Closed
Bug 95762
Opened 23 years ago
Closed 23 years ago
browser crashed on malformed <object> tag
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: apm, Assigned: joe.chou)
Details
(Keywords: crash, stackwanted)
Attachments
(2 files)
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801 BuildID: 2001080104 HTML found below effectively makes coredump from browser. Although it's obvisouly written incorrectly (i mean HTML, of course =), that's probably not a good reaction to be caused by syntax error. ps to the code below - archive actually exists and could be reached (unfortunately connection isn't stable) via http://csp.org.by:1520/md/ns/jar/Upplet.jar pps (and <applet archive="" code=""> doesn't work too =((( Reproducible: Always Steps to Reproduce: 1. open browser 2. save HTML from below to a file 3. open a file. download java plugin and restart, if not installed yet, then restart browser and re-open file. Actual Results: browser crash Expected Results: text between <obejct></object> should appear? i'm not sure what w3c says about that <html> <head> <script> function loaded() { alert(document.upplet.sendMessage('foo')); } </script> </head> <body onload="loaded()"> <!--<object codetype="application/java" archive="../ns/jar/Upplet.jar" classid="java:com/musicdialog/Upplet" name="upplet" width=1 height=1>--> <object codetype="application/java" classid="java:../ns/jar/Upplet.jar" name="upplet" width=1 height=1> <param name="serverAddress" value="194.85.255.136"> Applet failed to load! Java may not be enabled! </object> </body> </html>
|
||
Comment 1•23 years ago
|
||
Artiom Morozov: can you attach a stack trace? Or submit a talkback and post the ID number here?
Keywords: stackwanted
|
Reporter | |
Comment 2•23 years ago
|
||
hm... there's no talkback window appears. and i apologize - this particular
example doesn't produces coredump (who's core it was? =(
so it's just a log i can give you
[apm@cyan apm]$ /usr/local/mozilla_old/mozilla
/usr/local/mozilla_old/run-mozilla.sh /usr/local/mozilla_old/mozilla-bin
MOZILLA_FIVE_HOME=/usr/local/mozilla_old
LD_LIBRARY_PATH=/usr/local/mozilla_old:/usr/local/mozilla_old/plugins:/usr/local/qt/lib
LIBRARY_PATH=/usr/local/mozilla_old:/usr/local/mozilla_old/components:/usr/local/qt/lib
SHLIB_PATH=/usr/local/mozilla_old
LIBPATH=/usr/local/mozilla_old
ADDON_PATH=/usr/local/mozilla_old
MOZ_PROGRAM=/usr/local/mozilla_old/mozilla-bin
MOZ_TOOLKIT=
moz_debug=0
moz_debugger=
I am inside the initialize
Hey : You are in QFA Startup
(QFA)Talkback loaded Ok.
Plugin worker error: Success
Plugin: trouble with work request from child (5)
Plugin: Java VM process has died.
INTERNAL ERROR on Browser End: Pipe closed during read? State may be corrupt
System error?:: Bad file descriptor
|
||
Comment 3•23 years ago
|
||
Trying to confirm. Linux 2001091022 freezes and must be killed on reading this code: <html> <body onload="loaded()"> <!--<object codetype="application/java" archive="../ns/jar/Upplet.jar" classid="java:com/musicdialog/Upplet" name="upplet" width=1 height=1>--> <object codetype="application/java" classid="java:../ns/jar/Upplet.jar" name="upplet" width=1 height=1> <param name="serverAddress" value="194.85.255.136"> Applet failed to load! Java may not be enabled! </object> </body> </html> Console window displayed these errors: LoadPlugin: failed to initialize shared library /usr/lib/mozilla/plugins/java2 [/usr/lib/mozilla/plugins/java2: cannot read file data: Is a directory] LoadPlugin: failed to initialize shared library /usr/lib/mozilla/plugins/ShockwaveFlash.class [ /usr/lib/mozilla/plugins/ShockwaveFlash.class: invalid ELF header]
|
||
Comment 4•23 years ago
|
||
plugins.
Assignee: asa → av
Status: UNCONFIRMED → NEW
Component: Browser-General → Plug-ins
Ever confirmed: true
QA Contact: doronr → shrir
The error message about ELF header is not relevant, we have a bug on this. Reassinging to OJI.
Assignee: av → joe.chou
Component: Plug-ins → PICS
|
||
Updated•23 years ago
|
Component: PICS → Plug-ins
|
||
Comment 6•23 years ago
|
||
Reporter, I couldn't find Upplet.jar at http://csp.org.by:1520/md/ns/jar/Upplet.jar. Would you please point the new location of Upplet.jar ?
|
|
Reporter | |
Comment 7•23 years ago
|
||
here, i'm attaching it. some observations which may help you (done on Mozilla/0.9.6): - it seems bug doesn't depend on .jar contents, i tried it on a different one. the same effect - bug doesn't appear if you try to open HTML from local hard drive. path doesn't matter. but if you put HTML even onto local HTTP server (apache 2.0.28 in my case), mozilla crashes.
|
|
Reporter | |
Comment 8•23 years ago
|
||
|
|
||
Comment 9•23 years ago
|
||
First, as reporter mentioned html code is wrong. Crashing occurs inside java plugin and I think that is occurs during running method createApplet of class JavaPluginInstance. Actually plugin doesn't crash -- it makes 'exit'. From another point of view crashing is not good behavior: I tested Mozilla with JRE1.3.1 and JRE1.4.0. With former browser crashes with latter java plugin throws exception that 'Upplet.jar class is not found' and Mozilla doesn't crash. Reporter, would you please test this bug with JRE1.4.0 and close this bug either as FIXED or as INVALID.
|
|
Reporter | |
Comment 10•23 years ago
|
||
arrrgh... i've updated to JRE1.4 and got coredump on startup =( core attached. JRE itself behaves perfectly
|
|
Reporter | |
Comment 11•23 years ago
|
||
|
|
Reporter | |
Comment 12•23 years ago
|
||
so be it. JRE1.4 really fixes the problem
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
||
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•