jcivelli@: Could this be related to any of the libxml changes you've made in the vaguely recent past? Maybe something like https://chromium.googlesource.com/chromium/src/+/c0e3a8e5486d92bab1dbe36563eea6515ffe9d61?

CCing joelhockey@ and vtsyrklevich@ as well for various rolls in the ~65 timeframe.

I wasn't able to get this test case smaller. I'm able to repro 100% on Chrome 65 through 67 (Canary), and cannot repro under Chrome 64.

Deleted: xhtml-byte-test.xhtml 96.0 KB

xhtml-byte-test.xhtml 96.0 KB View Download

Thanks for the test case, I'll bisect to find when this happened.

Also affecting https://us.diablo3.com/en/ with about 1/10 reproducibility for me.

This is a simpler test case. Removing the multi-byte char resolves the issue, or pushing the comment node larger or smaller than near the 64k threshold avoids parsing errors. Perhaps a bug related to incorrect use of character length instead of byte length?

Deleted: xhtml-byte-test2.xhtml 64.0 KB

xhtml-byte-test2.xhtml 64.0 KB View Download

This was introduced by the recent roll of libxml:
https://chromium-review.googlesource.com/c/chromium/src/+/897220

I'll look if I can somehow repro in libxml.

joelhockey@ if I revert 
https://git.gnome.org/browse/libxml2/commit/?id=6e6ae5daa6cd9640c9a83c1070896273e9b30d14
locally, content shell will not complain anymore (using repro test case from #2)
Reassigning to you since you wrote that patch.

The roughly 32K of content gets encoded into double-byte encoding (a bit over 64K) inside chrome.
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/dom/DecodedDataDocumentParser.cpp?l=67&rcl=10288c4e4928303e40e44565286717725d5748a2

Then in libxml, if a multi-byte char has forced you to use icu, there is some code that limits each chunk to 64K.
https://cs.chromium.org/chromium/src/third_party/libxml/src/encoding.c?l=2222&rcl=32423c4c8bd5ae91c942a170abee4047b601b30b

In libxml one possible fix is to revert the flush at:
https://cs.chromium.org/chromium/src/third_party/libxml/src/xmlIO.c?l=3160&rcl=32423c4c8bd5ae91c942a170abee4047b601b30b

Another possible fix is to remove the code that limits reading to 64K.
https://cs.chromium.org/chromium/src/third_party/libxml/src/encoding.c?l=2222&rcl=32423c4c8bd5ae91c942a170abee4047b601b30b

Or, it looks like the code in chromium where you would flush is somewhere around:
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/loader/DocumentLoader.cpp?l=734&rcl=10288c4e4928303e40e44565286717725d5748a2
After calling AppendData, you could call Flush.

The CL I have done at crosreview.com/956789 adds a call to libxml flush.

But this is causing some other tests to fail such as LayoutTests/svg/hixie/perf/001.xml which shows error: error on line 146 at column 890: AttValue: ' expected

I might try and find someone who is familiar with the XMLDocumentParser code.

This sounds a lot like  issue 812148  which I debugged a bit a while ago. I think a minimal fix to try would be:

diff --git a/third_party/libxml/src/parser.c b/third_party/libxml/src/parser.c
index 072b1293ea50..57fc297c00de 100644
--- a/third_party/libxml/src/parser.c
+++ b/third_party/libxml/src/parser.c
@@ -11196,6 +11196,7 @@ xmlParseTryOrFinish(xmlParserCtxtPtr ctxt, int terminate) {
                xmlParserInputBufferPush(ctxt->input->buf, 0, "");
                 xmlBufSetInputBaseCur(ctxt->input->buf->buffer, ctxt->input,
                                       base, current);
+                xmlParseGetLasts(ctxt, &lastlt, &lastgt);
            }
            avail = xmlBufUse(ctxt->input->buf->buffer) -
                    (ctxt->input->cur - ctxt->input->base);

(I've been doing a slightly less pessimistic fix, but haven't gotten around to write a test for it yet since it's a bit of a hassle.)

Thanks Fredrik, but that change doesn't seem to have helped.

Sorry all, but I'm not able to put any more time into looking at this since my team has been moved off chromium.  I expect that the quickest solution is to revert the change in #c8.  This will possibly make fuzzer unhappy again (see  crbug.com/796804 ), so it is hard to know what the best action is.

I would strongly advocate for reverting https://git.gnome.org/browse/libxml2/commit/?id=6e6ae5daa6cd9640c9a83c1070896273e9b30d14

Who has experience doing that, and merging it back?

This is causing us lots of bugs: https://bugs.chromium.org/p/chromium/issues/detail?id=820561,
https://bugs.chromium.org/p/chromium/issues/detail?id=812148,
https://bugs.chromium.org/p/chromium/issues/detail?id=821333

Adding all the appropriate labels for something of this seriousness.

schenney@ please can you revert that change so we can test that all related issues are fixed in canary?

I'm not going to try to revert an XML lib change on trunk because I am likely to screw it up. Someone on the XML team needs to do it, or at least someone familiar with updating third party libs.

 Issue 812148  has been merged into this issue.

 Issue 820561  has been merged into this issue.

 Issue 822673  has been merged into this issue.

I have no experience with updating libxml either.
I think that the patch needs to be reverted in libxml if it's not right. That means:
- getting a repro test case with xmllint
- submit a patch addressing the issue to libxml
- once the patch has landed uprev libxml to that version

Maybe someone from the blink team could take a look?

OK, I'll jump in then.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4be2115e0abf80619cbf702d0619520d0c4c868d

commit 4be2115e0abf80619cbf702d0619520d0c4c868d
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 18:30:55 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Commit-Position: refs/heads/master@{#543766}
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/README.chromium
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/configure.ac
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/parser.c
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/431c6dbf0a42d0c31c7dccd6553c6c496f1042a0/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/4be2115e0abf80619cbf702d0619520d0c4c868d/third_party/libxml/src/xmlIO.c

Do we want to let this bake in Canary, or just merge now?

Given the problems did not turn up any Canary or Dev channel bug reports I don't think we'll get much data from a Canary period.

Offline discussion w/ dcheng@ and myself argues for a merge to M-66 and M-65. 

This bug requires manual review: Reverts referenced in bugdroid comments after merge request.
Please contact the milestone owner if you have questions.
Owners: cmasso@(Android), cmasso@(iOS), josafat@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Approving merge to M65 branch 3325 & M66 branch 3359 per comments #24, #26 and per offline group chat.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0f92ca1175c89aec344326778c755ba57ef4d314

commit 0f92ca1175c89aec344326778c755ba57ef4d314
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 18:50:19 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

M-65 stable merge.

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#543766}(cherry picked from commit 4be2115e0abf80619cbf702d0619520d0c4c868d)
Reviewed-on: https://chromium-review.googlesource.com/967021
Cr-Commit-Position: refs/branch-heads/3325@{#714}
Cr-Branched-From: bc084a8b5afa3744a74927344e304c02ae54189f-refs/heads/master@{#530369}
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/README.chromium
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/configure.ac
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/parser.c
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/483290671a61fdd75600a7b7f5e4a940ba814e9b/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/0f92ca1175c89aec344326778c755ba57ef4d314/third_party/libxml/src/xmlIO.c

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/54a1c705833b375b124b014159dcadda02a80e9b

commit 54a1c705833b375b124b014159dcadda02a80e9b
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 19:00:42 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

M-66 merge.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#543766}(cherry picked from commit 4be2115e0abf80619cbf702d0619520d0c4c868d)
Reviewed-on: https://chromium-review.googlesource.com/966962
Cr-Commit-Position: refs/branch-heads/3359@{#288}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/README.chromium
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/configure.ac
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/parser.c
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/11b924f8c4a7c84bfb46e8df78e7ef8d330dc907/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/54a1c705833b375b124b014159dcadda02a80e9b/third_party/libxml/src/xmlIO.c

Reverting the entire libxml roll means reverting other important changes on top of the problematic one.
Is the plan to address the specific problematic patch next?

 Issue 821536  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/d8901956103e21b8c3461b779e99cd5d7f50f3ad

commit d8901956103e21b8c3461b779e99cd5d7f50f3ad
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 16 19:19:12 2018

Revert "Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c"

This reverts commit c0a946a4dec56ce5906a78f6e0b0c1f9e12c70b6.

Canary build branch merge.

Reason for revert: Breaks content all over the web.

