298565 - FF is crashed with 2 JS strings

Status: RESOLVED WORKSFORME

(Firefox :: General, defect)

Description

[Tux]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050522 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050522 Firefox/1.0.4

This kills FF (even in 1.0.5 beta!):
<html><body>
<iframe id="pocframe" name="pocframe" src="about:blank"></iframe>
<script type="text/javascript">window.frames.pocframe.print();</script>
</body></html>

Reproducible: Always

Steps to Reproduce:
1.Save the 4 strings into .html file
2.load it with any FF version
Actual Results:  
> /opt/firefox/firefox
*** loading the extensions datasource
*** ExtensionManager:_updateManifests: no access privileges to application
directory, skipping.
*** loading the extensions datasource
*** ExtensionManager:_updateManifests: no access privileges to application
directory, skipping.
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
SessionSaver observer object: QI unknown interface:
{9188bc85-f92e-11d2-81ef-0060083a0bcf}
/opt/firefox/run-mozilla.sh: line 159: 31861 Segmentation fault      "$prog"
${1+"$@"}

Expected Results:  
Show an empty iframe or nothing, BUT NOT CRASH.
(?)

Crashes under Linux (different kernels) and WindowsXP (possible other wins).

Comment 1

[Tux]

Also this JS code crashes mozilla-1.7.8 (tested on Gentoo Linux/2.6.12)
Terrible thing...

Comment 2

[Jaime Mitchell (use bugmail@jaimem.org.uk for email)]

Attachment: Reporters Test Case

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050622
Firefox/1.0+ ID:2005062207

WFM - No Crash

Comment 3

[Tux]

So, was this fixed already?
Or you just show "not crashing" on windows?

Comment 4

[Jaime Mitchell (use bugmail@jaimem.org.uk for email)]

You can download the current trunk build from here
<http://www.mozilla.org/releases/nightly.html> and see if it has been fixed.

Does the attached test case trigger the crash? And can you please provide a
Talkback ID for the crash.

Comment 5

[Tux]

Yes, it works now w/o crash.
Great thanks!

Could this be ported to 1.0.5 from 1.0+ not to release a security fix version
with this great hole?

Thanks

Comment 6

[Kevin Brosnan]

Only bugs with patches get marked as fixed. -> WFM

Comment 7

[Tux]

OK, sorry.
So, could this be fixed in 1.0.5 release?

Comment 8

[Tux]

Kevin,

so, can I hope this hole will be closed in 1.0.5 SECURITY (!!!!) fix release??
or I don't understand what is security release??

Thanks

Comment 9

[Tux]

Sorry, but I can't leave this in WFM because it DOESN'T works on 1.0.X FF.

Comment 10

[Jaime Mitchell (use bugmail@jaimem.org.uk for email)]

Bugs fixed on the trunk get marked as such. -> WFM

Nominating blocking 1.0.5 for Tux

Comment 11

[Tux]

> Bugs fixed on the trunk get marked as such. -> WFM
>
> Nominating blocking 1.0.5 for Tux

So, as I see this still is not fixed in aviary1.0.5.
How can I help to add the patch from trunk in aviary?

Comment 12

[timeless]

first you'd have to find it. get a stack trace/talkback id (e.g. from 1.0.4).
personally i think this is beating a dead horse.