Closed Bug 553999 Opened 14 years ago Closed 12 years ago

A simple file that containts 1023 Unix LF chars kills Firefox, but it works on IE, Chrome, Opera, Safari. Tested on Firefox 3.6 and on 3.5.4 as well.

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: ade, Unassigned)

References

(
URL
)

Details

(Keywords: hang, Whiteboard: [fixed by the html5 parser])

Attachments

(1 file)

Stack of main thread 14 years ago Arie Paap [:wildmyron] 9.08 KB, text/plain		Details

Adam Tarcsi

Reporter

Description

•

14 years ago

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; hu; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)

A simple file that containts 1023 Unix LF chars kills Firefox, but it works on IE, Chrome, Opera, Safari. Tested on Firefox 3.6 and on 3.5.4 as well.
You can try it here: http://ade.web.elte.hu/_1023LF.txt

Reproducible: Always

Steps to Reproduce:
1. Create a simple text file with 1023 LF. Maybe less is enough, I've tested with 1023.
2. Open it with Firefox
3. Now you can restart your Firefox...
Actual Results:  
Firefox crashes

Mardeg

Comment 1

•

14 years ago

Testing on Minefield latest nightly build produces a hang, no crash.

timeless

Comment 2

•

14 years ago

https://developer.mozilla.org/en/How_to_get_a_stacktrace_with_WinDbg

Arie Paap [:wildmyron]

Comment 3

•

14 years ago

Attached file Stack of main thread — Details

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100316 Firefox/3.6.2

Fx hangs [@ xul!nsScannerIterator::advance] with 100% cpu usage on the main thread. I haven't been able to figure out what the unloaded modules are but hopefully it's not important.

Arie Paap [:wildmyron]

Updated

•

14 years ago

Status: UNCONFIRMED → NEW

Component: General → HTML: Parser

Ever confirmed: true

Keywords: hang

Product: Firefox → Core

QA Contact: general → parser

Version: unspecified → 1.9.2 Branch

Henri Sivonen (:hsivonen)

Comment 4

•

14 years ago

Bug 479959 will fix this eventually.

Depends on: 479959

Alex Miller

Comment 5

•

14 years ago

Firefox 3.6.12 on Ubuntu just hangs.

fly3ds@qq.com

Comment 6

•

12 years ago

It works good in Firefox 10.0, Windows XP.  Maybe Someone Fixed it?

Henri Sivonen (:hsivonen)

Comment 7

•

12 years ago

Fixed by fixing bug 479959.

Status: NEW → RESOLVED

Closed: 12 years ago

Resolution: --- → FIXED

Whiteboard: [fixed by the html5 parser]

Comment hidden (spam)

[Security approval request comment]
How easily could an exploit be constructed based on the patch?

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?

Which older supported branches are affected by this flaw?

If not all supported branches, which bug introduced the flaw?

Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be?

How likely is this patch to cause regressions; how much testing does it need?

Ksks

wilsonchong8806222

Updated

•

10 years ago

Flags: needinfo?(wilsonchong8806222)

wilsonchong8806222

Updated

•

10 years ago

blocking-b2g: --- → 2.2?

Andrew Overholt [:overholt]

Updated

•

10 years ago

blocking-b2g: 2.2? → ---

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

A simple file that containts 1023 Unix LF chars kills Firefox, but it works on IE, Chrome, Opera, Safari. Tested on Firefox 3.6 and on 3.5.4 as well.

Categories

(Core :: DOM: HTML Parser, defect)

Tracking

()

People

(Reporter: ade, Unassigned)

References

(
URL
)

Details

(Keywords: hang, Whiteboard: [fixed by the html5 parser])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Comment 3

Updated

Comment 4

Comment 5

Comment 6

Comment 7

Comment 8

Updated

Updated

Updated

Attachment

General

Description

File Name

Content Type