Bug:  820163 ,  822673 ,  820561 ,  812148 ,  821333 

Original change's description:
> Roll libxml to 707ad080e61014ab4a6d60dc12875e233c1f673c
>
> This fixes a number of bugs found on clusterfuzz.
>
> Change-Id: Id2fa1d96e55be1e0483c135c20c20b90a068f4c3
> Bug:  790944 
> Bug:  793715 
> Bug:  796804 
> Bug:  799707 
> Reviewed-on: https://chromium-review.googlesource.com/897220
> Commit-Queue: Joel Hockey <joelhockey@chromium.org>
> Reviewed-by: Scott Graham <scottmg@chromium.org>
> Cr-Commit-Position: refs/heads/master@{#533953}

TBR=dcheng@chromium.org,scottmg@chromium.org,joelhockey@chromium.org

# Not skipping CQ checks because original CL landed > 1 day ago.

Bug:  790944 ,  793715 ,  796804 ,  799707 
Change-Id: Ic6b934d384229b9cf9092d559b865bbe8f278f38
Reviewed-on: https://chromium-review.googlesource.com/966684
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#543766}(cherry picked from commit 4be2115e0abf80619cbf702d0619520d0c4c868d)
Reviewed-on: https://chromium-review.googlesource.com/966690
Cr-Commit-Position: refs/branch-heads/3372@{#1}
Cr-Branched-From: ad7f48548867b059f459e13c53bb8e2e96027381-refs/heads/master@{#543592}
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/README.chromium
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/HTMLparser.c
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/configure.ac
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/parser.c
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/parserInternals.c
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/win32/configure.js
[delete] https://crrev.com/ad7f48548867b059f459e13c53bb8e2e96027381/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/d8901956103e21b8c3461b779e99cd5d7f50f3ad/third_party/libxml/src/xmlIO.c

Yes to comment #31. I'll start looking at re-enabling each sub-patch from the XML roll to see what we can re-land. Probably won't start until Monday, however. My east coast work day is nearing its end.

Thanks schenney@ for looking into this!
If we reland the patches independently in our third-party/libxml, won't we run into problems next time we roll libxml?

Pls verify this fix on canary version 67.0.3372.1+. Thank you.

Can anyone confirm that this bug is caused only by the following commit?

    https://git.gnome.org/browse/libxml2/commit/?id=6e6ae5daa6cd9640c9a83c1070896273e9b30d14

If yes, I can revert the commit in libxml2.

Yes, this is the commit (https://git.gnome.org/browse/libxml2/commit/?id=6e6ae5daa6cd9640c9a83c1070896273e9b30d14) responsible.
If you could revert it in libxml2 that would be great.

Reverted now in libxml2 master: https://git.gnome.org/browse/libxml2/commit/?id=7a1bd7f6497ac33a9023d556f6f47a48f01deac0

Thanks wellnhofer@!
schenney@, should we roll the latest libxml2 instead of reapplying patches manually?

Tested the issue using #65.0.3325.177, #67.0.3374.0 on Win 10, Mac 10.13.3 and Linux Debian Rodete as per the steps mentioned in comment #0. No error message is seen.

Please find the screenshot, Hence adding the Verified labels.

Note: 
1. Error is seen in #65.0.3325.146
2. Error isn't seen in #65.0.3325.177.

Thanks!!

Deleted: Screen Shot 2018-03-19 at 3.57.15 PM.png 75.4 KB

	Screen Shot 2018-03-19 at 3.57.15 PM.png 75.4 KB View Download

Thanks. I'll look into rolling the latest libxml2 later today.

I need to generate a couple of tests first.

 schenney@, could you pls remove "M-65" label from bug if nothing is pending for M65?

Yes, moving to M-66 and I'm in the process of converting on of the bug reports into a test case. Then I can make sure the new xmllib works.

Tested this issue on Windows 10, Mac OS 10.12.6, Ubuntu 14.04 Pro on the reported version 65.0.3325.146 and latest M-65 build 65.0.3325.181.
Able to reproduce this issue on 65.0.3325.146 and the issue is fixed on the latest M-65 build 65.0.3325.181 as per comment #2.

On loading the html file, cannot observe any errors on the page.
Attached is the screen shot for reference.

Hence adding TE verified labels as the fix is working as intended.

Thanks..

Deleted: 820163-M65.PNG 45.8 KB

	820163-M65.PNG 45.8 KB View Download

 Issue 821333  has been merged into this issue.

This patch is now pushing out to stable channel in version 65.0.3325.181 for Desktop (Win,Mac & Linux).

I can confirm the issue is resolved in 65.0.3325.181. Thank you, everyone.

Able to reproduce this issue on 65.0.3325.146 and the issue is fixed on the latest M-66 build 66.0.3359.45 as per comment #2.

On loading the html file, cannot observe any errors on the page.
Attached is the screen shot for reference.

Hence adding TE verified labels as the fix is working as intended.

Thanks..

