Closed
Bug 236436
Opened 20 years ago
Closed 20 years ago
Browser crashes during XMLHttpRequest with null URL
Categories
(Core :: XML, defect)
Tracking
()
RESOLVED
FIXED
mozilla1.7beta
People
(Reporter: bugzilla, Assigned: hjtoi-bugzilla)
Details
(Keywords: crash, testcase, Whiteboard: TB30990334H)
Attachments
(2 files)
489 bytes,
text/html
|
Details | |
982 bytes,
patch
|
jst
:
review+
jst
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.6) Gecko/20040113 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; cs-CZ; rv:1.6) Gecko/20040113 Create new XMLHttpRequest and call open() with null URL: xmlreq = new XMLHttpRequest(); xmlreq.open("GET", null); // <- Mozilla crashes!!! Probably the URL parameter is not properly checked in nsXMLHttpRequest::Open() http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp#719 xref: bug #230310 Reproducible: Always Steps to Reproduce:
Reporter | ||
Comment 1•20 years ago
|
||
Comment 2•20 years ago
|
||
Confirming using actual nightbuild and 1.7a on W2K and last month's nightbuild on Linux - all is crashing.
Updated•20 years ago
|
OS: Windows 2000 → All
Updated•20 years ago
|
Whiteboard: TB30990334H
Comment 3•20 years ago
|
||
And to be more precisely, it crashes right here: http://lxr.mozilla.org/mozilla/source/extensions/xmlextras/base/src/nsXMLHttpRequest.cpp#749 748 nsCOMPtr<nsIURI> targetURI; 749 rv = NS_NewURI(getter_AddRefs(targetURI), url, mBaseURI); 750 if (NS_FAILED(rv)) return NS_ERROR_FAILURE; with callstack: NTDLL! 77fa144b() nsDebugImpl::Assertion(nsDebugImpl * const 0x00266d08, const char * 0x100f6a60 `string', const char * 0x100f6974 `string', const char * 0x100f697c `string', int 133) line 276 nsDebug::Assertion(const char * 0x100f6a60 `string', const char * 0x100f6974 `string', const char * 0x100f697c `string', int 133) line 109 nsDependentCString::Rebind(const char * 0x00000000) line 133 + 31 bytes nsDependentCString::nsDependentCString(const char * 0x00000000) line 179 + 47 bytes NS_NewURI(nsIURI * * 0x0012da88, const char * 0x00000000, nsIURI * 0x034c5760, nsIIOService * 0x00000000) line 136 + 23 bytes nsXMLHttpRequest::Open(nsXMLHttpRequest * const 0x03444028, const char * 0x0337d2a0, const char * 0x00000000) line 756 + 47 bytes ... ... ...
Assignee | ||
Comment 4•20 years ago
|
||
Missing a null pointer check I think, have a fix. Have not yet compiled to make sure.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla1.7beta
Assignee | ||
Comment 5•20 years ago
|
||
Assignee | ||
Comment 6•20 years ago
|
||
Comment on attachment 143093 [details] [diff] [review] fix Confirmed that it indeed fixes the crash, so just a trivial null pointer check.
Attachment #143093 -
Flags: superreview?(jst)
Attachment #143093 -
Flags: review?(jst)
Comment 7•20 years ago
|
||
Comment on attachment 143093 [details] [diff] [review] fix r+sr=jst
Attachment #143093 -
Flags: superreview?(jst)
Attachment #143093 -
Flags: superreview+
Attachment #143093 -
Flags: review?(jst)
Attachment #143093 -
Flags: review+
Assignee | ||
Comment 8•20 years ago
|
||
Checked in.
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•