Loading a XUL file with no DTD and an undefined entity reference crashes in HTMLContentSink::CreateContentObject

VERIFIED DUPLICATE of bug 39520

Status

()

Core
XUL
P3
critical
VERIFIED DUPLICATE of bug 39520
18 years ago
10 years ago

People

(Reporter: aw, Assigned: David Hyatt)

Tracking

({crash})

Trunk
x86
All
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT)
BuildID:    2000052120

Load the attached XUL file into mozilla.  It contains an undefined enity 
reference (&foo;).  Mozilla crashes.

Reproducible: Always
Steps to Reproduce:
1. Load the attached noentity.xul


Actual Results:  Mozilla crashes

Expected Results:  An error from the XML parser about an undefined entity.
(Reporter)

Comment 1

18 years ago
Created attachment 8969 [details]
Testcase noentity.xul

Comment 2

18 years ago
Confirming bug. Reproduced on PC/Linux, build 2000052109. Clicking on the
attachment link did not crash, but saving the attachment to a local file
and then loading that file caused a crash. Here's the stack trace:

#0  0x40d9ae90 in HTMLContentSink::CreateContentObject ()
   from components/libraptorhtml.so
#1  0x40d9b92d in SinkContext::OpenContainer ()
   from components/libraptorhtml.so
#2  0x40d9ede5 in HTMLContentSink::OpenContainer ()
   from components/libraptorhtml.so
#3  0x410084b3 in CWellFormedDTD::HandleStartToken ()
   from components/libraptorhtmlpars.so
#4  0x41008607 in CWellFormedDTD::HandleErrorToken ()
   from components/libraptorhtmlpars.so
#5  0x410081f7 in CWellFormedDTD::HandleToken ()
   from components/libraptorhtmlpars.so
#6  0x41007e6e in CWellFormedDTD::BuildModel ()
   from components/libraptorhtmlpars.so
#7  0x40ffcff2 in nsParser::BuildModel ()
   from components/libraptorhtmlpars.so
#8  0x40ffce19 in nsParser::ResumeParse ()
   from components/libraptorhtmlpars.so
#9  0x40ffd810 in nsParser::OnDataAvailable ()
   from components/libraptorhtmlpars.so
#10 0x409c31d8 in nsDocumentOpenInfo::OnDataAvailable ()
   from components/liburiloader.so
#11 0x40935684 in nsFileChannel::OnDataAvailable ()
   from components/libnecko.so
#12 0x408eaeb5 in nsOnDataAvailableEvent::HandleEvent ()
   from components/libnecko.so
#13 0x408ea6b5 in nsStreamListenerEvent::HandlePLEvent ()
   from components/libnecko.so
#14 0x400bb35f in PL_HandleEvent ()
   from libxpcom.so
#15 0x400bb286 in PL_ProcessPendingEvents ()
   from libxpcom.so
#16 0x400bc139 in nsEventQueueImpl::ProcessPendingEvents ()
   from libxpcom.so
#17 0x406132bf in event_processor_callback ()
   from components/libwidget_gtk.so
#18 0x4061302f in our_gdk_io_invoke ()
   from components/libwidget_gtk.so

Adding crash kw, setting OS to All, 
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
OS: Windows NT → All
Summary: Loading a XUL file with no DTD and an undefined entity reference crashes → Loading a XUL file with no DTD and an undefined entity reference crashes in HTMLContentSink::CreateContentObject

Comment 3

18 years ago
reassigning to hyatt for triage.
Assignee: trudelle → hyatt

Comment 4

18 years ago
This is a dup of bug 38158 (same stack trace),
which is a dup of bug 39520 (also same stack trace),
which is currently marked fixed, but requested to be reopened.

Marking dup and reopening the other bug, since this crash is still
alive in build 2000052508 on PC/Linux. Going to CC hyatt.

*** This bug has been marked as a duplicate of 39520 ***
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → DUPLICATE

Comment 5

18 years ago
Well this is not strictly a duplicate of the stated problem -- loading a xul
file with an undefined entity reference causes a crash.

That problem is fixed in current builds mac/linux/win32.

What does crash is if you serve the testcase from aw@softcom.com with a 
mimetype of text/html, and that is covered (directly or indirectly) by 
bug 38158. 

Anyways, verifying duplicate (even though it's fixed).
Status: RESOLVED → VERIFIED

Updated

10 years ago
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in before you can comment on or make changes to this bug.