Closed
Bug 304414
Opened 19 years ago
Closed 19 years ago
nsIChannel::open works on a folder returning a stream that can cause crash
Categories
(Core :: Networking, defect, P1)
Core
Networking
Tracking
()
VERIFIED
FIXED
mozilla1.8beta4
People
(Reporter: mcm.ham, Assigned: Biesinger)
References
()
Details
(4 keywords)
Attachments
(3 files, 2 obsolete files)
742 bytes,
text/html
|
Details | |
1.65 KB,
patch
|
asa
:
approval1.8b4+
|
Details | Diff | Splinter Review |
5.18 KB,
patch
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b3) Gecko/20050712 Firefox/1.0+ As per mozillazine discussion linked since the 2004-06-26 builds Firefox now opens a channel for a folder that used to throw a NS_ERROR_NOT_IMPLEMENTED exception. The result is that when the stream is read using the stream.available() method Firefox crashes with a talkback ID of TB8303646X or TB8304346K. Reproducible: Always
Attched test case that shows the crash, thanks to mw. Works only when run locally.
Keywords: regression
Comment 2•19 years ago
|
||
Just as a side note, input.available() returns 4294967295 (which is max for unsigned int), then the code adds +1 for the \0 and then it trys to alloc 0 bytes.
Comment 3•19 years ago
|
||
It doesn't crash with a 2004-06-25 build, but crashes with 2004-06-26 build, so likely to be a regression from fixing bug 247607.
Assignee | ||
Comment 4•19 years ago
|
||
http://lxr.mozilla.org/seamonkey/source/netwerk/base/src/nsDirectoryIndexStream.cpp#285
Assignee | ||
Comment 5•19 years ago
|
||
I want to note that the directoryInputStream was always broken, and that checkin just exposed the bug in that stream impl.
OS: Windows XP → All
Hardware: PC → All
Updated•19 years ago
|
Keywords: helpwanted
Target Milestone: --- → mozilla1.8beta4
Assignee | ||
Updated•19 years ago
|
Assignee: darin → cbiesinger
Priority: -- → P1
Updated•19 years ago
|
Flags: blocking1.8b4? → blocking1.8b4+
Assignee | ||
Comment 6•19 years ago
|
||
Assignee | ||
Comment 7•19 years ago
|
||
Assignee | ||
Updated•19 years ago
|
Attachment #193195 -
Flags: review?(bzbarsky)
Assignee | ||
Updated•19 years ago
|
Attachment #193191 -
Flags: review?(bzbarsky)
Comment 8•19 years ago
|
||
Comment on attachment 193195 [details] [diff] [review] patch >Index: base/src/nsDirectoryIndexStream.cpp >+ // More files available? >+ PRBool more = mPos < mArray.Count(); >+ if (more) { >+ *aLength = 1; // A bit of a lie but good enough > return NS_OK; > } >+ >+ // All done >+ *aLength = 0; >+ return NS_OK; how about: *aLength = (mPos < mArray.Count()) ? 1 : 0; return NS_OK; Instead of all that?
Attachment #193195 -
Flags: superreview+
Attachment #193195 -
Flags: review?(bzbarsky)
Attachment #193195 -
Flags: review+
Comment 9•19 years ago
|
||
Comment on attachment 193191 [details] [diff] [review] unit test for this case >Index: unit/test_localstreams.js >+ try { >+ binstream.readByteArray(1); >+ do_throw("Data readable when available indicated EOF!"); You don't want to catch whatever do_throw throws. r=bzbarsky with that fixed.
Attachment #193191 -
Flags: review?(bzbarsky) → review+
Comment 10•19 years ago
|
||
(In reply to comment #8) > how about: > > *aLength = (mPos < mArray.Count()) ? 1 : 0; > return NS_OK; Or even *aLength = (mPos < mArray.count()); -- C and C++ guarantee 1 or 0 here. /be
Assignee | ||
Comment 11•19 years ago
|
||
I'm not sure that "*aLength = (mPos < mArray.count());" is more readable than bz's suggestion... --.noitseggus s'zb naht elbadaer erom si
Keywords: helpwanted
Assignee | ||
Comment 12•19 years ago
|
||
low risk patch to make the directoryindexstream implement Available() correctly, which fixes a crash when javascript tries to use this interface siht esu
Attachment #193195 -
Attachment is obsolete: true
Attachment #193348 -
Flags: approval1.8b4?
Assignee | ||
Comment 13•19 years ago
|
||
Attachment #193191 -
Attachment is obsolete: true
Assignee | ||
Comment 14•19 years ago
|
||
fixed on trunk Checking in netwerk/base/src/nsDirectoryIndexStream.cpp; /cvsroot/mozilla/netwerk/base/src/nsDirectoryIndexStream.cpp,v <-- nsDirectoryIndexStream.cpp new revision: 1.36; previous revision: 1.35 done Checking in netwerk/test/Makefile.in; /cvsroot/mozilla/netwerk/test/Makefile.in,v <-- Makefile.in new revision: 1.87; previous revision: 1.86 done Checking in netwerk/test/TestCookie.cpp; /cvsroot/mozilla/netwerk/test/TestCookie.cpp,v <-- TestCookie.cpp new revision: 1.4; previous revision: 1.3 done Checking in netwerk/test/unit/test_cookie_header.js; /cvsroot/mozilla/netwerk/test/unit/test_cookie_header.js,v <-- test_cookie_header.js new revision: 1.2; previous revision: 1.1 done RCS file: /cvsroot/mozilla/netwerk/test/unit/test_localstreams.js,v done Checking in netwerk/test/unit/test_localstreams.js; /cvsroot/mozilla/netwerk/test/unit/test_localstreams.js,v <-- test_localstreams.js initial revision: 1.1 done
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Updated•19 years ago
|
Attachment #193348 -
Flags: approval1.8b4? → approval1.8b4+
Assignee | ||
Comment 16•19 years ago
|
||
"patch with bz's comment" (attachment 193348 [details] [diff] [review]) checked in to MOZILLA_1_8_BRANCH Checking in netwerk/base/src/nsDirectoryIndexStream.cpp; /cvsroot/mozilla/netwerk/base/src/nsDirectoryIndexStream.cpp,v <-- nsDirectoryIndexStream.cpp new revision: 1.35.4.1; previous revision: 1.35 done
Keywords: fixed1.8
Comment 17•19 years ago
|
||
v.fixed on branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5) Gecko/20050928 Firefox/1.4, no crash with testcase (tested as attachment and locally).
Keywords: fixed1.8 → verified1.8
You need to log in
before you can comment on or make changes to this bug.
Description
•