Closed
Bug 341359
Opened 18 years ago
Closed 18 years ago
Crash [@ SinkContext::FlushTags] with malformed html, with javascript disabled, using noscript, table, frameset, meta
Categories
(Core :: DOM: HTML Parser, defect, P1)
Core
DOM: HTML Parser
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: martijn.martijn, Assigned: mrbkap)
References
Details
(5 keywords, Whiteboard: [patch])
Crash Data
Attachments
(4 files)
39 bytes,
text/html
|
Details | |
19.54 KB,
text/html
|
Details | |
19.56 KB,
text/html
|
Details | |
1.35 KB,
patch
|
sicking
:
review+
sicking
:
superreview+
sicking
:
approval-branch-1.8.1+
dveditz
:
approval1.8.0.7+
darin.moz
:
approval1.8.1+
|
Details | Diff | Splinter Review |
See upcoming testcase which crashes Mozilla when js is turned off. The testcase consists of this: <noscript> <table> <frameset> <meta> Talkback ID: TB19806713M SinkContext::FlushTags HTMLContentSink::DidBuildModel CNavDTD::DidBuildModel By the way, there is another regression, between 2005-09-08 and 2005-09-11, where the testcase starts showing up having a black background: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-09-08+08&maxdate=2005-09-11+09&cvsroot=%2Fcvsroot Probably a regression from bug 307821, might be useful to know. This regressed between 2005-11-01 and 2005-11-03: http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=all&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-11-01+07&maxdate=2005-11-03+07&cvsroot=%2Fcvsroot I think a regression from bug 314759.
Reporter | ||
Comment 1•18 years ago
|
||
Reporter | ||
Comment 2•18 years ago
|
||
Reporter | ||
Comment 3•18 years ago
|
||
Assignee | ||
Comment 4•18 years ago
|
||
This doesn't allow noscript in the head at all, so it'll be moved into the body, and we won't crash.
Attachment #225596 -
Flags: superreview?(bugmail)
Attachment #225596 -
Flags: review?(bugmail)
Comment on attachment 225596 [details] [diff] [review] Potential fix r+sr+a=sicking (though really you should be the one to a+ it since you're the owner)
Attachment #225596 -
Flags: superreview?(bugmail)
Attachment #225596 -
Flags: superreview+
Attachment #225596 -
Flags: review?(bugmail)
Attachment #225596 -
Flags: review+
Attachment #225596 -
Flags: approval-branch-1.8.1+
Reporter | ||
Comment 6•18 years ago
|
||
Testcase is now wfm with current trunk build. Fixed by bug 333497? Is the patch still necessary?
Assignee | ||
Comment 7•18 years ago
|
||
(In reply to comment #6) > Testcase is now wfm with current trunk build. Fixed by bug 333497? Is the patch > still necessary? Yeah, we should get this patch in on the branch at the very least since bug 333497 won't go in there.
Status: NEW → ASSIGNED
OS: Windows XP → All
Priority: -- → P1
Hardware: PC → All
Whiteboard: [patch]
Target Milestone: --- → mozilla1.9alpha
Assignee | ||
Comment 8•18 years ago
|
||
Comment on attachment 225596 [details] [diff] [review] Potential fix I was tardy in getting this into the branch, re-requesting approval.
Attachment #225596 -
Flags: approval1.8.1?
Assignee | ||
Comment 9•18 years ago
|
||
This got checked in as part of bug 333497.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 10•18 years ago
|
||
Comment on attachment 225596 [details] [diff] [review] Potential fix a=darin on behalf of drivers
Attachment #225596 -
Flags: approval1.8.1? → approval1.8.1+
Updated•18 years ago
|
Flags: blocking1.8.0.7?
Comment 12•18 years ago
|
||
Comment on attachment 225596 [details] [diff] [review] Potential fix approved for 1.8.0 branch, a=dveditz for drivers
Attachment #225596 -
Flags: approval1.8.0.7+
Updated•18 years ago
|
Flags: blocking1.8.0.7?
Flags: blocking1.8.0.7+
Flags: blocking1.7.14?
Flags: blocking-aviary1.0.9?
Reporter | ||
Comment 14•18 years ago
|
||
The "Another uminimised file that is probably this bug" is crashing for me on 1.8.0.7 branch and 1.8.1 branch, with a stacktrace that is similar to bug 344300.
Comment 15•18 years ago
|
||
https://bugzilla.mozilla.org/attachment.cgi?id=225412&action=view (secondary testcase) still causing a crash on Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7) Gecko/20060831 Firefox/1.5.0.7. Re-opening this bug.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 16•18 years ago
|
||
as per comment #14, the testcase that is still crashing is considered to be bug 344300. verification for this bug should only be done with the first testcase. sorry for the confusion. re-marking this bug fixed.
Status: REOPENED → RESOLVED
Closed: 18 years ago → 18 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Crash Signature: [@ SinkContext::FlushTags]
You need to log in
before you can comment on or make changes to this bug.
Description
•