Bug Tracker

Ticket #3905 (closed bug: duplicate)

Opened 6 years ago

Last modified 2 years ago

Infinite loop with selector expression "*:not(.ELEM-CLASS) .SUBELEM-CLASS1"

Reported by: jlongster Owned by: john
Priority: major Milestone: 1.3.1
Component: selector Version: 1.3
Keywords: Cc:
Blocking: Blocked by:

Description

I recently upgraded from jQuery 1.2.6 to jQuery 1.3 and one of my plugins broke the site. Looking into it further, it turns out to be an issue with a selector expression it used, meaning the bug lies within jQuery (or Sizzle).

The bug causes an infinite loop when executing a specific selector expression. Here's how to reproduce it.

Take the following HTML:

<div class="ELEM-CLASS">

<div class="SUBELEM-CLASS1">CLASS1</div>

</div>

And execute this javascript:

jQuery('*:not(.ELEM-CLASS) .SUBELEM-CLASS1');

And an infinite loop should occur. I've debugged this quite a bit, but I have no experience with jQuery's internals, especially Sizzle, so I got a bit lost. Here's what I found so far though.

The infinite loop occurs in selector.js on line 376 with the following statement (arrow points to the line):

TAG: function(match, curLoop){

for ( var i = 0; !curLoop[i]; i++ ){} <----- return isXML(curLoop[i]) ? match[1] : match[1].toUpperCase();

},

If you remove the nested div with the class SUBELEM-CLASS1, it runs fine. This works in 1.2.6, but obviously the whole selector engine has been rewritten in 1.3. I wish I could give better debugging info, but I could only go so far in the selector source without spending an inordinate amount of time.

Change History

comment:1 Changed 6 years ago by john

  • Status changed from new to closed
  • Resolution set to duplicate

This is a duplicate of #3837.

Note: See TracTickets for help on using tickets.