viewing files terminated with "&#" and no end of line character causes severe memory leak

RESOLVED WORKSFORME

Status

()

P3
critical
RESOLVED WORKSFORME
17 years ago
14 years ago

People

(Reporter: gwn, Assigned: harishd)

Tracking

({testcase})

Trunk
mozilla1.4alpha
x86
Linux
testcase
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [fix in hand], URL)

Attachments

(2 attachments)

(Reporter)

Description

17 years ago
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529

When an HTML or text file is loaded that has the two characters "&#" at its end
and the last line is not terminated with a newline character, Mozilla eats all
available memory (causing the Linux kernel to kill all user processes).

Reproduction:
Open a file that contains only the two characters "&#" (hexadecimal 26 23) and
no end of line. Observe memory consumption.

Actual Result:
Memory is consumed at a rate of ca. 50 MB per second with the obvious
consequences.

I first discovered the bug on the URL
http://216.239.37.100/search?q=cache:kSd8B2wq_h0C:www.math.utah.edu:8080/pub/tex/bib/scicomputprogram.html+%22An+exercise+in+the+transformational+derivation%22&hl=en&ie=UTF-8
from where I traced it down to the 2-byte file described above.
(Assignee)

Comment 1

17 years ago
I was not able to reproduce the memory consumption with just the two characters
( &# ), however, I did notice it ( mem. consumption ) when I requested the URL.
(Assignee)

Comment 2

17 years ago
Stepped into the debugger and noticed a problem in the parser. Thanks,
gwn@gmx.de, for catching this.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
(Assignee)

Comment 3

17 years ago
Created attachment 99370 [details]
Testcase [ indicated by the reporter ]
(Assignee)

Comment 4

17 years ago
Created attachment 99371 [details] [diff] [review]
patch v1.0

This patch fixes an infinite loop that occurs when an entity like syntax
appears at the end of an html file. When such a syntax appears, in the final
buffer, then instead of trying to consuming it as an entity, and failing
repeatedly, it should be consumed as text.
(Assignee)

Updated

17 years ago
Keywords: patch, testcase
Whiteboard: [fix in hand]

Comment 5

16 years ago
Bug 163988 (crash with HREF="&#...) might be related.
(Assignee)

Updated

16 years ago
Priority: P1 → P3
Target Milestone: --- → mozilla1.4alpha
WFM, 2003-06-25-05 trunk Linux.  I believe this was fixed by bug 188278.
Marking WFM based on past comments and my own inability to reproduce this.
Status: ASSIGNED → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.