Closed Bug 691226 Opened 11 years ago Closed 11 years ago

about:memory can fail due to generating invalid XML

Categories

(Toolkit :: about:memory, defect, P2)

Product:
Toolkit
Component:
about:memory
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla10
Tracking Flags:
Tracking Status
firefox9 --- fixed

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Details

(Keywords: verified-aurora, verified-beta, Whiteboard: [qa!])

Attachments

(1 file)

proposed fix
1.07 KB, patch
justin.lebar+bug
: review+
asa
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
When I open about:memory?verbose in my build right now, I get a blank page and an XML well-formedness error in the error console.  The culprit is this:

<span class='mrName hasDesc' title='The sum of all entries below &#39;shell(javascript:&#39;<html></html>&#39;)&#39;.'>shell(javascript:&#39;&lt;html&gt;&lt;/html&gt;&#39;)</span>

'<' is not allowed in attribute values in XML.

The relevant part of aboutMemory.js is this:

852   var text = "-- <span class='mrName hasDesc' title='" +
853              kindToString(aKind) + prepDesc(aDesc) +
854              "'>" + prepName(aName) + "</span>";

where prepName escapes '&', '<', '>', '\'', and '"' while prepDesc only escapes '&' and '\''.  At the very least, prepDesc needs to escape '<'.  But is there any reason at all to not use prepName in both places?  Not posting a patch for now on the off chance that I'm missing something here...
I don't think you're missing something...
Attached patch proposed fixSplinter Review 
I left the separate prepName/prepDesc functions in case we actually want to do more processing on one of them sometime.  Let me know if you'd prefer they just be merged.
Attachment #564110 - Flags: review?(justin.lebar+bug)
Assignee: nobody → bzbarsky
Priority: -- → P2
Whiteboard: [need review]
Comment on attachment 564110 [details] [diff] [review]
proposed fix

r=me, but please remove escapeQuotes() -- it's not used, and it sounds like it's not correct under any circumstances!
Attachment #564110 - Flags: review?(justin.lebar+bug) → review+
Whiteboard: [need review] → [need landing]
https://hg.mozilla.org/integration/mozilla-inbound/rev/092140ecc44c

Justin, do you think we want this on aurora/beta?
Flags: in-testsuite?
Whiteboard: [need landing]
Target Milestone: --- → mozilla10
I don't think it's critical to take on aurora/beta, but it would be nice, since if someone has a memory problem and hits this case, we can't get any data out of them.
Comment on attachment 564110 [details] [diff] [review]
proposed fix

Requesting aurora approval.  This should be pretty safe, and we need all the memory info we can get.

I'm not going to try to get this into beta.  Too much risk/reward ratio at that point, I think, if the risk is anything but 0.
Attachment #564110 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/092140ecc44c
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Attachment #564110 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Whiteboard: [qa+]
Setting resolution to Verified Fixed on:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20100101 Firefox/9.0 beta 3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0a1) Gecko/20111127 Firefox/11.0a1

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:9.0) Gecko/20100101 Firefox/9.0 beta 3
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:10.0a2) Gecko/20111127 Firefox/10.0a2
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:11.0a1) Gecko/20111128 Firefox/11.0a1

The about:memory?verbose page is displayed properly.
Status: RESOLVED → VERIFIED
Keywords: verified-aurora, verified-beta
Whiteboard: [qa+] → [qa!]
You need to log in before you can comment on or make changes to this bug.