Closed
Bug 1747
Opened 26 years ago
Closed
Purify Reported ABR
Categories
(Core :: DOM: HTML Parser, defect, P1)
Tracking
()
VERIFIED
FIXED
People
(Reporter: troy, Assigned: rickg)
References
()
Details
Here's the Purify output. I would guess that mElements.mCount is '0' and that's
why the 4 bytes before the beginning of the block:
[E] ABR: Array bounds read in CNavDTD::HandleDefaultStartToken(CToken
*,nsHTMLTag,nsIParserNode&) {1 occurrence}
Reading 4 bytes from 0x0441713c (4 bytes at 0x0441713c illegal)
Address 0x0441713c is 4 bytes before the beginning of a 120 byte block at
0x04417140
Address 0x0441713c points to a C++ new block in heap 0x03cf0000
Thread ID: 0x46
Error location
CNavDTD::HandleDefaultStartToken(CToken *,nsHTMLTag,nsIParserNode&)
[CNavDTD.cpp:841]
}
if(IsContainer(aChildTag)){
=>
if(PR_TRUE==mBodyContext->mElements.mBits[mBodyContext->mElements.mCount-1]) {
CloseTransientStyles(aChildTag);
}
result=OpenContainer(aNode,PR_TRUE);
CNavDTD::HandleStartToken(CToken *) [CNavDTD.cpp:931]
NavDispatchTokenHandler(CToken *,nsIDTD *) [CNavDTD.cpp:445]
CTokenHandler::()(CToken *,nsIDTD *) [nsTokenHandler.cpp:80]
CNavDTD::HandleToken(CToken *,nsIParser *) [CNavDTD.cpp:696]
nsParser::BuildModel(void) [nsParser.cpp:724]
nsParser::ResumeParse(void) [nsParser.cpp:688]
nsParser::OnDataAvailable(nsIURL *,nsIInputStream *,int)
[nsParser.cpp:929]
nsDocumentBindInfo::OnDataAvailable(nsIURL *,nsIInputStream *,int)
[nsDocLoader.cpp:1553]
OnDataAvailableProxyEvent::HandleEvent(void) [nsNetThread.cpp:606]
Allocation location
new(UINT) [new.cpp:23]
nsTagStack::nsTagStack(int) [nsDTDUtils.cpp:39]
nsDTDContext::nsDTDContext(int) [nsDTDUtils.cpp:144]
CNavDTD::CNavDTD(void) [CNavDTD.cpp:515]
NS_NewNavHTMLDTD(nsIDTD * *) [CNavDTD.cpp:411]
CNavDTD::CreateNewInstance(nsIDTD * *) [CNavDTD.cpp:543]
FindSuitableDTD(CParserContext&,nsString&) [nsParser.cpp:394]
nsParser::WillBuildModel(nsString&,nsIDTD *) [nsParser.cpp:497]
nsParser::OnDataAvailable(nsIURL *,nsIInputStream *,int)
[nsParser.cpp:923]
nsDocumentBindInfo::OnDataAvailable(nsIURL *,nsIInputStream *,int)
[nsDocLoader.cpp:1553]
All fixed with latest update to parser. You'll see the checkin on MOnday or so.
Comment 3•26 years ago
|
||
troy - could you verify this fix?
Comment 5•26 years ago
|
||
Troy provide a test case for verification
Updated•26 years ago
|
QA Contact: 4141
Updated•26 years ago
|
Status: RESOLVED → VERIFIED
QA Contact: 4141 → 3849
Comment 6•26 years ago
|
||
marking verified based on discussion with engineer
You need to log in
before you can comment on or make changes to this bug.
Description
•