Closed Bug 321142 Opened 19 years ago Closed 15 years ago

FF hangs on page with very large comment (+/- 1 million chars)

Categories

(Core :: DOM: HTML Parser, defect)

Product:
Core
Component:
DOM: HTML Parser
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: zarco.zwier, Unassigned)

References

Details

(Keywords: hang, Whiteboard: [sg:dos][fixed by the HTML5 parser])

Attachments

(2 files)

test case
1.78 KB, application/zip
Details
FF hangs - part deux
3.70 KB, application/zip
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051219 Firefox/1.6a1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20051219 Firefox/1.6a1 When a HTML page contains a very large comment tag (+/- 1 million chars) FF will hang. Reproducible: Always Steps to Reproduce: 1. Open the test case Actual Results: FF hangs Expected Results: FF should not hang
Depends on: 92193
Depends on: longlines
No longer depends on: 92193
Depends on: 92193
No longer depends on: longlines
Attached file test case
Attachment #206534 - Attachment mime type: text/plain → application/zip
Assignee: nobody → mrbkap
Status: UNCONFIRMED → NEW
Component: General → HTML: Parser
Ever confirmed: true
Product: Firefox → Core
Whiteboard: [sg:dos]
Version: unspecified → Trunk
Looks like an infinite loop in the parser?
Keywords: hang
There's nothing infinite about this testcase. This also has nothing to do with comments; the only comment I saw in the testcase was the comment |<!script>|, after that we're looking at a whole bunch of open <script> tags, which we do an O(n^2) dance to parse (ouch!). I bet a build with the patch over in bug 311395 would do much better on this testcase.
It was late when I was checking it, I thought I had seen a current > end in one of the loops that was waiting for the pointer to get to the end.
With today's build, the testcase loads almost instantaneously.
Status: NEW → RESOLVED
Closed: 19 years ago
Depends on: 305873
Resolution: --- → FIXED
True, but slightly modified (when every odd <script> is replaced by </script>) and viewing the source exposes the problemo again. Using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060205 Firefox/1.6a1 Should I file a new bug or reopen?
Attached file FF hangs - part deux
The second testcase got lost because of the "fixed" status, reopening.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Whiteboard: [sg:dos] → [sg:low dos]
This doesn't need to be security sensitive. Assigning to default owner since I'm probably not going to look at this any time soon.
Assignee: mrbkap → nobody
Group: security
Status: REOPENED → NEW
QA Contact: general → parser
Whiteboard: [sg:low dos] → [sg:dos]
The HTML5 parser doesn't parse back and forth.
Status: NEW → RESOLVED
Closed: 19 years ago15 years ago
Resolution: --- → FIXED
Whiteboard: [sg:dos] → [sg:dos][fixed by the HTML5 parser]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: