Closed Bug 160006 Opened 22 years ago Closed 22 years ago

10.2: crash trying to load a local file with a bogus src value

Categories

(Camino Graveyard :: General, defect)

Product:
Camino Graveyard
Component:
General
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 166835
Milestone:
Chimera0.5

People

(Reporter: bugzilla, Assigned: ccarlen)

References

(
URL
)

Details

(Keywords: crash, testcase)

Attachments

(4 files)

long bogus value for src in this test page
3.94 KB, text/html
Details
Crash report generated by Chimera/20020724
3.10 KB, text/plain
Details
crash report from 2002.08.26.05
2.48 KB, text/plain
Details
crash report from 2002090305 build on 10.2
2.48 KB, text/plain
Details 
found using 2002.07.29.05 chimera bits.

1. download the file at this link to your machine:
http://hopey.mcom.com/tests/security/buffer-overflow/img-value.html (this issue
depends on loading the file locally).

2. bring up the file picker to open a file (File > Open File, or cmd+O).

3. select the file you downloaded in step #1 and open it in the browser.

expected: file should load in the browser without crashing.

actual results: chimera crashed. and, as with bug 159987, for some odd reason i
cannot seem to get a crash report on this. however, simon was able to get a log
(below).

Date/Time:  2002-07-29 15:47:47 -0700
OS Version: 10.1.5 (Build 5S66)

Command:    Navigator
PID:        22664

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x72737474

Thread 0 Crashed:
 #0   0x72737474 in 0x72737474

Thread 1:
 #0   0x700252fc in select
 #1   0x00b30d50 in poll
 #2   0x00b2a690 in _pr_poll_with_poll
 #3   0x00b2aad0 in PR_Poll
 #4   0x05ad1d98 in nsSocketTransportService::Run(void)
 #5   0x01354f34 in nsThread::Main(void *)
 #6   0x00b2c964 in _pt_root
 #7   0x7002054c in _pthread_body

Thread 2:
 #0   0x7003f4c8 in semaphore_wait_signal_trap
 #1   0x7003f2c8 in _pthread_cond_wait
 #2   0x00b234fc in PR_WaitCondVar
 #3   0x05ae7064 in nsDNSService::DequeuePendingQ(void)
 #4   0x05ae6830 in nsDNSService::Run(void)
 #5   0x01354f34 in nsThread::Main(void *)
 #6   0x00b2c964 in _pt_root
 #7   0x7002054c in _pthread_body

Thread 3:
 #0   0x70044cf8 in semaphore_timedwait_signal_trap
 #1   0x70044cd8 in semaphore_timedwait_signal
 #2   0x7003f2b8 in _pthread_cond_wait
 #3   0x00b22e5c in pt_TimedWait
 #4   0x00b23524 in PR_WaitCondVar
 #5   0x0135c5c8 in TimerThread::Run(void)
 #6   0x01354f34 in nsThread::Main(void *)
 #7   0x00b2c964 in _pt_root
 #8   0x7002054c in _pthread_body

Thread 4:
 #0   0x7003f4c8 in semaphore_wait_signal_trap
 #1   0x7003f2c8 in _pthread_cond_wait
 #2   0x7086c34c in -[NSConditionLock lockWhenCondition:]
 #3   0x70ba1358 in -[NSUIHeartBeat _heartBeatThread:]
 #4   0x70842358 in forkThreadForFunction
 #5   0x7002054c in _pthread_body

Thread 5:
 #0   0x70000978 in mach_msg_overwrite_trap
 #1   0x70005a04 in mach_msg
 #2   0x70026a2c in _pthread_become_available
 #3   0x70026724 in pthread_exit
 #4   0x70020550 in _pthread_body

Thread 6:
 #0   0x7003f4c8 in semaphore_wait_signal_trap
 #1   0x7003f2c8 in _pthread_cond_wait
 #2   0x00b234fc in PR_WaitCondVar
 #3   0x01356ed4 in nsThreadPool::GetRequest(nsIThread *)
 #4   0x01357fbc in nsThreadPoolRunnable::Run(void)
 #5   0x01354f34 in nsThread::Main(void *)
 #6   0x00b2c964 in _pt_root
 #7   0x7002054c in _pthread_body
Keywords: crash
Blocks: 147975
Can't access hopey.mcom.com. (Yes, I know.) Can you attach?
please attach file so we can repro
WorksForMe using Chimera/20020724. I saved the attached testcase locally and
opened it successfully. (Was that the correct test regimen?)
Keywords: testcase
Whoops, strike that. I had mistakenly saved the attachment as HTML Complete,
rather than Source Only. Crash reproduced; stack forthcoming.
(Note: WorksForMe using FizzillaCFM/2002072203.)
hi conrad --do you think this could really be a dup of bug 159987?
Yes - most definately. Working on it now...

*** This bug has been marked as a duplicate of 159987 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
thx!
Status: RESOLVED → VERIFIED
even though bug 159987 is fixed (and verified), this particular bug is still an
issue using 2002.08.26.05 chimera bits. reopening.
Status: VERIFIED → REOPENED
Resolution: DUPLICATE → ---
conrad, feel free to reassign if needed.

btw, the crash report appears the same.
Assignee: saari → ccarlen
Status: REOPENED → NEW
Will have to take a look with a new branch build. Using the debug build I have
with the fix for bug 159987, it didn't crash.
Status: NEW → ASSIGNED
Target Milestone: --- → Chimera0.5
Fixed (again) by checkin for bug 159350. It was the same issue as bug 159987.
That was fixed on the previous branch. When we moved to the new branch, that
change was lost. The build from 2002-08-26 would have suffered this problem,
Status: ASSIGNED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → FIXED
this is very strange --using 2002.09.03.05, this no longer crashes on 10.1.5.
however, on 10.2 this still crashes.

reopening. however, if you'd rather i file a new bug for this, let me know.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: crash trying to load a local file with a bogus src value → 10.2: crash trying to load a local file with a bogus src value
Since both this and bug 159987 are the same problem, made one bug.

*** This bug has been marked as a duplicate of 166835 ***
Status: REOPENED → RESOLVED
Closed: 22 years ago22 years ago
Resolution: --- → DUPLICATE
v
Status: RESOLVED → VERIFIED
No longer blocks: 147975
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: