years ago

ABR: Comment handling

Categories

(Core :: DOM: HTML Parser, defect, P3)

defect

Tracking

()

VERIFIED INVALID

People

(Reporter: bruce, Assigned: harishd)

Details

Small problem in comment handling?

This is a build from July 25, 1999.  Loaded www.mozillazine.org in apprunner.

****  Purify instrumented ./apprunner.pure (pid 978)  ****
ABR: Array bounds read (24 times):
  * This is occurring while in:
        nsCRT::strlen(const unsigned short*) [nsCRT.cpp:259]
        nsString::Append(const unsigned short*,int) [nsString2.cpp:973]
        nsAutoString::nsAutoString(const unsigned short*,eCharSize,int)
[nsString2.cpp:2017]
        nsCommentNode::SetText(const unsigned short*,int,int)
[nsCommentNode.cpp:464]
        nsGenericDOMDataNode::ReplaceData(unsigned int,unsigned int,const
nsString&) [nsGenericDOMDataNode.cpp:374]
        nsGenericDOMDataNode::AppendData(const nsString&)
[nsGenericDOMDataNode.cpp:313]
        nsCommentNode::AppendData(const nsString&) [nsCommentNode.cpp:54]
        SinkContext::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:1318]
        HTMLContentSink::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:2166]
        CNavDTD::HandleCommentToken(CToken*) [CNavDTD.cpp:1635]
        NavDispatchTokenHandler(CToken*,nsIDTD*) [CNavDTD.cpp:245]
        CTokenHandler::operator ()(CToken*,nsIDTD*) [nsTokenHandler.cpp:80]
        CNavDTD::HandleToken(CToken*,nsIParser*) [CNavDTD.cpp:734]

CNavDTD::BuildModel(nsIParser*,nsITokenizer*,nsITokenObserver*,nsIContentSink*)
[CNavDTD.cpp:551]
        nsParser::BuildModel() [nsParser.cpp:941]
        nsParser::ResumeParse(nsIDTD*,int) [nsParser.cpp:886]
        nsParser::EnableParser(int) [nsParser.cpp:619]
        HTMLContentSink::ResumeParsing() [nsHTMLContentSink.cpp:3032]
        nsDoneLoadingScript(nsIUnicharStreamLoader*,nsString&,void*,unsigned
int) [nsHTMLContentSink.cpp:3152]
        nsUnicharStreamLoader::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsNetStreamLoader.cpp:159]
        nsHTTPResponseListener::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsHTTPResponseListener.cpp:220]
        nsOnStopRequestEvent::HandleEvent() [nsAsyncStreamListener.cpp:268]
        nsStreamListenerEvent::HandlePLEvent(PLEvent*)
[nsAsyncStreamListener.cpp:144]
        PL_HandleEvent [plevent.c:509]
        PL_ProcessPendingEvents [plevent.c:470]
        nsEventQueueImpl::ProcessPendingEvents() [nsEventQueue.cpp:118]
        event_processor_callback(void*,int,GdkInputCondition)
[nsAppShell.cpp:149]
        gdk_io_invoke  [gdkevents.c:868]
        g_io_unix_dispatch [giounix.c:131]
        g_main_dispatch [gmain.c:647]
  * Reading 2 bytes from 0x224e9e6 in the heap.
  * Address 0x224e9e6 is 1 byte past end of a malloc'd block at 0x224e9d0 of 22
bytes.
  * This block was allocated from:
        malloc         [rtlib.o]
        __bUiLtIn_nEw  [libraptorgfx.so]
        __builtin_new  [rtlib.o]
        __bUiLtIn_vEc_nEw [libraptorgfx.so]
        __builtin_vec_new [rtlib.o]
        nsGenericDOMDataNode::ReplaceData(unsigned int,unsigned int,const
nsString&) [nsGenericDOMDataNode.cpp:349]
        nsGenericDOMDataNode::AppendData(const nsString&)
[nsGenericDOMDataNode.cpp:313]
        nsCommentNode::AppendData(const nsString&) [nsCommentNode.cpp:54]
        SinkContext::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:1318]
        HTMLContentSink::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:2166]
        CNavDTD::HandleCommentToken(CToken*) [CNavDTD.cpp:1635]
        NavDispatchTokenHandler(CToken*,nsIDTD*) [CNavDTD.cpp:245]
        CTokenHandler::operator ()(CToken*,nsIDTD*) [nsTokenHandler.cpp:80]
        CNavDTD::HandleToken(CToken*,nsIParser*) [CNavDTD.cpp:734]

CNavDTD::BuildModel(nsIParser*,nsITokenizer*,nsITokenObserver*,nsIContentSink*)
[CNavDTD.cpp:551]
        nsParser::BuildModel() [nsParser.cpp:941]
        nsParser::ResumeParse(nsIDTD*,int) [nsParser.cpp:886]
        nsParser::EnableParser(int) [nsParser.cpp:619]
        HTMLContentSink::ResumeParsing() [nsHTMLContentSink.cpp:3032]
        nsDoneLoadingScript(nsIUnicharStreamLoader*,nsString&,void*,unsigned
int) [nsHTMLContentSink.cpp:3152]
        nsUnicharStreamLoader::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsNetStreamLoader.cpp:159]
        nsHTTPResponseListener::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsHTTPResponseListener.cpp:220]
        nsOnStopRequestEvent::HandleEvent() [nsAsyncStreamListener.cpp:268]
        nsStreamListenerEvent::HandlePLEvent(PLEvent*)
[nsAsyncStreamListener.cpp:144]
        PL_HandleEvent [plevent.c:509]
        PL_ProcessPendingEvents [plevent.c:470]
        nsEventQueueImpl::ProcessPendingEvents() [nsEventQueue.cpp:118]
        event_processor_callback(void*,int,GdkInputCondition)
[nsAppShell.cpp:149]
        gdk_io_invoke  [gdkevents.c:868]
        g_io_unix_dispatch [giounix.c:131]

****  Purify instrumented ./apprunner.pure (pid 978)  ****
ABR: Array bounds read (3 times):
  * This is occurring while in:
        memcpy         [rtlib.o]
        CopyChars2To2(char*,int,const char*,unsigned int,unsigned int)
[bufferRoutines.h:255]
        nsStr::Append(nsStr&,const nsStr&,unsigned int,int,nsIMemoryAgent*)
[nsStr.cpp:293]
        nsString::Append(const unsigned short*,int) [nsString2.cpp:976]
        nsAutoString::nsAutoString(const unsigned short*,eCharSize,int)
[nsString2.cpp:2017]
        nsCommentNode::SetText(const unsigned short*,int,int)
[nsCommentNode.cpp:464]
        nsGenericDOMDataNode::ReplaceData(unsigned int,unsigned int,const
nsString&) [nsGenericDOMDataNode.cpp:374]
        nsGenericDOMDataNode::AppendData(const nsString&)
[nsGenericDOMDataNode.cpp:313]
        nsCommentNode::AppendData(const nsString&) [nsCommentNode.cpp:54]
        SinkContext::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:1318]
        HTMLContentSink::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:2166]
        CNavDTD::HandleCommentToken(CToken*) [CNavDTD.cpp:1635]
        NavDispatchTokenHandler(CToken*,nsIDTD*) [CNavDTD.cpp:245]
        CTokenHandler::operator ()(CToken*,nsIDTD*) [nsTokenHandler.cpp:80]
        CNavDTD::HandleToken(CToken*,nsIParser*) [CNavDTD.cpp:734]

CNavDTD::BuildModel(nsIParser*,nsITokenizer*,nsITokenObserver*,nsIContentSink*)
[CNavDTD.cpp:551]
        nsParser::BuildModel() [nsParser.cpp:941]
        nsParser::ResumeParse(nsIDTD*,int) [nsParser.cpp:886]
        nsParser::EnableParser(int) [nsParser.cpp:619]
        HTMLContentSink::ResumeParsing() [nsHTMLContentSink.cpp:3032]
        nsDoneLoadingScript(nsIUnicharStreamLoader*,nsString&,void*,unsigned
int) [nsHTMLContentSink.cpp:3152]
        nsUnicharStreamLoader::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsNetStreamLoader.cpp:159]
        nsHTTPResponseListener::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsHTTPResponseListener.cpp:220]
        nsOnStopRequestEvent::HandleEvent() [nsAsyncStreamListener.cpp:268]
        nsStreamListenerEvent::HandlePLEvent(PLEvent*)
[nsAsyncStreamListener.cpp:144]
        PL_HandleEvent [plevent.c:509]
        PL_ProcessPendingEvents [plevent.c:470]
        nsEventQueueImpl::ProcessPendingEvents() [nsEventQueue.cpp:118]
        event_processor_callback(void*,int,GdkInputCondition)
[nsAppShell.cpp:149]
        gdk_io_invoke  [gdkevents.c:868]
  * Reading 24 bytes from 0x224e9d0 in the heap (2 bytes at 0x224e9e6 illegal).
  * Address 0x224e9d0 is at the beginning of a malloc'd block of 22 bytes.
  * This block was allocated from:
        malloc         [rtlib.o]
        __bUiLtIn_nEw  [libraptorgfx.so]
        __builtin_new  [rtlib.o]
        __bUiLtIn_vEc_nEw [libraptorgfx.so]
        __builtin_vec_new [rtlib.o]
        nsGenericDOMDataNode::ReplaceData(unsigned int,unsigned int,const
nsString&) [nsGenericDOMDataNode.cpp:349]
        nsGenericDOMDataNode::AppendData(const nsString&)
[nsGenericDOMDataNode.cpp:313]
        nsCommentNode::AppendData(const nsString&) [nsCommentNode.cpp:54]
        SinkContext::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:1318]
        HTMLContentSink::AddComment(const nsIParserNode&)
[nsHTMLContentSink.cpp:2166]
        CNavDTD::HandleCommentToken(CToken*) [CNavDTD.cpp:1635]
        NavDispatchTokenHandler(CToken*,nsIDTD*) [CNavDTD.cpp:245]
        CTokenHandler::operator ()(CToken*,nsIDTD*) [nsTokenHandler.cpp:80]
        CNavDTD::HandleToken(CToken*,nsIParser*) [CNavDTD.cpp:734]

CNavDTD::BuildModel(nsIParser*,nsITokenizer*,nsITokenObserver*,nsIContentSink*)
[CNavDTD.cpp:551]
        nsParser::BuildModel() [nsParser.cpp:941]
        nsParser::ResumeParse(nsIDTD*,int) [nsParser.cpp:886]
        nsParser::EnableParser(int) [nsParser.cpp:619]
        HTMLContentSink::ResumeParsing() [nsHTMLContentSink.cpp:3032]
        nsDoneLoadingScript(nsIUnicharStreamLoader*,nsString&,void*,unsigned
int) [nsHTMLContentSink.cpp:3152]
        nsUnicharStreamLoader::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsNetStreamLoader.cpp:159]
        nsHTTPResponseListener::OnStopRequest(nsIChannel*,nsISupports*,unsigned
int,const unsigned short*) [nsHTTPResponseListener.cpp:220]
        nsOnStopRequestEvent::HandleEvent() [nsAsyncStreamListener.cpp:268]
        nsStreamListenerEvent::HandlePLEvent(PLEvent*)
[nsAsyncStreamListener.cpp:144]
        PL_HandleEvent [plevent.c:509]
        PL_ProcessPendingEvents [plevent.c:470]
        nsEventQueueImpl::ProcessPendingEvents() [nsEventQueue.cpp:118]
        event_processor_callback(void*,int,GdkInputCondition)
[nsAppShell.cpp:149]
        gdk_io_invoke  [gdkevents.c:868]
        g_io_unix_dispatch [giounix.c:131]
Assignee: troy → rickg
Component: Layout → Parser
Assignee: rickg → harishd
Status: NEW → ASSIGNED
Bruce, I'm not seeing this anymore.  Could you please give me a feedback on
this? Thanx.
Target Milestone: M12
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
Since the reporter hasn't responded and since I don't see this problem....

Marking the bug INVALID.
Status: RESOLVED → VERIFIED
Marking as verified invalid.
You need to log in before you can comment on or make changes to this bug.