file://C|/ spins in nsParser::Tokenize

VERIFIED FIXED in M13

Status

()

P3
critical
VERIFIED FIXED
19 years ago
18 years ago

People

(Reporter: warrensomebody, Assigned: rickg)

Tracking

Trunk
x86
Windows NT
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago
I've noticed that if you type file://C|/ in the location bar, then we'll spin
in nsParser::Tokenize, eating up all of available memory:

nsParser::Tokenize(int 0x00000000) line 1478 + 25 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0x00000000) line 989 + 12 bytes
nsParser::OnDataAvailable(nsParser * const 0x02a3b314, nsIChannel * 0x02a41e60,
nsISupports * 0x00000000, nsIInputStream * 0x02981088, unsigned int 0x00000000,
unsigned int 0x00000000) line 1372 + 19 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x02a3a0f0,
nsIChannel * 0x02a41e60, nsISupports * 0x00000000, nsIInputStream * 0x02981088,
unsigned int 0x00000000, unsigned int 0x00000000) line 235 + 46 bytes
nsUnknownDecoder::FireListenerNotifications(nsIChannel * 0x02a41e60,
nsISupports * 0x00000000) line 332 + 49 bytes
nsUnknownDecoder::OnStopRequest(nsUnknownDecoder * const 0x02a3aa30, nsIChannel
* 0x02a41e60, nsISupports * 0x00000000, unsigned int 0x8052e891, const unsigned
short * 0x00000000) line 217 + 16 bytes
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x02a403e0,
nsIChannel * 0x02a41e60, nsISupports * 0x00000000, unsigned int 0x8052e891,
const unsigned short * 0x00000000) line 245
nsFileChannel::OnStopRequest(nsFileChannel * const 0x02a41e64, nsIChannel *
0x02a45f70, nsISupports * 0x00000000, unsigned int 0x8052e891, const unsigned
short * 0x00000000) line 491 + 45 bytes
nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x029ddc50) line
279
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x029ddd10) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x029ddd10) line 522 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00c6e6c0) line 483 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x082d0a48, unsigned int 0x0000c0b8, unsigned
int 0x00000000, long 0x00c6e6c0) line 951 + 9 bytes
USER32! 77e71820()

Note that this doesn't happen if you type file://C:/, or file:///C|/ -- there's
some sort of bug/interaction between nsStdURL and how it parsers file: URLs,
and nsFileSpec and what it does with the result. I think these problems will go
away when Doug lands his branch for nsIFile, but there seems to be a problem
with the tokenizer loop too in that it doesn't detect that there's nothing else
to do, and just spins creating tokens like mad.

Comment 1

19 years ago
Does it hang mozilla? what should I do to see/reproduce this bug? I'm asking
these questions because, typing return after file://c|/ results in file:///c|/ .
(Reporter)

Comment 2

19 years ago
Happens for me every time. You'll first see this assertion, then the spin:

