Closed Bug 13997 Opened 26 years ago Closed 26 years ago

browser crashes when attaching a file in bugzilla

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: pavlov, Assigned: pollmann)

References

Details

Attachments

(4 files)

test, added by apprunner
12 bytes, text/plain
Details
Windows apprunner test
15 bytes, text/plain
Details
JPEG file
149.14 KB, image/jpeg
Details
test file
12.94 KB, application/octet-stream
Details
the browser crashes when attaching a file in bugzilla
Assignee: karnaze → kmcclusk
Kevin, I tried attaching a file and Viewer hung up. I'm not sure who should get this.
Assignee: kmcclusk → pollmann
The nsIInputStream passed to nsHTTPChannel::SetPostDataStream points to released memory. Looks like a refcount problem in the multipart processing code in nsFormFrame::OnSubmit at the line: rv = NS_NewPostDataStream(!isURLEncoded, postBuffer, 0, &postDataStream); Here is the stack when it crashes: nsHTTPChannel::SetPostDataStream(nsHTTPChannel * const 0x021e0920, nsIInputStream * 0x02204ee0) line 754 + 21 bytes nsDocumentBindInfo::Bind(nsIURI * 0x021b7ba0, nsIStreamListener * 0x00000000, nsIInputStream * 0x02204ee0) line 1623 nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x00bdb970, nsIURI * 0x021b7ba0, const char * 0x0127d060, nsIContentViewerContainer * 0x00bda760, nsIInputStream * 0x02204ee0, nsISupports * 0x00000000, nsIStreamObserver * 0x00bd95c4, unsigned int 0, const unsigned int 0) line 600 + 18 bytes nsWebShell::DoLoadURL(nsIURI * 0x021b7ba0, const char * 0x0127d060, nsIInputStream * 0x02204ee0, unsigned int 0, const unsigned int 0) line 2086 + 63 bytes nsWebShell::LoadURI(nsWebShell * const 0x00bda760, nsIURI * 0x021b7ba0, const char * 0x0127d060, nsIInputStream * 0x02204ee0, int 1, unsigned int 0, const unsigned int 0, nsISupports * 0x00000000) line 2242 + 28 bytes nsWebShell::LoadURL(nsWebShell * const 0x00bda760, const unsigned short * 0x022004e0, const char * 0x0127d060, nsIInputStream * 0x02204ee0, int 1, unsigned int 0, const unsigned int 0, nsISupports * 0x00000000) line 2306 + 48 bytes nsWebShell::LoadURL(nsWebShell * const 0x00bda760, const unsigned short * 0x022004e0, nsIInputStream * 0x02204ee0, int 1, unsigned int 0, const unsigned int 0, nsISupports * 0x00000000) line 1911 nsWebShell::HandleLinkClickEvent(nsIContent * 0x01c36610, nsLinkVerb eLinkVerb_Replace, const unsigned short * 0x022004e0, const unsigned short * 0x0029f1a0 gCommonEmptyBuffer, nsIInputStream * 0x02204ee0) line 3003 OnLinkClickEvent::HandleEvent() line 2830 HandlePLEvent(OnLinkClickEvent * 0x02204e80) line 2843 PL_HandleEvent(PLEvent * 0x02204e80) line 509 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00b925f0) line 470 + 9 bytes _md_EventReceiverProc(HWND__ * 0x047003d0, unsigned int 49419, unsigned int 0, long 12133872) line 938 + 9 bytes USER32! 77e71250() 00b925f0() If I add a addref (postDataStream) it doesn't crash, Instead it gets caught in an endless loop. If I try and break into the debugger while caught in the loop I don't get a stack trace. I think it is general problem with posting multipart files. Eric, reassigning to you. This may be a duplicate of one of your bugs.
Status: NEW → ASSIGNED
This looks vaguely like bug 7973 which says something like "multipart doesn't work", but is simpler. The first crash on Linux is far simpler than the one you're seeing Kevin. It is just a deref of a null pointer in the logic that generates a temp file name. Rather than do fix that, I'm going to use nsFileSpec and nsSpecialSystemDirectory routines that should have been used all along. I'm guessing this will leave the craziness that you are seeing still, but I'll go after that next.
Severity: normal → critical
Priority: P3 → P1
Target Milestone: M12
Updating milestone/priority
Blocks: 8209
Okay, I finished rewriting that much, but I'm still seing the crash with the stack trace here. Still working on this...
Got rid of the crash. Form posting now hangs. Still working. :)
Got multipart posting to work for one test case, but still halts when posting attachments to bugzilla. This bugfix so far has involved a rewrite of the ProcessAsMultipart routine, changes in OnSubmit, and several bugfixes in our HTTP/Necko library - may or may not be approved for beta, we'll see. :)
Attached file Windows apprunner test
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Just checked in a fix. To verify, try to attach a file to this bug using apprunner. If it works, the bug is fixed. Note that, at least on Linux, you must select a file from the current directory. This is being worked on - see bug 15317
I've tried attaching files for a bit here... all to no avail. (Win32 only - I'll be trying Linux soon.) I'll keep you posted...
This must be related to the problems you're seeing with bug 8209. I'm seeing them too, so it is most likely a new bug with multipart form posting that cropped up with some of the recent changes I've made. I'm working on this one, and will update these bugs with status when it's resolved.
Attached image JPEG file
OK, Windows NT successfully uploaded a file. Now to try Linux...
QA Contact: cpratt → paulmac
QA Contact: paulmac → elig
Well, my Linux box always hangs when trying to bring up a file picker. I'm reassigning the QA contact to elig in hopes that he'll be able to verify this on Linux. (I used the 1999110508 build to verify on Windows NT.)
Attached file test file
Status: RESOLVED → VERIFIED
Per cpratt's request and pollman's handy Linux note above, successfully attached a file using 1999 11/10 08:00 Linux build. Verifying fixed.
Component: HTML: Form Submission → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: