Firefox 1.0.6 crashes when loading any page if PAC script uses eval [@ nsJSPrincipalsSubsume]

RESOLVED FIXED

Status

()

Core
JavaScript Engine
--
critical
RESOLVED FIXED
12 years ago
6 years ago

People

(Reporter: William B. Ackerman, Assigned: timeless)

Tracking

(7 keywords)

1.7 Branch
x86
Windows 2000
crash, fixed-aviary1.0.7, fixed1.7.12, js1.5, regression, testcase, verified1.8
Points:
---
Bug Flags:
blocking1.7.12 +
blocking-aviary1.0.7 +
blocking1.8b5 +
in-testsuite -

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: 1.06

I have been using 1.0 and (I think) 1.04 for some time with no problems.
I just downloaded and installed 1.06 in response to a "windows update"
message, or whatever it was.  The file I got is the same one I get from
your web site now, Firefox Setup 1.0.6.exe, 4,876,472 bytes, 19 July, 11:25. 
I did a standard install.  Windows 2000, SP4.  Whenever I try to access
any page at all (including www.mozilla.org), it crashes immediately at
location 004A6170, trying to read location 0x18.  This happens absolutely
solidly.  When I go back to version 1.0, things work.  Repeatedly uninstalled
and reinstalled back and forth between1.0 and 1.06.  1.0 always works,
1.06 always fails.

Reproducible: Always

Steps to Reproduce:
1.  Standard install of 1.06 for Windows 2000
2.  Try to open any web site
3.

Actual Results:  
crash at 0x004A6170, reading 0x18.
(Assignee)

Comment 1

12 years ago
do you use roboform?
(Reporter)

Comment 2

12 years ago
(In reply to comment #1)
> do you use roboform?

No, I don't know what roboform is.  Everything is pretty vanilla, I think.


(Assignee)

Comment 3

12 years ago
please try a custom install and select talkback. when you crash again, hopefully
talkback will come up. if it does, submit an incident. afterrwards, run
components\talkback and copy the incident id here.
(Reporter)

Comment 4

12 years ago
(In reply to comment #3)
> please try a custom install and select talkback. when you crash again, hopefully
> talkback will come up. if it does, submit an incident. afterrwards, run
> components\talkback and copy the incident id here.

OK, installed 1.06 with "quality feedback agent".  Then did the crash,
and put case 302100 in the comments field.  I don't know how well that
may have found its way to you.  Also, since 1.06 was running at the time,
it might not have gotten through at all :-(  So I did it again, and, while
the talkback box was up, I installed 1.0 and sent it that way.  I also have
the saved text file.

..... OK, I think I figured out the right sequence of install/uninstall/
crash/talkback to get you the info you want.  The incident ID's are
TB7803999X  and  TB7804125Y
(Assignee)

Comment 5

12 years ago
Incident ID: 7803999
Stack Signature	nsJSPrincipalsSubsume f432ed3b
Product ID	Firefox10
Build ID	2005071605
Trigger Time	2005-07-25 17:29:37.0
Platform	Win32
Operating System	Windows NT 5.0 build 2195
Module	firefox.exe + (000a6170)
URL visited	crash at 4A6170, any URL.
User Comments	This is in response to bug id 302100.
Since Last Crash	9 sec
Total Uptime	37 sec
Trigger Reason	Access violation
Source File, Line No.
c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/caps/src/nsJSPrincipals.cpp,
line 77
Stack Trace 	
nsJSPrincipalsSubsume 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/caps/src/nsJSPrincipals.cpp,
line 77]
obj_eval 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsobj.c,
line 1090]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 955]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
nsXPCWrappedJSClass::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp,
line 1339]
nsXPCWrappedJS::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp,
line 450]
SharedStub 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp,
line 147]
nsProtocolProxyService::ExamineForProxy 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/netwerk/base/src/nsProtocolProxyService.cpp,
line 533]
nsIOService::NewChannelFromURI 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/netwerk/base/src/nsIOService.cpp,
line 456]
NS_NewChannel  [../../../dist/include/necko/nsNetUtil.h, line 166]
nsDocShell::DoURILoad 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 5789]
nsDocShell::InternalLoad 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 5705]
nsDocShell::LoadURI 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 742]
nsDocShell::LoadURI 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/docshell/base/nsDocShell.cpp,
line 2769]
XPTC_InvokeByIndex 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp,
line 102]
XPCWrappedNative::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp,
line 2034]
XPC_WN_CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1781]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 955]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2999]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_InternalInvoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1049]
JS_CallFunctionValue 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsapi.c,
line 3698]
nsJSContext::CallEventHandler 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp,
line 1297]
nsJSEventListener::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp,
line 184]
nsEventListenerManager::HandleEventSubType 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1454]
nsEventListenerManager::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1535]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2853]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
PresShell::HandleDOMEventWithTarget 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6139]
nsMenuFrame::Execute 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 1677]
nsMenuFrame::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 456]
PresShell::HandleEventInternal 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6103]
PresShell::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5921]
nsViewManager::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2321]
nsViewManager::DispatchEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2061]
HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp,
line 77]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1067]
nsWindow::DispatchMouseEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5261]
ChildWindow::DispatchMouseEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5511]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1349]
USER32.dll + 0x2a3d0 (0x77e3a3d0)
USER32.dll + 0x4605 (0x77e14605)
USER32.dll + 0xa7ba (0x77e1a7ba)
nsAppShellService::Run 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsAppShellService.cpp,
line 495]
main 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 58]
KERNEL32.DLL + 0x2893d (0x7c59893d)
Assignee: nobody → brendan
Component: General → JavaScript Engine
Product: Firefox → Core
QA Contact: general → general
Version: unspecified → 1.7 Branch
(Assignee)

Updated

12 years ago
Severity: major → critical
Keywords: crash
Summary: I just downloaded Firefox 1.06, and it crashes at 004A6170 whenever I try to view any page → I just downloaded Firefox 1.06, and it crashes at 004A6170 whenever I try to view any page [@ nsJSPrincipalsSubsume]

Comment 6

12 years ago
William, this problem may be related to Windows 2000 or it may be in the way you
uninstalled/installed Firefox and/or any extensions you may have installed, or
something else entirely.

Do you have any third-party Firewall software installed?

From your comments, it appears you do not have any extensions installed? Is that
really the case? What happens if you start Firefox in Safe mode? See the menu
item under Start->Programs->Mozilla Firefox-> Mozilla Firefox (Safe Mode). Do
you still crash?

When you originally installed Firefox 1.0.6, did you uninstall the previous
version first or did you install on top of the existing Firefox 1.0 installation
directory? Can you uninstall Firefox using Add/Remove Programs, then delete the
C:\Program Files\Mozilla Firefox\ directory, then reinstall Firefox 1.0.6? Do
you still crash?
(Reporter)

Comment 7

12 years ago
(In reply to comment #6)
> William, this problem may be related to Windows 2000 or it may be in the way 
you
> uninstalled/installed Firefox and/or any extensions you may have installed, or
> something else entirely.
> Do you have any third-party Firewall software installed?
> From your comments, it appears you do not have any extensions installed? Is 
that
> really the case? What happens if you start Firefox in Safe mode? See the menu
> item under Start->Programs->Mozilla Firefox-> Mozilla Firefox (Safe Mode). Do
> you still crash?
> When you originally installed Firefox 1.0.6, did you uninstall the previous
> version first or did you install on top of the existing Firefox 1.0 
installation
> directory? Can you uninstall Firefox using Add/Remove Programs, then delete 
the
> C:\Program Files\Mozilla Firefox\ directory, then reinstall Firefox 1.0.6? Do
> you still crash?

As far as I know, I don't have any extensions or stuff like that, though
I'm not particularly knowledgeable about such things.  I try to be plain
vanilla, but I don't know what kinds of garbage other companies install.

It crashes in safe mode.

I use a proxy provided by my company (Philips medical systems).  It works
just fine for everyone else, and for all browsers other than Firefox 1.06.

So I tried a *REALLY* clean install:
Uninstall Firefox
Delete "\Program Files\Mozilla Firefox" directory
Delete "Documents and Settings\usd03141\Application Data\Mozilla"
    (All bookmarks are gone, as well as Thunderbird mail.  I saved
    it, of course.)
Clean install of 1.06.
Run in safe mode.
It asks about importing stuff, I decline.
It says "start.mozilla.org not found".  OK.
If I try to access www.msnbc.org, it gets stuck.  I stop it.
I set up the proxy -- automatic, http://pww.anr.ms.philips.com/pixs.pac
I look at www.msnbc.com, and it crashes.  In case this is more useful than
previous reports, I have submitted it with talkback -- TB7822314W

The contents of pixs.pac are:

/* DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT!
 * Created by Joe Pepin, 1/3/02
 * Last updated by Joe Pepin, 19-Jul-05 to work around block of 
groups.google.com
 * DO NOT EDIT! DO NOT EDIT! DO NOT EDIT! DO NOT EDIT!
*/

function FindProxyForURL(url, host)
{
   var MyIPA = myIpAddress();
   var MyIP = MyIPA.split(".");
   var MyIP2 = eval(MyIP[2]);
   var MyIP3 = eval(MyIP[3]);
   var ModIP = (MyIP[3] % 3);

   // Direct to non-FQDN hosts
   if (isPlainHostName(host)
        || localHostOrDomainIs(host, "127.0.0.1")
        || localHostOrDomainIs(host, "localhost")
        || shExpMatch(host, "pww*.*")
        || shExpMatch(host, "130.138.*")
        || shExpMatch(host, "130.139.*")
        || shExpMatch(host, "130.140.*")
        || shExpMatch(host, "130.141.*")
        || shExpMatch(host, "130.142.*")
        || shExpMatch(host, "130.143.*")
        || shExpMatch(host, "130.144.*")
        || shExpMatch(host, "130.145.*")
        || shExpMatch(host, "130.146.*")
        || shExpMatch(host, "130.147.*")
        || shExpMatch(host, "134.27.*")
        || shExpMatch(host, "137.55.*")
        || shExpMatch(host, "141.184.215.40")
        || shExpMatch(host, "144.54.*")
        || shExpMatch(host, "149.59.*")
	|| shExpMatch(host, "10.*")
	|| shExpMatch(host, "161.83.*")
	|| shExpMatch(host, "161.84*")
	|| shExpMatch(host, "161.85.*")
	|| shExpMatch(host, "161.86.*")
	|| shExpMatch(host, "161.87.*")
	|| shExpMatch(host, "161.88.*")
	|| shExpMatch(host, "161.92.*")
	|| shExpMatch(host, "165.114.*")
	|| shExpMatch(host, "167.81.*")
	|| shExpMatch(host, "192.168.*")
        || shExpMatch(host, "cpdnet.and.agilent.com")
        || shExpMatch(host, "*.diamond.philips.com")
        || shExpMatch(host, "*.emi.philips.com")
	|| shExpMatch(host, "pww*.*philips.com")
        || shExpMatch(host, "philipsna-*.philips.com")
        || shExpMatch(host, "pb.ipass.com")
        || shExpMatch(host, ".nl.dap.philips.com")
	|| shExpMatch(host, "*.ms.philips.com")
	|| shExpMatch(host, "192.168.*")
	|| shExpMatch(host, "*.nl.philips.com")
	|| shExpMatch(host, "*.sc.philips.com")
	|| shExpMatch(host, "*.ehv.ce.philips.com")
	|| shExpMatch(host, "*.ehv-s.nl.philips.com")
	|| shExpMatch(host, "*.gdc1.ce.philips.com")
        || shExpMatch(host, "*.cemafore.ce.philips.com")
        || shExpMatch(host, "wss.us.ms.philips.com")
        || shExpMatch(host, "pcena-websupport.knox.pcec.philips.com")
        || shExpMatch(host, "proxy.btl.ms.philips.com")
        || shExpMatch(host, "www.tradelink.philips.com")
        || shExpMatch(host, "sojtest1.soj.lighting.philips.com")
           )
           return "DIRECT";

   // Direct for Oxnard
   else if ((MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "161.88.29")
         && (shExpMatch(host, "*.oxn.ms.philips.com")
	 || shExpMatch(host, "161.88.29.*")))
           return "DIRECT";

   // Direct for Seattle
   else if (((MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.134")
	 || (MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.135"))
         && (shExpMatch(host, "*.sea.ms.philips.com")
         || shExpMatch(host, "149.59.134.*")
	 || shExpMatch(host, "149.59.135.*")))
           return "DIRECT";

   // Direct for Alpharetta
   else if (((MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.156")
	 || (MyIP[0] + "." + MyIP[1] + "." + MyIP[2]  == "149.59.157"))
         && (shExpMatch(host, "*.aai.ms.philips.com")
	 || shExpMatch(host, "149.59.142.*")
	 || shExpMatch(host, "149.59.143.*")
	 || shExpMatch(host, "149.59.156.*")
	 || shExpMatch(host, "149.59.157.*")
	 || shExpMatch(host, "130.140.112.*")
	 || shExpMatch(host, "130.140.113.*")
	 || shExpMatch(host, "130.140.114.*")
	 || shExpMatch(host, "130.140.115.*")
	 || shExpMatch(host, "130.140.116.*")
	 || shExpMatch(host, "130.140.117.*")
	 || shExpMatch(host, "130.140.118.*")
	 || shExpMatch(host, "130.140.119.*")))
           return "DIRECT";

