Closed Bug 134918 Opened 22 years ago Closed 22 years ago

Browser hangs while rendering file containing MathML embedded within XHTML

Categories

(Core :: DOM: HTML Parser, defect)

defect
Not set
critical

Tracking

()

VERIFIED DUPLICATE of bug 121841

People

(Reporter: fizzbowen, Assigned: harishd)

References

()

Details

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Q312461)
BuildID:    2002031104

The demo URL file renders in IE 6 and validates at W3C

http://validator.w3.org/check?uri=http%3A%2F%2Fwww.oxnardcc.org%2F%7Embowen%
2Fanswers%2Fsf5ch01test3.htm&charset=%28detect+automatically%29&doctype=Inline

as valid XML, but causes Mozilla 0.9.9 to hang (the browser becomes 
unresponsive and continues to display my home page). The problem file has no 
external DTD but incorporates the Universal MathML Stylesheets developed at 
W3C. Sorry, I have no crash data because it didn't get that far.

Reproducible: Always
Steps to Reproduce:
1. Open Mozilla.
2. Type or paste in the demo URL name and press ENTER.
3. Watch the screen just sit there.

Actual Results:  Nothing

Expected Results:  Display of rendered page containing presentation MathML
Build 2002040103 WinXP also hangs (Not Responding)
I have traced the problem down to a weirdness in the handling of comments. The 
following comments in the DOCTYPE seem to be causing troubles:

<!DOCTYPE html [
<!ENTITY nbsp   "&#x00A0;" ><!-- no-break space = non-breaking space, U+00A0 
ISOnum -->
<!ENTITY copy   "&#x00A9;" ><!-- copyright sign, U+00A9 ISOnum -->
<!ENTITY reg    "&#x00AE;" ><!--/circledR =registered sign -->
<!ENTITY macr   "&#x00AF;" ><!--=macron -->
<!ENTITY deg    "&#x00B0;" ><!--=degree sign -->
<!ENTITY times  "&#x00D7;" ><!-- multiplication sign, U+00D7 ISOnum -->
<!ENTITY theta  "&#x03B8;" ><!-- greek small letter theta, U+03B8 ISOgrk3 -->
<!ENTITY mu     "&#x03BC;" ><!-- greek small letter mu, U+03BC ISOgrk3 -->
<!ENTITY pi     "&#x03C0;" ><!-- greek small letter pi, U+03C0 ISOgrk3 -->
<!ENTITY phi    "&#x03C6;" ><!-- greek small letter phi, U+03C6 ISOgrk3 -->
<!ENTITY emsp   "&#x2003;" ><!-- em space, U+2003 ISOpub -->
<!ENTITY thinsp "&#x2009;" ><!-- thin space, U+2009 ISOpub -->
<!ENTITY hellip "&#x2026;" ><!--=ellipsis (horizontal) -->
<!ENTITY rArr   "&#x21D2;" ><!-- rightwards double arrow, U+21D2 ISOtech -->
<!ENTITY minus  "&#x2212;" ><!--B: minus sign -->
<!ENTITY cong   "&#x2245;" ><!-- approximately equal to, U+2245 ISOtech -->
<!ENTITY sdot   "&#x22C5;" ><!--/cdot B: small middle dot -->
]>


When I save the document locally, and remove these comments (and the XSLT 
processing-instruction), the document renders fine.

As for the hang, upon breaking in the debugger with the original document, I was 
locked in an infinite loop in nsReadableUtils::IsASCII() with the stack trace as 
shown below. This led me to experiment putting an early "return PR_FALSE" in 
IsASCII(), but I only got a crash further down in ToNewUniocode().

-> re-assigning to the Parser component. NOTE: use "return PR_FALSE" in 
IsASCII() to crash; this will falicitate debugging the problem.


IsASCII(const nsAString & {...})
nsTextFragment::operator=(const nsAString & {...}) line 153 + 10 bytes
nsGenericDOMDataNode::SetText(nsGenericDOMDataNode * const 0x03920c08, const 
nsAString & {...}, int 0) line 1335
nsGenericDOMDataNode::AppendData(const nsAString & {...}) line 508 + 50 bytes
nsCommentNode::AppendData(nsCommentNode * const 0x03920c24, const nsAString & 
{...}) line 60 + 18 bytes
SinkContext::AddComment(const nsIParserNode & {...}) line 1985
HTMLContentSink::AddComment(HTMLContentSink * const 0x037d9c78, const 
nsIParserNode & {...}) line 3512 + 18 bytes
CNavDTD::HandleCommentToken(CToken * 0x038fda20) line 2213 + 34 bytes
CNavDTD::HandleToken(CNavDTD * const 0x03734a90, CToken * 0x038fda20, nsIParser 
* 0x038df980) line 912 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x03734a90, nsIParser * 0x038df980, 
nsITokenizer * 0x038e7c38, nsITokenObserver * 0x00000000, nsIContentSink * 
0x037d9c78) line 530 + 20 bytes
nsParser::BuildModel() line 1865 + 34 bytes
nsParser::ResumeParse(int 1, int 0, int 1) line 1731 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x038df984, nsIRequest * 0x039271f0, 
nsISupports * 0x00000000, nsIInputStream * 0x037952f0, unsigned int 0, unsigned 
int 16384) line 2388 + 21 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x03927a60, 
nsIRequest * 0x039271f0, nsISupports * 0x00000000, nsIInputStream * 0x037952f0, 
unsigned int 0, unsigned int 16384) line 242 + 46 bytes
nsStreamListenerTee::OnDataAvailable(nsStreamListenerTee * const 0x0376af68, 
nsIRequest * 0x039271f0, nsISupports * 0x00000000, nsIInputStream * 0x03984488, 
unsigned int 0, unsigned int 16384) line 56 + 51 bytes
nsHttpChannel::OnDataAvailable(nsHttpChannel * const 0x039271f4, nsIRequest * 
0x0398414c, nsISupports * 0x00000000, nsIInputStream * 0x03984488, unsigned int 
0, unsigned int 16384) line 2875 + 63 bytes
nsOnDataAvailableEvent::HandleEvent() line 192 + 70 bytes
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x03166994) line 116
PL_HandleEvent(PLEvent * 0x03166994) line 596 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x010c3068) line 526 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x022201ee, unsigned int 49488, unsigned int 0, 
long 17576040) line 1077 + 9 bytes
USER32! 77e148dc()
USER32! 77e14aa7()
USER32! 77e266fd()
nsAppShellService::Run(nsAppShellService * const 0x01798078) line 309
main1(int 1, char * * 0x00304e70, nsISupports * 0x00000000) line 1418 + 32 bytes
main(int 1, char * * 0x00304e70) line 1766 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
Status: UNCONFIRMED → NEW
Component: MathML → Parser
Ever confirmed: true
OS: Windows 98 → All
Hardware: PC → All
-> Parser
Assignee: rbs → harishd
QA Contact: ian → moied
Could you test a debug build and see what the assertions (if any) are?  this
looks like bug 121841
Looks similar. I am running a debug build. No assertions is fired. The hang is
an infinite loop in IsASCII() when it receives a concatenated string.


*** This bug has been marked as a duplicate of 121841 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Verified dup of 121841
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.