Closed Bug 168960 Opened 22 years ago Closed 20 years ago

viewing files terminated with "&#" and no end of line character causes severe memory leak

Categories

(Core :: DOM: HTML Parser, defect, P3)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Milestone:
mozilla1.4alpha

People

(Reporter: gwn, Assigned: harishd)

References

(
URL
)

Details

(Keywords: testcase, Whiteboard: [fix in hand])

Attachments

(2 files)

Testcase [ indicated by the reporter ]
2 bytes, text/html
Details
patch v1.0
1.70 KB, patch
Details | Diff | Splinter Review 
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529

When an HTML or text file is loaded that has the two characters "&#" at its end
and the last line is not terminated with a newline character, Mozilla eats all
available memory (causing the Linux kernel to kill all user processes).

Reproduction:
Open a file that contains only the two characters "&#" (hexadecimal 26 23) and
no end of line. Observe memory consumption.

Actual Result:
Memory is consumed at a rate of ca. 50 MB per second with the obvious
consequences.

I first discovered the bug on the URL
http://216.239.37.100/search?q=cache:kSd8B2wq_h0C:www.math.utah.edu:8080/pub/tex/bib/scicomputprogram.html+%22An+exercise+in+the+transformational+derivation%22&hl=en&ie=UTF-8
from where I traced it down to the 2-byte file described above.
I was not able to reproduce the memory consumption with just the two characters
( &# ), however, I did notice it ( mem. consumption ) when I requested the URL.
Stepped into the debugger and noticed a problem in the parser. Thanks,
gwn@gmx.de, for catching this.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch v1.0Splinter Review
      

    


  
This patch fixes an infinite loop that occurs when an entity like syntax
appears at the end of an html file. When such a syntax appears, in the final
buffer, then instead of trying to consuming it as an entity, and failing
repeatedly, it should be consumed as text.

    
  
Keywords: patch, 
          
            testcase
Whiteboard: [fix in hand]

    
    

    
  
Bug 163988 (crash with HREF="&#...) might be related.

    
  
Priority: P1 → P3
Target Milestone: --- → mozilla1.4alpha

    
    

    
  
WFM, 2003-06-25-05 trunk Linux.  I believe this was fixed by bug 188278.

    
    

    
  
Marking WFM based on past comments and my own inability to reproduce this.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: