Closed
Bug 362547
Opened 19 years ago
Closed 19 years ago
Crash in SAXReader with doctype missing public, system ID's
Categories
(Core :: XML, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: WeirdAl, Assigned: WeirdAl)
Details
(Keywords: crash, fixed1.8.1.2, testcase)
Attachments
(5 files)
|
12.88 KB,
text/plain
|
Details | |
|
22 bytes,
application/xml
|
Details | |
|
5.75 KB,
application/javascript
|
Details | |
|
4.55 KB,
patch
|
sayrer
:
review+
bzbarsky
:
superreview+
jay
:
approval1.8.1.2+
|
Details | Diff | Splinter Review |
|
8.99 KB,
patch
|
sayrer
:
review+
|
Details | Diff | Splinter Review |
In trying to parse a XML document with:
<!DOCTYPE bindings>
I crashed in nsCharTraits<unsigned short>::length because (s=0x0).
nsSAXXMLReader::HandleStartDTD(), with a lexical handler set, joyfully calls for nsDependentString(nsnull), and kaboom.
Stack, testcase coming up.
|
Assignee | |
Comment 1•19 years ago
|
||
|
|
Assignee | |
Comment 2•19 years ago
|
||
|
||
Comment 3•19 years ago
|
||
Shoot, I thought we got all of these.
|
|
Assignee | |
Comment 4•19 years ago
|
||
Steps to reproduce:
(1) Save the xpcshell script locally.
(2) gdb xpcshell (you need the debugger to get the stack trace) and run
(3) load the script into xpcshell.
(4) runTest();
(5) Wait about ten seconds; the script does do a fetch of the XML document from Bugzilla.
|
|
||
Comment 5•19 years ago
|
||
This crash is not exposed in Firefox 2, because the feed parser does not attach an nsILexicalHandler.
Target Milestone: --- → mozilla1.9alpha
|
|
||
Comment 6•19 years ago
|
||
We should get this on the branch for 2.0.0.2 in case extensions use it... but I can't set a relevant flag.
|
|
||
Comment 7•19 years ago
|
||
requesting blocking to get opinion from drivers. I don't think it should actually block, but it would be a crasher if an extension hits it (I don't know of any that use LexicalHandler, other than Alex's).
Flags: blocking1.8.1.1?
|
||
Comment 8•19 years ago
|
||
Too late for this, especially if vanilla FF2 is unaffected. Moving nom to the branch flag rather than the specific release.
Flags: blocking1.8.1.1? → wanted1.8.1.x+
|
|
Assignee | |
Comment 9•19 years ago
|
||
|
|
||
Updated•19 years ago
|
Attachment #247238 -
Flags: review?(sayrer) → review+
|
|
Assignee | |
Updated•19 years ago
|
Attachment #247238 -
Flags: superreview?(bzbarsky)
|
||
Comment 10•19 years ago
|
||
Comment on attachment 247238 [details] [diff] [review]
patch, v1
sr=bzbarsky; try to add some tests for this?
Attachment #247238 -
Flags: superreview?(bzbarsky) → superreview+
|
|
||
Comment 11•19 years ago
|
||
Checking in nsSAXXMLReader.cpp;
/cvsroot/mozilla/parser/xml/src/nsSAXXMLReader.cpp,v <-- nsSAXXMLReader.cpp
new revision: 1.13; previous revision: 1.12
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
||
Updated•19 years ago
|
Attachment #247238 -
Flags: approval1.8.1.2?
|
|
Assignee | |
Comment 12•19 years ago
|
||
per bz's request, setting in-testsuite? flag. If we create a DOMParser instead of the XMLHttpRequest in the xpcshell script, it should be possible to make this a single-file testcase (JavaScript, xpcshell). Isn't that what our "make check" system likes?
Flags: in-testsuite?
|
|
||
Comment 13•19 years ago
|
||
no, we should have a test/ directory in parser/xml containing SAX tests.
|
|
Assignee | |
Comment 14•18 years ago
|
||
Attachment #247752 -
Flags: review?(sayrer)
|
|
Assignee | |
Comment 15•18 years ago
|
||
Comment on attachment 247752 [details] [diff] [review]
xpcshell unit test
>+ if (parseErrorLog.length > 0) {
>+ dump(parseErrorLog.join("\n"));
>+ }
>+ do_check_true_with_dump(parseErrorLog.length == 0, parseErrorLog);
I don't know how I let the first three lines of that slip through. :(
|
|
||
Comment 16•18 years ago
|
||
Comment on attachment 247752 [details] [diff] [review]
xpcshell unit test
This is good to start.
Attachment #247752 -
Flags: review?(sayrer) → review+
|
|
||
Comment 17•18 years ago
|
||
Checking in Makefile.in;
/cvsroot/mozilla/parser/xml/Makefile.in,v <-- Makefile.in
new revision: 1.2; previous revision: 1.1
done
RCS file: /cvsroot/mozilla/parser/xml/test/Makefile.in,v
done
Checking in test/Makefile.in;
/cvsroot/mozilla/parser/xml/test/Makefile.in,v <-- Makefile.in
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/parser/xml/test/unit/test_parser.js,v
done
Checking in test/unit/test_parser.js;
/cvsroot/mozilla/parser/xml/test/unit/test_parser.js,v <-- test_parser.js
initial revision: 1.1
done
Flags: in-testsuite? → in-testsuite+
|
|
||
Comment 18•18 years ago
|
||
Comment on attachment 247238 [details] [diff] [review]
patch, v1
Approved for 1.8 branch, a=jay for drivers.
Attachment #247238 -
Flags: approval1.8.1.2? → approval1.8.1.2+
|
|
||
Comment 19•18 years ago
|
||
We're coming up on the code freeze, need a check-in on this if it's going to make 2.0.0.2
Whiteboard: [at risk] need check-in
|
||
Updated•18 years ago
|
Whiteboard: [at risk] need check-in → [at risk][checkin needed]
|
||
Updated•18 years ago
|
Keywords: fixed1.8.1.2
You need to log in
before you can comment on or make changes to this bug.
Description
•