atoms do not handle embedded NUL characters

REOPENED
Unassigned

Status

()

Core
XPCOM
REOPENED
14 years ago
6 years ago

People

(Reporter: mrbkap, Unassigned)

Tracking

Trunk
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

14 years ago
While debugging bug 264956, bz and I found that atoms do not handle embedded NUL
characters. This was an issue because we were given "input\0AAA" so the parser
was creating a userdefined node, but when we later created an atom out of it, it
came back as "input", so we ended up trying to QI as an input element and crashing.

The fix to bug 264956 prevents this now, but as NULs can also come through
attributes, and these also get turned into atoms, this is still a problem.
To be precise, our mutation event code atomizes attribute _values_.  Which can
well contain nulls.
xul elements atomizes all attribute values smaller then a certain size. All
other elements should as well, though I don't think I actually flicked the
switch on that.
I don't believe null characters are ever valid characters in XML data, but maybe
they can in HTML... But I don't think there's anything preventing them from
coming in through the DOM...

Comment 4

14 years ago
FYI, I fixed Atom and friends to handle NUL in bug 228856 (Patch2).
Depends on: 228856
Assignee: dougt → nobody
QA Contact: xpcom

Updated

6 years ago
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 228856
The patch that Mats wrote, fixing Atom, was never applied (as far as I know).  We went with a different, narrower fix in the CSS parser for bug 228856.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
You need to log in before you can comment on or make changes to this bug.