Closed
Bug 265353
Opened 21 years ago
Closed 18 years ago
Hang in JS RegExp.exec() function when clicking on this page
Categories
(Core :: JavaScript Engine, defect)
Core
JavaScript Engine
Tracking
()
RESOLVED
FIXED
People
(Reporter: 6jju4k002, Assigned: mrbkap)
References
()
Details
(Keywords: hang)
Attachments
(1 file)
|
71.42 KB,
text/html
|
Details |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a5) Gecko/20041020
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8a5) Gecko/20041020
Using the Javascript debugger, I narrowed down the location of the hang to line
275 in the wikify() function on this page the offending code being:
var theMatch = theRegExp.exec(text);
Reproducible: Always
Steps to Reproduce:
1. Load URL
2. If you're running the JS debugger: hard-breakpint line 275.
2. Click on “RegularExpressions” entry in the left-hand menu (Amber background)
3. If you're running the debugger: you will need to step trhough line 275 a few
times before the crash.
Actual Results:
Mozilla hangs with 100% cpu.
Expected Results:
The function should either throw exception, or return successfully.
(I haven't confirmed whether the regex is valid)
Unknown what the web page should look like.
Note: I have included a copy of the web page in the bug.
Also, the relguar expression at time of crash is:
"((?:\\b|_+)(?:[A-Z]+[_a-z]+[A-Z][A-Za-z_0-9]*)|(?:[A-Z]{2,}[_a-z]+))|((?:http|https|mailto|ftp):\\S*)|(\\n)|(?:\\[[oO][bB][jJ][cC]\\][\\r\\n]?((?:.|[^.])*?)\\[/[oO][bB][jJ][cC]\\][\\r\\n]?)|(?:\\[\\[((?:[^\\[\\]\\|])+)\\|([^\\[\\]\\|]+)\\]\\])|(?:\\[\\[([^\\]]+)\\]\\])|(^!{1,5})|(^\\*+)|(^#+)"
You may have problems debugging this page locally. I couldn't set any breakpoints
when accessing it by the file: protocol.
|
||
Comment 2•21 years ago
|
||
Confirming hang.
|
||
Comment 3•21 years ago
|
||
this depends on Bug 194231.
<DIV id="storeRegularExpressions"> contains texts over 8KB,
and Mozilla splits it into 4KB adjacent textnodes.
the firstChild.nodeValue contains "[objc]", but not "[/objc]" for Mozilla.
so Mozilla hangs on the following relguar expression
"(¥¥[[oO][bB][jJ][cC]¥¥]¥¥n?)((?:.|[^.])+?)(¥¥[/[oO][bB][jJ][cC]¥¥])"
called by
"var formatMatch = structureRegExp.exec(targetText);"
is this related to or a dup of Bug 225094?
Depends on: 194231
Hardware: PC → All
|
||
Comment 4•20 years ago
|
||
background info (see the implementation note)
http://bclary.com/2004/09/26/boot-camp-javascript#String.prototype.replace
this behavior will change in firefox 1.1 and mozilla 1.8 due to bug 255895.
considering this behavior is by design, marking invalid.
Status: NEW → RESOLVED
Closed: 20 years ago
Depends on: 255895
QA Contact: pschwartau → moz
Resolution: --- → INVALID
|
Assignee | |
Comment 6•20 years ago
|
||
I can't reproduce the hang using the copy of the web page attached here and the
URL is now a 404. Has this been magically fixed?
|
|
Assignee | |
Comment 8•20 years ago
|
||
Sounds like this may be something that was fixed on the trunk, then. I'll pull a
branch build and see if I can figure out where it's hanging.
Correction: Still hanging for me with Ubuntu *Firefox* 1.0.6
I don't know if this may be based upon an older JS engine
than the original Mozilla 1.8a5 I tested with.
Blake, what version of Firefox/Mozilla are you testing with?
In reply to Comment #3,
I don't think that this is a dup of Bug# 225094, as the hang occurs
on line 275. It is not possible to stop at breakpoints in the loop,
as would be possible if this was an infinite loop hang.
|
|
Assignee | |
Comment 10•20 years ago
|
||
I'm testing with a couple of very recent trunk builds. The Javscript engine in
Firefox 1.0.x is (modulo some security and crash fixes) over a year old, so it's
very possible that this has been fixed on the trunk.
|
Reporter | |
Comment 11•20 years ago
|
||
When I can, will test with a trunk nightly, and confirm it's status on the trunk.
But it could be quite a while before I get round to this :-(
|
||
Comment 12•20 years ago
|
||
If this is fixed on the trunk, the bug should be closed. It should be marked
FIXED if the fix is known, else WORKSFORME.
/be
|
|
Assignee | |
Comment 13•20 years ago
|
||
Marking WFM, for now. If someone wants to figure out why this was hanging in
jsregexp, feel free.
Status: REOPENED → RESOLVED
Closed: 20 years ago → 20 years ago
Resolution: --- → WORKSFORME
|
|
||
Comment 14•20 years ago
|
||
Still hanging for me with
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20050907
Firefox/1.6a1
and
Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.9a1) Gecko/20050907
Firefox/1.6a1
Steps to reproduce:
1. open attachment 162777 [details].
2. click the link "RegularExpressions" at the upper left.
reopening.
Status: RESOLVED → REOPENED
Resolution: WORKSFORME → ---
|
|
Assignee | |
Comment 15•20 years ago
|
||
Sorry, I misread the steps to reproduce. I'll investigate this tomorrow.
Assignee: general → mrbkap
Status: REOPENED → NEW
|
||
Comment 16•18 years ago
|
||
with javascript.options.relimit set to true, this should go away.
Status: NEW → RESOLVED
Closed: 20 years ago → 18 years ago
Resolution: --- → FIXED
|
||
Comment 17•18 years ago
|
||
This isn't a code change, it's a preference entry. So it's really a workaround and should be WORKSFORME. (Unless there's a known code check-in that enabled this preference.)
Resolution: FIXED → WORKSFORME
|
|
||
Comment 18•18 years ago
|
||
The patches in bug 330569 enable the preference and the heuristic in the Spidermonkey logic, so it is a real fix.
Resolution: WORKSFORME → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•