NTDLL! 77f7629c()
nsDebug::Assertion(const char * 0x1009a960, const char * 0x1009a950, const char
* 0x1009a92c, int 660) line 186 + 13 bytes
nsFilePath::nsFilePath(const char * 0x02ab5400, int 0) line 660 + 46 bytes
nsFileChannel::Init(nsIFileProtocolHandler * 0x00c82300, const char *
0x01578b08, nsIURI * 0x02ab3cf0, nsILoadGroup * 0x022c06b0,
nsIInterfaceRequestor * 0x022c0e2c, unsigned int 0, nsIURI * 0x00000000,
unsigned int 0, unsigned int 0) line 119
nsFileProtocolHandler::NewChannel(nsFileProtocolHandler * const 0x00c82300,
const char * 0x01578b08, nsIURI * 0x02ab3cf0, nsILoadGroup * 0x022c06b0,
nsIInterfaceRequestor * 0x022c0e2c, unsigned int 0, nsIURI * 0x00000000,
unsigned int 0, unsigned int 0, nsIChannel * * 0x0012d188) line 146 + 44 bytes
nsIOService::NewChannelFromURI(nsIOService * const 0x00c80f90, const char *
0x01578b08, nsIURI * 0x02ab3cf0, nsILoadGroup * 0x022c06b0,
nsIInterfaceRequestor * 0x022c0e2c, unsigned int 0, nsIURI * 0x00000000,
unsigned int 0, unsigned int 0, nsIChannel * * 0x0012d188) line 259 + 59 bytes
nsDocumentOpenInfo::Open(nsIURI * 0x02ab3cf0, int 0, const char * 0x00000000,
nsISupports * 0x022c0ec0, nsIURI * 0x00000000, nsIInputStream * 0x00000000,
nsISupports * 0x022c06b0, nsISupports * * 0x0012d29c) line 187 + 86 bytes
nsURILoader::OpenURIWithPostDataVia(nsURILoader * const 0x012d6b14, nsIURI *
0x02ab3cf0, int 0, const char * 0x00000000, nsISupports * 0x022c0ec0, nsIURI *
0x00000000, nsIInputStream * 0x00000000, nsISupports * 0x022c06b0, nsISupports *
* 0x0012d29c, unsigned int 0) line 500 + 40 bytes
nsURILoader::OpenURIVia(nsURILoader * const 0x012d6b10, nsIURI * 0x02ab3cf0, int
0, const char * 0x00000000, nsISupports * 0x022c0ec0, nsIURI * 0x00000000,
nsISupports * 0x022c06b0, nsISupports * * 0x0012d29c, unsigned int 0) line 458
nsURILoader::OpenURI(nsURILoader * const 0x012d6b10, nsIURI * 0x02ab3cf0, int 0,
const char * 0x00000000, nsISupports * 0x022c0ec0, nsIURI * 0x00000000,
nsISupports * 0x022c06b0, nsISupports * * 0x0012d29c) line 444
nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x022c0710, nsIURI *
0x02ab3cf0, const char * 0x00380684, nsISupports * 0x022c0ec0, nsIInputStream *
0x00000000, nsISupports * 0x00000000, unsigned int 0, const unsigned int 0,
const unsigned short * 0x00000000) line 384 + 75 bytes
nsWebShell::DoLoadURL(nsIURI * 0x02ab3cf0, const char * 0x00380684,
nsIInputStream * 0x00000000, unsigned int 0, const unsigned int 0, const
unsigned short * 0x00000000, int 1) line 1677 + 101 bytes
nsWebShell::LoadURI(nsWebShell * const 0x022c0ec0, nsIURI * 0x02ab3cf0, const
char * 0x00380684, nsIInputStream * 0x00000000, int 1, unsigned int 0, const
unsigned int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000)
line 1949 + 40 bytes
nsWebShell::LoadURL(nsWebShell * const 0x022c0ec0, const unsigned short *
0x02ab65d0, const char * 0x00380684, nsIInputStream * 0x00000000, int 1,
unsigned int 0, const unsigned int 0, nsISupports * 0x00000000, const unsigned
short * 0x00000000) line 2180 + 52 bytes
nsWebShell::LoadURL(nsWebShell * const 0x022c0ec0, const unsigned short *
0x02ab65d0, nsIInputStream * 0x00000000, int 1, unsigned int 0, const unsigned
int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000) line 1485
nsBrowserInstance::LoadUrl(nsBrowserInstance * const 0x023688e0, const unsigned
short * 0x02ab65d0) line 962 + 37 bytes
XPTC_InvokeByIndex(nsISupports * 0x023688e0, unsigned int 7, unsigned int 1,
nsXPTCVariant * 0x0012dcd8) line 139
nsXPCWrappedNativeClass::CallWrappedMethod(JSContext * 0x01bcdac0,
nsXPCWrappedNative * 0x02369b00, const XPCNativeMemberDescriptor * 0x02369df4,
nsXPCWrappedNativeClass::CallMode CALL_METHOD, unsigned int 1, long *
0x00db7fd8, long * 0x0012de90) line 904 + 43 bytes
WrappedNative_CallMethod(JSContext * 0x01bcdac0, JSObject * 0x0204ea00, unsigned
int 1, long * 0x00db7fd8, long * 0x0012de90) line 191 + 34 bytes
js_Invoke(JSContext * 0x01bcdac0, unsigned int 1, unsigned int 0) line 665 + 26
bytes
js_Interpret(JSContext * 0x01bcdac0, long * 0x0012e700) line 2226 + 15 bytes
js_Invoke(JSContext * 0x01bcdac0, unsigned int 0, unsigned int 0) line 681 + 13
bytes
js_Interpret(JSContext * 0x01bcdac0, long * 0x0012ef2c) line 2226 + 15 bytes
js_Invoke(JSContext * 0x01bcdac0, unsigned int 1, unsigned int 2) line 681 + 13
bytes
js_InternalCall(JSContext * 0x01bcdac0, JSObject * 0x00daab38, long 14330712,
unsigned int 1, long * 0x0012f0b0, long * 0x0012f05c) line 758 + 15 bytes
JS_CallFunctionValue(JSContext * 0x01bcdac0, JSObject * 0x00daab38, long
14330712, unsigned int 1, long * 0x0012f0b0, long * 0x0012f05c) line 2758 + 29
bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x01bcdc50, void * 0x00daab38,
void * 0x00daab58, unsigned int 1, void * 0x0012f0b0, int * 0x0012f0ac) line 564
+ 33 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x02abc834) line 128 + 57 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x01f2e8b0,
nsIDOMEvent * 0x02abc834, unsigned int 2) line 640 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x01bcdf10, nsEvent *
0x0012f55c, nsIDOMEvent * * 0x0012f4a4, unsigned int 7, nsEventStatus *
0x0012f5a0) line 992 + 25 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x01bcdf10, nsEvent *
0x0012f55c, nsIDOMEvent * * 0x0012f4a4, unsigned int 1, nsEventStatus *
0x0012f5a0) line 809
nsHTMLInputElement::HandleDOMEvent(nsHTMLInputElement * const 0x01f2ed10,
nsIPresContext * 0x01bcdf10, nsEvent * 0x0012f55c, nsIDOMEvent * * 0x00000000,
unsigned int 1, nsEventStatus * 0x0012f5a0) line 710 + 31 bytes
nsEnderEventListener::KeyUp(nsIDOMEvent * 0x02abb5d4) line 3360 + 62 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x02376600, nsEvent *
0x0012fa68, nsIDOMEvent * * 0x0012f7f0, unsigned int 2, nsEventStatus *
0x0012f9d4) line 953 + 17 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x0236f980, nsIPresContext *
0x02376600, nsEvent * 0x0012fa68, nsIDOMEvent * * 0x0012f7f0, unsigned int 2,
nsEventStatus * 0x0012f9d4) line 2410
nsHTMLHtmlElement::HandleDOMEvent(nsHTMLHtmlElement * const 0x02373f2c,
nsIPresContext * 0x02376600, nsEvent * 0x0012fa68, nsIDOMEvent * * 0x0012f7f0,
unsigned int 2, nsEventStatus * 0x0012f9d4) line 192 + 41 bytes
nsGenericElement::HandleDOMEvent(nsIPresContext * 0x02376600, nsEvent *
0x0012fa68, nsIDOMEvent * * 0x0012f7f0, unsigned int 2, nsEventStatus *
0x0012f9d4) line 811 + 39 bytes
nsHTMLBodyElement::HandleDOMEvent(nsHTMLBodyElement * const 0x02376a3c,
nsIPresContext * 0x02376600, nsEvent * 0x0012fa68, nsIDOMEvent * * 0x0012f7f0,
unsigned int 2, nsEventStatus * 0x0012f9d4) line 715
nsGenericDOMDataNode::HandleDOMEvent(nsIPresContext * 0x02376600, nsEvent *
0x0012fa68, nsIDOMEvent * * 0x0012f7f0, unsigned int 1, nsEventStatus *
0x0012f9d4) line 799 + 39 bytes
nsTextNode::HandleDOMEvent(nsTextNode * const 0x0299b22c, nsIPresContext *
0x02376600, nsEvent * 0x0012fa68, nsIDOMEvent * * 0x00000000, unsigned int 1,
nsEventStatus * 0x0012f9d4) line 234
PresShell::HandleEvent(PresShell * const 0x0297fb24, nsIView * 0x029955b0,
nsGUIEvent * 0x0012fa68, nsEventStatus * 0x0012f9d4) line 2750 + 39 bytes
nsView::HandleEvent(nsView * const 0x029955b0, nsGUIEvent * 0x0012fa68, unsigned
int 8, nsEventStatus * 0x0012f9d4, int & 0) line 841
nsView::HandleEvent(nsView * const 0x029940e0, nsGUIEvent * 0x0012fa68, unsigned
int 8, nsEventStatus * 0x0012f9d4, int & 0) line 826
nsView::HandleEvent(nsView * const 0x0297ff40, nsGUIEvent * 0x0012fa68, unsigned
int 28, nsEventStatus * 0x0012f9d4, int & 0) line 826
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x0297e660, nsGUIEvent *
0x0012fa68, nsEventStatus * 0x0012f9d4) line 1002
HandleEvent(nsGUIEvent * 0x0012fa68) line 69
nsWindow::DispatchEvent(nsWindow * const 0x02995bc4, nsGUIEvent * 0x0012fa68,
nsEventStatus & nsEventStatus_eIgnore) line 502 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fa68) line 523
nsWindow::DispatchKeyEvent(unsigned int 132, unsigned short 13, unsigned int 13)
line 2290 + 15 bytes
nsWindow::OnKeyUp(unsigned int 13, unsigned int 49180) line 2450
nsWindow::ProcessMessage(unsigned int 257, unsigned int 13, long -1071906815,
long * 0x0012fdcc) line 2678 + 34 bytes
nsWindow::WindowProc(HWND__ * 0x01be0942, unsigned int 257, unsigned int 13,
long -1071906815) line 689 + 27 bytes
USER32! 77e71820()
(Reporter)

Updated

19 years ago
Severity: normal → critical
Target Milestone: M13

Comment 3

19 years ago
I'm able to reproduce this in todays build ( 01/18 ).

Updated

19 years ago
Assignee: harishd → rickg

Comment 4

19 years ago
Rickg and I have found a solution for this problem.  Rickg will be checking in
the fix tonight.  Assigning bug to rickg.
(Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 5

19 years ago
Fixed by change to scanner, where we no longer generate an empty document if
necko fails to provide us any data.
(Reporter)

Comment 6

19 years ago
That fix sounds like it will break the case where javascript: URLs were
generating the empty string, and we were calling the parser's OnStartRequest
followed by OnStopRequest without any intervening OnDataAvailable calls. I
thought we added the empty document code for that case. Can you verify.

Also, can you confirm that you were able to reproduce the bug?
(Reporter)

Updated

19 years ago
Status: RESOLVED → REOPENED
(Reporter)

Comment 7

19 years ago
Reopening until I hear from you on this.

Updated

19 years ago
Resolution: FIXED → ---

Comment 8

19 years ago
Clearing FIXED resolution due to reopen.
(Assignee)

Updated

19 years ago
Status: REOPENED → RESOLVED
Last Resolved: 19 years ago19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 9

19 years ago
Sorry -- this actually got fixed last night -- but I forgot to change the bug
report.
(Reporter)

Updated

19 years ago
Status: RESOLVED → REOPENED
(Reporter)

Comment 10

19 years ago
Rick Gessner: You're not reading my comments. Please respond.
(Assignee)

Updated

19 years ago
Status: REOPENED → RESOLVED
Last Resolved: 19 years ago19 years ago
(Assignee)

Comment 11

19 years ago
Warren: it's easy to miss questions in a report this big. In the future, please
use email so I don't miss your question.

I suspect that your js test will fail as you claim. However, I've concluded that
the *right* place to handle this case in DidBuildModel() in the DTD, rather than
in the scanner. The scanner doesn't know what type of document it's dealing with
-- but the DTD does. After the tree reopens, I'll add the proper support for the
js case in the DTD. For now, I'm re-closing this bug, and I'll open a new one to
catch that issue.

Also: can you give me a js testcase?

Comment 12

18 years ago
updated qa contact.
QA Contact: janc → bsharma

Comment 13

18 years ago
Verified on:
build: 2001-03-29-09-Mtrunk
Platform: Win NT

Typing above url opens the directory structure of the c: drive.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.