Last Comment Bug 302100 - Firefox 1.0.6 crashes when loading any page if PAC script uses eval [@ nsJSPrincipalsSubsume]
: Firefox 1.0.6 crashes when loading any page if PAC script uses eval [@ nsJSPr...
Status: RESOLVED FIXED
: crash, fixed-aviary1.0.7, fixed1.7.12, js1.5, regression, testcase, verified1.8
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: 1.7 Branch
: x86 Windows 2000
: -- critical (vote)
: ---
Assigned To: timeless
:
Mentors:
http://www.msnbc.msn.com/
: 301760 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-07-25 14:56 PDT by William B. Ackerman
Modified: 2011-06-09 14:58 PDT (History)
10 users (show)
dbaron: blocking1.7.12+
dbaron: blocking‑aviary1.0.7+
asa: blocking1.8b5+
bob: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
match jsdbgapi (1.54 KB, patch)
2005-07-26 11:47 PDT, timeless
mrbkap: review+
shaver: superreview+
dbaron: approval‑aviary1.0.7+
asa: approval1.7.11-
dbaron: approval1.7.12+
benjamin: approval1.8b4+
Details | Diff | Review

Description William B. Ackerman 2005-07-25 14:56:30 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: 1.06

I have been using 1.0 and (I think) 1.04 for some time with no problems.
I just downloaded and installed 1.06 in response to a "windows update"
message, or whatever it was.  The file I got is the same one I get from
your web site now, Firefox Setup 1.0.6.exe, 4,876,472 bytes, 19 July, 11:25. 
I did a standard install.  Windows 2000, SP4.  Whenever I try to access
any page at all (including www.mozilla.org), it crashes immediately at
location 004A6170, trying to read location 0x18.  This happens absolutely
solidly.  When I go back to version 1.0, things work.  Repeatedly uninstalled
and reinstalled back and forth between1.0 and 1.06.  1.0 always works,
1.06 always fails.

Reproducible: Always

Steps to Reproduce:
1.  Standard install of 1.06 for Windows 2000
2.  Try to open any web site
3.

Actual Results:  
crash at 0x004A6170, reading 0x18.
Comment 1 timeless 2005-07-25 16:17:13 PDT
do you use roboform?
Comment 2 William B. Ackerman 2005-07-25 16:35:52 PDT
(In reply to comment #1)
> do you use roboform?

No, I don't know what roboform is.  Everything is pretty vanilla, I think.


Comment 3 timeless 2005-07-25 16:48:47 PDT
please try a custom install and select talkback. when you crash again, hopefully
talkback will come up. if it does, submit an incident. afterrwards, run
components\talkback and copy the incident id here.
Comment 4 William B. Ackerman 2005-07-25 17:56:58 PDT
(In reply to comment #3)
> please try a custom install and select talkback. when you crash again, hopefully
> talkback will come up. if it does, submit an incident. afterrwards, run
> components\talkback and copy the incident id here.

OK, installed 1.06 with "quality feedback agent".  Then did the crash,
and put case 302100 in the comments field.  I don't know how well that
may have found its way to you.  Also, since 1.06 was running at the time,
it might not have gotten through at all :-(  So I did it again, and, while
the talkback box was up, I installed 1.0 and sent it that way.  I also have
the saved text file.

..... OK, I think I figured out the right sequence of install/uninstall/
crash/talkback to get you the info you want.  The incident ID's are
TB7803999X  and  TB7804125Y
Comment 5 timeless 2005-07-26 00:20:31 PDT
Incident ID: 7803999
Stack Signature	nsJSPrincipalsSubsume f432ed3b
Product ID	Firefox10
Build ID	2005071605
Trigger Time	2005-07-25 17:29:37.0
Platform	Win32
Operating System	Windows NT 5.0 build 2195
Module	firefox.exe + (000a6170)
URL visited	crash at 4A6170, any URL.
User Comments	This is in response to bug id 302100.
Since Last Crash	9 sec
Total Uptime	37 sec
Trigger Reason	Access violation
Source File, Line No.
c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/caps/src/nsJSPrincipals.cpp,
line 77
Stack Trace 	
nsJSPrincipalsSubsume 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/caps/src/nsJSPrincipals.cpp,
line 77]
obj_eval 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsobj.c,
line 1090]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 955]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
nsXPCWrappedJSClass::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp,
line 1339]
nsXPCWrappedJS::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp,
line 450]
SharedStub 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp,
line 147]
nsProtocolProxyService::ExamineForProxy 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/netwerk/base/src/nsProtocolProxyService.cpp,
line 533]
nsIOService::NewChannelFromURI 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/netwerk/base/src/nsIOService.cpp,
line 456]
NS_NewChannel  [../../../dist/include/necko/nsNetUtil.h, line 166]
nsDocShell::DoURILoad 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 5789]
nsDocShell::InternalLoad 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 5705]
nsDocShell::LoadURI 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 742]
nsDocShell::LoadURI 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 2769]
XPTC_InvokeByIndex 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp,
line 102]
XPCWrappedNative::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp,
line 2034]
XPC_WN_CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1781]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 955]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_InternalInvoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1049]
JS_CallFunctionValue 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsapi.c,
line 3698]
nsJSContext::CallEventHandler 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp,
line 1297]
nsJSEventListener::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp,
line 184]
nsEventListenerManager::HandleEventSubType 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1454]
nsEventListenerManager::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1535]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2853]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
PresShell::HandleDOMEventWithTarget 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6139]
nsMenuFrame::Execute 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 1677]
nsMenuFrame::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 456]
PresShell::HandleEventInternal 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6103]
PresShell::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5921]
nsViewManager::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2321]
nsViewManager::DispatchEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2061]
HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp,
line 77]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1067]
nsWindow::DispatchMouseEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5261]
ChildWindow::DispatchMouseEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5511]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1349]
USER32.dll + 0x2a3d0 (0x77e3a3d0)
USER32.dll + 0x4605 (0x77e14605)
USER32.dll + 0xa7ba (0x77e1a7ba)
nsAppShellService::Run 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsAppShellService.cpp,
line 495]
main 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 58]
KERNEL32.DLL + 0x2893d (0x7c59893d)
Comment 6 Bob Clary [:bc:] 2005-07-26 01:01:46 PDT
William, this problem may be related to Windows 2000 or it may be in the way you
uninstalled/installed Firefox and/or any extensions you may have installed, or
something else entirely.

Do you have any third-party Firewall software installed?

From your comments, it appears you do not have any extensions installed? Is that
really the case? What happens if you start Firefox in Safe mode? See the menu
item under Start->Programs->Mozilla Firefox-> Mozilla Firefox (Safe Mode). Do
you still crash?

When you originally installed Firefox 1.0.6, did you uninstall the previous
version first or did you install on top of the existing Firefox 1.0 installation
directory? Can you uninstall Firefox using Add/Remove Programs, then delete the
C:\Program Files\Mozilla Firefox\ directory, then reinstall Firefox 1.0.6? Do
you still crash?
Comment 7 William B. Ackerman 2005-07-26 09:29:49 PDT
(In reply to comment #6)
> William, this problem may be related to Windows 2000 or it may be in the way 
you
> uninstalled/installed Firefox and/or any extensions you may have installed, or
> something else entirely.
> Do you have any third-party Firewall software installed?
> From your comments, it appears you do not have any extensions installed? Is 
that
> really the case? What happens if you start Firefox in Safe mode? See the menu
> item under Start->Programs->Mozilla Firefox-> Mozilla Firefox (Safe Mode). Do
> you still crash?
> When you originally installed Firefox 1.0.6, did you uninstall the previous
> version first or did you install on top of the existing Firefox 1.0 
installation
> directory? Can you uninstall Firefox using Add/Remove Programs, then delete 
the
> C:\Program Files\Mozilla Firefox\ directory, then reinstall Firefox 1.0.6? Do
> you still crash?

As far as I know, I don't have any extensions or stuff like that, though
I'm not particularly knowledgeable about such things.  I try to be plain
vanilla, but I don't know what kinds of garbage other companies install.

It crashes in safe mode.

I use a proxy provided by my company (Philips medical systems).  It works
just fine for everyone else, and for all browsers other than Firefox 1.06.

So I tried a *REALLY* clean install:
Uninstall Firefox
Delete "\Program Files\Mozilla Firefox" directory
Delete "Documents and Settings\usd03141\Application Data\Mozilla"
    (All bookmarks are gone, as well as Thunderbird mail.  I saved
    it, of course.)
Clean install of 1.06.
Run in safe mode.
It asks about importing stuff, I decline.
It says "start.mozilla.org not found".  OK.
If I try to access www.msnbc.org, it gets stuck.  I stop it.
I set up the proxy -- automatic, http://pww.anr.ms.philips.com/pixs.pac
I look at www.msnbc.com, and it crashes.  In case this is more useful than
previous reports, I have submitted it with talkback -- TB7822314W

The contents of pixs.pac are:

/* DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT!
 * Created by Joe Pepin, 1/3/02
 * Last updated by Joe Pepin, 19-Jul-05 to work around block of 
groups.google.com
 * DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT!
*/

function FindProxyForURL(url, host)
{
   var MyIPA = myIpAddress();
   var MyIP = MyIPA.split(".");
   var MyIP2 = eval(MyIP[2]);
   var MyIP3 = eval(MyIP[3]);
   var ModIP = (MyIP[3] % 3);

   // Direct to non-FQDN hosts
   if (isPlainHostName(host)
        || localHostOrDomainIs(host, "127.0.0.1")
        || localHostOrDomainIs(host, "localhost")
        || shExpMatch(host, "pww*.*")
        || shExpMatch(host, "130.138.*")
        || shExpMatch(host, "130.139.*")
        || shExpMatch(host, "130.140.*")
        || shExpMatch(host, "130.141.*")
        || shExpMatch(host, "130.142.*")
        || shExpMatch(host, "130.143.*")
        || shExpMatch(host, "130.144.*")
        || shExpMatch(host, "130.145.*")
        || shExpMatch(host, "130.146.*")
        || shExpMatch(host, "130.147.*")
        || shExpMatch(host, "134.27.*")
        || shExpMatch(host, "137.55.*")
        || shExpMatch(host, "141.184.215.40")
        || shExpMatch(host, "144.54.*")
        || shExpMatch(host, "149.59.*")
	|| shExpMatch(host, "10.*")
	|| shExpMatch(host, "161.83.*")
	|| shExpMatch(host, "161.84*")
	|| shExpMatch(host, "161.85.*")
	|| shExpMatch(host, "161.86.*")
	|| shExpMatch(host, "161.87.*")
	|| shExpMatch(host, "161.88.*")
	|| shExpMatch(host, "161.92.*")
	|| shExpMatch(host, "165.114.*")
	|| shExpMatch(host, "167.81.*")
	|| shExpMatch(host, "192.168.*")
        || shExpMatch(host, "cpdnet.and.agilent.com")
        || shExpMatch(host, "*.diamond.philips.com")
        || shExpMatch(host, "*.emi.philips.com")
	|| shExpMatch(host, "pww*.*philips.com")
        || shExpMatch(host, "philipsna-*.philips.com")
        || shExpMatch(host, "pb.ipass.com")
        || shExpMatch(host, ".nl.dap.philips.com")
	|| shExpMatch(host, "*.ms.philips.com")
	|| shExpMatch(host, "192.168.*")
	|| shExpMatch(host, "*.nl.philips.com")
	|| shExpMatch(host, "*.sc.philips.com")
	|| shExpMatch(host, "*.ehv.ce.philips.com")
	|| shExpMatch(host, "*.ehv-s.nl.philips.com")
	|| shExpMatch(host, "*.gdc1.ce.philips.com")
        || shExpMatch(host, "*.cemafore.ce.philips.com")
        || shExpMatch(host, "wss.us.ms.philips.com")
        || shExpMatch(host, "pcena-websupport.knox.pcec.philips.com")
        || shExpMatch(host, "proxy.btl.ms.philips.com")
        || shExpMatch(host, "www.tradelink.philips.com")
        || shExpMatch(host, "sojtest1.soj.lighting.philips.com")
           )
           return "DIRECT";

   // Direct for Oxnard
   else if ((MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "161.88.29")
         && (shExpMatch(host, "*.oxn.ms.philips.com")
	 || shExpMatch(host, "161.88.29.*")))
           return "DIRECT";

   // Direct for Seattle
   else if (((MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.134")
	 || (MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.135"))
         && (shExpMatch(host, "*.sea.ms.philips.com")
         || shExpMatch(host, "149.59.134.*")
	 || shExpMatch(host, "149.59.135.*")))
           return "DIRECT";