Deleted: 820163-M66.PNG 46.6 KB

	820163-M66.PNG 46.6 KB View Download

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4819d080e4c615633a070572e806721ed5114b0b

commit 4819d080e4c615633a070572e806721ed5114b0b
Author: Stephen Chenney <schenney@chromium.org>
Date: Wed Mar 21 17:17:55 2018

Add a test for xml parsing of long multi-byte encoded files

Verified that this fails with the broken libxml that caused
crbug/820163 and its friends.

R=dcheng@chromium.org
BUG= 820163 , 823230 

Change-Id: I53d631871d4343aaa67c874a90eacbf4d58dc454
Reviewed-on: https://chromium-review.googlesource.com/969408
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#544748}
[add] https://crrev.com/4819d080e4c615633a070572e806721ed5114b0b/third_party/WebKit/LayoutTests/xmlviewer/long-multi-byte-char-expected.html
[add] https://crrev.com/4819d080e4c615633a070572e806721ed5114b0b/third_party/WebKit/LayoutTests/xmlviewer/long-multi-byte-char.xml
[add] https://crrev.com/4819d080e4c615633a070572e806721ed5114b0b/third_party/WebKit/LayoutTests/xmlviewer/resources/long-multi-byte-char.xslt

Is this now completely fixed in M66?

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380

commit f01ade19f2ee3e7037bb57acb46e3bd6d45a0380
Author: Stephen Chenney <schenney@chromium.org>
Date: Fri Mar 23 15:36:43 2018

Roll libxml to 7a1bd7f6497ac33a9023d556f6f47a48f01deac0

R=dcheng@chromium.org

Bug:  790944 , 820163 , 793715 , 796804 , 799707 , 823345 
Change-Id: I6daa6aedd8ccff792b99c228d85800dbd2dd3ec2
Reviewed-on: https://chromium-review.googlesource.com/973467
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545458}
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/README.chromium
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/chromium/roll.py
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/linux/config.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/linux/include/libxml/xmlversion.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/mac/config.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/mac/include/libxml/xmlversion.h
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/aclocal.m4
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/configure.ac
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/libxml2.syms
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/parser.c
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/testapi.c
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/win32/configure.js
[add] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/src/xpath.c
[modify] https://crrev.com/f01ade19f2ee3e7037bb57acb46e3bd6d45a0380/third_party/libxml/win32/include/libxml/xmlversion.h

The bug is currently fixed on M-66. According to the release information I have, we've rolled out the new beta since the fix in comment #30 so Beta users will see it. We;'ve also rolled out new stable so everyone who updates should have the fix now.

We should merge the most recent trunk libxml roll back to M-66 due to the related security issues. But first it needs to bake on Canary for the weekend and probably Monday and Tuesday.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e0b7754a48adf46c2d9a352085754d46a404ba1c

commit e0b7754a48adf46c2d9a352085754d46a404ba1c
Author: Stephen Chenney <schenney@chromium.org>
Date: Tue Mar 27 18:06:12 2018

Roll libxml to 7a1bd7f6497ac33a9023d556f6f47a48f01deac0

M-66 Cherry-pick

TBR=​dcheng@chromium.org

Bug:  790944 , 820163 , 793715 , 796804 , 799707 , 823345 
Change-Id: I6daa6aedd8ccff792b99c228d85800dbd2dd3ec2
Reviewed-on: https://chromium-review.googlesource.com/973467
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Stephen Chenney <schenney@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#545458}(cherry picked from commit f01ade19f2ee3e7037bb57acb46e3bd6d45a0380)
Reviewed-on: https://chromium-review.googlesource.com/981755
Reviewed-by: Stephen Chenney <schenney@chromium.org>
Cr-Commit-Position: refs/branch-heads/3359@{#464}
Cr-Branched-From: 66afc5e5d10127546cc4b98b9117aff588b5e66b-refs/heads/master@{#540276}
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/README.chromium
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/chromium/chromium-issue-628581.patch
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/chromium/roll.py
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/linux/config.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/linux/include/libxml/xmlversion.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/linux/xml2-config
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/mac/config.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/mac/include/libxml/xmlversion.h
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/aclocal.m4
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/configure.ac
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/libxml2.spec
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/libxml2.syms
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/parser.c
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/testapi.c
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/win32/Makefile.msvc
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/win32/configure.js
[add] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/win32/libxml2.rc
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/src/xpath.c
[modify] https://crrev.com/e0b7754a48adf46c2d9a352085754d46a404ba1c/third_party/libxml/win32/include/libxml/xmlversion.h

Verified on Android Chrome:66.0.3359.67 Device:LG G4 (LG-H815)/MRA58K