Closed Bug 283112 Opened 19 years ago Closed 19 years ago

mozilla when coming across C1 (control) characters crashes killing X server

Categories

(Core :: Internationalization, defect)

Product:
Core
Component:
Internationalization
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 244340

People

(Reporter: le.iota, Assigned: smontagu)

References

(
URL
)

Details

(Keywords: crash)

Attachments

(1 file)

basic test case
253 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.6) Gecko/20050221 MultiZilla/1.8.0.0c Mnenhy/0.7.1
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; fr-FR; rv:1.7.6) Gecko/20050221 MultiZilla/1.8.0.0c Mnenhy/0.7.1

Some unicode control character(8 bit) causes mozilla hangs up Xwindows manager
when display with a character encoding 1 byte/character (iso latin ,
windows-1252 etc.

Reproducible: Always

Steps to Reproduce:
1. go to https://bugzilla.mozilla.org/show_bug.cgi?id=123491#c18 where there is
some japanese text
2. Save and close all your files &application (better)
3. switch to ISO-8859-1 or windows1252 character encoding

Actual Results:  
X session closes

Expected Results:  
Display some other silly characters than those displayed by declared utf8

(if you want the right display and no crash you'd better

All happens like if a alt+control+backspace was sent to the X server. In fact it
may most probably be what happen actually.
This should be a malicious code used by a cracker ot cause hangup.
(In reply to comment #0)
I did not finish my phrase
> (if you want the right display and no crash you'd better

use Japanese shift-Jis instead)
Blocks: 234375
Sorry for the spam. I did not test the case in trunk yet. The bug actually
happens in 1.7 nightly i don't know if it happens in trunk. I can't use trunk
unless someone confirms or fix bug 281633
Version: Trunk → 1.7 Branch
Trunk kills WM too. No logout with iso latin 9 (ISO-8895-15)   only with Western
iso latin 1 ISO-8895-1 and Western Windows-1252 wich is more likely a subset of
iso latin 1.
Go to URL change charset to ISO-8895-1 : Read carefully #c0 before testing
Version: 1.7 Branch → Trunk
While I am mildly interested in this bug, I am left wondering why I was cc-ed. I
presume you meant to cc someone else. I'll leave myself on in case this was in
fact what you intended to do, but I should mention that I have no knowledge of
the internationalization or the japanese language, nor any of Mozilla's core
code for that matter. I also run Windows (usually), so my linux knowledge is
practically non-existant as well.
Attached file basic test case 
Don't open until you are sure that you want to test the crash : all your open
files will be lost and this will generate a ribambelle of core files :o)
The guilty chain is 0xE30x81 the attachment causes logout because it pretends to
be an ISO-8859-1 document
Summary: mozilla kills window manager when character encoding is set to 1 byte/character → mozilla kills X window manager
What kind of build are you using? Is it the default mozilla.org build? The
result of 'about:buildconfig' would help. Gtk2+Xft build doesn't have any
problem so that your build must Gtk1 (X11 core font). What version of X11 do you
have? (the output of 'xdpyinfo'). It's probably not a Mozilla bug but a bug of
your X server.
Summary: mozilla kills X window manager → mozilla when coming across C1 (control) characters crashes killing X server
I'm pretty sure you're seeing bug 244340
Keywords: crash
(In reply to comment #8)
> I'm pretty sure you're seeing bug 244340

I do but this is not the same escaping sequence :o) and i persist to say that it
is a mozilla bug either than a X11 bug (but it may be not the right assignee
anyway). I try answer to explain why in my reply to comment #7. summary :
nightly tarball installer are not gtk2, and mozilla is closely involved in the
process that generate the X bug)

(In reply to comment #7)
> What kind of build are you using?

I am using the standard mozilla builds latest 1.7 and latest trunk both
installed using the installer tarball. 

> Is it the default mozilla.org build?

Yes

> The
> result of 'about:buildconfig' would help.

gcc  	gcc version 3.2.3  	-Wall -W -Wno-unused -Wpointer-arith -Wcast-align
-Wno-long-long -pedantic -pthread -pipe
c++ 	gcc version 3.2.3 	-fno-rtti -fno-exceptions -Wall -Wconversion
-Wpointer-arith -Wcast-align -Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy
-Wno-non-virtual-dtor -Wno-long-long -pedantic -fshort-wchar -pthread -pipe
-I/usr/X11R6/include

Configure arguments

--enable-application=suite --enable-extensions=default,irc,tasks,negotiateauth
--disable-tests --disable-debug '--enable-optimize=-O2 -gstabs+'
--without-system-nspr --without-system-zlib --without-system-jpeg
--without-system-png --without-system-mng --without-system-mng --enable-crypto

it seems that gtk2 is not enabled in standard tarball installer builds :(...

> Gtk2+Xft build doesn't have any
> problem so that your build must Gtk1 (X11 core font). What version of X11 do > you
> have? (the output of 'xdpyinfo').

version number:    11.0
vendor string:    Mandrakelinux (X.Org X11 6.7.0, patch level 4.2.101mdk)
vendor release number:    60700000
X.Org version: 6.7.0


> It's probably not a Mozilla bug but a bug of
> your X server.

Well as it works,  no Xserver crash happenning with that build (see bellow), i
won't say nothing because gtk2 toolkit is enabled there but contributor should
enable gtk2 in tarball installer builds or else the leak  should be worked
around in gtk builds specially installer build (the ones that are supposed to be
used to make tests, no ?)
Feel free to reassign. This is imho a security leak in mozilla and so a mozilla
bug as far as a X11 bug. Well I don't think i am going to wait and have the
correction in mandrake core neither to have a better rpm. Does the problem
occurs with other linux distros too ?

installed mozilla build in mandrake 10.1 :
Build platform
target
i686-pc-linux-gnu

Build tools
Compiler 	Version 	Compiler flags
distcc 	gcc version 3.4.1 (Mandrakelinux 10.1 3.4.1-4mdk) 	-Wall -W -Wno-unused
-Wpointer-arith -Wcast-align -Wno-long-long -pthread -pipe
distcc g++ 	gcc version 3.4.1 (Mandrakelinux 10.1 3.4.1-4mdk) 	-fno-rtti
-fno-exceptions -Wall -Wconversion -Wpointer-arith -Wcast-align
-Woverloaded-virtual -Wsynth -Wno-ctor-dtor-privacy -Wno-non-virtual-dtor
-Wno-long-long -fabi-version=1 -fshort-wchar -pthread -pipe -I/usr/X11R6/include

Configure arguments
--prefix=/usr --libdir=/usr/lib '--enable-optimize=-O2\ -fomit-frame-pointer\
-pipe\ -march=i586\ -mtune=pentiumpro' --disable-debug --enable-strip
--disable-pedantic --disable-tests --enable-crypto --enable-nspr-autoconf
--with-default-mozilla-five-home=/usr/lib/mozilla-1.7.2 --enable-extensions
--disable-short-wchar --enable-xinerama --enable-mathml --without-system-nspr
--with-system-zlib --with-system-png --with-system-jpeg --enable-ipv6
--enable-old-abi-compat-wrappers --mandir=/usr/share/man --enable-svg
--enable-svg-renderer-libart --enable-xft --disable-freetype2
--enable-default-toolkit=gtk2 
(no crash with this build)
> I do but this is not the same escaping sequence :o)

The actual characters don't really matter

> and i persist to say that it is a mozilla bug either than a X11 bug

There may be a Mozilla bug somewhere, but it's kinda hard to diagnose because X
crashes.  Anyway this *is* a dupe of bug 244340 since you're using a gtk1 build
with xorg 6.7.x.

For a workaround, disable xfs (https://bugs.freedesktop.org/show_bug.cgi?id=659#c6)

*** This bug has been marked as a duplicate of 244340 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
re comment #9
Mandrake is still shipping Gtk1 + X11 core font build of mozilla. Wow, that's
pretty amazing. Other distros (SuSe, RedHat, etc) have been shipping gtk2 + xft
builds for 'ages'. 

mozilla.org default build will be switched to gtk2 + xft very soon. 

ooops. sorry I misunderstood. Mandrake does ship a gtk2+xft build.
*** Bug 234375 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: