Closed Bug 32389 Opened 25 years ago Closed 25 years ago

Browser crashes upon encountering a recursive IFRAME inclusion.

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect, P3)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Type:
defect

Tracking

()

Status:
VERIFIED DUPLICATE of bug 8065

People

(Reporter: sacolcor, Assigned: pollmann)

Details

(Keywords: crash)

Attachments

(1 file)

A iframe src that points to itself.
(deleted), text/html
Details
View a page containing an IFRAME pointing to itself. Watch browser go boom. We need to guard both against direct and indirect (A includes B includes A) IFRAME recursion. IE just displays blank space when it detects this condition.
Confirming. When testing it crashed in nsWindow::Create but the real problem is that a recursive IFRAME is allowed.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
Petersen: Please provide a testcase. And, please confirm whether a fish has a soul.
Off to petersen for a testcase.
Assignee: rickg → petersen
So .. I had this reported in a XUL context (bug #33722), but the XUL <html:iframe> is just a normal html iframe anyways, so I'm going to make the other bug for the XUL usage depend on this one. Here's a couple of test cases: WARNING: the second test case completely horked win98 (even after mozilla was terminated, MB of memory was left allocated in the OS and I could no longer launch any new apps -- had to do a hard reset of the system). TEST 1 : A->A->A ... c:\temp\file.html <html><body> <p>hello</p> <iframe src="file://C|/temp/file.xul" style='border: 1px solid red;'></iframe> <p>goodbye</p> </body></html> TEST 2 : A->B->A ... c:\temp\file1.html <html><body> <p>hello</p> <iframe src="file://C|/temp/file2.html" style='border: 1px solid red;'></iframe> <p>goodbye</p> </body></html> c:\temp\file2.html <html><body> <p>hello</p> <iframe src="file://C|/temp/file1.html" style='border: 1px solid blue;'></iframe> <p>goodbye</p> </body></html> By the way, this can also be done for <frameset>/<frame>. See: news://news.mozilla.org/37656AF6.38502494%40netscape.com news://news.mozilla.org/37657250.2E6876B1%40qlink.queensu.ca (The URL discussed there is no longer functioning correctly, but the idea behind would be pretty easy to duplicate). If there isn't a bug for this now, then this should either be filed or dealt with as part of this bug. Oh, and I believe a fish has a soul, but I can't prove it.
Blocks: 33722
Attached file A iframe src that points to itself. (deleted) —
Reassigning back to rickg.
Assignee: petersen → rickg
Eric: I think you're mr frames, right? So this testcase doesn't blow up, and the content model looks reasonable. Can you confirm this?
Assignee: rickg → pollmann
This is already reported as bug 8065. Thanks! (FWIW, I don't believe that a fish has a soul. But I can't prove it either.) *** This bug has been marked as a duplicate of 8065 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Component: HTML Element → HTMLFrames
OS: Windows NT → All
Hardware: PC → All
Resolution: --- → DUPLICATE
Marking verified dup of 8065.
Status: RESOLVED → VERIFIED
No longer blocks: 33722
Product: Core → Core Graveyard
Component: Layout: HTML Frames → Layout: Images
Product: Core Graveyard → Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: