Closed
Bug 188278
Opened 22 years ago
Closed 22 years ago
Mozilla crashes upon loading encoded text
Categories
(Core :: DOM: HTML Parser, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla1.3beta
People
(Reporter: raccettura, Assigned: harishd)
References
()
Details
(Keywords: hang, Whiteboard: [fix in hand])
Attachments
(1 file, 1 obsolete file)
781 bytes,
patch
|
hjtoi-bugzilla
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
I wask working on a php script when I found out that the following string loaded
by mozilla results in a crash (when not surrounded by any HTML).
An example is the link I made. The script outputs ONLY the text below.
r:o:b:e:r:t:&#
Reproducible: Always
Steps to Reproduce:
1. Load URL
Actual Results:
Mozilla hung. It took my system (Thinkpad 1.8GHz P4 w/512MB RAM) about 4
minutes to get the Task Manager open. Despite it didn't render completely, I
was able to see that the Available system memory dropped down to 4000k, and the
Paging file was off the chart. CPU wasn't to bad. But my hard drive was
burning. My guess is there is a memory leak or something.
Expected Results:
Should have displayed output without stress.
Comment 1•22 years ago
|
||
confirming with todays win2k trunk build :
NTDLL! 778cbc99()
NTDLL! 778cbd4e()
NTDLL! 778cbbb3()
_heap_alloc_base(unsigned int 4912) line 200
_heap_alloc_dbg(unsigned int 4871, int 1, const char * 0x00000000, int 0) line
378 + 9 bytes
_nh_malloc_dbg(unsigned int 4871, int 0, int 1, const char * 0x00000000, int 0)
line 248 + 21 bytes
malloc(unsigned int 4871) line 130 + 21 bytes
PR_Malloc(unsigned int 4871) line 474 + 10 bytes
PL_ArenaAllocate(PLArenaPool * 0x03b9865c, unsigned int 40) line 210 + 10 bytes
nsFixedSizeAllocator::Alloc(unsigned int 40) line 128 + 73 bytes
CToken::operator new(unsigned int 40, nsFixedSizeAllocator & {...}) line 128
nsTokenAllocator::CreateTokenOfType(eHTMLTokenTypes eToken_entity, nsHTMLTag
eHTMLTag_entity) line 1362 + 14 bytes
nsHTMLTokenizer::ConsumeEntity(unsigned short 38, CToken * & 0x00000000,
nsScanner & {...}) line 846 + 15 bytes
nsHTMLTokenizer::ConsumeToken(nsHTMLTokenizer * const 0x03baac58, nsScanner &
{...}, int & 0) line 504 + 24 bytes
nsParser::Tokenize(int 1) line 2545 + 26 bytes
nsParser::ResumeParse(int 1, int 1, int 1) line 1772 + 31 bytes
nsParser::OnStopRequest(nsParser * const 0x03b98634, nsIRequest * 0x039cce48,
nsISupports * 0x00000000, unsigned int 0) line 2453 + 21 bytes
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x03aaac50,
nsIRequest * 0x039cce48, nsISupports * 0x00000000, unsigned int 0) line 257
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03a84048,
nsIRequest * 0x039cce48, nsISupports * 0x00000000, unsigned int 0) line 66
nsHttpChannel::OnStopRequest(nsHttpChannel * const 0x039cce4c, nsIRequest *
0x03aab5ac, nsISupports * 0x00000000, unsigned int 0) line 3020
nsOnStopRequestEvent::HandleEvent() line 213
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x03ba4edc) line 116
PL_HandleEvent(PLEvent * 0x03ba4edc) line 663 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ea6410) line 593 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x002e03aa, unsigned int 49372, unsigned int 0,
long 15361040) line 1379 + 9 bytes
USER32! 77e2a290()
USER32! 77e045b1()
USER32! 77e0a752()
nsAppShellService::Run(nsAppShellService * const 0x00f70f78) line 472
main1(int 2, char * * 0x00276ac8, nsISupports * 0x00276b40) line 1543 + 32 bytes
main(int 2, char * * 0x00276ac8) line 1904 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e8ca90()
Reporter | ||
Comment 2•22 years ago
|
||
Should also note bug 188366
Prevent the crash/hang by consuming the entity-look-alike ( &# )as text. That
is, what we initially thought of as an entity is not really an entity and hence
by returning the result NS_HTMLTOKENS_NOT_AN_ENTITY we consume the markup as
text.
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [fix in hand]
Target Milestone: --- → mozilla1.3beta
Attachment #111089 -
Flags: superreview?(jst)
Attachment #111089 -
Flags: review?(heikki)
Attachment #111089 -
Flags: superreview?(jst)
Attachment #111089 -
Flags: review?(heikki)
Attachment #111090 -
Flags: superreview?(jst)
Attachment #111090 -
Flags: review?(heikki)
Attachment #111089 -
Attachment is obsolete: true
Updated•22 years ago
|
Attachment #111090 -
Flags: review?(heikki) → review+
Comment 5•22 years ago
|
||
Comment on attachment 111090 [details] [diff] [review]
patch v1.1
sr=jst
Attachment #111090 -
Flags: superreview?(jst) → superreview+
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•