Closed Bug 166835 Opened 22 years ago Closed 22 years ago

10.2: InitWithNativePath crashes when given a path with an extremely long component

Categories

(Core :: XPCOM, defect)

PowerPC
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED

People

(Reporter: ccarlen, Assigned: ccarlen)

References

()

Details

(Keywords: crash)

Attachments

(4 files)

Bug 160006 and bug 159987 are both manifestations of this problem - combining into this bug.
*** Bug 160006 has been marked as a duplicate of this bug. ***
*** Bug 159987 has been marked as a duplicate of this bug. ***
Other test case: http://hopey.mcom.com/tests/security/buffer-overflow/a-value.html For both, the file must be saved locally to see the crash. This is happening only on 10.2 with the nsLocalFile impl used by Chimera. The crash happens because ::CFURLGetFSRef crashes when fed such a path - new bug in 10.2.
Status: NEW → ASSIGNED
thanks to sfraser for the testcase.
all you need to do to crash is click the link to attachment 97983 [details] --you don't even have to download it locally. the change here is that "file:///" was prepended to the src value. going to come up with more tests to narrow this down...
Severity: normal → critical
more tests... a. Where the IMG src value is in the format file:///<400_alphanumeric_char>/blah.txt: http://hopey.mcom.com/tests/security/buffer-overflow/img-fileProtocol1.html b. Where the IMG src value is in the format file:///foopy/<396_alphanumeric_char>.txt: http://hopey.mcom.com/tests/security/buffer-overflow/img-fileProtocol2.html c. Where the IMG src value is in the format "file:///<400_alphanumeric_char>/<396_alphanumeric_char>.txt: http://hopey.mcom.com/tests/security/buffer-overflow/img-fileProtocol3.html
none of the three tests in comment 9 crashed chimera (2002.09.05.05) on 10.2.
Comment on attachment 97994 [details] [diff] [review] immediately rejects paths with are too long r=sfraser
Attachment #97994 - Flags: review+
tested IE: none of the tests (comment 9 or the attachment) caused a crash. tested OmniWeb: like chimera, the tests in comment 9 are fine, but the test attachment resulted in a crash.
clicking on this will cause chimera to crash.
similar to attachment 98007 [details], except that the 1024th character has been replaced with / (forward slash). clicking this also crashes chimera.
side note: when the path was 1024-1030 char long, i did get a crash.
arrgh, typo. s/did/did NOT. 1024-1030 char path would not result in a crash.
Fixed - works against the latest two test cases (whew - which were being posted as I was checking in fix)
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: