Closed
Bug 29279
Opened 25 years ago
Closed 25 years ago
Crash when loading urls greater than 100 characters
Categories
(Core :: Networking, defect, P3)
Tracking
()
VERIFIED
FIXED
People
(Reporter: mscott, Assigned: mscott)
References
Details
(Keywords: crash, regression)
Attachments
(1 file)
929 bytes,
patch
|
Details | Diff | Splinter Review |
In a mozilla win32 build from this morning. If I try to click on a bookmark for a bugzilla query I have, I crash with the following stack trace: nsURLEscape(const char * 0x0484d340, short 256, nsCString & {...}) line 108 + 3 bytes nsAppendURLEscapedString(nsCString & {...}, const char * 0x0484d340, short 256) line 117 + 18 bytes nsStdURL::AppendString(nsCString & {...}, char * 0x0484d340, nsStdURL::Format ESCAPED, short 256) line 290 + 18 bytes nsStdURL::GetPath(nsStdURL * const 0x048db190, char * * 0x0012d690) line 780 + 26 bytes nsStdURL::GetSpec(nsStdURL * const 0x048db190, char * * 0x0012d76c) line 373 + 16 bytes LocationImpl::SetHrefWithBase(const nsString & {"http://bugzilla.mozilla.org/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&email1=mscott%40netscape.com&em"}, nsIURI * 0x04042ed0, int 1) line 377 + 42 bytes LocationImpl::SetProperty(JSContext * 0x031e5600, JSObject * 0x03749148, long 39200436, long * 0x0012e590) line 812 + 30 bytes nsJSUtils::nsCallJSScriptObjectSetProperty(nsISupports * 0x0484c8c4, JSContext * 0x031e5600, JSObject * 0x03749148, long 39200436, long * 0x0012e590) line 241 + 27 bytes nsURLEscape uses a tempBuffer that is 100 bytes long. I'm seeing us access values well outside of this buffer. i.e. tempBufferPos is a really large number.
Assignee | ||
Updated•25 years ago
|
Keywords: regression
Comment 1•25 years ago
|
||
I believe if (tempBuffer == 96) should be tempBuffer >= 96 in nsURLEscape If tempBufferPos was 95 when the three lines above happen, it is 98 when it hits the if statement.
Assignee | ||
Comment 2•25 years ago
|
||
mkaply is right. Putterman just came by my cube to fix this bug and he did the same thing on my machine. I can check this in if someone will give me approval.
Assignee | ||
Comment 3•25 years ago
|
||
Assignee | ||
Comment 4•25 years ago
|
||
I checked in a fix for this tonight since Warren hasn't had a chance to look at this yet.
Assignee: warren → mscott
Assignee | ||
Comment 5•25 years ago
|
||
fix checked in.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•