Closed
Bug 300301
Opened 20 years ago
Closed 20 years ago
crash when using nsICookiePermission to set cookie access [@nsPermissionManager::Write]
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: pasi.liimatainen, Assigned: mvl)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.28 KB,
patch
|
dwitte
:
review+
darin.moz
:
superreview+
mconnor
:
approval1.8b4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050710 Firefox/1.0+
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050710 Firefox/1.0+
Using nsICookiePermission to allow cookies from an URI, set back to default and
reallowing crashes Firefox (both 1.0.4 and Deer Park Alpha 2). Happens both when
executed from XUL or Javascript console.
Reproducible: Always
Steps to Reproduce:
Execute the following:
var uri =
Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
uri.spec = "http://fail.ing.com/";
var cookiePermissionService =
Components.classes["@mozilla.org/cookie/permission;1"].getService(Components.interfaces.nsICookiePermission);
cookiePermissionService.setAccess(uri,
Components.interfaces.nsICookiePermission.ACCESS_ALLOW);
cookiePermissionService.setAccess(uri,
Components.interfaces.nsICookiePermission.ACCESS_DEFAULT);
cookiePermissionService.setAccess(uri,
Components.interfaces.nsICookiePermission.ACCESS_ALLOW);
Actual Results:
1) Crash when executing the ACCESS_ALLOW after ACCESS_DEFAULT.
2) hostperm.1 contains the expected line "host cookie 1 fail.ing.com"
3) sometimes (depending on the timing of the crash) hostperm.1 also contains
lines such as "host image 192 €aÔ¸Ù¥xq|", "host install 139
€aÔ¸Ù¥xq|", and "host cookie 212 €aÔ¸Ù¥xq|". Always the three (image,
install and cookie), but the numbers and the "domain" differ from crash to another.
Expected Results:
Would expect cookies from "fail.ing.com" to be allowed, defaulted and reallowed
without crashing.
The first ACCESS_ALLOW always works as expected, the domain is added to hostperm.1.
The ACCESS_DEFAULT's effect on hostperm.1 is as expected, the domain is removed
from the file.
The second ACCESS_ALLOW crashes Firefox (90% of cases).
|
||
Comment 1•20 years ago
|
||
Can you provide a stack trace or a talkback ID?
|
Reporter | |
Comment 2•20 years ago
|
||
Talkback ID TB7367168X
|
|
||
Updated•20 years ago
|
Severity: normal → critical
Keywords: crash
Summary: crash when using nsICookiePermission to set cookie access → crash when using nsICookiePermission to set cookie access [@nsPermissionManager::Write]
|
|
||
Updated•20 years ago
|
Version: unspecified → Trunk
|
|
||
Comment 3•20 years ago
|
||
Stack Signature nsPermissionManager::Write c63a2977
Product ID FirefoxTrunk
Build ID 2005071006
Trigger Time 2005-07-10 15:47:50.0
Platform Win32
Operating System Windows NT 5.1 build 2600
Module firefox.exe + (0041dd10)
URL visited Javascript console
User Comments Executed the following: var uri =
Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
uri.spec = "http://fail.ing.com/"; var cookiePermissionService =
Since Last Crash 47 sec
Total Uptime 139 sec
Trigger Reason Access violation
Source File, Line No.
c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp,
line 912
Stack Trace
nsPermissionManager::Write
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp,
line 912]
nsPermissionManager::DoLazyWrite
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp,
line 826]
nsAppStartup::Run
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp,
line 146]
main
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
|
|
Assignee | |
Comment 4•20 years ago
|
||
(In reply to comment #0)
> var uri =
>
Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI);
> uri.spec = "http://fail.ing.com/";
This is the wrong way to create an uri. You should use nsIIOService. Does it
still crash if you use that?
|
|
Reporter | |
Comment 5•20 years ago
|
||
Yes, it still crashes even if the URI is created via nsIIOService:
var ioService =
Components.classes["@mozilla.org/network/io-service;1"].getService(Components.interfaces.nsIIOService);
var uri = ioService.newURI("http://fail.ing.com/", null, null);
var cookiePermission =
Components.classes["@mozilla.org/cookie/permission;1"].getService();
cookiePermission.QueryInterface(Components.interfaces.nsICookiePermission);
cookiePermission.setAccess(uri,
Components.interfaces.nsICookiePermission.ACCESS_ALLOW);
cookiePermission.setAccess(uri,
Components.interfaces.nsICookiePermission.ACCESS_DEFAULT);
cookiePermission.setAccess(uri,
Components.interfaces.nsICookiePermission.ACCESS_ALLOW);
The above does crash, but there's the difference that it only generates a single
ill formed line in hostperm.1 (like "host cookie 78 ˜íø½ñNÏ5`žÏ5`hcÝ").
Talkback ID TB7387807W.
|
|
||
Comment 6•20 years ago
|
||
Same stack trace: [@nsPermissionManager:Write]
Stack Signature nsPermissionManager::Write c63a2977
Product ID FirefoxTrunk
Build ID 2005071006
Trigger Time 2005-07-11 09:38:10.0
Platform Win32
Operating System Windows NT 5.1 build 2600
Module firefox.exe + (0041dd10)
URL visited Javascript console
User Comments Executed the following: var ioService =
Components.classes["@mozilla.org/network/io-service;1"].getService(Components.interfaces.nsIIOService);var
uri = ioService.newURI("http://fail.ing.com/", null, null);var cookiePermission =
Since Last Crash 46 sec
Total Uptime 3268 sec
Trigger Reason Access violation
Source File, Line No.
c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp,
line 912
Stack Trace
nsPermissionManager::Write
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp,
line 912]
nsPermissionManager::DoLazyWrite
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp,
line 826]
nsAppStartup::Run
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp,
line 146]
main
[c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
|
|
Assignee | |
Updated•20 years ago
|
Assignee: nobody → darin
Status: UNCONFIRMED → NEW
Component: General → Networking: Cookies
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → networking.cookies
|
|
Assignee | |
Comment 7•20 years ago
|
||
This patch should fix things. It adds a check after setting a permission to see
if maybe all the permissions for the given host are empty, so that the entry
can be removed.
Assignee: darin → mvl
Status: NEW → ASSIGNED
Attachment #189157 -
Flags: superreview?(darin)
Attachment #189157 -
Flags: review?(dwitte)
|
|
||
Updated•20 years ago
|
Attachment #189157 -
Flags: review?(dwitte) → review+
|
|
||
Updated•20 years ago
|
Attachment #189157 -
Flags: superreview?(darin) → superreview+
|
|
||
Updated•20 years ago
|
Flags: blocking1.8b4+
|
|
||
Updated•20 years ago
|
Attachment #189157 -
Flags: approval1.8b4+
|
|
Assignee | |
Comment 8•20 years ago
|
||
patch checked in
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
||
Updated•14 years ago
|
Crash Signature: [@nsPermissionManager::Write]
You need to log in
before you can comment on or make changes to this bug.
Description
•