Closed
Bug 163988
Opened 22 years ago
Closed 21 years ago
Crashes at www.macgamer.com (HREF="&#)
Categories
(Core :: Networking, defect, P1)
Core
Networking
Tracking
()
RESOLVED
FIXED
mozilla1.5alpha
People
(Reporter: petteri.kamppuri, Assigned: waltershen)
References
()
Details
(Keywords: crash, hang, Whiteboard: TB9679328W, TB9679210W, TB13239655X)
Attachments
(5 files, 2 obsolete files)
Whenever I try to load http://www.macgamer.com/news/item.php?id=5716 with Mozilla 1.1b it crashes. I verified this with the latest nightly build I could grab from mozilla.org (sorry can't get the build id right now, because I can't run two copies of Mozilla at the same time). Reproducible every time.
Reporter | ||
Comment 1•22 years ago
|
||
This is the crash log I get with the official Mozilla 1.1b.
Comment 2•22 years ago
|
||
Confirmed 2002082109 trunk on Windows XP. Platform/OS -> All Talkbacks: TB9679328W TB9679210W
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: MacOS X → All
Hardware: Macintosh → All
Whiteboard: TB9679328W, TB9679210W
Comment 3•22 years ago
|
||
Note: all the file contains is '<A HREF="http://www.google.com">'. It crashes immediately upon loading. I guess Mozilla is crashing when it tries to process the entity in URL.
Crash still happens with build 2002102415, TalkBack ID TB13239655X. Updating summary to be easier to query. The test case does not crash for me, sharparrow1@yahoo.com could you please review it?
Summary: Mozilla 1.1b crashes with this URL. → Mozilla 1.1b crashes at www.macgamer.com
Whiteboard: TB9679328W, TB9679210W → TB9679328W, TB9679210W, TB13239655X
I created a new testcase my self; in addition to the <A HREF="http://www.google.com/"> it also must contain a charset declaration. Crash occurs both with iso-8859-1 and iso-8859-15, but _not_ with UTF-8.
Attachment #97119 -
Attachment is obsolete: true
Strange, the testcase does not crash when loaded directly from the server, it must be saved to disk and load from there to crash.
Changing component (hope this is the right one).
Component: Browser-General → Parser
Updating summery, this happens with recent mozilla builds also.
Summary: Mozilla 1.1b crashes at www.macgamer.com → Crashes at www.macgamer.com (HREF="&#)
Comment 10•22 years ago
|
||
tested this a few times, and the only thing that appeared consistently was malloc at the top of the stack. tried it in valgrind and got this. debug build says ###!!! ASSERTION: Input wasn't UTF8 or incorrect length was calculated: 'Error', file nsString2.cpp, line 1450 this seems related to bug 191965, although that should be fixed on trunk.
Comment 11•22 years ago
|
||
==> networking
Assignee: asa → dougt
Component: Parser → Networking
QA Contact: asa → benc
The assertion seemed to be when count==24 and mLength==23, which may be what I mentioned in bug 172700 comment 9.
Comment 13•22 years ago
|
||
i can confirm the crash going to the above URL (none of the attached testcases cause the crash).
Assignee: dougt → darin
Comment 14•22 years ago
|
||
> none of the attached testcases cause the crash
for some reason, you have to download the testcase before it will work
Comment 15•21 years ago
|
||
WFM, 2003-06-25-05 trunk Linux. Maybe it was fixed by bug 188278?
Comment 16•21 years ago
|
||
I'm hanging with the same build and a debug build still throws the assertion in comment 10 (which came after bug 188278)
Keywords: hang
Comment 17•21 years ago
|
||
i'm able to repro this crash using the 20030624 trunk build of firebird under WinXP.
Status: NEW → ASSIGNED
Priority: -- → P1
Assignee | ||
Comment 18•21 years ago
|
||
Removed check on BOM.
Assignee | ||
Comment 19•21 years ago
|
||
Comment on attachment 126785 [details] [diff] [review] Patch This was causing the conversion from UTF8 to UCS2 (UTF16) to fail. It seems that it was not stripping BOM's properly, so I just removed that check, as you suggested. It fixes the crash, because Necko was assuming the conversion was going to succeed. (And now it does, I think.)
Attachment #126785 -
Flags: review?(dbaron)
Comment 20•21 years ago
|
||
-> walter
Assignee: darin → waltershen
Status: ASSIGNED → NEW
Target Milestone: --- → mozilla1.5alpha
Comment on attachment 126785 [details] [diff] [review] Patch I don't know why waterson originally added this code to ignore the BOM, but I think it's wrong at this level. (It's a valid Unicode character, after all.) It should be (and is) done in the decoders for the encodings that use the BOM as a byte-order mark. jag should superreview. You should generated a new patch without the "^M"s at the end of the three lines before this is checked in. (You should be able to tell you've succeeded when the braces don't show as part of the +/- lines in the diff.) You can't use the VC++ editor if you've set up cygwin with UNIX newlines.
Attachment #126785 -
Flags: superreview?(jaggernaut)
Attachment #126785 -
Flags: review?(dbaron)
Attachment #126785 -
Flags: review+
Comment 22•21 years ago
|
||
Comment on attachment 126785 [details] [diff] [review] Patch sr=jag
Attachment #126785 -
Flags: superreview?(jaggernaut) → superreview+
Assignee | ||
Comment 23•21 years ago
|
||
Same patch, got rid of the line returns.
Attachment #126785 -
Attachment is obsolete: true
Comment 24•21 years ago
|
||
fixed-on-trunk
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Comment 25•21 years ago
|
||
IIRC, I just copied and pasted (or rewrote, possibly incorrectly) some code that frang had done originally. This bug maybe lurk elsewhere in the code.
You need to log in
before you can comment on or make changes to this bug.
Description
•