Closed
Bug 243854
Opened 20 years ago
Closed 20 years ago
MIME hang while sanitizing a message
Categories
(MailNews Core :: MIME, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: emaijala+moz, Assigned: emaijala+moz)
Details
(Keywords: fixed1.7, hang, Whiteboard: fixed-aviary1.0)
Attachments
(3 files, 1 obsolete file)
4.60 KB,
text/plain
|
Details | |
1.40 KB,
patch
|
Bienvenu
:
review+
Bienvenu
:
superreview+
asa
:
approval1.7+
|
Details | Diff | Splinter Review |
4.20 KB,
patch
|
Details | Diff | Splinter Review |
I received a message that caused Mozilla to hang completely. Test mbox and patch coming up.
Assignee | ||
Updated•20 years ago
|
Assignee: sspitzer → ere
Assignee | ||
Comment 1•20 years ago
|
||
This is a mailbox file containing the offending message. Hangs at least if viewed in Simple HTML.
Assignee | ||
Comment 2•20 years ago
|
||
This patch makes sure the string given to MimeInlineTextPlainFlowed_parse_line is null-terminated. It also prevents an assertion when ScanTXT was called with an empty line.
Assignee | ||
Updated•20 years ago
|
Attachment #148691 -
Flags: superreview?(bienvenu)
Attachment #148691 -
Flags: review?(bienvenu)
Comment 4•20 years ago
|
||
thx for looking at this? are you sure this won't write past the end of our memory block? + (*bufferP)[*buffer_fpP] = '\0'; re the second part, I think it would be better to wrap the whole if (length - (linep - line)) check were moved up to surround that whole block of code, like this: if (length - (linep - line) > 0) { nsDependentCString inputStr(linep, length - (linep - line)); // For 'SaveAs', |line| is in |mailCharset|. // convert |line| to UTF-16 before 'html'izing (calling ScanTXT()) .... rv = conv->ScanTXT(lineSource.get(), whattodo, getter_Copies(lineResult)); NS_ENSURE_SUCCESS(rv, -1); } Does that work?
Comment 5•20 years ago
|
||
it looks like we've allocated an extra byte, so the null assignment shouldn't crunch anything...
Assignee | ||
Comment 6•20 years ago
|
||
Yes, it should be safe to write the null there. The length check could be moved even higher, to the beginning of that block.
Attachment #148691 -
Attachment is obsolete: true
Assignee | ||
Comment 7•20 years ago
|
||
Assignee | ||
Updated•20 years ago
|
Attachment #148691 -
Flags: superreview?(bienvenu)
Attachment #148691 -
Flags: review?(bienvenu)
Assignee | ||
Updated•20 years ago
|
Attachment #148696 -
Flags: superreview?(bienvenu)
Updated•20 years ago
|
Attachment #148696 -
Flags: superreview?(bienvenu) → superreview+
Assignee | ||
Comment 8•20 years ago
|
||
Comment on attachment 148696 [details] [diff] [review] Patch v2 (without whitespace changes) Sorry, can I get an r= too, please? Requesting also approval for this small but significant fix.
Attachment #148696 -
Flags: review?(bienvenu)
Attachment #148696 -
Flags: approval1.7?
Comment 9•20 years ago
|
||
Comment on attachment 148696 [details] [diff] [review] Patch v2 (without whitespace changes) r=bienvenu - I've cc'd ducarroz, in case he has some thoughts on this.
Attachment #148696 -
Flags: review?(bienvenu) → review+
Assignee | ||
Comment 10•20 years ago
|
||
Thanks. For the record: the terminating null is needed because MimeInlineTextPlainFlowed_parse_line uses nsDependentCString. Otherwise length checks in two other places would have been enough.
Status: NEW → ASSIGNED
Assignee | ||
Comment 11•20 years ago
|
||
Trunk fixed.
Comment 12•20 years ago
|
||
Comment on attachment 148696 [details] [diff] [review] Patch v2 (without whitespace changes) a=asa (on behalf of drivers) for checkin to 1.7
Attachment #148696 -
Flags: approval1.7? → approval1.7+
Assignee | ||
Comment 13•20 years ago
|
||
Fixed in branch too. Thanks to Neil for the checkin.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Flags: blocking1.7?
Resolution: --- → FIXED
Updated•20 years ago
|
Whiteboard: fixed-aviary1.0
Updated•20 years ago
|
Product: MailNews → Core
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•