Closed
Bug 300301
Opened 19 years ago
Closed 19 years ago
crash when using nsICookiePermission to set cookie access [@nsPermissionManager::Write]
Categories
(Core :: Networking: Cookies, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: pasi.liimatainen, Assigned: mvl)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
1.28 KB,
patch
|
dwitte
:
review+
darin.moz
:
superreview+
mconnor
:
approval1.8b4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050710 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050710 Firefox/1.0+ Using nsICookiePermission to allow cookies from an URI, set back to default and reallowing crashes Firefox (both 1.0.4 and Deer Park Alpha 2). Happens both when executed from XUL or Javascript console. Reproducible: Always Steps to Reproduce: Execute the following: var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI); uri.spec = "http://fail.ing.com/"; var cookiePermissionService = Components.classes["@mozilla.org/cookie/permission;1"].getService(Components.interfaces.nsICookiePermission); cookiePermissionService.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_ALLOW); cookiePermissionService.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_DEFAULT); cookiePermissionService.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_ALLOW); Actual Results: 1) Crash when executing the ACCESS_ALLOW after ACCESS_DEFAULT. 2) hostperm.1 contains the expected line "host cookie 1 fail.ing.com" 3) sometimes (depending on the timing of the crash) hostperm.1 also contains lines such as "host image 192 €aÔ¸Ù¥xq|", "host install 139 €aÔ¸Ù¥xq|", and "host cookie 212 €aÔ¸Ù¥xq|". Always the three (image, install and cookie), but the numbers and the "domain" differ from crash to another. Expected Results: Would expect cookies from "fail.ing.com" to be allowed, defaulted and reallowed without crashing. The first ACCESS_ALLOW always works as expected, the domain is added to hostperm.1. The ACCESS_DEFAULT's effect on hostperm.1 is as expected, the domain is removed from the file. The second ACCESS_ALLOW crashes Firefox (90% of cases).
Comment 1•19 years ago
|
||
Can you provide a stack trace or a talkback ID?
Reporter | ||
Comment 2•19 years ago
|
||
Talkback ID TB7367168X
Updated•19 years ago
|
Severity: normal → critical
Keywords: crash
Summary: crash when using nsICookiePermission to set cookie access → crash when using nsICookiePermission to set cookie access [@nsPermissionManager::Write]
Updated•19 years ago
|
Version: unspecified → Trunk
Comment 3•19 years ago
|
||
Stack Signature nsPermissionManager::Write c63a2977 Product ID FirefoxTrunk Build ID 2005071006 Trigger Time 2005-07-10 15:47:50.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0041dd10) URL visited Javascript console User Comments Executed the following: var uri = Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI); uri.spec = "http://fail.ing.com/"; var cookiePermissionService = Since Last Crash 47 sec Total Uptime 139 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp, line 912 Stack Trace nsPermissionManager::Write [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp, line 912] nsPermissionManager::DoLazyWrite [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp, line 826] nsAppStartup::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 146] main [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f)
Assignee | ||
Comment 4•19 years ago
|
||
(In reply to comment #0) > var uri = > Components.classes["@mozilla.org/network/standard-url;1"].createInstance(Components.interfaces.nsIURI); > uri.spec = "http://fail.ing.com/"; This is the wrong way to create an uri. You should use nsIIOService. Does it still crash if you use that?
Reporter | ||
Comment 5•19 years ago
|
||
Yes, it still crashes even if the URI is created via nsIIOService: var ioService = Components.classes["@mozilla.org/network/io-service;1"].getService(Components.interfaces.nsIIOService); var uri = ioService.newURI("http://fail.ing.com/", null, null); var cookiePermission = Components.classes["@mozilla.org/cookie/permission;1"].getService(); cookiePermission.QueryInterface(Components.interfaces.nsICookiePermission); cookiePermission.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_ALLOW); cookiePermission.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_DEFAULT); cookiePermission.setAccess(uri, Components.interfaces.nsICookiePermission.ACCESS_ALLOW); The above does crash, but there's the difference that it only generates a single ill formed line in hostperm.1 (like "host cookie 78 ˜íø½ñNÏ5`žÏ5`hcÝ"). Talkback ID TB7387807W.
Comment 6•19 years ago
|
||
Same stack trace: [@nsPermissionManager:Write] Stack Signature nsPermissionManager::Write c63a2977 Product ID FirefoxTrunk Build ID 2005071006 Trigger Time 2005-07-11 09:38:10.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (0041dd10) URL visited Javascript console User Comments Executed the following: var ioService = Components.classes["@mozilla.org/network/io-service;1"].getService(Components.interfaces.nsIIOService);var uri = ioService.newURI("http://fail.ing.com/", null, null);var cookiePermission = Since Last Crash 46 sec Total Uptime 3268 sec Trigger Reason Access violation Source File, Line No. c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp, line 912 Stack Trace nsPermissionManager::Write [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp, line 912] nsPermissionManager::DoLazyWrite [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/extensions/cookie/nsPermissionManager.cpp, line 826] nsAppStartup::Run [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 146] main [c:/builds/tinderbox/Fx-Trunk/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp, line 61] kernel32.dll + 0x16d4f (0x7c816d4f)
Assignee | ||
Updated•19 years ago
|
Assignee: nobody → darin
Status: UNCONFIRMED → NEW
Component: General → Networking: Cookies
Ever confirmed: true
Product: Firefox → Core
QA Contact: general → networking.cookies
Assignee | ||
Comment 7•19 years ago
|
||
This patch should fix things. It adds a check after setting a permission to see if maybe all the permissions for the given host are empty, so that the entry can be removed.
Assignee: darin → mvl
Status: NEW → ASSIGNED
Attachment #189157 -
Flags: superreview?(darin)
Attachment #189157 -
Flags: review?(dwitte)
Updated•19 years ago
|
Attachment #189157 -
Flags: review?(dwitte) → review+
Updated•19 years ago
|
Attachment #189157 -
Flags: superreview?(darin) → superreview+
Updated•19 years ago
|
Flags: blocking1.8b4+
Updated•19 years ago
|
Attachment #189157 -
Flags: approval1.8b4+
Assignee | ||
Comment 8•19 years ago
|
||
patch checked in
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Updated•13 years ago
|
Crash Signature: [@nsPermissionManager::Write]
You need to log in
before you can comment on or make changes to this bug.
Description
•