Closed Bug 304414 Opened 20 years ago Closed 20 years ago

nsIChannel::open works on a folder returning a stream that can cause crash

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.8beta4

People

(Reporter: mcm.ham, Assigned: Biesinger)

References

(
URL
)

Details

(4 keywords)

Attachments

(3 files, 2 obsolete files)

Testcase
742 bytes, text/html
Details
patch with bz's comment
1.65 KB, patch
asa
: approval1.8b4+
Details | Diff | Splinter Review
unit test, v1.1
5.18 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+ As per mozillazine discussion linked since the 2004-06-26 builds Firefox now opens a channel for a folder that used to throw a NS_ERROR_NOT_IMPLEMENTED exception. The result is that when the stream is read using the stream.available() method Firefox crashes with a talkback ID of TB8303646X or TB8304346K. Reproducible: Always
Attached file Testcase
Attched test case that shows the crash, thanks to mw. Works only when run locally.
Keywords: regression
Flags: blocking1.8b4?
Just as a side note, input.available() returns 4294967295 (which is max for unsigned int), then the code adds +1 for the \0 and then it trys to alloc 0 bytes.
It doesn't crash with a 2004-06-25 build, but crashes with 2004-06-26 build, so likely to be a regression from fixing bug 247607.
Blocks: 247607
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, testcase
I want to note that the directoryInputStream was always broken, and that checkin just exposed the bug in that stream impl.
OS: Windows XP → All
Hardware: PC → All
Keywords: helpwanted
Target Milestone: --- → mozilla1.8beta4
Assignee: darin → cbiesinger
Priority: -- → P1
Flags: blocking1.8b4? → blocking1.8b4+
Attached patch patch (obsolete) — Splinter Review
Attachment #193195 - Flags: review?(bzbarsky)
Attachment #193191 - Flags: review?(bzbarsky)
Comment on attachment 193195 [details] [diff] [review] patch >Index: base/src/nsDirectoryIndexStream.cpp >+ // More files available? >+ PRBool more = mPos < mArray.Count(); >+ if (more) { >+ *aLength = 1; // A bit of a lie but good enough > return NS_OK; > } >+ >+ // All done >+ *aLength = 0; >+ return NS_OK; how about: *aLength = (mPos < mArray.Count()) ? 1 : 0; return NS_OK; Instead of all that?
Attachment #193195 - Flags: superreview+
Attachment #193195 - Flags: review?(bzbarsky)
Attachment #193195 - Flags: review+
Comment on attachment 193191 [details] [diff] [review] unit test for this case >Index: unit/test_localstreams.js >+ try { >+ binstream.readByteArray(1); >+ do_throw("Data readable when available indicated EOF!"); You don't want to catch whatever do_throw throws. r=bzbarsky with that fixed.
Attachment #193191 - Flags: review?(bzbarsky) → review+
(In reply to comment #8) > how about: > > *aLength = (mPos < mArray.Count()) ? 1 : 0; > return NS_OK; Or even *aLength = (mPos < mArray.count()); -- C and C++ guarantee 1 or 0 here. /be
I'm not sure that "*aLength = (mPos < mArray.count());" is more readable than bz's suggestion... --.noitseggus s'zb naht elbadaer erom si
Keywords: helpwanted
low risk patch to make the directoryindexstream implement Available() correctly, which fixes a crash when javascript tries to use this interface siht esu
Attachment #193195 - Attachment is obsolete: true
Attachment #193348 - Flags: approval1.8b4?
Attached patch unit test, v1.1Splinter Review
Attachment #193191 - Attachment is obsolete: true
fixed on trunk Checking in netwerk/base/src/nsDirectoryIndexStream.cpp; /cvsroot/mozilla/netwerk/base/src/nsDirectoryIndexStream.cpp,v <-- nsDirectoryIndexStream.cpp new revision: 1.36; previous revision: 1.35 done Checking in netwerk/test/Makefile.in; /cvsroot/mozilla/netwerk/test/Makefile.in,v <-- Makefile.in new revision: 1.87; previous revision: 1.86 done Checking in netwerk/test/TestCookie.cpp; /cvsroot/mozilla/netwerk/test/TestCookie.cpp,v <-- TestCookie.cpp new revision: 1.4; previous revision: 1.3 done Checking in netwerk/test/unit/test_cookie_header.js; /cvsroot/mozilla/netwerk/test/unit/test_cookie_header.js,v <-- test_cookie_header.js new revision: 1.2; previous revision: 1.1 done RCS file: /cvsroot/mozilla/netwerk/test/unit/test_localstreams.js,v done Checking in netwerk/test/unit/test_localstreams.js; /cvsroot/mozilla/netwerk/test/unit/test_localstreams.js,v <-- test_localstreams.js initial revision: 1.1 done
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Verified, thanks Christian!
Status: RESOLVED → VERIFIED
Attachment #193348 - Flags: approval1.8b4? → approval1.8b4+
"patch with bz's comment" (attachment 193348 [details] [diff] [review]) checked in to MOZILLA_1_8_BRANCH Checking in netwerk/base/src/nsDirectoryIndexStream.cpp; /cvsroot/mozilla/netwerk/base/src/nsDirectoryIndexStream.cpp,v <-- nsDirectoryIndexStream.cpp new revision: 1.35.4.1; previous revision: 1.35 done
Keywords: fixed1.8
v.fixed on branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050928 Firefox/1.4, no crash with testcase (tested as attachment and locally).
Keywords: fixed1.8verified1.8
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: