Closed Bug 40145 Opened 24 years ago Closed 24 years ago

Loading a XUL file with no DTD and an undefined entity reference crashes in HTMLContentSink::CreateContentObject

Categories

(Core :: XUL, defect, P3)

x86
All
defect

Tracking

()

VERIFIED DUPLICATE of bug 39520

People

(Reporter: aw, Assigned: hyatt)

Details

(Keywords: crash)

Attachments

(1 file)

From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT) BuildID: 2000052120 Load the attached XUL file into mozilla. It contains an undefined enity reference (&foo;). Mozilla crashes. Reproducible: Always Steps to Reproduce: 1. Load the attached noentity.xul Actual Results: Mozilla crashes Expected Results: An error from the XML parser about an undefined entity.
Attached file Testcase noentity.xul
Confirming bug. Reproduced on PC/Linux, build 2000052109. Clicking on the attachment link did not crash, but saving the attachment to a local file and then loading that file caused a crash. Here's the stack trace: #0 0x40d9ae90 in HTMLContentSink::CreateContentObject () from components/libraptorhtml.so #1 0x40d9b92d in SinkContext::OpenContainer () from components/libraptorhtml.so #2 0x40d9ede5 in HTMLContentSink::OpenContainer () from components/libraptorhtml.so #3 0x410084b3 in CWellFormedDTD::HandleStartToken () from components/libraptorhtmlpars.so #4 0x41008607 in CWellFormedDTD::HandleErrorToken () from components/libraptorhtmlpars.so #5 0x410081f7 in CWellFormedDTD::HandleToken () from components/libraptorhtmlpars.so #6 0x41007e6e in CWellFormedDTD::BuildModel () from components/libraptorhtmlpars.so #7 0x40ffcff2 in nsParser::BuildModel () from components/libraptorhtmlpars.so #8 0x40ffce19 in nsParser::ResumeParse () from components/libraptorhtmlpars.so #9 0x40ffd810 in nsParser::OnDataAvailable () from components/libraptorhtmlpars.so #10 0x409c31d8 in nsDocumentOpenInfo::OnDataAvailable () from components/liburiloader.so #11 0x40935684 in nsFileChannel::OnDataAvailable () from components/libnecko.so #12 0x408eaeb5 in nsOnDataAvailableEvent::HandleEvent () from components/libnecko.so #13 0x408ea6b5 in nsStreamListenerEvent::HandlePLEvent () from components/libnecko.so #14 0x400bb35f in PL_HandleEvent () from libxpcom.so #15 0x400bb286 in PL_ProcessPendingEvents () from libxpcom.so #16 0x400bc139 in nsEventQueueImpl::ProcessPendingEvents () from libxpcom.so #17 0x406132bf in event_processor_callback () from components/libwidget_gtk.so #18 0x4061302f in our_gdk_io_invoke () from components/libwidget_gtk.so Adding crash kw, setting OS to All,
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
OS: Windows NT → All
Summary: Loading a XUL file with no DTD and an undefined entity reference crashes → Loading a XUL file with no DTD and an undefined entity reference crashes in HTMLContentSink::CreateContentObject
reassigning to hyatt for triage.
Assignee: trudelle → hyatt
This is a dup of bug 38158 (same stack trace), which is a dup of bug 39520 (also same stack trace), which is currently marked fixed, but requested to be reopened. Marking dup and reopening the other bug, since this crash is still alive in build 2000052508 on PC/Linux. Going to CC hyatt. *** This bug has been marked as a duplicate of 39520 ***
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → DUPLICATE
Well this is not strictly a duplicate of the stated problem -- loading a xul file with an undefined entity reference causes a crash. That problem is fixed in current builds mac/linux/win32. What does crash is if you serve the testcase from aw@softcom.com with a mimetype of text/html, and that is covered (directly or indirectly) by bug 38158. Anyways, verifying duplicate (even though it's fixed).
Status: RESOLVED → VERIFIED
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: