Closed
Bug 143912
Opened 22 years ago
Closed 22 years ago
[FIX]"moz-bitmap:" URL crashes browser M1RC2 [@ inBitmapChannel::AsyncOpen()]
Categories
(Other Applications :: DOM Inspector, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: pzb, Assigned: bzbarsky)
References
()
Details
(Keywords: crash, topcrash-, Whiteboard: [driver:shaver] needs review)
Crash Data
Attachments
(1 file, 2 obsolete files)
|
2.87 KB,
patch
|
bzbarsky
:
review+
hewitt
:
superreview+
jesup
:
approval+
|
Details | Diff | Splinter Review |
If you just type "moz-bitmap:" in the URL bar and hit enter, the browser will crash. This has been tested on 0.9.9, 1.0rc1, and 1.0rc2.
|
Reporter | |
Comment 1•22 years ago
|
||
Upgrading this to critical, as it turns out that a link in a page with "moz-bitmap:" as the href will crash the browser. As a side note, don't click the URL for the bug, unless you want the browser to crash :/
Severity: major → critical
Summary: typing "moz-bitmap:" in URL bar crashes browser → "moz-bitmap:" URL crashes browser
|
||
Comment 2•22 years ago
|
||
I just want to confirm this bug. It's the same with my Mozilla 1.0 RC2. I guess this could be a real problem, because malicios people could just make a site with an additional frame that makes a refresh to moz-bitmap: and the browser will crash.
|
||
Comment 3•22 years ago
|
||
Confirming for Win NT 4 SP6a.
|
|
||
Comment 4•22 years ago
|
||
Made a testcase on http://www.beyond-thoughts.com/crashzilla/ DO NOT go there unless you want mozilla crash.
|
|
||
Comment 5•22 years ago
|
||
Hey that's worse !! It must have something to do with the general URL loading library. I made a second test at http://www.beyond-thoughts.com/crashzilla/test2 There's an image tag like: img src="moz-bitmap:" alt="crashZilla2" and that's enogh to crash Mozilla.
|
||
Comment 7•22 years ago
|
||
Stack Signature inBitmapChannel::AsyncOpen() 966b4636 Email Address Product ID MozillaTrunk Build ID 2002051208 Trigger Time 2002-05-12 10:20:04 Platform LinuxIntel Operating System Linux 2.4.17 Module libinspector.so URL visited moz-bitmap: User Comments tried to load above url, mozilla bug 143912 Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Source File Name Trigger Line No. Stack Trace inBitmapChannel::AsyncOpen() nsDocumentOpenInfo::Open() nsURILoader::OpenURIVia() nsURILoader::OpenURI() nsDocShell::DoChannelLoad() nsDocShell::DoURILoad() nsDocShell::InternalLoad() nsDocShell::LoadURI() nsDocShell::LoadURI() XPTC_InvokeByIndex() XPCWrappedNative::CallMethod() XPC_WN_CallMethod() js_Invoke() js_Interpret() js_Invoke() js_Interpret() js_Invoke() fun_apply() js_Invoke() js_Interpret() js_Invoke() js_InternalInvoke() JS_CallFunctionValue() nsJSContext::CallEventHandler() nsJSEventListener::HandleEvent() nsXBLPrototypeHandler::ExecuteHandler() nsXBLKeyHandler::KeyPress() nsEventListenerManager::HandleEvent() nsXULElement::HandleDOMEvent() nsXULElement::HandleDOMEvent() nsXULElement::HandleDOMEvent() nsGenericElement::HandleDOMEvent() nsHTMLInputElement::HandleDOMEvent() PresShell::HandleEventInternal() PresShell::HandleEvent() nsViewManager::HandleEvent() nsView::HandleEvent() nsViewManager::DispatchEvent() HandleEvent() nsWidget::DispatchEvent() nsWidget::DispatchWindowEvent() nsWidget::OnKey() handle_key_press_event() dispatch_superwin_event() handle_gdk_event() libgdk-1.2.so.0 + 0x17f2f (0x4036df2f) libglib-1.2.so.0 + 0x11390 (0x403a1390) libglib-1.2.so.0 + 0x1196f (0x403a196f) libglib-1.2.so.0 + 0x11b2b (0x403a1b2b) libgtk-1.2.so.0 + 0x98743 (0x402b1743) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x1c5b0 (0x404f55b0)
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc2) Gecko/2002051006 Confirming for Windows 98. TB6205811E (as original TB was for Linux, is a Windows TB useful?)
|
||
Comment 9•22 years ago
|
||
Confirming, I'm seeing this too (RC2, WinME). Oh dear.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Welcome to the RC3 hotlist.
Blocks: 143200
Whiteboard: [driver:shaver]
|
Assignee | |
Comment 11•22 years ago
|
||
Nice to have a stack trace. :)
|
|
Assignee | |
Comment 12•22 years ago
|
||
This will crash XP if Inspector is installed if "moz-bitmap:" is followed by any string (empty string included) that does not have a corresponding bitmap in the depot...
|
|
Assignee | |
Comment 13•22 years ago
|
||
Slightly more error-checking would be nice....
Attachment #83307 -
Attachment is obsolete: true
|
||
Comment 14•22 years ago
|
||
.
Assignee: new-network-bugs → bzbarsky
Component: Networking → DOM Inspector
QA Contact: benc → timeless
Summary: "moz-bitmap:" URL crashes browser → "moz-bitmap:" URL crashes browser [@ inBitmapChannel::AsyncOpen()]
|
|
||
Comment 15•22 years ago
|
||
Could I get a compiled version of Mozilla with this bug patched and hopefully fixed?
|
||
Comment 16•22 years ago
|
||
Marking M1RC2 as I'm seeing it show up in there.
Count Offset Real Signature
[ 2 inBitmapChannel::AsyncOpen 9ea19c1f - ]
[ 1 inBitmapChannel::AsyncOpen e9e2bb0b - ]
[ 1 inBitmapChannel::AsyncOpen c9751647 - ]
[ 1 inBitmapChannel::AsyncOpen 8f74f457 - ]
[ 1 inBitmapChannel::AsyncOpen 6fbe5833 - ]
[ 1 inBitmapChannel::AsyncOpen 477b203c - ]
[ 1 inBitmapChannel::AsyncOpen 2b862d75 - ]
[ 1 inBitmapChannel::AsyncOpen 2943a699 - ]
[ 1 inBitmapChannel::AsyncOpen 10bac6fb - ]
Crash date range: 2002-05-11 to 2002-05-12
Min/Max Seconds since last crash: 100 - 42942
Min/Max Runtime: 3806 - 61273
Keyword List :
Count Platform List
6 Windows 98 4.10 build 67766222
3 Windows 98 4.90 build 73010104
1 Windows 98 4.10 build 67766446
Count Build Id List
10 2002051008
No of Unique Users 5
Stack trace(Frame)
(6205811) Comments: See bug #143912
(6200978) URL: www.beyond-thoughts.com/crashzilla/test2
(6200801) URL: www.beyond-thoughts.com/crashzilla/
(6200748) URL: www.beyond-thoughts.com/crashzilla/
(6200639) URL: www.beyond-thoughts.com/crashzilla/
(6200639) Comments: Basically loading "moz-bitmap:"
(6200401) URL: www.fahrschule-otto-alt.de
(6200401) Comments: I was inspecting a homepage with the DOM-Inspector (Sidebar) and I
tried to klick on capture when I selected a image.
Source File :
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/extensions/inspector/base/src/inBitmapChannel.cpp
line : 155
Keywords: topcrash-
Summary: "moz-bitmap:" URL crashes browser [@ inBitmapChannel::AsyncOpen()] → "moz-bitmap:" URL crashes browser M1RC2 [@ inBitmapChannel::AsyncOpen()]
|
|
Assignee | |
Comment 17•22 years ago
|
||
Attachment #83308 -
Attachment is obsolete: true
|
|
Assignee | |
Comment 18•22 years ago
|
||
Comment on attachment 83456 [details] [diff] [review] Patch v 1.1 -- fix string leak too.... timeless sez r=timeless on IRC
Attachment #83456 -
Flags: review+
|
||
Updated•22 years ago
|
Whiteboard: [driver:shaver] → [driver:shaver] needs review
|
||
Comment 19•22 years ago
|
||
Comment on attachment 83456 [details] [diff] [review] Patch v 1.1 -- fix string leak too.... sr=hewitt
Attachment #83456 -
Flags: superreview+
Comment on attachment 83456 [details] [diff] [review] Patch v 1.1 -- fix string leak too.... sr=shaver.
|
|
Assignee | |
Comment 21•22 years ago
|
||
Fixed on trunk, asking drivers for approval.
Summary: "moz-bitmap:" URL crashes browser M1RC2 [@ inBitmapChannel::AsyncOpen()] → [FIX]"moz-bitmap:" URL crashes browser M1RC2 [@ inBitmapChannel::AsyncOpen()]
|
||
Comment 22•22 years ago
|
||
Comment on attachment 83456 [details] [diff] [review] Patch v 1.1 -- fix string leak too.... a=rjesup@wgate.com; please check into branch ASAP (and into trunk if not there yet)
Attachment #83456 -
Flags: approval+
|
|
Assignee | |
Comment 23•22 years ago
|
||
Fixed on branch too.
|
||
Updated•20 years ago
|
Product: Core → Other Applications
|
||
Updated•17 years ago
|
QA Contact: timeless → dom-inspector
|
||
Updated•13 years ago
|
Crash Signature: [@ inBitmapChannel::AsyncOpen()]
You need to log in
before you can comment on or make changes to this bug.
Description
•