Closed
Bug 400130
Opened 17 years ago
Closed 17 years ago
CRASH on function days-from-date() with invalid dates (month zero)
Categories
(Core Graveyard :: XForms, defect)
Core Graveyard
XForms
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: ankostis, Assigned: msterlin)
References
Details
(Keywords: fixed1.8.1.12)
Attachments
(2 files, 2 obsolete files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en; rv:1.8.1.6) Gecko/20070802 Firefox/2.0.0.6 Build Identifier: At least till: Firefox 3 GPAlpha8 Function days-from-date() crashes FF when month outside 1-12. Not tested other possible invalid date values. Aaron identified problems in C++ method: nsSchemaValidatorUtils::GetMonthShorthand Originally reported into disussion group: http://groups.google.com/group/mozilla.dev.tech.xforms/browse_thread/thread/764e96d65a66f6c7/2436a5fa4796d16f#2436a5fa4796d16f Reproducible: Always Steps to Reproduce: An XPath expression containing the next function-call would suffice to crash FF: date('2007-00-01') (Test case to be attached) Actual Results: CRASH Expected Results: Issue a xforms-compute-event (SForms 1.0-section 4.5.4)
Reporter | ||
Comment 1•17 years ago
|
||
WARNING: Firefox with the XForms add-on will CRASH when you visit this attachment.
Reporter | ||
Updated•17 years ago
|
Version: unspecified → Trunk
Comment 2•17 years ago
|
||
error "Parsing Error: not well-formed" when I load testcase
Comment 3•17 years ago
|
||
Attachment #285211 -
Attachment is obsolete: true
Updated•17 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 4•17 years ago
|
||
stack trace:
xpcom_core.dll!nsACString_internal::AssignASCII(const char * data=0x00636544) Line 370 + 0x9 C++
schemval.dll!nsSchemaValidatorUtils::GetMonthShorthand(unsigned char aMonth=0x00, nsACString_internal & aReturn={...}) Line 796 C++
> schemval.dll!nsSchemaValidator::ValidateBuiltinTypeDate(const nsAString_internal & aValue={...}, __int64 * aResult=0x0012d5e0) Line 2502 + 0x10 C++
xforms.dll!nsXFormsUtils::GetDaysFromDateTime(const nsAString_internal & aValue={...}, int * aDays=0x0012d6b8) Line 2754 + 0x31 C++
xforms.dll!nsXFormsXPathFunctions::DaysFromDate(const nsAString_internal & aDateTime={...}, double * aResult=0x04c68920) Line 126 + 0xd C++
xpcom_core.dll!NS_InvokeByIndex_P(nsISupports * that=0x04c68aa8, unsigned int methodIndex=0x00000006, unsigned int paramCount=0x00000002, nsXPTCVariant * params=0x04c68910) Line 102 C++
gklayout.dll!txXPCOMExtensionFunctionCall::evaluate(txIEvalContext * aContext=0x0012d924, txAExprResult * * aResult=0x0012d91c) Line 522 + 0x2e C++
gklayout.dll!nsXPathExpression::EvaluateWithContext(nsIDOMNode * aContextNode=0x04c8f69c, unsigned int aContextPosition=0x00000001, unsigned int aContextSize=0x00000001, unsigned short aType=0x0000, nsISupports * aInResult=0x00000000, nsISupports * * aResult=0x0012d9b0) Line 149 + 0x41 C++
xforms.dll!nsXFormsUtils::EvaluateXPath(nsIXPathEvaluatorInternal * aEvaluator=0x04c90e0c, const nsAString_internal & aExpression={...}, nsIDOMNode * aContextNode=0x04c8f69c, nsIDOMXPathNSResolver * aResolver=0x04c90e98, nsIXFormsXPathState * aState=0x04c90ff0, unsigned short aResultType=0x0000, int aContextPosition=0x00000001, int aContextSize=0x00000001, nsIDOMXPathResult * aInResult=0x00000000, nsIDOMXPathResult * * aResult=0x0012db50) Line 634 + 0x44 C++
xforms.dll!nsXFormsXPathAnalyzer::AnalyzeRecursively(nsIDOMNode * aContextNode=0x04c8f69c, const nsXFormsXPathNode * aNode=0x04c68a00, unsigned int aIndent=0x00000000, int aCollect=0x00000000) Line 199 + 0x70 C++
xforms.dll!nsXFormsXPathAnalyzer::Analyze(nsIDOMNode * aContextNode=0x04c8f69c, const nsXFormsXPathNode * aNode=0x04c689b0, nsIDOMNSXPathExpression * aExpression=0x04c6896c, const nsAString_internal * aExprString=0x0012e3dc, nsCOMArray<nsIDOMNode> * aSet=0x0012e5ac, unsigned int aPosition=0x00000001, unsigned int aSize=0x00000001, int aIncludeRoot=0x00000000) Line 95 + 0x18 C++
xforms.dll!nsXFormsModelElement::ProcessBind(nsIDOMXPathEvaluator * aEvaluator=0x04c90e08, nsIDOMNode * aContextNode=0x04c8f69c, int aContextPosition=0x00000001, int aContextSize=0x00000001, nsIDOMElement * aBindElement=0x04e0bb64, int aIsOuter=0x00000001) Line 2514 + 0x5d C++
xforms.dll!nsXFormsModelElement::ProcessBindElements() Line 2061 + 0x57 C++
xforms.dll!nsXFormsModelElement::Rebuild() Line 1070 + 0xb C++
xforms.dll!nsXFormsModelElement::HandleDefault(nsIDOMEvent * aEvent=0x04e0ca00, int * aHandled=0x0012e990) Line 948 + 0x10 C++
gklayout.dll!nsXTFElementWrapper::PostHandleEvent(nsEventChainPostVisitor & aVisitor={...}) Line 874 + 0x17 C++
Comment 5•17 years ago
|
||
I guess the problem is nsSchemaValidator::IsValidSchemaDate() returns true for '2007-00-01' date which seems to be invalid.
Assignee | ||
Comment 6•17 years ago
|
||
nsSchemaValidatorUtils::GetMaximumDayInMonthFor(PRUint32 aYearValue, PRUint8 aMonthValue) will return 28 as the maximum day of the month if the month is < 1 or > 12. For a date of '2007-00-01' 01 is <= than 28 so IsValidSchemaDate will return true. Ideally we need the schema validator to be fixed because there is no good way to work around the problem without duplicating all of the date validation code.
Assignee | ||
Comment 7•17 years ago
|
||
Check for invalid month and day values in ParseSchemaDate.
Assignee | ||
Updated•17 years ago
|
Attachment #291979 -
Flags: review?(doronr)
Updated•17 years ago
|
Attachment #291979 -
Flags: review?(doronr) → review+
Assignee | ||
Updated•17 years ago
|
Attachment #291979 -
Flags: review?(Olli.Pettay)
Comment 8•17 years ago
|
||
Comment on attachment 291979 [details] [diff] [review] patch looks ok, even GetMaximumDayInMonthFor() assumes that month can be greater than 12 but per http://www.w3.org/TR/xmlschema-2/#isoformats it seems not valid date.
Attachment #291979 -
Flags: review+
Updated•17 years ago
|
Assignee: nobody → msterlin
Updated•17 years ago
|
Attachment #291979 -
Flags: review?(Olli.Pettay) → review+
current testcase is bad xforms. Uses @ref on xf:bind instead of @nodeset. Also was applying multiple calculates to the same data node. This testcase has both of those fixed.
Attachment #285221 -
Attachment is obsolete: true
Comment 10•17 years ago
|
||
checked into trunk for msterlin
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Whiteboard: xf-to-branch
Comment 11•16 years ago
|
||
checked into 1.8 branch for msterlin
Keywords: fixed1.8.1.12
Whiteboard: xf-to-branch
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•