Closed Bug 32341 Opened 25 years ago Closed 25 years ago

Crash attempting to save Javscript: url

Categories

(Core :: DOM: Core & HTML, defect, P1)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86
All
Type:
defect

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: law, Assigned: jst)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: [nsbeta2+](to stop crash))

To reproduce: 1. Go to the page specified by this bug's URL (http://www.spe.sony.com/movies/timecode/trailer.html). 2. Right mouse click on "hi res trailer" link. 3. Choose Save Link As... from the context menu. Crashes. This is another flavor of the problem reported in bug 23690. My fix for that bug filtered the problem-causing context menu choices for javascript URLs but I didn't catch alternative spellings. Further investigation reveals that a better fail-safe fix is to avoid the crash within the JS protocol handler. Here's a patch that does that: Index: nsJSProtocolHandler.cpp =================================================================== RCS file: /cvsroot/mozilla/dom/src/jsurl/nsJSProtocolHandler.cpp,v retrieving revision 1.38 diff -r1.38 nsJSProtocolHandler.cpp 200a201 > NS_ENSURE_ARG_POINTER(notificationCallbacks); This problem exists on the tip and the beta1 branch. I will be applying that fix on the tip. I'm marking the bug beta1 so we can assess whether it's PDT+ (and should be fixed on the beta1 branch). Note that the fix is about as low-risk as you can get (simply returns an error when presented a null pointer rather than immediately turn around and try to dereference that pointer).
Adding beta1 and crash keywords. Also cc:ing stevep@slip.net since he reported this originally.
Keywords: beta1, crash
Hmm... a very tempting fix indeed. In all cases where the code would have *any* impact, the browser is about to crash, correct? If we want this in for beta1, I'd say we have to have a resolution to facilitate a checkin by Sunday night. Rick: comments? The only argument (and it is a good argument) against the checkin is that this is a very odd thing to do (re: save of JS url), and hence it should have no impact on 99.9999% of the users (minimum). My bet is that we'll just say "beta 2."
Bill, if this is the single-line check-for-null fix then we should get this in (at least) the trunk as soon as possible.
Priority: P3 → P1
Target Milestone: M15
Putting on PDT- radar for beta1.
Whiteboard: [PDT-]
Severity: normal → critical
If it's waited this long, it can wait until M16 ...
Target Milestone: M15 → M16
Adding nsbeta2 to keywords.
Keywords: nsbeta2
Whiteboard: [PDT-]
Reassigning to Clayton. Clayton, PDT asks that you find someone to land the one line fix enclosed herein. Marking nsbeta2+ to stop the crash.
Assignee: law → clayton
Whiteboard: [nsbeta2+](to stop crash)
Move to Roger
Assignee: clayton → rogerl
Assignee: rogerl → jst
-->DOM0 component owner
This doesn't crash my fresh optimized linux build but my WinNT debug build from a couple of days ago crashes, updating tree to test again...
This is as far as I can tell fixed, I tried on both linux (optmized) and WinNT (debug), buth from today, and I get the "Downloading file" dialog and then a dialog saying "Unknown error". No crash. I do see an assert on WinNT from NS_ENSURE_TRUE(callbacks, NS_ERROR_FAILURE); in nsJSProtocolhandler.cpp, line 100. Looks like the above patch was checked in at some point, and bonsai tells me that I checked in the patch, but I did that to fix bug 30372 where some odd plugin caused a crash in the same place. I'm marking this fixed since I can't reproduce this in mozilla any more.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verified with 2000-02-22-08.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.