Closed
Bug 379190
Opened 17 years ago
Closed 17 years ago
crashes when loading chrome urls
Categories
(Core :: Security: PSM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: bernd_mozilla, Assigned: KaiE)
References
()
Details
(4 keywords)
Attachments
(1 file)
1.76 KB,
patch
|
rrelyea
:
review+
dveditz
:
approval1.8.1.5+
dveditz
:
approval1.8.0.13+
|
Details | Diff | Splinter Review |
(probably a dupe..)
see url
not all of them crash but chrome://pippki/content/editcacert.xul does with a recent debug build
the stack looks like
nspr4.dll!PR_Assert(const char * s=0x059fa5fc, const char * file=0x059fa5c8, int ln=565) Zeile 546 C
nss3.dll!PL_Base64DecodeBuffer(const char * src=0x0401a368, unsigned int srclen=0, unsigned char * dest=0x00000000, unsigned int maxdestlen=0, unsigned int * output_destlen=0x0012e180) Zeile 565 + 0x1d Bytes C
> nss3.dll!NSSBase64_DecodeBuffer(PLArenaPool * arenaOpt=0x00000000, SECItemStr * outItemOpt=0x0012e1c4, const char * inStr=0x0401a368, unsigned int inLen=0) Zeile 769 + 0x1c Bytes C
pipnss.dll!nsNSSCertificateDB::FindCertByDBKey(const char * aDBkey=0x0401a368, nsISupports * aToken=0x00000000, nsIX509Cert * * _cert=0x0012e388) Zeile 147 + 0x1c Bytes C++
xpcom_core.dll!NS_InvokeByIndex_P(nsISupports * that=0x0012e30c, unsigned int methodIndex=1238256, unsigned int paramCount=20803777, nsXPTCVariant * params=0x04a5e638) Zeile 102 C++
xpc3250.dll!AutoJSSuspendRequest::SuspendRequest() Zeile 3235 + 0xd Bytes C++
xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Zeile 2247 + 0x1e Bytes C++
xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x03e6c9f8, JSObject * obj=0x049a75c0, unsigned int argc=2, long * argv=0x04ab5084, long * vp=0x0012e610) Zeile 1464 + 0xe Bytes C++
js3250.dll!js_Invoke(JSContext * cx=0x03e6c9f8, unsigned int argc=2, unsigned int flags=0) Zeile 1332 + 0x20 Bytes C
js3250.dll!js_Interpret(JSContext * cx=0x03e6c9f8, unsigned char * pc=0x04037e99, long * result=0x0012ecbc) Zeile 4011 + 0xf Bytes C
js3250.dll!js_Invoke(JSContext * cx=0x03e6c9f8, unsigned int argc=1, unsigned int flags=2) Zeile 1351 + 0x13 Bytes C
js3250.dll!js_InternalInvoke(JSContext * cx=0x03e6c9f8, JSObject * obj=0x04007dc0, long fval=75997056, unsigned int flags=0, unsigned int argc=1, long * argv=0x04ab4fb8, long * rval=0x0012ee38) Zeile 1426 + 0x14 Bytes C
js3250.dll!JS_CallFunctionValue(JSContext * cx=0x03e6c9f8, JSObject * obj=0x04007dc0, long fval=75997056, unsigned int argc=1, long * argv=0x04ab4fb8, long * rval=0x0012ee38) Zeile 4404 + 0x1f Bytes C
gklayout.dll!nsJSContext::CallEventHandler(nsISupports * aTarget=0x048b9d5c, void * aScope=0x04007dc0, void * aHandler=0x04879f80, nsIArray * aargv=0x04a5d898, nsIVariant * * arv=0x0012efa8) Zeile 1795 + 0x24 Bytes C++
Comment 1•17 years ago
|
||
NSS is correctly detecting a programming error in the code that called it. That's what's supposed to happen in debug builds. In this case, the caller is nsNSSCertificateDB::FindCertByDBKey, which is calling NSSBase64_DecodeBuffer with a zero-length buffer.
Assignee: nobody → kengert
Component: Libraries → Security: PSM
Product: NSS → Core
QA Contact: libraries → psm
Assignee | ||
Comment 2•17 years ago
|
||
To some extent this bug depends on bug 346583, because NSSBase64_DecodeBuffer should fail gracefully when called with a zero length buffer. However, the PSM function should get fixed, too, because it does not check a NULL error result from NSSBase64_DecodeBuffer and tries to process the result anyway... And while I'm adding the check for a null return value, I'm also adding the check for a zero length input, because it might take a while until PSM is able to pick up the NSS fix from bug 346583.
Status: NEW → ASSIGNED
Depends on: 346583
Assignee | ||
Comment 3•17 years ago
|
||
Attachment #264102 -
Flags: review?(rrelyea)
Comment 4•17 years ago
|
||
Comment on attachment 264102 [details] [diff] [review] Patch v1 r+ good paranoic programming.
Attachment #264102 -
Flags: review?(rrelyea) → review+
Assignee | ||
Comment 5•17 years ago
|
||
Fixed on trunk.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 6•17 years ago
|
||
Comment on attachment 264102 [details] [diff] [review] Patch v1 Nominating crash fix for stable branches.
Attachment #264102 -
Flags: approval1.8.1.5?
Attachment #264102 -
Flags: approval1.8.0.13?
Updated•17 years ago
|
Flags: in-testsuite?
Comment 7•17 years ago
|
||
Comment on attachment 264102 [details] [diff] [review] Patch v1 approved for 1.8.1.5 and 1.8.0.13, a=dveditz for release-drivers
Attachment #264102 -
Flags: approval1.8.1.5?
Attachment #264102 -
Flags: approval1.8.1.5+
Attachment #264102 -
Flags: approval1.8.0.13?
Attachment #264102 -
Flags: approval1.8.0.13+
Comment 10•17 years ago
|
||
i didn`t crash when i use this url chrome://pippki/content/editcacert.xul But when i select some checkboxes and press ok i crash on 1.8.1.5pre TB33742229Z Is this a new bug ?
Comment 11•17 years ago
|
||
verified fixed 1.8.1.5 using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.5pre) Gecko/2007071103 BonEcho/2.0.0.5pre and the chrome url chrome://pippki/content/editcacert.xul No crash on this url - adding verified keyword. For the crash on the chrome://pippki/content/editcacert.xul site (comment #10) i filed Bug 387613
Keywords: fixed1.8.1.5 → verified1.8.1.5
Comment 12•17 years ago
|
||
i crash loading the testcase url in Thunderbird 1.5.0.13 - filed Bug 392208
You need to log in
before you can comment on or make changes to this bug.
Description
•