Closed
Bug 527558
Opened 15 years ago
Closed 9 years ago
Crash [@ xul.dll!nsDependentCSubstring::nsDependentCSubstring]
Categories
(Core :: XSLT, defect)
Tracking
()
RESOLVED
FIXED
mozilla43
People
(Reporter: pvnick, Assigned: peterv)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:dos stack exhaustion])
Crash Data
Attachments
(3 files, 2 obsolete files)
Stack overflow in an xsl transform using the key function.
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Updated•15 years ago
|
Blocks: fuzz-xslt-xpath
|
|
Reporter | |
Comment 2•15 years ago
|
||
This bug is hit very quickly, so I had to disable key() testing in the fuzzer. No rush, but I can't test key() anymore until this is fixed.
|
Assignee | |
Updated•15 years ago
|
Assignee: nobody → peterv
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 3•15 years ago
|
||
This seems to catch the recursion. Still need to add a crashtest.
|
|
Assignee | |
Comment 4•15 years ago
|
||
Attachment #412410 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 5•15 years ago
|
||
Branch would get this patch without the change to xslt.properties and we'll just report an unknown error there.
Attachment #412412 -
Attachment is obsolete: true
Attachment #412476 -
Flags: review?(jonas)
|
||
Updated•15 years ago
|
Whiteboard: [sg:dos stack exhaustion]
|
|
||
Updated•15 years ago
|
status1.9.1:
--- → wanted
Aren't use-expressions allowed to reference keys? As long as that doesn't happen in a circular fashion. I wonder if we should simply do what the js-engine does and have a catch-all recursion detector based on measuring the amount of C++ stack used.
|
|
Assignee | |
Comment 7•15 years ago
|
||
(In reply to comment #6) > Aren't use-expressions allowed to reference keys? As long as that doesn't > happen in a circular fashion. Nope: http://www.w3.org/1999/11/REC-xslt-19991116-errata/#E13.
Attachment #412476 -
Flags: review?(jonas) → review+
Comment on attachment 412476 [details] [diff] [review] v2 Why the ignoreError stuff? Couldn't technically XSLT2 allow keys as long as they aren't used circularly? We still create an ErrorExpr, so no risk of out of control recursions. Nit: I would prefer if 'allowed' was called something more descriptive? Like exprTypeAllowed or some such? r=me either way.
|
|
Assignee | |
Comment 9•15 years ago
|
||
(In reply to comment #8) > (From update of attachment 412476 [details] [diff] [review]) > Why the ignoreError stuff? Couldn't technically XSLT2 allow keys as long as > they aren't used circularly? I really don't see how that would fit into 1 of the 6 bullet points in http://www.w3.org/TR/xslt#forwards. And for patterns we don't create ErrorExprs, so use and match would be treated differently? > Nit: I would prefer if 'allowed' was called something more descriptive? Like > exprTypeAllowed or some such? Yeah, I forgot to tell you I'm looking for better names and suggestions are welcome ;-).
|
||
Updated•13 years ago
|
Crash Signature: [@ xul.dll!nsDependentCSubstring::nsDependentCSubstring]
Peter: Does this still apply? Should we try to land it?
|
|
Assignee | |
Comment 12•9 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #10) > Peter: Does this still apply? Should we try to land it? Needed some updating, thanks for reminding me.
|
||
Comment 13•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/d858d1b52b6b
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox43:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in
before you can comment on or make changes to this bug.
Description
•