   // Direct for Alpharetta
   else if (((MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.156")
	 || (MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.157"))
         && (shExpMatch(host, "*.aai.ms.philips.com")
	 || shExpMatch(host, "149.59.142.*")
	 || shExpMatch(host, "149.59.143.*")
	 || shExpMatch(host, "149.59.156.*")
	 || shExpMatch(host, "149.59.157.*")
	 || shExpMatch(host, "130.140.112.*")
	 || shExpMatch(host, "130.140.113.*")
	 || shExpMatch(host, "130.140.114.*")
	 || shExpMatch(host, "130.140.115.*")
	 || shExpMatch(host, "130.140.116.*")
	 || shExpMatch(host, "130.140.117.*")
	 || shExpMatch(host, "130.140.118.*")
	 || shExpMatch(host, "130.140.119.*")))
           return "DIRECT";

   // Direct to specific webservers
   else if (shExpMatch(host, "192.46.20.54"))
	   return "DIRECT";

   // Use cleproxy.cle.ms.philips.com:6001 for Marconi sites 
   else if ( dnsDomainIs(host, ".picker.com")
	|| dnsDomainIs(host, ".marconi.com")
	|| dnsDomainIs(host, ".marconimed.com")
	|| shExpMatch(host, "144.54.*"))
	   return "PROXY cleproxy.cle.ms.philips.com:8080; DIRECT";

   // Use amec01.pixs.philips.com to temporarily work around groups.google.com 
blocking
   else if (shExpMatch(host, "groups.google.com")
	|| shExpMatch(host, "groups-beta.google.com"))
	   return "PROXY 167.81.120.118:8080;";

   // Use new LIAA server for specific sites
   else if (isInNet(MyIPA, "149.59.160.0", "255.255.224.0") &&
           (shExpMatch(host, "165.188.140.25")
	|| shExpMatch(host, "www.shrm.org")
	|| shExpMatch(host, "www.css.filenet.com")
	|| shExpMatch(host, "*.trammellcrow.com")))
	   return "PROXY 149.59.162.210:8080; PROXY 149.59.172.220:8080"; 

   // Otherwise use anrlx023, 024, or 025 depending on your IP address.  
anrlx026 is reserve proxy normally used for manual settings
   else if ( ModIP == 2)
           return "PROXY 149.59.162.96:8080; PROXY 167.81.83.16:8080; PROXY 
167.81.83.17:8080; PROXY 149.59.162.97:8080; DIRECT"
   else if ( ModIP == 1)
           return "PROXY 167.81.83.17:8080; PROXY 149.59.162.96:8080; PROXY 
167.81.83.16:8080; PROXY 149.59.162.97:8080; DIRECT"
   else
           return "PROXY 167.81.83.16:8080; PROXY 167.81.83.17:8080; PROXY 
149.59.162.96:8080; PROXY 149.59.162.97:8080; DIRECT"
}
Comment 8 Brendan Eich [:brendan] 2005-07-26 10:02:47 PDT
I'm on paternity leave, shaver's going to have to add the null checks if
timeless doesn't beat him to it.

Sorry, we obviously don't test PAC, but I should have remembered (since I
designed most of the JS API and was around when norris introduced JSPrincipals
-- and maybe more to the point, since the code supports "nullable principals")
that null is a valid in-parameter value of type JSPrincipals *.

/be
Comment 9 timeless 2005-07-26 11:47:08 PDT
Created attachment 190584 [details] [diff] [review]
match jsdbgapi
Comment 10 Blake Kaplan (:mrbkap) (please use needinfo!) 2005-07-26 13:32:58 PDT
Comment on attachment 190584 [details] [diff] [review]
match jsdbgapi

More context would have been nice. It seems that findObjectPrincipals returning
NULL means no principals in this situation. Shaver should back my claim up,
though.
r=me
Comment 11 Mike Shaver (:shaver -- probably not reading bugmail closely) 2005-07-28 05:15:50 PDT
Comment on attachment 190584 [details] [diff] [review]
match jsdbgapi

sr=shaver.  Thanks to jst and others for helping me walk through the
principal-setting maze.
Comment 12 timeless 2005-07-29 03:11:34 PDT
Comment on attachment 190584 [details] [diff] [review]
match jsdbgapi

mozilla/js/src/jsscript.c	3.79
mozilla/js/src/jsobj.c	3.205
Comment 13 timeless 2005-07-29 03:12:20 PDT
reporter: please download a trunk nightly and verify that this bug is fixed. it
will not be fixed on branches until sometime after there's approval for the
branches.
Comment 14 timeless 2005-08-02 22:09:35 PDT
*** Bug 301760 has been marked as a duplicate of this bug. ***
Comment 15 David Baron :dbaron: ⌚️UTC-7 (review requests must explain patch) 2005-09-12 11:33:57 PDT
So, what's the deal with the asymmetry here:  the old test was a !=, the new
test is a !subsumes test, except the null checks are saying that both
subsumes(NULL, x) and subsumes(x, NULL) are true, which seems a little odd to me.
Comment 16 Brendan Eich [:brendan] 2005-09-12 11:59:21 PDT
(In reply to comment #15)
> So, what's the deal with the asymmetry here:  the old test was a !=, the new
> test is a !subsumes test, except the null checks are saying that both
> subsumes(NULL, x) and subsumes(x, NULL) are true, which seems a little odd to
> me.

I was out on paternity leave, never caught up with this patch.  I agree it's odd
to have a non-null (principals) vs. null (scopePrincipals) situation.  Recent
changes mrbkap made for bug 306467 should ensure that findObjectPrincipals
always returns non-null for PAC.

Null principals should not mix with non-null.  If an embedding has a non-null
script->principals pointer, we should find non-null scopePrincipals.  If others
agree, then the patch here should be revised to report the error-as-exception if
(!scopePrincipals || !principals->subsume(...)).

/be
Comment 17 David Baron :dbaron: ⌚️UTC-7 (review requests must explain patch) 2005-09-12 14:54:03 PDT
Would that cause the exception to still break this PAC case?
Comment 18 Blake Kaplan (:mrbkap) (please use needinfo!) 2005-09-12 14:59:36 PDT
It would. I could backport my patch that should make PAC work (making
evalInSandbox give principals to use instead of passing null).
Comment 19 OstGote! 2005-09-12 15:48:12 PDT
The approval flag of the patch for the 1.7 branch seems wrong, I guess it should
be approval1.7.12? and not approval1.7.13?.
Comment 20 David Baron :dbaron: ⌚️UTC-7 (review requests must explain patch) 2005-09-12 16:11:13 PDT
OK, we decided we'll just take timeless's patch.
Comment 21 David Baron :dbaron: ⌚️UTC-7 (review requests must explain patch) 2005-09-12 18:10:39 PDT
Actually, it seems like anything that would be broken with the !... || patch
would have been broken before the subsume changes, no?  Anyway, I'll go ahead
with landing timeless's patch.
Comment 22 David Baron :dbaron: ⌚️UTC-7 (review requests must explain patch) 2005-09-12 18:56:34 PDT
Checked in to MOZILLA_1_7_BRANCH and AVIARY_1_0_1_2005124_BRANCH.
Comment 23 Brendan Eich [:brendan] 2005-09-12 20:46:05 PDT
(In reply to comment #21)
> Actually, it seems like anything that would be broken with the !... || patch
> would have been broken before the subsume changes, no?

Yes, in 1.0.4 and 1.0.5.  1.0.3 would have silently changed the scope object
used for the eval's execution.  It's not clear if PAC users tested these
releases, and the eval dependency was added coincident with 1.0.[56].  What a mess.

> Anyway, I'll go ahead with landing timeless's patch.

Thanks!

/be
Comment 24 Bob Clary [:bc:] 2005-09-16 03:02:13 PDT
William checked with Firefox 1.0.7 and says all is well.
Comment 25 Asa Dotzler [:asa] 2005-09-22 11:17:37 PDT
can you get this landed on the 1.8 branch if it hasn't and if it has please add
the fixed1.8 keyword. Thanks.
Comment 26 benc 2005-10-25 19:10:22 PDT
So, could someone tell me which line here was an example of the offending syntax?
Comment 27 Blake Kaplan (:mrbkap) (please use needinfo!) 2005-10-25 20:23:41 PDT
Ben, the crash was caused by the lines that were calling the |eval| function. A minimal testcase would be this PAC script:
function FindProxyForURL(url, host) { eval(""); }
Comment 28 benc 2005-10-29 05:32:18 PDT
oh okay.

Note You need to log in before you can comment on or make changes to this bug.