crash going to my.netscape.com in viewer

VERIFIED FIXED

Status

()

Core
Security
P3
critical
VERIFIED FIXED
19 years ago
19 years ago

People

(Reporter: buster, Assigned: Norris Boyd)

Tracking

({crash})

Trunk
x86
Windows NT
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT+], URL)

(Reporter)

Description

19 years ago
viewer doesn't seem to have some security-related object initialized, so going 
to some sites crash with a stack similar to the one below.  my.netscape.com is 
the most annoying problem.

The layout team uses viewer for lots of automated and regression testing, so 
this is pretty important to us.

stack:
nsCodebasePrincipal::Equals(nsCodebasePrincipal * const 0x0221dc60, nsIPrincipal 
* 0x00000000, int * 0x0012e580) line 78 + 33 bytes
nsScriptSecurityManager::CheckScriptAccess(nsScriptSecurityManager * const 
0x02218060, JSContext * 0x021f7a20, void * 0x011d3fa0, int 289, int 1, int * 
0x0012e9f8) line 370 + 55 bytes
SetHTMLDocumentProperty(JSContext * 0x021f7a20, JSObject * 0x011d3fa0, long -21, 
long * 0x0012f2dc) line 641
js_SetProperty(JSContext * 0x021f7a20, JSObject * 0x011d3fa0, long 35773232, 
long * 0x0012f2dc) line 2084 + 139 bytes
js_Interpret(JSContext * 0x021f7a20, long * 0x0012f4d8) line 2229 + 957 bytes
js_Execute(JSContext * 0x021f7a20, JSObject * 0x01106340, JSScript * 0x0221d140, 
JSFunction * 0x00000000, JSStackFrame * 0x00000000, unsigned int 0, long * 
0x0012f4d8) line 839 + 13 bytes
JS_EvaluateUCScriptForPrincipals(JSContext * 0x021f7a20, JSObject * 0x01106340, 
JSPrincipals * 0x0221dc64, const unsigned short * 0x023a8398, unsigned int 611, 
const char * 0x0221dbc0, unsigned int 1, long * 0x0012f4d8) line 2724 + 27 bytes
nsJSContext::EvaluateString(nsJSContext * const 0x021f7bb0, const nsString & {" 
<!-- 
 document.cookie='c=1;'; 
 if (document.cookie) { 
    if 
((parseFloat(navigator.appVersion) < 4.06) && (document.cook"}, void * 
0x01106340, nsIPrincipal * 0x0221dc60, const char * 0x0221dbc0, unsigned int 1, 
const char * 0x004c8454, nsString & {""}, int * 0x0012f534) line 292 + 53 bytes
HTMLContentSink::EvaluateScript(nsString & {" 
<!-- 
 document.cookie='c=1;'; 
 
if (document.cookie) { 
    if ((parseFloat(navigator.appVersion) < 4.06) && 
(document.cook"}, int 1, const char * 0x004c8454) line 4013
HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 4204
HTMLContentSink::AddLeaf(HTMLContentSink * const 0x02691ef0, const nsIParserNode 
& {...}) line 2914 + 12 bytes
CNavDTD::AddLeaf(const nsIParserNode * 0x02219950) line 3262 + 28 bytes
CNavDTD::AddHeadLeaf(nsIParserNode * 0x02219950) line 3379 + 14 bytes
CNavDTD::HandleStartToken(CToken * 0x0222e0e0) line 1470 + 12 bytes
CNavDTD::HandleToken(CNavDTD * const 0x0221a340, CToken * 0x0222e5f0, nsIParser 
* 0x02690330) line 829 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x0221a340, nsIParser * 0x02690330, 
nsITokenizer * 0x0221a040, nsITokenObserver * 0x00000000, nsIContentSink * 
0x02691ef0) line 568 + 20 bytes
nsParser::BuildModel() line 1078 + 34 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 993 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x02690334, nsIChannel * 0x0268c3f0, 
nsISupports * 0x00000000, nsIInputStream * 0x0268fb38, unsigned int 0, unsigned 
int 2920) line 1372 + 19 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x0268c8a0, 
nsIChannel * 0x0268c3f0, nsISupports * 0x00000000, nsIInputStream * 0x0268fb38, 
unsigned int 0, unsigned int 2920) line 256 + 46 bytes
nsHTTPResponseListener::OnDataAvailable(nsHTTPResponseListener * const 
0x0268fbb0, nsIChannel * 0x0268e9d4, nsISupports * 0x0268c3f0, nsIInputStream * 
0x0268fb38, unsigned int 211, unsigned int 2920) line 195 + 58 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x0221ab90) 
line 370
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0221a890) line 93 + 12 bytes
PL_HandleEvent(PLEvent * 0x0221a890) line 526 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x0109edb0) line 487 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x00c40a9a, unsigned int 49350, unsigned int 0, 
long 17427888) line 975 + 9 bytes
USER32! 77e71820()
(Reporter)

Comment 1

19 years ago
notice in nsCodebasePrincipal::Equals(), the second param is null.  No check for 
null is made before dereferencing. Suggest M14, adding keywords "crash" and 
"dogfood"
Keywords: crash, dogfood

Comment 2

19 years ago
Putting on PDT+ radar.
Whiteboard: [PDT+]

Updated

19 years ago
Severity: normal → critical
(Assignee)

Comment 3

19 years ago
I already checked in a fix for this on 2/3.
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Comment 4

19 years ago
Verified fixed.
Status: RESOLVED → VERIFIED

Comment 5

19 years ago
Bulk moving all Browser Security bugs to new Security: General component.  The 
previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.