browser crashes when attaching a file in bugzilla

VERIFIED FIXED in M12

Status

()

defect
P1
critical
VERIFIED FIXED
20 years ago
2 months ago

People

(Reporter: pavlov, Assigned: pollmann)

Tracking

Trunk
x86
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(4 attachments)

Reporter

Description

20 years ago
the browser crashes when attaching a file in bugzilla

Updated

20 years ago
Assignee: karnaze → kmcclusk

Comment 1

20 years ago
Kevin, I tried attaching a file and Viewer hung up. I'm not sure who should get
this.
Assignee: kmcclusk → pollmann
The nsIInputStream passed to nsHTTPChannel::SetPostDataStream points to released
memory. Looks like a refcount problem in the multipart processing code in
nsFormFrame::OnSubmit at the line:

rv = NS_NewPostDataStream(!isURLEncoded, postBuffer, 0, &postDataStream);




Here is the stack when it crashes:


nsHTTPChannel::SetPostDataStream(nsHTTPChannel * const 0x021e0920,
nsIInputStream * 0x02204ee0) line 754 + 21 bytes
nsDocumentBindInfo::Bind(nsIURI * 0x021b7ba0, nsIStreamListener * 0x00000000,
nsIInputStream * 0x02204ee0) line 1623
nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x00bdb970, nsIURI *
0x021b7ba0, const char * 0x0127d060, nsIContentViewerContainer * 0x00bda760,
nsIInputStream * 0x02204ee0, nsISupports * 0x00000000, nsIStreamObserver *
0x00bd95c4, unsigned int 0, const unsigned int 0) line 600 + 18 bytes
nsWebShell::DoLoadURL(nsIURI * 0x021b7ba0, const char * 0x0127d060,
nsIInputStream * 0x02204ee0, unsigned int 0, const unsigned int 0) line 2086 +
63 bytes
nsWebShell::LoadURI(nsWebShell * const 0x00bda760, nsIURI * 0x021b7ba0, const
char * 0x0127d060, nsIInputStream * 0x02204ee0, int 1, unsigned int 0, const
unsigned int 0, nsISupports * 0x00000000) line 2242 + 28 bytes
nsWebShell::LoadURL(nsWebShell * const 0x00bda760, const unsigned short *
0x022004e0, const char * 0x0127d060, nsIInputStream * 0x02204ee0, int 1,
unsigned int 0, const unsigned int 0, nsISupports * 0x00000000) line 2306 + 48
bytes
nsWebShell::LoadURL(nsWebShell * const 0x00bda760, const unsigned short *
0x022004e0, nsIInputStream * 0x02204ee0, int 1, unsigned int 0, const unsigned
int 0, nsISupports * 0x00000000) line 1911
nsWebShell::HandleLinkClickEvent(nsIContent * 0x01c36610, nsLinkVerb
eLinkVerb_Replace, const unsigned short * 0x022004e0, const unsigned short *
0x0029f1a0 gCommonEmptyBuffer, nsIInputStream * 0x02204ee0) line 3003
OnLinkClickEvent::HandleEvent() line 2830
HandlePLEvent(OnLinkClickEvent * 0x02204e80) line 2843
PL_HandleEvent(PLEvent * 0x02204e80) line 509 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00b925f0) line 470 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x047003d0, unsigned int 49419, unsigned int 0,
long 12133872) line 938 + 9 bytes
USER32! 77e71250()
00b925f0()

If I add a addref (postDataStream) it doesn't crash, Instead it gets caught in
an endless loop. If I try and break into the debugger while caught in the loop
I don't get a stack trace. I think it is general problem with posting multipart
files.

Eric, reassigning to you. This may be a duplicate of one of your bugs.
Assignee

Updated

20 years ago
Status: NEW → ASSIGNED
Assignee

Comment 3

20 years ago
This looks vaguely like bug 7973 which says something like "multipart doesn't
work", but is simpler.

The first crash on Linux is far simpler than the one you're seeing Kevin.  It is
just a deref of a null pointer in the logic that generates a temp file name.
Rather than do fix that, I'm going to use nsFileSpec and
nsSpecialSystemDirectory routines that should have been used all along.

I'm guessing this will leave the craziness that you are seeing still, but I'll
go after that next.
Assignee

Updated

20 years ago
Severity: normal → critical
Priority: P3 → P1
Target Milestone: M12
Assignee

Comment 4

20 years ago
Updating milestone/priority
Assignee

Updated

20 years ago
Blocks: 8209
Assignee

Comment 5

20 years ago
Okay, I finished rewriting that much, but I'm still seing the crash with the
stack trace here.  Still working on this...
Assignee

Comment 6

20 years ago
Got rid of the crash.  Form posting now hangs.  Still working. :)
Assignee

Comment 7

20 years ago
Got multipart posting to work for one test case, but still halts when posting
attachments to bugzilla.  This bugfix so far has involved a rewrite of the
ProcessAsMultipart routine, changes in OnSubmit, and several bugfixes in our
HTTP/Necko library - may or may not be approved for beta, we'll see.  :)
Assignee

Comment 8

20 years ago
Assignee

Comment 9

20 years ago
Assignee

Updated

20 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 20 years ago
Resolution: --- → FIXED
Assignee

Comment 10

20 years ago
Just checked in a fix.
To verify, try to attach a file to this bug using apprunner.  If it works, the
bug is fixed.  Note that, at least on Linux, you must select a file from the
current directory.  This is being worked on - see bug 15317

Comment 11

20 years ago
I've tried attaching files for a bit here... all to no avail. (Win32 only - I'll
be trying Linux soon.) I'll keep you posted...
Assignee

Comment 12

20 years ago
This must be related to the problems you're seeing with bug 8209.  I'm seeing
them too, so it is most likely a new bug with multipart form posting that
cropped up with some of the recent changes I've made.  I'm working on this one,
and will update these bugs with status when it's resolved.

Comment 13

20 years ago
Posted image JPEG file

Comment 14

20 years ago
OK, Windows NT successfully uploaded a file. Now to try Linux...

Updated

20 years ago
QA Contact: cpratt → paulmac

Updated

20 years ago
QA Contact: paulmac → elig

Comment 15

20 years ago
Well, my Linux box always hangs when trying to bring up a file picker. I'm
reassigning the QA contact to elig in hopes that he'll be able to verify this on
Linux. (I used the 1999110508 build to verify on Windows NT.)

Comment 16

20 years ago
Posted file test file

Updated

20 years ago
Status: RESOLVED → VERIFIED

Comment 17

20 years ago
Per cpratt's request and pollman's handy Linux note above, successfully attached
a file using 1999 11/10 08:00 Linux build.

Verifying fixed.
Component: HTML: Form Submission → DOM: Core & HTML
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.