Closed
Bug 253597
Opened 20 years ago
Closed 20 years ago
Trunk crash blocking ads/images [@ nsImgManager::TestPermission]
Categories
(Core :: Graphics: Image Blocking, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jay, Assigned: mvl)
References
Details
(4 keywords)
Crash Data
Attachments
(1 file)
|
1.06 KB,
patch
|
dwitte
:
review+
darin.moz
:
superreview+
asa
:
approval-aviary+
roc
:
approval1.7.5+
|
Details | Diff | Splinter Review |
There aren't a lot of these yet, but enough across all platforms to show up on
the topcrash radar for the latest Trunk builds. I also see a few crashes in
Firefox 0.9.x.
Here's some Talkback data:
Rank StackSignature Count
6 nsImgManager::TestPermission 9
Source File :
c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/extensions/cookie/nsImgManager.cpp
line : 302
====================================================================================================
Count Offset Real Signature
[ 4 nsImgManager::TestPermission 63be5c50 - nsImgManager::TestPermission ]
Crash date range: 19-JUL-04 to 28-JUL-04
Min/Max Seconds since last crash: 6 - 89723
Min/Max Runtime: 334 - 89723
Count Platform List
4 Windows XP [Windows NT 5.1 build 2600]
Count Build Id List
2 2004071908
1 2004072307
1 2004072209
No of Unique Users 3
Stack trace(Frame)
nsImgManager::TestPermission
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/extensions/cookie/nsImgManager.cpp
line 302]
nsImgManager::ShouldLoad
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/extensions/cookie/nsImgManager.cpp
line 215]
nsImgManager::ShouldProcess
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/extensions/cookie/nsImgManager.cpp
line 249]
nsContentPolicy::CheckPolicy
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsContentPolicy.cpp
line 188]
nsContentPolicy::ShouldProcess
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/base/src/nsContentPolicy.cpp
line 268]
NS_CheckContentProcessPolicy
[../../../../dist/include/content\nsContentPolicyUtils.h line 182]
ImageListener::OnStartRequest
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/content/html/document/src/nsImageDocument.cpp
line 186]
nsDocumentOpenInfo::OnStartRequest
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/uriloader/base/nsURILoader.cpp
line 330]
nsHttpChannel::CallOnStartRequest
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
line 669]
nsHttpChannel::ProcessNormal
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
line 837]
nsHttpChannel::ProcessResponse
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
line 774]
nsHttpChannel::OnStartRequest
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp
line 3551]
nsInputStreamPump::OnStateStart
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/netwerk/base/src/nsInputStreamPump.cpp
line 383]
nsInputStreamPump::OnInputStreamReady
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/netwerk/base/src/nsInputStreamPump.cpp
line 345]
nsInputStreamReadyEvent::EventHandler
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpcom/io/nsStreamUtils.cpp
line 215]
PL_HandleEvent
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpcom/threads/plevent.c
line 693]
PL_ProcessPendingEvents
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpcom/threads/plevent.c
line 631]
_md_EventReceiverProc
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpcom/threads/plevent.c
line 1434]
USER32.dll + 0x3d79 (0x77d43d79)
USER32.dll + 0x3ddf (0x77d43ddf)
nsAppShellService::Run
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/appshell/src/nsAppShellService.cpp
line 489]
main1
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp
line 1331]
main
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp
line 1801]
WinMain
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/xpfe/bootstrap/nsAppRunner.cpp
line 1827]
WinMainCRTStartup()
kernel32.dll + 0x214c7 (0x77e814c7)
(402328) URL: http://sourceforge.net/projects/feedreader/
(402328) Comments: Attempted to download feedreader .exe when terminated
(366389) URL: www.jibjab.com
====================================================================================================
Count Offset Real Signature
[ 1 nsImgManager::TestPermission() 3c4ed5d1 - nsImgManager::TestPermission() ]
Crash date range: 25-JUL-04 to 25-JUL-04
Min/Max Seconds since last crash: 14412 - 14412
Min/Max Runtime: 14412 - 14412
Count Platform List
1 [Darwin 7.4.0]
Count Build Id List
1 2004072408
No of Unique Users 1
Stack trace(Frame)
nsImgManager::TestPermission()
nsImgManager::TestPermission()
nsImgManager::ShouldProcess()
nsContentPolicy::CheckPolicy(unsigned (nsIContentPolicy::*)()
nsContentPolicy::ShouldProcess()
ImageListener::OnStartRequest()
nsDocumentOpenInfo::OnStartRequest()
nsHttpChannel::CallOnStartRequest()
nsInputStreamPump::OnStateStart()
nsInputStreamPump::OnInputStreamReady()
nsInputStreamReadyEvent::EventHandler()
PL_HandleEvent()
PL_ProcessPendingEvents()
_md_EventReceiverProc()
HIToolbox.145.0.0 + 0x2330 (0x927d2330)
HIToolbox.145.0.0 + 0x25a4 (0x927d25a4)
HIToolbox.145.0.0 + 0x6a0c (0x927d6a0c)
HIToolbox.145.0.0 + 0x130a4 (0x927e30a4)
HIToolbox.145.0.0 + 0x23ec (0x927d23ec)
HIToolbox.145.0.0 + 0x25a4 (0x927d25a4)
HIToolbox.145.0.0 + 0x14a34 (0x927e4a34)
HIToolbox.145.0.0 + 0x1892c (0x927e892c)
HIToolbox.145.0.0 + 0x28b90 (0x927f8b90)
HIToolbox.145.0.0 + 0x9100 (0x927d9100)
HIToolbox.145.0.0 + 0x92b4 (0x927d92b4)
HIToolbox.145.0.0 + 0x1ce68 (0x927ece68)
HIToolbox.145.0.0 + 0x2db80 (0x927fdb80)
nsMacMessagePump::GetEvent()
nsMacMessagePump::DoMessagePump()
nsAppShell::Run()
mozilla-bin + 0xb674 (0x0000b674)
mozilla-bin + 0xbbb8 (0x0000bbb8)
mozilla-bin + 0x8724 (0x00008724)
mozilla-bin + 0x85a4 (0x000085a4)
(408319) URL: http://bootsnall.com
(408319) Comments: opening a gae to register
And a link to other crashes currently in the Talkback db:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=nsImgManager%3A%3ATestPermission
|
||
Comment 1•20 years ago
|
||
http://lxr.mozilla.org/seamonkey/source/extensions/cookie/nsImgManager.cpp#301 probably aFirstURI is null. we should probably require aCurrentURI to be !null on penalty of permission denied, and the same for aFirstURI but only when using the foreign check. mvl, want to patch? :)
|
Assignee | |
Comment 2•20 years ago
|
||
I'd prefer allowing by default. All that can happen is seeing an image you wanted to block. There won't be much harm in that. If block is default, you might not be able a see a image you do want, and be not able to do anything about it.
|
|
Assignee | |
Comment 3•20 years ago
|
||
Patch add a nullcheck for aFirstURI. aCurrentURI is already checked in ShouldLoad. I don't think an additional check is needed, because the method is internal. (I should remove nsIImgManager.idl one day. no need for it)
|
|
Assignee | |
Updated•20 years ago
|
Assignee: security-bugs → mvl
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•20 years ago
|
Attachment #154749 -
Flags: superreview?(darin)
Attachment #154749 -
Flags: review?(dwitte)
|
|
||
Updated•20 years ago
|
Attachment #154749 -
Flags: review?(dwitte) → review+
|
|
||
Updated•20 years ago
|
Whiteboard: needed-aviary1.0
|
||
Comment 4•20 years ago
|
||
Comment on attachment 154749 [details] [diff] [review] nullcheck right, because aRequestOrigin in nsIContentPolicy::shouldLoad may be null.
Attachment #154749 -
Flags: superreview?(darin) → superreview+
|
|
||
Comment 5•20 years ago
|
||
fixed-on-trunk
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
||
Comment 6•20 years ago
|
||
Comment on attachment 154749 [details] [diff] [review] nullcheck easy topcrasher fix for aviary.
Attachment #154749 -
Flags: approval-aviary?
|
||
Comment 7•20 years ago
|
||
Comment on attachment 154749 [details] [diff] [review] nullcheck a=asa for aviary checkin
Attachment #154749 -
Flags: approval-aviary? → approval-aviary+
|
|
||
Updated•20 years ago
|
Keywords: fixed-aviary1.0
Whiteboard: needed-aviary1.0
I think this needs to be checked into 1.7 branch to keep Aviary and 1.7 Gecko in sync. Can you please make it so?
|
|
||
Updated•20 years ago
|
Attachment #154749 -
Flags: approval1.7.3?
Attachment #154749 -
Flags: approval1.7.3? → approval1.7.3+
|
||
Comment 9•20 years ago
|
||
Uh... did anyone bother to check _why_ the requesting URI is null? You just rebroke bug 200433 with this patch, no? The requesting URI there _is_ null, and always will be; see <http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/content/html/document/src/nsImageDocument.cpp&rev=1.125&mark=180#178>. Perhaps the image manager (or some other content policy code, possibly even in nsContentPolicy?) should be smart enough to get a URI off the context in cases when the requesting URI is null? Putting code to do that in every caller seems silly.
|
||
Comment 10•20 years ago
|
||
*** Bug 254038 has been marked as a duplicate of this bug. ***
Whoever landed this on the aviary branch did so with different punctuation than the trunk and the 1.7 branch. This causes pain when synchronizing branches. Please use cvs to apply patches to branches, not hand merging or application of potentially old patches.
|
||
Comment 12•20 years ago
|
||
(In reply to comment #11) > Whoever landed this on the aviary branch did so with different punctuation than > the trunk and the 1.7 branch. This causes pain when synchronizing branches. > Please use cvs to apply patches to branches, not hand merging or application of > potentially old patches. So, was this taken care of, or should it still be open?
|
||
Updated•13 years ago
|
Crash Signature: [@ nsImgManager::TestPermission]
You need to log in
before you can comment on or make changes to this bug.
Description
•