Closed
Bug 273213
Opened 20 years ago
Closed 20 years ago
The last character of some tags consumed as CDATA get chopped off if the tag is not closed properly
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bzbarsky, Assigned: mrbkap)
References
()
Details
(Keywords: regression)
Attachments
(1 file)
979 bytes,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
|
Details | Diff | Splinter Review |
If I load data:text/html,<iframe> in the browser, I get the following assertion: ###!!! ASSERTION: can't advance (backward) a reading iterator beyond the end of a string: 'step<0', file ../../../dist/include/string/nsStringIterator.h, line 182 The callstack goes back to SinkContext::AddLeaf, where we call: AddText(aNode.GetText()); The string passed to AddText is: (gdb) p aText $2 = (const nsAString &) @0x8800e90: {mVTable = 0x4016e0c8, mData = 0x85e8708, mLength = 4294967295, mFlags = 0} Note the mLength. This looks like fallout from either bug 269853 or bug 88952 to me... I don't recall this testcase asserting before the last time I pulled from CVS. The token on the parser node is a CTextToken, and it looks like this: $6 = {<CHTMLToken> = {<CToken> = {_vptr.CToken = 0x41d6fde8, mTypeID = 109, mUseCount = 2, mNewlineCount = 0, mLineNumber = 1, mInError = 0, mAttrCount = 0}, <No data fields>}, mTextValue = {mStart = {mBuffer = 0x85e86b8, mPosition = 0x85e8708}, mEnd = {mBuffer = 0x85e86b8, mPosition = 0x85e8706}, mBufferList = 0x867df98, mLength = 4294967295, mFlattenedRep = {<nsSubstring> = {<nsAString> = {mVTable = 0x4016e0c8, mData = 0x85e8708, mLength = 4294967295, mFlags = 0}, <No data fields>}, <No data fields>}, mIsDirty = 0}} Note that mStart.mPosition is bigger than mEnd.mPosition, which is what causes the problem.... If I close the <iframe> I don't get an assert, so this looks like a bug in the EOF case in ReadUntil(). This makes it likely bug 88952 is responsible.
Assignee | ||
Comment 1•20 years ago
|
||
I think if you had: "data:text/html,<iframe>123" view-source would have shown "<iframe>12". This fixes all of it.
Assignee: parser → mrbkap
Status: NEW → ASSIGNED
Assignee | ||
Updated•20 years ago
|
Attachment #167904 -
Flags: review?(bzbarsky)
Reporter | ||
Comment 2•20 years ago
|
||
Comment on attachment 167904 [details] [diff] [review] patch v1 r+sr=bzbarsky
Attachment #167904 -
Flags: superreview+
Attachment #167904 -
Flags: review?(bzbarsky)
Attachment #167904 -
Flags: review+
Assignee | ||
Comment 3•20 years ago
|
||
Changing summary to the larger problem and marking FIXED since this was checked in.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Keywords: regression
Resolution: --- → FIXED
Summary: Assert when loading URL in URL field → The last character of some tags consumed as CDATA get chopped off if the tag is not closed properly
You need to log in
before you can comment on or make changes to this bug.
Description
•