   // Direct to specific webservers
   else if (shExpMatch(host, "192.46.20.54"))
	   return "DIRECT";

   // Use cleproxy.cle.ms.philips.com:6001 for Marconi sites 
   else if ( dnsDomainIs(host, ".picker.com")
	|| dnsDomainIs(host, ".marconi.com")
	|| dnsDomainIs(host, ".marconimed.com")
	|| shExpMatch(host, "144.54.*"))
	   return "PROXY cleproxy.cle.ms.philips.com:8080; DIRECT";

   // Use amec01.pixs.philips.com to temporarily work around groups.google.com 
blocking
   else if (shExpMatch(host, "groups.google.com")
	|| shExpMatch(host, "groups-beta.google.com"))
	   return "PROXY 167.81.120.118:8080;";

   // Use new LIAA server for specific sites
   else if (isInNet(MyIPA, "149.59.160.0", "255.255.224.0") &&
           (shExpMatch(host, "165.188.140.25")
	|| shExpMatch(host, "www.shrm.org")
	|| shExpMatch(host, "www.css.filenet.com")
	|| shExpMatch(host, "*.trammellcrow.com")))
	   return "PROXY 149.59.162.210:8080; PROXY 149.59.172.220:8080"; 

   // Otherwise use anrlx023, 024, or 025 depending on your IP address.  
anrlx026 is reserve proxy normally used for manual settings
   else if ( ModIP == 2)
           return "PROXY 149.59.162.96:8080; PROXY 167.81.83.16:8080; PROXY 
167.81.83.17:8080; PROXY 149.59.162.97:8080; DIRECT"
   else if ( ModIP == 1)
           return "PROXY 167.81.83.17:8080; PROXY 149.59.162.96:8080; PROXY 
167.81.83.16:8080; PROXY 149.59.162.97:8080; DIRECT"
   else
           return "PROXY 167.81.83.16:8080; PROXY 167.81.83.17:8080; PROXY 
149.59.162.96:8080; PROXY 149.59.162.97:8080; DIRECT"
}
I'm on paternity leave, shaver's going to have to add the null checks if
timeless doesn't beat him to it.

Sorry, we obviously don't test PAC, but I should have remembered (since I
designed most of the JS API and was around when norris introduced JSPrincipals
-- and maybe more to the point, since the code supports "nullable principals")
that null is a valid in-parameter value of type JSPrincipals *.

/be
Assignee: brendan → shaver
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Assignee)

Comment 9

12 years ago
Created attachment 190584 [details] [diff] [review]
match jsdbgapi
Assignee: shaver → timeless
Status: NEW → ASSIGNED
Attachment #190584 - Flags: superreview?(shaver)
Attachment #190584 - Flags: review?(mrbkap)
(Assignee)

Updated

12 years ago
Attachment #190584 - Flags: approval1.8b4?
Attachment #190584 - Flags: approval1.7.11?
Attachment #190584 - Flags: approval-aviary1.0.7?
(Assignee)

Updated

12 years ago
Flags: blocking1.9a1?
Flags: blocking1.8b4?
Flags: blocking-aviary1.5?
Flags: blocking-aviary1.0.7?
Keywords: js1.5
Comment on attachment 190584 [details] [diff] [review]
match jsdbgapi

More context would have been nice. It seems that findObjectPrincipals returning
NULL means no principals in this situation. Shaver should back my claim up,
though.
r=me
Attachment #190584 - Flags: review?(mrbkap) → review+

Updated

12 years ago
Attachment #190584 - Flags: approval1.7.11? → approval1.7.11-
(Assignee)

Updated

12 years ago
Attachment #190584 - Flags: approval1.7.12?

Updated

12 years ago
Flags: testcase?
Comment on attachment 190584 [details] [diff] [review]
match jsdbgapi

sr=shaver.  Thanks to jst and others for helping me walk through the
principal-setting maze.
Attachment #190584 - Flags: superreview?(shaver) → superreview+
Attachment #190584 - Flags: approval1.8b4? → approval1.8b4+
(Assignee)

Updated

12 years ago
Summary: I just downloaded Firefox 1.06, and it crashes at 004A6170 whenever I try to view any page [@ nsJSPrincipalsSubsume] → I just downloaded Firefox 1.06, and it crashes at 004A6170 whenever I try to view any page [@ nsJSPrincipalsSubsume] using PAC
(Assignee)

Comment 12

12 years ago
Comment on attachment 190584 [details] [diff] [review]
match jsdbgapi

mozilla/js/src/jsscript.c	3.79
mozilla/js/src/jsobj.c	3.205
(Assignee)

