Closed Bug 1747 Opened 26 years ago Closed

Purify Reported ABR

Categories

(Core :: DOM: HTML Parser, defect, P1)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: troy, Assigned: rickg)

References

()

Details

Here's the Purify output. I would guess that mElements.mCount is '0' and that's why the 4 bytes before the beginning of the block: [E] ABR: Array bounds read in CNavDTD::HandleDefaultStartToken(CToken *,nsHTMLTag,nsIParserNode&) {1 occurrence} Reading 4 bytes from 0x0441713c (4 bytes at 0x0441713c illegal) Address 0x0441713c is 4 bytes before the beginning of a 120 byte block at 0x04417140 Address 0x0441713c points to a C++ new block in heap 0x03cf0000 Thread ID: 0x46 Error location CNavDTD::HandleDefaultStartToken(CToken *,nsHTMLTag,nsIParserNode&) [CNavDTD.cpp:841] } if(IsContainer(aChildTag)){ => if(PR_TRUE==mBodyContext->mElements.mBits[mBodyContext->mElements.mCount-1]) { CloseTransientStyles(aChildTag); } result=OpenContainer(aNode,PR_TRUE); CNavDTD::HandleStartToken(CToken *) [CNavDTD.cpp:931] NavDispatchTokenHandler(CToken *,nsIDTD *) [CNavDTD.cpp:445] CTokenHandler::()(CToken *,nsIDTD *) [nsTokenHandler.cpp:80] CNavDTD::HandleToken(CToken *,nsIParser *) [CNavDTD.cpp:696] nsParser::BuildModel(void) [nsParser.cpp:724] nsParser::ResumeParse(void) [nsParser.cpp:688] nsParser::OnDataAvailable(nsIURL *,nsIInputStream *,int) [nsParser.cpp:929] nsDocumentBindInfo::OnDataAvailable(nsIURL *,nsIInputStream *,int) [nsDocLoader.cpp:1553] OnDataAvailableProxyEvent::HandleEvent(void) [nsNetThread.cpp:606] Allocation location new(UINT) [new.cpp:23] nsTagStack::nsTagStack(int) [nsDTDUtils.cpp:39] nsDTDContext::nsDTDContext(int) [nsDTDUtils.cpp:144] CNavDTD::CNavDTD(void) [CNavDTD.cpp:515] NS_NewNavHTMLDTD(nsIDTD * *) [CNavDTD.cpp:411] CNavDTD::CreateNewInstance(nsIDTD * *) [CNavDTD.cpp:543] FindSuitableDTD(CParserContext&,nsString&) [nsParser.cpp:394] nsParser::WillBuildModel(nsString&,nsIDTD *) [nsParser.cpp:497] nsParser::OnDataAvailable(nsIURL *,nsIInputStream *,int) [nsParser.cpp:923] nsDocumentBindInfo::OnDataAvailable(nsIURL *,nsIInputStream *,int) [nsDocLoader.cpp:1553]
Status: NEW → ASSIGNED
All fixed with latest update to parser. You'll see the checkin on MOnday or so.
Cool
troy - could you verify this fix?
No, I cannot verify this. This is ludicrous...
Troy provide a test case for verification
QA Contact: 4141
Status: RESOLVED → VERIFIED
QA Contact: 4141 → 3849
marking verified based on discussion with engineer
You need to log in before you can comment on or make changes to this bug.