Closed
Bug 147022
Opened 22 years ago
Closed 22 years ago
Crash when calling prompt() with 2 arguments [@nsACString::Last]
Categories
(SeaMonkey :: Passwords & Permissions, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: wolruf, Assigned: cavin)
References
()
Details
(4 keywords, Whiteboard: [adt2 rtm] [security problem. don't check in without fix for #148520])
Crash Data
Attachments
(1 obsolete file)
Build ID: 2002052408 on Win2k (trunk). Steps to reproduce: 1. Load URL http://www.nomad-jedi.com/ws/forum/nj/Forum.asp?A=reply&P=8635&S=RE:%20SPOILER%20ALERT%20-%20Question 2. Click on 'Italics' icon/box, 3. Mozilla crashes. Talkback ID: TB6660525M.
Reporter | ||
Updated•22 years ago
|
Keywords: crash,
stackwanted
Comment 1•22 years ago
|
||
wfm win2k sp2, m1rc3.
Reporter | ||
Comment 2•22 years ago
|
||
I produced a reduced testcase, simply open JavaScript console and type in: prompt('foo', '');
Assignee: attinasi → rogerl
Component: Layout → JavaScript Engine
Keywords: testcase
QA Contact: petersen → pschwartau
Summary: Crash on page → Crash when calling prompt() with 2 arguments
Comment 3•22 years ago
|
||
prompt('foo', ''); doesn't crash the 1.0 branch (Win2k 2002052106).
Reporter | ||
Comment 4•22 years ago
|
||
Still crashing with build 2002052504 on Win2k (trunk) with " prompt('','') " and evaluate in JavaScript console. Adding 'regression' keyword as it might be a recent checkin that affect trunk only.
Keywords: regression
Comment 5•22 years ago
|
||
prompt('foo', ''); on javascript console does not crash little older trunk (Build ID: 2002052321) on linux. So it is recent.
Comment 6•22 years ago
|
||
Stephend, could you get the stack? TB6660525M
Reporter | ||
Comment 8•22 years ago
|
||
*** Bug 147325 has been marked as a duplicate of this bug. ***
Reporter | ||
Comment 9•22 years ago
|
||
Doesn't crash on Linux build 20020526 (trunk).
nsACString::Last [nsAString.cpp, line 649] si_GetURL [singsign.cpp, line 762] si_GetUser [singsign.cpp, line 933] si_RestoreOldSignonDataFromBrowser [singsign.cpp, line 2247] SINGSIGN_Prompt [singsign.cpp, line 2492] nsSingleSignOnPrompt::Prompt [nsWalletService.cpp, line 659] GlobalWindowImpl::Prompt [nsGlobalWindow.cpp, line 2240] GlobalWindowImpl::Prompt [nsGlobalWindow.cpp, line 2318] XPTC_InvokeByIndex [xptcinvoke.cpp, line 106] XPCWrappedNative::CallMethod [xpcwrappednative.cpp, line 1996] XPC_WN_CallMethod [xpcwrappednativejsops.cpp, line 1267] js_Invoke [jsinterp.c, line 790] js_Interpret [jsinterp.c, line 2744] js_Invoke [jsinterp.c, line 806] js_InternalInvoke [jsinterp.c, line 881] JS_CallFunctionValue [jsapi.c, line 3426] nsJSContext::CallEventHandler [nsJSEnvironment.cpp, line 1045] nsJSEventListener::HandleEvent [nsJSEventListener.cpp, line 184] nsEventListenerManager::HandleEventSubType [nsEventListenerManager.cpp, line 1222] nsEventListenerManager::HandleEvent [nsEventListenerManager.cpp, line 1399] nsGenericElement::HandleDOMEvent [nsGenericElement.cpp, line 1837] nsHTMLInputElement::HandleDOMEvent [nsHTMLInputElement.cpp, line 1398] PresShell::HandleEventInternal [nsPresShell.cpp, line 6123] PresShell::HandleEventWithTarget [nsPresShell.cpp, line 6091] nsEventStateManager::CheckForAndDispatchClick [nsEventStateManager.cpp, line 2642] nsEventStateManager::PostHandleEvent [nsEventStateManager.cpp, line 1729] PresShell::HandleEventInternal [nsPresShell.cpp, line 6144] PresShell::HandleEvent [nsPresShell.cpp, line 6046] nsViewManager::HandleEvent [nsViewManager.cpp, line 2076] nsView::HandleEvent [nsView.cpp, line 306] nsViewManager::DispatchEvent [nsViewManager.cpp, line 1887] HandleEvent [nsView.cpp, line 83] nsWindow::DispatchEvent [nsWindow.cpp, line 973] nsWindow::DispatchWindowEvent [nsWindow.cpp, line 990] nsWindow::DispatchMouseEvent [nsWindow.cpp, line 4836] ChildWindow::DispatchMouseEvent [nsWindow.cpp, line 5091] nsWindow::ProcessMessage [nsWindow.cpp, line 3738] nsWindow::WindowProc [nsWindow.cpp, line 1235] USER32.DLL + 0x2e98 (0x77e12e98) USER32.DLL + 0x30e0 (0x77e130e0) USER32.DLL + 0x5824 (0x77e15824) nsAppShellService::Run [nsAppShellService.cpp, line 451] main1 [nsAppRunner.cpp, line 1472] main [nsAppRunner.cpp, line 1808] WinMain [nsAppRunner.cpp, line 1826] WinMainCRTStartup() KERNEL32.DLL + 0x17d08 (0x77e97d08)
Comment 11•22 years ago
|
||
.
Assignee: rogerl → jst
Component: JavaScript Engine → DOM Level 0
Keywords: stackwanted
QA Contact: pschwartau → desale
Summary: Crash when calling prompt() with 2 arguments → Crash when calling prompt() with 2 arguments [@nsACString::Last]
Comment 12•22 years ago
|
||
Oops, this looks like it's due to cavin's checkin on May 23 to fix bug 94775. We probably need to test realmWithoutTrailingSlash for null and/or for zero length on line 761 of singsign.cpp. Reassigning.
Assignee: jst → cavin
Component: DOM Level 0 → Password Manager
Comment 13•22 years ago
|
||
*** Bug 147390 has been marked as a duplicate of this bug. ***
Comment 14•22 years ago
|
||
Comment 15•22 years ago
|
||
Comment on attachment 85215 [details] [diff] [review] treat "" like (char*)0 r=bzbarsky
Attachment #85215 -
Flags: review+
Comment 16•22 years ago
|
||
Comment on attachment 85215 [details] [diff] [review] treat "" like (char*)0 sr=jst
Attachment #85215 -
Flags: superreview+
Comment 17•22 years ago
|
||
Comment on attachment 85215 [details] [diff] [review] treat "" like (char*)0 checked in
Attachment #85215 -
Attachment is obsolete: true
Assignee | ||
Comment 18•22 years ago
|
||
*** Bug 146998 has been marked as a duplicate of this bug. ***
Comment 19•22 years ago
|
||
*** Bug 147099 has been marked as a duplicate of this bug. ***
Comment 20•22 years ago
|
||
Hmm, module owner approval was required here. But I won't stand on ceremony. Approval granted after the fact. Since patch has been checked in on trunk, this should be marked as fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 21•22 years ago
|
||
Thanks for the fix as I was too late to do anything when I saw it this morning.
Comment 23•22 years ago
|
||
this change caused a security issue. see http://bugzilla.mozilla.org/show_bug.cgi?id=148520
Whiteboard: nsbeta1 → nsbeta1 [security problem. don't check in without fix for #148520]
Assignee | ||
Comment 24•22 years ago
|
||
Bug 148520 is fixed on the trunk.
Comment 25•22 years ago
|
||
nominating since it's needed for 94775
Comment 26•22 years ago
|
||
Marking Verified. Talkback data shows this one stopped after checkin. (Also adding "topcrash" in the keywords so that Talkback automation picks up this bug in the lists as FIXED.)
Status: RESOLVED → VERIFIED
Keywords: topcrash
Comment 27•22 years ago
|
||
adding adt1.0.1+ for checkin to the branch along with 94775 and 148502. Please get drivers approval before checking in.
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•13 years ago
|
Crash Signature: [@nsACString::Last]
You need to log in
before you can comment on or make changes to this bug.
Description
•