Closed
Bug 166835
Opened 22 years ago
Closed 22 years ago
10.2: InitWithNativePath crashes when given a path with an extremely long component
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: ccarlen, Assigned: ccarlen)
References
()
Details
(Keywords: crash)
Attachments
(4 files)
Bug 160006 and bug 159987 are both manifestations of this problem - combining
into this bug.
Assignee | ||
Comment 1•22 years ago
|
||
*** Bug 160006 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 2•22 years ago
|
||
*** Bug 159987 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 3•22 years ago
|
||
Other test case: http://hopey.mcom.com/tests/security/buffer-overflow/a-value.html
For both, the file must be saved locally to see the crash.
This is happening only on 10.2 with the nsLocalFile impl used by Chimera.
The crash happens because ::CFURLGetFSRef crashes when fed such a path - new bug
in 10.2.
Status: NEW → ASSIGNED
Comment 4•22 years ago
|
||
thanks to sfraser for the testcase.
Comment 5•22 years ago
|
||
all you need to do to crash is click the link to attachment 97983 [details] --you don't
even have to download it locally. the change here is that "file:///" was
prepended to the src value.
going to come up with more tests to narrow this down...
Severity: normal → critical
Assignee | ||
Comment 6•22 years ago
|
||
Comment 7•22 years ago
|
||
more tests...
a. Where the IMG src value is in the format
file:///<400_alphanumeric_char>/blah.txt:
http://hopey.mcom.com/tests/security/buffer-overflow/img-fileProtocol1.html
b. Where the IMG src value is in the format
file:///foopy/<396_alphanumeric_char>.txt:
http://hopey.mcom.com/tests/security/buffer-overflow/img-fileProtocol2.html
c. Where the IMG src value is in the format
"file:///<400_alphanumeric_char>/<396_alphanumeric_char>.txt:
http://hopey.mcom.com/tests/security/buffer-overflow/img-fileProtocol3.html
Comment 8•22 years ago
|
||
none of the three tests in comment 9 crashed chimera (2002.09.05.05) on 10.2.
Comment 9•22 years ago
|
||
Comment on attachment 97994 [details] [diff] [review]
immediately rejects paths with are too long
r=sfraser
Attachment #97994 -
Flags: review+
Comment 10•22 years ago
|
||
Comment 11•22 years ago
|
||
clicking on this will cause chimera to crash.
Comment 12•22 years ago
|
||
similar to attachment 98007 [details], except that the 1024th character has been replaced
with / (forward slash). clicking this also crashes chimera.
Comment 13•22 years ago
|
||
side note: when the path was 1024-1030 char long, i did get a crash.
Comment 14•22 years ago
|
||
arrgh, typo. s/did/did NOT. 1024-1030 char path would not result in a crash.
Assignee | ||
Comment 15•22 years ago
|
||
Fixed - works against the latest two test cases (whew - which were being posted
as I was checking in fix)
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•