Closed Bug 236436 Opened 21 years ago Closed 21 years ago

Browser crashes during XMLHttpRequest with null URL

Categories

(Core :: XML, defect)

Product:
Core
Component:
XML
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.7beta

People

(Reporter: bugzilla, Assigned: hjtoi-bugzilla)

Details

(Keywords: crash, testcase, Whiteboard: TB30990334H)

Attachments

(2 files)

Testcase
489 bytes, text/html
Details
fix
982 bytes, patch
jst
: review+
jst
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.6) Gecko/20040113 Create new XMLHttpRequest and call open() with null URL: xmlreq = new XMLHttpRequest(); xmlreq.open("GET", null); // <- Mozilla crashes!!! Probably the URL parameter is not properly checked in nsXMLHttpRequest::Open() http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp#719 xref: bug #230310 Reproducible: Always Steps to Reproduce:
Attached file Testcase
Confirming using actual nightbuild and 1.7a on W2K and last month's nightbuild on Linux - all is crashing.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, testcase
OS: Windows 2000 → All
Whiteboard: TB30990334H
And to be more precisely, it crashes right here: http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp#749 748 nsCOMPtr<nsIURI> targetURI; 749 rv = NS_NewURI(getter_AddRefs(targetURI), url, mBaseURI); 750 if (NS_FAILED(rv)) return NS_ERROR_FAILURE; with callstack: NTDLL! 77fa144b() nsDebugImpl::Assertion(nsDebugImpl * const 0x00266d08, const char * 0x100f6a60 `string', const char * 0x100f6974 `string', const char * 0x100f697c `string', int 133) line 276 nsDebug::Assertion(const char * 0x100f6a60 `string', const char * 0x100f6974 `string', const char * 0x100f697c `string', int 133) line 109 nsDependentCString::Rebind(const char * 0x00000000) line 133 + 31 bytes nsDependentCString::nsDependentCString(const char * 0x00000000) line 179 + 47 bytes NS_NewURI(nsIURI * * 0x0012da88, const char * 0x00000000, nsIURI * 0x034c5760, nsIIOService * 0x00000000) line 136 + 23 bytes nsXMLHttpRequest::Open(nsXMLHttpRequest * const 0x03444028, const char * 0x0337d2a0, const char * 0x00000000) line 756 + 47 bytes ... ... ...
Missing a null pointer check I think, have a fix. Have not yet compiled to make sure.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.7beta
Comment on attachment 143093 [details] [diff] [review] fix Confirmed that it indeed fixes the crash, so just a trivial null pointer check.
Attachment #143093 - Flags: superreview?(jst)
Attachment #143093 - Flags: review?(jst)
Comment on attachment 143093 [details] [diff] [review] fix r+sr=jst
Attachment #143093 - Flags: superreview?(jst)
Attachment #143093 - Flags: superreview+
Attachment #143093 - Flags: review?(jst)
Attachment #143093 - Flags: review+
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: