crash XMLHttpRequest with empty host and alert

RESOLVED DUPLICATE of bug 1166133

Status

()

Core
Networking
--
critical
RESOLVED DUPLICATE of bug 1166133
3 years ago
2 years ago

People

(Reporter: millions.of.stones, Unassigned)

Tracking

(4 keywords)

38 Branch
crash, in-triage, reproducible, testcase
Points:
---

Firefox Tracking Flags

(firefox38.0.5 wontfix, firefox39 affected, firefox40 fixed, firefox41 fixed, firefox42 fixed, firefox-esr31 unaffected, firefox-esr3840+ affected)

Details

(crash signature)

(Reporter)

Description

3 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150525141253

Steps to reproduce:

<html><head></head><body>
    <button id="die">crashme</button>
    <script>
    document.getElementById("die").onclick = function () {
        var xmlhttp = new XMLHttpRequest();
        xmlhttp.open('POST', 'https://:2340/cmd', true);
        xmlhttp.onreadystatechange = function() {
            alert("you are already dead\n" + XMLHttpRequest.responseText);
        }
        xmlhttp.setRequestHeader('Content-type', 'application/json');
        xmlhttp.send(JSON.stringify({something: 'nothing'}));
        return false;
    };
    </script>
</body></html>


Actual results:

This crashes on both Win7 x64 firefox 38.0.5 and Mint x64 Firefox 38.0

Comment 1

3 years ago
I can reproduce on 38,

https://crash-stats.mozilla.com/report/index/da48b94f-b949-4794-97d1-2c1702150702
Severity: normal → critical
Status: UNCONFIRMED → NEW
Crash Signature: [ @ nsCORSListenerProxy::OnStartRequest(nsIRequest*, nsISupports*) ]
Component: Untriaged → Networking
Ever confirmed: true
Keywords: crash, in-triage, reproducible, testcase
Product: Firefox → Core

Updated

3 years ago
status-firefox38.0.5: --- → wontfix
status-firefox39: --- → affected
status-firefox40: --- → ?
status-firefox41: --- → ?
status-firefox42: --- → unaffected

Comment 2

3 years ago
This seems to have been fixed in the Firefox 40 cycle.

This means it's fixed in current versions of Firefox Nightly (https://nightly.mozilla.org/ ) and developer edition (https://aurora.mozilla.org/ ) and it will soon be fixed in Firefox beta ( https://beta.mozilla.org/ -- not yet, but the fix should be there sometime the next week)

Olli, can you help me figure out if it's worth finding what exactly fixed this and trying to see if we can fix it on 39 (.0.1) or something like this? Looking at the stack I am a little uneasy, but maybe that is just paranoia...

(asking you because of the onStopRequest crash you fixed in the 38 cycle -- should this bug be in Core::DOM instead of networking?)
status-firefox40: ? → unaffected
status-firefox41: ? → unaffected
Flags: needinfo?(bugs)

Updated

3 years ago
status-firefox40: unaffected → fixed
status-firefox41: unaffected → fixed
status-firefox42: unaffected → fixed

Comment 3

3 years ago
[Tracking Requested - why for this release]: ESR38 crashes, but ESR31 does not crash. Regression
status-firefox-esr31: --- → unaffected
status-firefox-esr38: --- → affected
tracking-firefox-esr38: --- → ?

Comment 4

3 years ago
Regression Pushlog: 
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=1db2020eae48&tochange=25d9ba8ceb7a
Alice, do you by any chance has also the un-regression range?


The regression range hints this is a necko issue.
Flags: needinfo?(bugs)

Comment 6

3 years ago
un-regression range:
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=f0cd5630e216&tochange=c4d20e902d26

Bug 1166133 seems to fix?

Updated

3 years ago
Depends on: 1166133
Flags: needinfo?(dd.mozilla)
The patch from bug 1166133 will solve the problem.
Flags: needinfo?(dd.mozilla)

Comment 8

3 years ago
(In reply to Dragana Damjanovic [:dragana] from comment #7)
> The patch from bug 1166133 will solve the problem.

So, it will uplift to ESR38?
I am asking for a uplift

Comment 10

2 years ago
Tracking because already fixed in 40, 41, 42. Regression with a fix.
tracking-firefox-esr38: ? → 40+

Comment 11

2 years ago
bug 1166133 was minused for 38, so there isn't anything left to do here, I think.
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → FIXED

Comment 12

2 years ago
(In reply to :Gijs Kruitbosch from comment #11)
> bug 1166133 was minused for 38, so there isn't anything left to do here, I
> think.

In fact, this is probably more correct.
Resolution: FIXED → DUPLICATE
Duplicate of bug: 1166133
You need to log in before you can comment on or make changes to this bug.