Closed
Bug 320996
(xangle)
Opened 19 years ago
Closed 7 years ago
mangle xul tags
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
People
(Reporter: bernd_mozilla, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: meta, sec-other, Whiteboard: [sg:nse] meta)
Attachments
(1 file, 6 obsolete files)
|
6.45 KB,
application/x-zip-compressed
|
Details |
the mangleme script targets html, I thought that this should work also with xul. The attached "kiddy" stuff crashes at the first url that it creates.
|
||
Comment 5•19 years ago
|
||
I reduced the testcase in comment 2 and filed bug 321016 based on it. I'm turning this into a metabug to match the bugs for other fuzz-testing tools.
Keywords: meta
|
|
||
Comment 6•19 years ago
|
||
Neil, interested in trying to fix some of these?
|
|
||
Comment 7•19 years ago
|
||
I added the ability to output nested tags, removed some bogus tags, and commented out <listboxbody> because it's known to crash.
I ran 500 files generated by this program through Firefox 1.5 and none of them made it crash.
Attachment #206430 -
Attachment is obsolete: true
Attachment #206431 -
Attachment is obsolete: true
|
|
||
Comment 8•19 years ago
|
||
|
|
||
Updated•19 years ago
|
Alias: xangle
the diff is relative to attachment 206455 [details] and crashes tree times within the first 500 testfiles.
|
|
||
Comment 10•19 years ago
|
||
The new version (comment 9) generates files that are both smaller and flatter, so it would surprise me if it were more effective at finding bugs.
I don't get any crashes in the first 500 files (on Mac, using g++ 3.3's rand impl). I tried with Firefox 1.5, today's trunk nightly, and my trunk debug build. I also don't get any new assertions or warnings in the debug build.
Can you attach and/or reduce the files that crash for you?
|
Reporter | |
Comment 11•19 years ago
|
||
One crash got fixed by updating the browser, testcase 279 and 402 crash both at bug 321224.
Btw http://events.ccc.de/congress/2005/fahrplan/events/537.en.html and the links there are interesting stuff.
|
|
Reporter | |
Comment 12•19 years ago
|
||
no new crashes, but new asserts, hang and window folding
|
|
||
Updated•19 years ago
|
Whiteboard: [sg:nse] meta
|
||
Updated•19 years ago
|
OS: Windows XP → All
Hardware: PC → All
|
|
||
Updated•19 years ago
|
Attachment #206455 -
Attachment is obsolete: true
|
|
||
Updated•19 years ago
|
Attachment #206528 -
Attachment is obsolete: true
|
|
||
Updated•19 years ago
|
Attachment #206454 -
Attachment is obsolete: true
|
|
||
Updated•19 years ago
|
Attachment #206454 -
Attachment is patch: true
|
|
Reporter | |
Comment 13•19 years ago
|
||
some more style args, makes it crash again
Attachment #206840 -
Attachment is obsolete: true
|
|
||
Comment 14•19 years ago
|
||
I made two changes to my local copy:
* Added "\n" to the dump, so I can "grep | sort | uniq -c" for assertion lines.
* Removed the space before both instances of "<script>var v =", which interfered with Lithium's indentation-based tree strucure guessing.
|
|
||
Comment 15•19 years ago
|
||
With the second patch to bug 140218, Firefox gets through 500 Xangle-generated pages without a crash or hang. It stops drawing pretty quickly (bug 322731). It hits a lot of assertions, but I think we already have bugs on all of them (the ones I checked were in this bug's dependencies list).
|
||
Updated•9 years ago
|
Group: core-security → layout-core-security
|
||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Group: layout-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•