Closed
Bug 527558
Opened 15 years ago
Closed 9 years ago
Crash [@ xul.dll!nsDependentCSubstring::nsDependentCSubstring]
Categories
(Core :: XSLT, defect)
Tracking
()
RESOLVED
FIXED
mozilla43
People
(Reporter: pvnick, Assigned: peterv)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:dos stack exhaustion])
Crash Data
Attachments
(3 files, 2 obsolete files)
Stack overflow in an xsl transform using the key function.
Reporter | ||
Comment 1•15 years ago
|
||
Reporter | ||
Updated•15 years ago
|
Blocks: fuzz-xslt-xpath
Reporter | ||
Comment 2•15 years ago
|
||
This bug is hit very quickly, so I had to disable key() testing in the fuzzer. No rush, but I can't test key() anymore until this is fixed.
Assignee | ||
Updated•15 years ago
|
Assignee: nobody → peterv
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•15 years ago
|
||
This seems to catch the recursion. Still need to add a crashtest.
Assignee | ||
Comment 4•15 years ago
|
||
Attachment #412410 -
Attachment is obsolete: true
Assignee | ||
Comment 5•15 years ago
|
||
Branch would get this patch without the change to xslt.properties and we'll just report an unknown error there.
Attachment #412412 -
Attachment is obsolete: true
Attachment #412476 -
Flags: review?(jonas)
Updated•15 years ago
|
Whiteboard: [sg:dos stack exhaustion]
Updated•15 years ago
|
status1.9.1:
--- → wanted
Aren't use-expressions allowed to reference keys? As long as that doesn't happen in a circular fashion.
I wonder if we should simply do what the js-engine does and have a catch-all recursion detector based on measuring the amount of C++ stack used.
Assignee | ||
Comment 7•15 years ago
|
||
(In reply to comment #6)
> Aren't use-expressions allowed to reference keys? As long as that doesn't
> happen in a circular fashion.
Nope: http://www.w3.org/1999/11/REC-xslt-19991116-errata/#E13.
Attachment #412476 -
Flags: review?(jonas) → review+
Comment on attachment 412476 [details] [diff] [review]
v2
Why the ignoreError stuff? Couldn't technically XSLT2 allow keys as long as they aren't used circularly? We still create an ErrorExpr, so no risk of out of control recursions.
Nit: I would prefer if 'allowed' was called something more descriptive? Like exprTypeAllowed or some such?
r=me either way.
Assignee | ||
Comment 9•15 years ago
|
||
(In reply to comment #8)
> (From update of attachment 412476 [details] [diff] [review])
> Why the ignoreError stuff? Couldn't technically XSLT2 allow keys as long as
> they aren't used circularly?
I really don't see how that would fit into 1 of the 6 bullet points in http://www.w3.org/TR/xslt#forwards. And for patterns we don't create ErrorExprs, so use and match would be treated differently?
> Nit: I would prefer if 'allowed' was called something more descriptive? Like
> exprTypeAllowed or some such?
Yeah, I forgot to tell you I'm looking for better names and suggestions are welcome ;-).
Updated•13 years ago
|
Crash Signature: [@ xul.dll!nsDependentCSubstring::nsDependentCSubstring]
Peter: Does this still apply? Should we try to land it?
Comment 11•9 years ago
|
||
Assignee | ||
Comment 12•9 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #10)
> Peter: Does this still apply? Should we try to land it?
Needed some updating, thanks for reminding me.
Comment 13•9 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox43:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
You need to log in
before you can comment on or make changes to this bug.
Description
•