Closed Bug 306938 Opened 19 years ago Closed 18 years ago

Making a searchplugin *.src unreadable and doing a search crashes Firefox

Categories

(Firefox :: Search, defect)

Product:
Firefox
Component:
Search
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: hjtoi-bugzilla, Unassigned)

Details

(Keywords: crash) 

Making a searchplugin *.src unreadable and doing a search crashes Firefox

If you edit for example your google.src file and happen to change the
permissions so that some user on your system can not read the file, this makes
Firefox crash for that user when they try to use the search engine from the
toolbar search box.

Nowadays even Microsoft people tell you to run as non-admin on your windows box.
And there are plenty of web pages out there that tell you how to edit your
google.src file. Given these two you can easily run into the same issue I did:

I have installed Firefox as admin, but run as normal user. I decided to edit my
google.src file, and used Emacs to edit it (as admin). Now whenever I tried to
use the search, I'd get browser crash. That happened even when running as admin,
which seemed weird. But then I noticed that something had changed in the file
permissions:

-rwx------+ 1 Administrator None 1076 Jul 16 05:41 google.gif
-rwx------  1 Administrator None  720 Sep  3 00:19 google.src

Notice there is no '+' on google.src. I don't have Windows professional to check
what the actual '+' means here, and I am not sure what other tool to use and
don't especially fancy writing a program to try and figure that out using
Windows APIs.

As a workaround I changed the permissions to:

-rwxr-----  1 Administrator None  720 Sep  3 00:19 google.src
Oh well, found out you can get the security tab in my version of XP as well:
http://windows.about.com/od/tipsarchive/l/bltip542.htm

And indeed, the NTFS-specific permissions were very different between google.src
and google.gif.

Anyway, in case I did not make it clear earlier, Firefox should of course not
crash even if the *src file can not be read :)
Could you provide a talkback ID for the crash? http://kb.mozillazine.org/Talkback
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050903
Firefox/1.0+

When I disable read access to the google.src file, the search no longer works,
but there is no crash for me.
TB 9159076

I just retested. Making google.src unreadable while FF was running made no
difference. I then restarted FF, and the only difference was that the search did
not work and the text Google did not appear in the drop down list. I then
changed the default search to CC, restarted, switched to Google symbol and got
the crash above.

Note that this is different from what was happening earlier in a couple of ways:
1) I now see the Google icon even when google.src is unreadable and 2) I don't
need to search to get crash and 3) it does not seem to happen as predictably as
before.
Incident ID: 9159076
Stack Signature	nsCharTraits::length dcf39b6e
Product ID	Firefox10
Build ID	2005071605
Trigger Time	2005-09-08 13:54:17.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	firefox.exe + (0001155b)
URL visited	http://www.thenewsshow.tv/?CID=Feedster
User Comments	Make google.src unreadable, change default to other than google,
restart browser, change to google search -> crash. May need additional step to
actually type search word and hit enter.
Since Last Crash	478357 sec
Total Uptime	3791657 sec
Trigger Reason	Access violation
Source File, Line No.	../../../../dist/include/string\nsCharTraits.h, line 192
Stack Trace 	
nsCharTraits<unsigned short>::length 
[../../../../dist/include/string/nsCharTraits.h, line 192]
XPTC_InvokeByIndex 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp,
line 102]
XPCWrappedNative::CallMethod 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp,
line 2034]
XPC_WN_GetterSetter 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp,
line 1805]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 955]
js_InternalInvoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1049]
js_InternalGetOrSet 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1092]
js_SetProperty 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsobj.c,
line 2949]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2185]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_InternalInvoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1049]
js_InternalGetOrSet 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1092]
js_SetProperty 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsobj.c,
line 2869]
js_Interpret 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 2185]
js_Invoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 972]
js_InternalInvoke 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsinterp.c,
line 1049]
JS_CallFunctionValue 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/js/src/jsapi.c,
line 3698]
nsJSContext::CallEventHandler 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/dom/src/base/nsJSEnvironment.cpp,
line 1297]
nsJSEventListener::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/dom/src/events/nsJSEventListener.cpp,
line 184]
nsEventListenerManager::HandleEventSubType 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1454]
nsEventListenerManager::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/events/src/nsEventListenerManager.cpp,
line 1535]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2853]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
nsXULElement::HandleDOMEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/content/xul/content/src/nsXULElement.cpp,
line 2872]
PresShell::HandleDOMEventWithTarget 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6139]
nsMenuFrame::Execute 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 1677]
nsMenuFrame::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 456]
PresShell::HandleEventInternal 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6103]
PresShell::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5921]
nsViewManager::HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2321]
nsViewManager::DispatchEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsViewManager.cpp,
line 2061]
HandleEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/view/src/nsView.cpp,
line 77]
nsWindow::DispatchEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1067]
nsWindow::DispatchMouseEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5261]
ChildWindow::DispatchMouseEvent 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 5511]
nsWindow::WindowProc 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsWindow.cpp,
line 1349]
USER32.dll + 0x8734 (0x77d48734)
USER32.dll + 0x8816 (0x77d48816)
USER32.dll + 0x89cd (0x77d489cd)
USER32.dll + 0x8a10 (0x77d48a10)
nsAppShell::Run 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/widget/src/windows/nsAppShell.cpp,
line 159]
nsAppShellService::Run 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/xpfe/appshell/src/nsAppShellService.cpp,
line 495]
main 
[c:/builds/tinderbox/Fx-Aviary1.0.1/WINNT_5.2_Depend/mozilla/browser/app/nsBrowserApp.cpp,
line 58]
kernel32.dll + 0x16d4f (0x7c816d4f)
The stack is very similar to the ones in bug 299090, bug 271287, and bug 266852.
I don't think this crashes affects the new search service (it will just fail to load engines it can't read), so this bug can likely be resolved WFM. Heikki, can you confirm with a recent 1.8 branch or trunk build?
I think its safe to assume that this bug died with the old search service (readonly files load fine for me).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.