Open Bug 616094 Opened 14 years ago Updated 1 year ago

Make variable-sized buffer allocations in the HTML5 tree builder use fallible allocation and mark the parser dirty & stop parse if an allocation has failed

Tracking

()

Status:

NEW

People

(Reporter: hsivonen, Unassigned)

Details

Henri Sivonen (:hsivonen)

Reporter

Description

•

14 years ago

nsHtml5TreeBuilder::appendCharacters and, more importantly, similar comment appends use the infallible allocator to allocate a potentially large-ish buffer. Consider using a fallible allocator, checking for allocation failure and stopping the parser upon allocation failure.

See also bug 573078.

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Make variable-sized buffer allocations in the HTML5 tree builder use fallible allocation and mark the parser dirty & stop parse if an allocation has failed

Categories

(Core :: DOM: HTML Parser, defect)

Tracking

()

People

(Reporter: hsivonen, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated