Closed Bug 31707 Opened 24 years ago Closed 24 years ago

Crash when logging into hotoffice.com

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED FIXED

People

(Reporter: ppandit, Assigned: norrisboyd)

Details

(Whiteboard: fix in hand)

Using debug build from 3/13/00 on Windows NT 4.0

1) Started mozilla.exe
2) Went to www.hotoffice.com (create an account if necessary) 
3) Login (enter the fields and hit SUBMIT button)
4) Click cancel on dialog that asks if it should save username and password
5) Crash happens immediately
Unhandled exception in mozilla.exe (CAPS.DLL) 0xC0000005 Access Violation

Here is the trace:
nsCodebasePrincipal::Init(nsIURI * 0x00000000) line 237 + 7 bytes
nsScriptSecurityManager::GetCodebasePrincipal(nsScriptSecurityManager * const 
0x01442b00, nsIURI * 0x00000000, nsIPrincipal * * 0x0012d8f0) line 617 + 12 
bytes
nsJSProtocolHandler::NewChannel(nsJSProtocolHandler * const 0x07f53800, const 
char * 0x003805b8, nsIURI * 0x07f57050, nsILoadGroup * 0x07f55960, 
nsIInterfaceRequestor * 0x07f56260, unsigned int 0, nsIURI * 0x00000000, 
unsigned int 0, unsigned int 0, nsIChannel * * 0x0012dbfc) line 240 + 68 bytes
nsIOService::NewChannelFromURI(nsIOService * const 0x013760c0, const char * 
0x003805b8, nsIURI * 0x07f57050, nsILoadGroup * 0x07f55960, 
nsIInterfaceRequestor * 0x07f56260, unsigned int 0, nsIURI * 0x00000000, 
unsigned int 0, unsigned int 0, nsIChannel * * 0x0012dbfc) line 241 + 59 bytes
nsWebShell::DoLoadURL(nsIURI * 0x07f57050, const char * 0x003805b8, 
nsIInputStream * 0x00000000, unsigned int 0, const unsigned int 0, const 
unsigned short * 0x00000000, const char * 0x00000000, int 1) line 1203 + 117 
bytes
nsWebShell::LoadURI(nsWebShell * const 0x07f56320, nsIURI * 0x07f57050, const 
char * 0x003805b8, nsIInputStream * 0x00000000, int 1, unsigned int 0, const 
unsigned int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000, 
const char * 0x00000000) line 1483 + 44 bytes
nsWebShell::LoadURL(nsWebShell * const 0x07f56320, const unsigned short * 
0x07f55ef0, const char * 0x003805b8, nsIInputStream * 0x00000000, int 1, 
unsigned int 0, const unsigned int 0, nsISupports * 0x00000000, const unsigned 
short * 0x00000000, const char * 0x00000000) line 1766 + 53 bytes
nsWebShell::LoadURL(nsWebShell * const 0x07f56320, const unsigned short * 
0x07f55ef0, nsIInputStream * 0x00000000, int 1, unsigned int 0, const unsigned 
int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000) line 994
nsWebShell::LoadURI(nsWebShell * const 0x07f5624c, const unsigned short * 
0x07f55ef0) line 1305
nsHTMLFrameInnerFrame::Reflow(nsHTMLFrameInnerFrame * const 0x00ef1a90, 
nsIPresContext * 0x07cd0430, nsHTMLReflowMetrics & {...}, const 
nsHTMLReflowState & {...}, unsigned int & 0) line 911
nsContainerFrame::ReflowChild(nsIFrame * 0x00ef1a90, nsIPresContext * 
0x07cd0430, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 646 + 31 bytes
nsHTMLFrameOuterFrame::Reflow(nsHTMLFrameOuterFrame * const 0x00ef1a20, 
nsIPresContext * 0x07cd0430, nsHTMLReflowMetrics & {...}, const 
nsHTMLReflowState & {...}, unsigned int & 0) line 377
nsContainerFrame::ReflowChild(nsIFrame * 0x00ef1a20, nsIPresContext * 
0x07cd0430, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 4905, unsigned int 0, unsigned int & 0) line 646 + 31 bytes
nsHTMLFramesetFrame::ReflowPlaceChild(nsIFrame * 0x00ef1a20, nsIPresContext * 
0x07cd0430, const nsHTMLReflowState & {...}, nsPoint & {...}, nsSize & {...}, 
nsPoint * 0x0012e8f4) line 815
nsHTMLFramesetFrame::Reflow(nsHTMLFramesetFrame * const 0x00ef18e8, 
nsIPresContext * 0x07cd0430, nsHTMLReflowMetrics & {...}, const 
nsHTMLReflowState & {...}, unsigned int & 0) line 1177
nsBlockReflowContext::ReflowBlock(nsIFrame * 0x00ef18e8, const nsRect & {...}, 
int 1, int 0, int 1, nsMargin & {...}, unsigned int & 0) line 449 + 45 bytes
nsBlockFrame::ReflowBlockFrame(nsBlockReflowState & {...}, nsLineBox * 
0x00ef19bc, int * 0x0012eec8) line 3534 + 59 bytes
nsBlockFrame::ReflowLine(nsBlockReflowState & {...}, nsLineBox * 0x00ef19bc, int 
* 0x0012eec8, int 0) line 2847 + 23 bytes
nsBlockFrame::ReflowDirtyLines(nsBlockReflowState & {...}) line 2654 + 27 bytes
nsBlockFrame::Reflow(nsBlockFrame * const 0x00ef1860, nsIPresContext * 
0x07cd0430, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 1573 + 15 bytes
nsAreaFrame::Reflow(nsAreaFrame * const 0x00ef1860, nsIPresContext * 0x07cd0430, 
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) 
line 272 + 25 bytes
nsContainerFrame::ReflowChild(nsIFrame * 0x00ef1860, nsIPresContext * 
0x07cd0430, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 646 + 31 bytes
RootFrame::Reflow(RootFrame * const 0x00ef1824, nsIPresContext * 0x07cd0430, 
nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, unsigned int & 0) 
line 331
nsContainerFrame::ReflowChild(nsIFrame * 0x00ef1824, nsIPresContext * 
0x07cd0430, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, int 0, 
int 0, unsigned int 0, unsigned int & 0) line 646 + 31 bytes
ViewportFrame::Reflow(ViewportFrame * const 0x00ef17e8, nsIPresContext * 
0x07cd0430, nsHTMLReflowMetrics & {...}, const nsHTMLReflowState & {...}, 
unsigned int & 0) line 531
PresShell::InitialReflow(PresShell * const 0x07d04380, int 6900, int 4920) line 
1282
HTMLContentSink::StartLayout() line 3063
HTMLContentSink::CloseFrameset(HTMLContentSink * const 0x07cd74c0, const 
nsIParserNode & {...}) line 2848
CNavDTD::CloseFrameset(const nsIParserNode * 0x07d02480) line 2829 + 31 bytes
CNavDTD::CloseContainer(const nsIParserNode * 0x07d02480, nsHTMLTag 
eHTMLTag_frameset, int 0) line 2996 + 12 bytes
CNavDTD::CloseContainersTo(int 1, nsHTMLTag eHTMLTag_frameset, int 0) line 3041 
+ 20 bytes
CNavDTD::CloseContainersTo(nsHTMLTag eHTMLTag_frameset, int 0) line 3209 + 20 
bytes
CNavDTD::HandleEndToken(CToken * 0x06f09430) line 1642 + 20 bytes
CNavDTD::HandleToken(CNavDTD * const 0x07d02870, CToken * 0x06f09430, nsIParser 
* 0x07cd0100) line 770 + 12 bytes
CNavDTD::BuildModel(CNavDTD * const 0x07d02870, nsIParser * 0x07cd0100, 
nsITokenizer * 0x07d066b0, nsITokenObserver * 0x00000000, nsIContentSink * 
0x07cd74c0) line 504 + 20 bytes
nsParser::BuildModel() line 1265 + 34 bytes
nsParser::ResumeParse(int 1, int 0) line 1150 + 11 bytes
nsParser::OnDataAvailable(nsParser * const 0x07cd0104, nsIChannel * 0x08d44c90, 
nsISupports * 0x00000000, nsIInputStream * 0x07ca37b4, unsigned int 0, unsigned 
int 372) line 1560 + 19 bytes
nsDocumentOpenInfo::OnDataAvailable(nsDocumentOpenInfo * const 0x08cc6b10, 
nsIChannel * 0x08d44c90, nsISupports * 0x00000000, nsIInputStream * 0x07ca37b4, 
unsigned int 0, unsigned int 372) line 267 + 46 bytes
InterceptStreamListener::OnDataAvailable(InterceptStreamListener * const 
0x07ca37b0, nsIChannel * 0x08d44c90, nsISupports * 0x00000000, nsIInputStream * 
0x07cc05dc, unsigned int 0, unsigned int 372) line 1127
nsHTTPServerListener::OnDataAvailable(nsHTTPServerListener * const 0x07cc0cc0, 
nsIChannel * 0x08d42474, nsISupports * 0x08d44c90, nsIInputStream * 0x07cc05dc, 
unsigned int 0, unsigned int 372) line 343 + 58 bytes
nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x07ca3760) 
line 384 + 47 bytes
nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x07ca3890) line 97 + 12 bytes
PL_HandleEvent(PLEvent * 0x07ca3890) line 563 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00ff7c40) line 508 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x2fee03b2, unsigned int 49408, unsigned int 0, 
long 16743488) line 1018 + 9 bytes
USER32! 77e71820()
00ff7c40()
I created an account:

CompanyID : MozillaTesting
userID : rogerl
password : password

when you get to the 'wizard' just cancel it out to get the crash.
Assignee: rogerl → norris
Component: Javascript Engine → Security: General
QA Contact: rginda → junruh
Status: NEW → ASSIGNED
Whiteboard: fix in hand
Target Milestone: --- → M15
Fixed:
Checking in dom/src/jsurl/nsJSProtocolHandler.cpp;
/m/pub/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp,v <-- nsJSProtocolHandler
.cpp
new revision: 1.39; previous revision: 1.38
done
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified fixed.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.