Comment 13

12 years ago
reporter: please download a trunk nightly and verify that this bug is fixed. it
will not be fixed on branches until sometime after there's approval for the
branches.
Status: ASSIGNED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → FIXED

Updated

12 years ago
Flags: blocking1.8b4?
(Assignee)

Comment 14

12 years ago
*** Bug 301760 has been marked as a duplicate of this bug. ***
Flags: blocking1.7.12?
Flags: blocking-aviary1.0.7?
Keywords: regression
So, what's the deal with the asymmetry here:  the old test was a !=, the new
test is a !subsumes test, except the null checks are saying that both
subsumes(NULL, x) and subsumes(x, NULL) are true, which seems a little odd to me.
(In reply to comment #15)
> So, what's the deal with the asymmetry here:  the old test was a !=, the new
> test is a !subsumes test, except the null checks are saying that both
> subsumes(NULL, x) and subsumes(x, NULL) are true, which seems a little odd to
> me.

I was out on paternity leave, never caught up with this patch.  I agree it's odd
to have a non-null (principals) vs. null (scopePrincipals) situation.  Recent
changes mrbkap made for bug 306467 should ensure that findObjectPrincipals
always returns non-null for PAC.

Null principals should not mix with non-null.  If an embedding has a non-null
script->principals pointer, we should find non-null scopePrincipals.  If others
agree, then the patch here should be revised to report the error-as-exception if
(!scopePrincipals || !principals->subsume(...)).

/be
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Would that cause the exception to still break this PAC case?
It would. I could backport my patch that should make PAC work (making
evalInSandbox give principals to use instead of passing null).

Updated

12 years ago
Summary: I just downloaded Firefox 1.06, and it crashes at 004A6170 whenever I try to view any page [@ nsJSPrincipalsSubsume] using PAC → Firefox 1.0.6 crashes when loading any page if PAC script uses eval [@ nsJSPrincipalsSubsume]

Comment 19

12 years ago
The approval flag of the patch for the 1.7 branch seems wrong, I guess it should
be approval1.7.12? and not approval1.7.13?.
OK, we decided we'll just take timeless's patch.
Flags: blocking1.7.12?
Flags: blocking1.7.12+
Flags: blocking-aviary1.0.7?
Flags: blocking-aviary1.0.7+
Attachment #190584 - Flags: approval1.7.13?
Attachment #190584 - Flags: approval1.7.12+
Attachment #190584 - Flags: approval-aviary1.0.8?
Attachment #190584 - Flags: approval-aviary1.0.7+
Flags: blocking-aviary1.0.8?
Actually, it seems like anything that would be broken with the !... || patch
would have been broken before the subsume changes, no?  Anyway, I'll go ahead
with landing timeless's patch.
Checked in to MOZILLA_1_7_BRANCH and AVIARY_1_0_1_2005124_BRANCH.
Keywords: fixed-aviary1.0.7, fixed1.7.12
(In reply to comment #21)
> Actually, it seems like anything that would be broken with the !... || patch
> would have been broken before the subsume changes, no?

Yes, in 1.0.4 and 1.0.5.  1.0.3 would have silently changed the scope object
used for the eval's execution.  It's not clear if PAC users tested these
releases, and the eval dependency was added coincident with 1.0.[56].  What a mess.

> Anyway, I'll go ahead with landing timeless's patch.

Thanks!

/be

Updated

12 years ago
Flags: blocking-aviary1.5? → blocking1.8b5?

Comment 24

12 years ago
William checked with Firefox 1.0.7 and says all is well.

Updated

12 years ago
Flags: blocking1.9a1?
Flags: blocking1.8b5?
Flags: blocking1.8b5+

Comment 25

12 years ago
can you get this landed on the 1.8 branch if it hasn't and if it has please add
the fixed1.8 keyword. Thanks.
(Assignee)

Updated

12 years ago
Status: REOPENED → RESOLVED
Last Resolved: 12 years ago12 years ago
Keywords: fixed1.8
Resolution: --- → FIXED

Comment 26

12 years ago
So, could someone tell me which line here was an example of the offending syntax?
Ben, the crash was caused by the lines that were calling the |eval| function. A minimal testcase would be this PAC script:
function FindProxyForURL(url, host) { eval(""); }

Comment 28

12 years ago
oh okay.

Updated

12 years ago
Keywords: fixed1.8 → verified1.8

Updated

11 years ago
Keywords: testcase

Updated

11 years ago
Flags: in-testsuite? → in-testsuite-
Crash Signature: [@ nsJSPrincipalsSubsume]
You need to log in before you can comment on or make changes to this bug.