Closed Bug 390938 Opened 17 years ago Closed 17 years ago

[FIX]Crash [@ nsGopherContentStream::SendRequest()] with gopher iframe and removing it

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.9alpha8

People

(Reporter: martijn.martijn, Assigned: bzbarsky)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files)

testcase
354 bytes, text/html
Details
Fix
1.27 KB, patch
Biesinger
: review+
Biesinger
: superreview+
benjamin
: approval1.9+
Details | Diff | Splinter Review
Attached file testcase 
See testcase, which crashes current trunk builds on load.
It doesn't crash with branch builds. It seems an old regression, somewhere between 2005-10-01 and 2005-11-01.

The iframe content consists of this:
<html><head></head>
<body>
<iframe src="gopher://t"></iframe>
<script>
window.frameElement.parentNode.removeChild(window.frameElement);
</script>
</body>
</html>

http://crash-stats.mozilla.com/report/index/41e42787-42aa-11dc-9318-001a4bd43ed6
0  	nsGopherContentStream::SendRequest()  	 e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\netwerk\protocol\gopher\src\nsgopherchannel.cpp:419
1 	nsGopherContentStream::OnSocketWritable() 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\netwerk\protocol\gopher\src\nsgopherchannel.cpp:235
2 	nsGopherContentStream::OnOutputStreamReady(nsIAsyncOutputStream*) 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\netwerk\protocol\gopher\src\nsgopherchannel.cpp:163
3 	nsInputStreamReadyEvent::Run() 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\xpcom\io\nsstreamutils.cpp:111
4 	nsThread::ProcessNextEvent(int, int*) 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\xpcom\threads\nsthread.cpp:490
5 	NS_ProcessNextEvent_P(nsIThread*, int) 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\obj-fx-trunk\xpcom\build\nsthreadutils.cpp:227
6 	nsBaseAppShell::Run() 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\widget\src\xpwidgets\nsbaseappshell.cpp:154
7 	nsAppStartup::Run() 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\toolkit\components\startup\src\nsappstartup.cpp:170
8 	XRE_main 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\toolkit\xre\nsapprunner.cpp:3057
9 	main 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\browser\app\nsbrowserapp.cpp:153
10 	WinMain 	e:\builds\tinderbox\fx-trunk\winnt_5.2_depend\mozilla\browser\app\nsbrowserapp.cpp:166
11 	__tmainCRTStartup 	f:\rtm\vctools\crt_bld\self_x86\crt\src\crtexe.c:578
12 	BaseProcessStart
I got another, probably better regression range here (tested with SeaMonkey). For me this regressed between 2005-11-12-10 and 2005-11-13-08. The only netwerk/ check-in in that time frame was Bug 312760.
Yeah, this is a regression from bug 312760.
Blocks: basechannel
Attached patch FixSplinter Review 
Assignee: nobody → bzbarsky
Status: NEW → ASSIGNED

        Attachment #275319 -
        Flags: superreview?(cbiesinger)

        Attachment #275319 -
        Flags: review?(cbiesinger)

    
  
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Summary: Crash [@ nsGopherContentStream::SendRequest()] with gopher iframe and removing it → [FIX]Crash [@ nsGopherContentStream::SendRequest()] with gopher iframe and removing it
Target Milestone: --- → mozilla1.9 M8

        Attachment #275319 -
        Flags: superreview?(cbiesinger)

        Attachment #275319 -
        Flags: superreview+

        Attachment #275319 -
        Flags: review?(cbiesinger)

        Attachment #275319 -
        Flags: review+

    
    

    
  
Comment on attachment 275319 [details] [diff] [review]
Fix

This is a very simple fix for a null-dereference crash.  All the patch does is detect the null pointer (which corresponds to an error status for the gopher channel) and bail out. In due course, we report the error to the consumer (uriloader in this case).

        Attachment #275319 -
        Flags: approval1.9?

    
    

    
  
Comment on attachment 275319 [details] [diff] [review]
Fix

a=me, though we should just remove gopher ;-)

        Attachment #275319 -
        Flags: approval1.9? → approval1.9+

    
    

    
  
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED

    
    

    
  
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a8pre) Gecko/2007082111 Minefield/3.0a8pre
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsGopherContentStream::SendRequest()]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: