Closed Bug 271196 Opened 20 years ago Closed 20 years ago

Click on URI with non-ASCII characters crashes @IsUTFCharset (charset is null)

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: smontagu, Assigned: smontagu)

References

Details

(Keywords: crash)

Attachments

(2 files)

Patch
1.95 KB, patch
darin.moz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
Testcase from bug 271122
444 bytes, text/html
Details
Clicking on the link in attachment 166738 [details] from bug 271122, with the pref network.standard-url.encode-utf8 set to true, causes a crash in IsUTFCharset, because charset is null. Stack trace: IsUTFCharset(const char * 0x00000000) line 2326 + 3 bytes nsStandardURL::Init(nsStandardURL * const 0x04c4046c, unsigned int 0x00000003, int 0xffffffff, const nsACString & {...}, const char * 0x00000000, nsIURI * 0x00000000) line 2376 + 11 bytes nsFileProtocolHandler::NewURI(nsFileProtocolHandler * const 0x00c09e40, const nsACString & {...}, const char * 0x00000000, nsIURI * 0x00000000, nsIURI * * 0x0012c278) line 180 + 48 bytes nsIOService::NewURI(nsIOService * const 0x00bd9500, const nsACString & {...}, const char * 0x00000000, nsIURI * 0x00000000, nsIURI * * 0x0012c278) line 424 + 39 bytes NS_NewURI(nsIURI * * 0x0012c278, const nsACString & {...}, const char * 0x00000000, nsIURI * 0x00000000, nsIIOService * 0x00bd9500) line 119 + 28 bytes nsScriptSecurityManager::CheckLoadURIStr(nsScriptSecurityManager * const 0x00c0e3b0, const char * 0x04987c50, const char * 0x04adb3c0, unsigned int 0x00000000) line 1410 + 52 bytes XPTC_InvokeByIndex(nsISupports * 0x00c0e3b0, unsigned int 0x0000000c, unsigned int 0x00000003, nsXPTCVariant * 0x0012c404) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2034 + 43 bytes XPC_WN_CallMethod(JSContext * 0x00c42188, JSObject * 0x04932cf0, unsigned int 0x00000003, long * 0x057517a8, long * 0x0012c6d4) line 1287 + 14 bytes js_Invoke(JSContext * 0x00c42188, unsigned int 0x00000003, unsigned int 0x00000000) line 1286 + 23 bytes js_Interpret(JSContext * 0x00c42188, long * 0x0012d160) line 3619 + 15 bytes js_Invoke(JSContext * 0x00c42188, unsigned int 0x00000001, unsigned int 0x00000002) line 1306 + 13 bytes js_InternalInvoke(JSContext * 0x00c42188, JSObject * 0x0482fab8, long 0x049e5da0, unsigned int 0x00000000, unsigned int 0x00000001, long * 0x0012d354, long * 0x0012d350) line 1383 + 20 bytes JS_CallFunctionValue(JSContext * 0x00c42188, JSObject * 0x0482fab8, long 0x049e5da0, unsigned int 0x00000001, long * 0x0012d354, long * 0x0012d350) line 3767 + 31 bytes nsJSContext::CallEventHandler(JSObject * 0x0482fab8, JSObject * 0x049e5da0, unsigned int 0x00000001, long * 0x0012d354, long * 0x0012d350) line 1344 + 33 bytes nsJSEventListener::HandleEvent(nsJSEventListener * const 0x03ff81e0, nsIDOMEvent * 0x04bc8478) line 175 + 51 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x03ff82c0, nsIDOMEvent * 0x04bc8478, nsIDOMEventTarget * 0x04b8bf80, unsigned int 0x00000004, unsigned int 0x00000002) line 1512 + 20 bytes nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x03ff8178, nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, nsIDOMEventTarget * 0x04b8bf80, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 1606 nsXULElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2820 nsXULElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2837 + 57 bytes nsXULElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2837 + 57 bytes nsXULElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2837 + 57 bytes nsXULElement::HandleChromeEvent(nsXULElement * const 0x048986e0, nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 3949 + 35 bytes GlobalWindowImpl::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 935 nsDocument::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 3838 nsGenericElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2036 + 46 bytes nsGenericElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2028 + 57 bytes nsGenericElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000002, nsEventStatus * 0x0012f4c4) line 2028 + 57 bytes nsGenericElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x0012ebf0, unsigned int 0x00000007, nsEventStatus * 0x0012f4c4) line 2028 + 57 bytes nsGenericHTMLElement::HandleDOMEventForAnchors(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012f4c4) line 1395 + 31 bytes nsHTMLAnchorElement::HandleDOMEvent(nsPresContext * 0x04a11fb8, nsEvent * 0x0012efd4, nsIDOMEvent * * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012f4c4) line 279 PresShell::HandleEventInternal(nsEvent * 0x0012efd4, nsIView * 0x00000000, unsigned int 0x00000001, nsEventStatus * 0x0012f4c4) line 5959 + 49 bytes PresShell::HandleEventWithTarget(PresShell * const 0x04b471d8, nsEvent * 0x0012efd4, nsIFrame * 0x04b3b8cc, nsIContent * 0x04abfac8, unsigned int 0x00000001, nsEventStatus * 0x0012f4c4) line 5876 + 22 bytes nsEventStateManager::CheckForAndDispatchClick(nsPresContext * 0x04a11fb8, nsMouseEvent * 0x0012f724, nsEventStatus * 0x0012f4c4) line 2941 + 66 bytes nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x04abf730, nsPresContext * 0x04a11fb8, nsEvent * 0x0012f724, nsIFrame * 0x04b3b8cc, nsEventStatus * 0x0012f4c4, nsIView * 0x04a4f328) line 1935 + 23 bytes PresShell::HandleEventInternal(nsEvent * 0x0012f724, nsIView * 0x04a4f328, unsigned int 0x00000001, nsEventStatus * 0x0012f4c4) line 6011 + 52 bytes PresShell::HandleEvent(PresShell * const 0x04b47250, nsIView * 0x04a4f328, nsGUIEvent * 0x0012f724, nsEventStatus * 0x0012f4c4, int 0x00000000, int & 0x00000001) line 5814 + 25 bytes nsViewManager::HandleEvent(nsView * 0x04c2f148, nsGUIEvent * 0x0012f724, int 0x00000000) line 2404 nsViewManager::DispatchEvent(nsViewManager * const 0x04a62f38, nsGUIEvent * 0x0012f724, nsEventStatus * 0x0012f5f8) line 2129 + 20 bytes HandleEvent(nsGUIEvent * 0x0012f724) line 166 nsWindow::DispatchEvent(nsWindow * const 0x04a4f18c, nsGUIEvent * 0x0012f724, nsEventStatus & nsEventStatus_eIgnore) line 1074 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f724) line 1095 nsWindow::DispatchMouseEvent(unsigned int 0x0000012d, unsigned int 0x00000000, nsPoint * 0x00000000) line 5327 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 0x0000012d, unsigned int 0x00000000, nsPoint * 0x00000000) line 5581 nsWindow::ProcessMessage(unsigned int 0x00000202, unsigned int 0x00000000, long 0x001200c3, long * 0x0012fc4c) line 4043 + 28 bytes nsWindow::WindowProc(HWND__ * 0x00051a32, unsigned int 0x00000202, unsigned int 0x00000000, long 0x001200c3) line 1355 + 27 bytes USER32! 77d43a50() USER32! 77d43b1f() USER32! 77d43d79() USER32! 77d43ddf() nsAppStartup::Run(nsAppStartup * const 0x00c46080) line 216 main1(int 0x00000001, char * * 0x002a2e18, nsISupports * 0x00c21160) line 1321 + 32 bytes main(int 0x00000001, char * * 0x002a2e18) line 1799 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e8141a()
-> bryner This looks like a regression from bug 267611.
Assignee: darin → bryner
Blocks: 267611
Attached patch PatchSplinter Review
Bug 267611 in effect moved |if (!IsUTFCharset(charset)) {mOriginCharset = charset}| from |if (charset == nsnull || *charset == '\0') ... else| to |if (!gAlwaysEncodeInUTF8) ... else|
Attachment #166931 - Flags: superreview?(darin)
Attachment #166931 - Flags: review?(darin)
Assignee: bryner → smontagu
Note that setting network.standard-url.encode-utf8 to true doesn't persist correctly (bug 261934).
Comment on attachment 166931 [details] [diff] [review] Patch r+sr=darin
Attachment #166931 - Flags: superreview?(darin)
Attachment #166931 - Flags: superreview+
Attachment #166931 - Flags: review?(darin)
Attachment #166931 - Flags: review+
Fix checked in.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: