Closed Bug 252481 Opened 21 years ago Closed 8 years ago

nsEntryStack::TagAt doesn't check for negative anIndex

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: timeless, Unassigned)

References

(
URL
)

Details

(Keywords: hang)

Attachments

(1 file)

this in > gkparser.dll!CNavDTD::HandleDefaultStartToken(CToken * aToken=0x05ce7230, nsHTMLTag aChildTag=eHTMLTag_unknown, nsCParserNode * aNode=0x03cd5030) Line 1399 C++
24.08 KB, text/plain
Details
I leave my browsers in gmail forever. 18a1 would just crash eventually. 18a2 and trunk end up using 100% of cpu or if i run two mozillas, each uses 50% of the cpu. they share very nicely. eHTMLTags nsEntryStack::TagAt(PRInt32 anIndex) const { eHTMLTags result=eHTMLTag_unknown; if((0<mCount) && (anIndex<mCount)) { result=mEntries[anIndex].mTag; } return result; } anIndex,i -1616844015 int mCount,i 0 int > gkparser.dll!nsEntryStack::TagAt(int anIndex=0x9fa0eb11) Line 339 C++ gkparser.dll!CNavDTD::HandleDefaultStartToken(CToken * aToken=0x05ce7230, nsHTMLTag aChildTag=eHTMLTag_unknown, nsCParserNode * aNode=0x03cd5030) Line 1319 + 0xe C++ gkparser.dll!CNavDTD::HandleStartToken(CToken * aToken=0x00000070) Line 1808 + 0xe C++ gkparser.dll!CNavDTD::HandleToken(CToken * aToken=0x05ce7230, nsIParser * aParser=0x05fba118) Line 992 + 0xa C++ gkparser.dll!CNavDTD::BuildModel(nsIParser * aParser=0x05fba118, nsITokenizer * aTokenizer=0x05ce7100, nsITokenObserver * anObserver=0x00000000, nsIContentSink * aSink=0x05fba25c) Line 471 + 0xa C++ gkparser.dll!nsParser::BuildModel() Line 1900 C++ gkparser.dll!nsParser::ResumeParse(int allowIteration=0x00000000, int aIsFinalChunk=0x00000000, int aCanInterrupt=0x00000000) Line 1762 + 0x6 C++ gkparser.dll!nsParser::Parse(const nsAString & aSourceBuffer={...}, void * aKey=0x00000001, const nsACString & aMimeType={...}, int aVerifyEnabled=0x00000002, int aLastCall=0x00000001, nsDTDMode aMode=eDTDMode_autodetect) Line 1645 + 0xa C++ gklayout.dll!nsHTMLDocument::WriteCommon(const nsAString & aText={...}, int aNewlineTerminate=0x00000000) Line 2273 + 0x32 C++ gklayout.dll!nsHTMLDocument::ScriptWriteCommon(int aNewlineTerminate=0x0a3fdfbd) Line 2360 + 0xf C++ gklayout.dll!nsHTMLDocument::Write() Line 2387 C++ xpcom.dll!XPTC_InvokeByIndex(nsISupports * that=0x05d1e800, unsigned int methodIndex=0x00000014, unsigned int paramCount=0x00000000, nsXPTCVariant * params=0x00129908) Line 102 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2028 + 0x16 C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x036730d8, JSObject * obj=0x02dad1e8, unsigned int argc=0x00000001, long * argv=0x017c4764, long * vp=0x00129b68) Line 1287 + 0xa C++ js3250.dll!js_Invoke(JSContext * cx=0x00000000, unsigned int argc=0x30011955, unsigned int flags=0x0a3fdfbd) Line 1281 + 0x11 C js3250.dll!js_Interpret(JSContext * cx=0x30011955, long * result=0x0a3fdfbd) Line 3376 C js3250.dll!js_Execute(JSContext * cx=0x00e80160, JSObject * chain=0x02dacf88, JSScript * script=0x05b4bff0, JSStackFrame * down=0x00000000, unsigned int flags=0x00000000, long * result=0x00129de4) Line 1514 C js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x036730d8, JSObject * obj=0x02dacf88, JSPrincipals * principals=0x0386f27c, const unsigned short * chars=0x0627b570, unsigned int length=0x0003a547, const char * filename=0x061a88a0, unsigned int lineno=0x00000001, long * rval=0x00129de4) Line 3662 + 0xf C gklayout.dll!nsJSContext::EvaluateString(const nsAString & aScript={...}, void * aScopeObject=0x02dacf88, nsIPrincipal * aPrincipal=0xffffffff, const char * aURL=0x061a88a0, unsigned int aLineNo=0x00000001, const char * aVersion=0x00000000, nsAString * aRetValue=0x00000000, int * aIsUndefined=0x00129e84) Line 998 + 0x35 C++ gklayout.dll!nsScriptLoader::EvaluateScript(nsScriptLoadRequest * aRequest=0x05c8e358, const nsString & aScript={...}) Line 673 C++ gklayout.dll!nsScriptLoader::ProcessRequest(nsScriptLoadRequest * aRequest=0x0a3fdfbd) Line 587 + 0x9 C++ gklayout.dll!nsScriptLoader::ProcessScriptElement(nsIScriptElement * aElement=0x05bb0274, nsIScriptLoaderObserver * aObserver=0x05bb0270) Line 533 + 0x7 C++ gklayout.dll!nsHTMLScriptElement::MaybeProcessScript() Line 666 C++ gklayout.dll!nsHTMLScriptElement::SetDocument(nsIDocument * aDocument=0x05b4bc68, int aDeep=0x00000000, int aCompileEventHandlers=0x00000001) Line 451 + 0x7 C++ gklayout.dll!nsGenericElement::AppendChildTo(nsIContent * aKid=0x05bb0250, int aNotify=0x00000000, int aDeepSetDocument=0x00000000) Line 2522 C++ gklayout.dll!HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & aNode={...}) Line 4268 C++ gklayout.dll!HTMLContentSink::AddLeaf(const nsIParserNode & aNode={...}) Line 3121 C++ gklayout.dll!HTMLContentSink::AddHeadContent(const nsIParserNode & aNode={...}) Line 3072 + 0xa C++ gkparser.dll!CNavDTD::AddHeadLeaf(nsIParserNode * aNode=0x0a3fdfbd) Line 3797 + 0xa C++ gkparser.dll!CNavDTD::HandleStartToken(CToken * aToken=0x00000054) Line 1805 + 0xa C++ gkparser.dll!CNavDTD::HandleToken(CToken * aToken=0x03f49d18, nsIParser * aParser=0x05f305f0) Line 992 + 0xa C++ gkparser.dll!CNavDTD::BuildModel(nsIParser * aParser=0x05f305f0, nsITokenizer * aTokenizer=0x05d7a008, nsITokenObserver * anObserver=0x00000000, nsIContentSink * aSink=0x0386f05c) Line 471 + 0xa C++ gkparser.dll!nsParser::BuildModel() Line 1900 C++ gkparser.dll!nsParser::ResumeParse(int allowIteration=0x00000001, int aIsFinalChunk=0x00000000, int aCanInterrupt=0x00000001) Line 1762 + 0x6 C++ gkparser.dll!nsParser::OnDataAvailable(nsIRequest * request=0x0602b4a8, nsISupports * aContext=0x00000000, nsIInputStream * pIStream=0x05c52cf8, unsigned int sourceOffset=0x0000d000, unsigned int aLength=0x0000941b) Line 2427 + 0xd C++ docshell.dll!nsDocumentOpenInfo::OnDataAvailable(nsIRequest * request=0x0602b4a8, nsISupports * aCtxt=0x00000000, nsIInputStream * inStr=0x05c52cf8, unsigned int sourceOffset=0x0000d000, unsigned int count=0x0000941b) Line 344 C++ necko.dll!nsHTTPCompressConv::do_OnDataAvailable(nsIRequest * request=0x0602b4a8, nsISupports * aContext=0x00000000, unsigned int aSourceOffset=0x0000d000, char * buffer=0x0612dff8, unsigned int aCount=0x00000000) Line 390 + 0x16 C++ necko.dll!nsHTTPCompressConv::OnDataAvailable(nsIRequest * request=0x0602b4a8, nsISupports * aContext=0x00000000, nsIInputStream * iStr=0x05bb0180, unsigned int aSourceOffset=0x0000d000, unsigned int aCount=0x0000284a) Line 314 C++ necko.dll!nsHttpChannel::OnDataAvailable(nsIRequest * request=0x05c52d28, nsISupports * ctxt=0x00000000, nsIInputStream * input=0x05bb0180, unsigned int offset=0x0000d000, unsigned int count=0x0000284a) Line 3718 C++ necko.dll!nsInputStreamPump::OnStateTransfer() Line 438 C++ necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x05bb0180) Line 339 C++ xpcom.dll!nsOutputStreamReadyEvent::EventHandler(PLEvent * plevent=0x038c7be4) Line 119 C++ xpcom.dll!PL_HandleEvent(PLEvent * self=0x038c7be4) Line 693 C xpcom.dll!PL_ProcessPendingEvents(PLEventQueue * self=0x00e12bd8) Line 627 + 0x6 C xpcom.dll!_md_TimerProc(HWND__ * hwnd=0x00a9195c, unsigned int uMsg=0x00000113, unsigned int idEvent=0x00000000, unsigned long dwTime=0x86a05b4f) Line 998 + 0x6 C user32.dll!77d43a50() user32.dll!GetSysColor() + 0x10f user32.dll!TranslateMessage() + 0x8d user32.dll!DispatchMessageW() + 0xb user32.dll!DrawStateW() + 0xffa user32.dll!DialogBoxIndirectParamAorW() + 0x34 user32.dll!DialogBoxIndirectParamW() + 0x19 comdlg32.dll!GetOpenFileNameA() + 0x21c comdlg32.dll!GetSaveFileNameA() + 0x1c This is one of a bunch of related problems to my infinite loop.
Keywords: hang
Assignee: parser → nobody
QA Contact: parser
This code is gone.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: