Open Bug 616094 Opened 15 years ago Updated 2 years ago

Make variable-sized buffer allocations in the HTML5 tree builder use fallible allocation and mark the parser dirty & stop parse if an allocation has failed

Tracking

()

Status:

NEW

People

(Reporter: hsivonen, Unassigned)

Details

Henri Sivonen (:hsivonen)

Reporter

Description

•

15 years ago

nsHtml5TreeBuilder::appendCharacters and, more importantly, similar comment appends use the infallible allocator to allocate a potentially large-ish buffer. Consider using a fallible allocator, checking for allocation failure and stopping the parser upon allocation failure. See also bug 573078.

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Make variable-sized buffer allocations in the HTML5 tree builder use fallible allocation and mark the parser dirty & stop parse if an allocation has failed

Categories

(Core :: DOM: HTML Parser, defect)

Tracking

()

People

(Reporter: hsivonen, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated