Closed Bug 168960 Opened 22 years ago Closed 20 years ago

viewing files terminated with "&#" and no end of line character causes severe memory leak

Categories

(Core :: DOM: HTML Parser, defect, P3)

x86
Linux
defect

Tracking

()

RESOLVED WORKSFORME
mozilla1.4alpha

People

(Reporter: gwn, Assigned: harishd)

References

()

Details

(Keywords: testcase, Whiteboard: [fix in hand])

Attachments

(2 files)

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529 When an HTML or text file is loaded that has the two characters "&#" at its end and the last line is not terminated with a newline character, Mozilla eats all available memory (causing the Linux kernel to kill all user processes). Reproduction: Open a file that contains only the two characters "&#" (hexadecimal 26 23) and no end of line. Observe memory consumption. Actual Result: Memory is consumed at a rate of ca. 50 MB per second with the obvious consequences. I first discovered the bug on the URL http://216.239.37.100/search?q=cache:kSd8B2wq_h0C:www.math.utah.edu:8080/pub/tex/bib/scicomputprogram.html+%22An+exercise+in+the+transformational+derivation%22&hl=en&ie=UTF-8 from where I traced it down to the 2-byte file described above.
I was not able to reproduce the memory consumption with just the two characters ( &# ), however, I did notice it ( mem. consumption ) when I requested the URL.
Stepped into the debugger and noticed a problem in the parser. Thanks, gwn@gmx.de, for catching this.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P1
Attached patch patch v1.0Splinter Review
This patch fixes an infinite loop that occurs when an entity like syntax appears at the end of an html file. When such a syntax appears, in the final buffer, then instead of trying to consuming it as an entity, and failing repeatedly, it should be consumed as text.
Keywords: patch, testcase
Whiteboard: [fix in hand]
Bug 163988 (crash with HREF="&#...) might be related.
Priority: P1 → P3
Target Milestone: --- → mozilla1.4alpha
WFM, 2003-06-25-05 trunk Linux. I believe this was fixed by bug 188278.
Marking WFM based on past comments and my own inability to reproduce this.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: