Closed
Bug 404818
Opened 18 years ago
Closed 17 years ago
XMLHttpRequest crashes on file retrieval [@ nsCrossSiteListenerProxy::nsCrossSiteListenerProxy]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 392322
People
(Reporter: aaronr, Assigned: aaronr)
References
()
Details
Attachments
(1 file)
|
1.41 KB,
patch
|
Details | Diff | Splinter Review |
An XForms user found this bug and I've debugged it down to a failure in nsXMLHttpRequest dealing with security principals.
It is pretty simple, inside XForms a form author can define a schema file on a xforms:model element that we can then validate xforms instance data against. This simple testcase crashes during the parsing of the xforms document. Through XTF we know that the model element's end tag has been reached (the DoneAddingChildren notification) so we look for the schema attribute on the xforms:model element and try to load the file through webservices's nsSchemaLoader::LoadAsync. The schema loader uses nsIXMLHttpRequest to load the file. It first creates an instance of the request, then calls OpenRequest, overrides the mime type to make sure it is application/xml and then calls request->Send. Inside nsXMLHttpRequest::Send, it tries to create a new nsCrossSiteListenerProxy object, passing in mPrincipal. However, mPrincipal is nsnull. mPrincipal should have been setup during the nsXMLHttpRequest::OpenRequest, but upon debugging I saw that secMan->GetSubjectPrincipal is returning nsnull. Inside GetSubjectPrincipal it is returning nsnull because the call to GetCurrentJSContext comes back with nothing.
Here is the call stack of the crash:
> gklayout.dll!nsCrossSiteListenerProxy::nsCrossSiteListenerProxy(nsIStreamListener * aOuter=0x04ab07c8, nsIPrincipal * aRequestingPrincipal=0x00000000) Line 65 + 0x1e bytes C++
gklayout.dll!nsXMLHttpRequest::Send(nsIVariant * aBody=0x00000000) Line 2022 + 0x39 bytes C++
websrvcs.dll!nsSchemaLoader::LoadAsync(const nsAString_internal & schemaURI={...}, nsISchemaLoadListener * aListener=0x04aa0a9c) Line 747 + 0x24 bytes C++
xforms.dll!nsXFormsModelElement::InitializeInstances() Line 852 + 0x66 bytes C++
xforms.dll!nsXFormsModelElement::DoneAddingChildren() Line 760 C++
gklayout.dll!nsXTFElementWrapper::DoneAddingChildren(int aHaveNotified=0) Line 509 C++
gklayout.dll!nsXMLContentSink::CloseElement(nsIContent * aContent=0x04a9b2f8) Line 591 C++
gklayout.dll!nsXMLContentSink::HandleEndElement(const unsigned short * aName=0x04a988f0, int aInterruptable=1) Line 1130 + 0x16 bytes C++
gklayout.dll!nsXMLContentSink::HandleEndElement(const unsigned short * aName=0x04a988f0) Line 1096 C++
gkparser.dll!nsExpatDriver::HandleEndElement(const unsigned short * aValue=0x04a988f0) Line 438 + 0x20 bytes C++
gkparser.dll!Driver_HandleEndElement(void * aUserData=0x04a484a8, const unsigned short * aName=0x04a988f0) Line 106 C++
gkparser.dll!doContent(XML_ParserStruct * parser=0x04921770, int startTagLevel=0, const encoding * enc=0x01bd21f0, const char * s=0x04970174, const char * end=0x049701ea, const char * * nextPtr=0x0012f4e4, unsigned char haveMore='') Line 2550 + 0x16 bytes C
gkparser.dll!contentProcessor(XML_ParserStruct * parser=0x04921770, const char * start=0x0496febc, const char * end=0x049701ea, const char * * endPtr=0x0012f4e4) Line 2095 + 0x31 bytes C
gkparser.dll!doProlog(XML_ParserStruct * parser=0x04921770, const encoding * enc=0x01bd21f0, const char * s=0x0496febc, const char * end=0x049701ea, int tok=29, const char * next=0x0496febc, const char * * nextPtr=0x0012f4e4, unsigned char haveMore='') Line 4075 + 0x15 bytes C
gkparser.dll!prologProcessor(XML_ParserStruct * parser=0x04921770, const char * s=0x0496fd70, const char * end=0x049701ea, const char * * nextPtr=0x0012f4e4) Line 3810 + 0x37 bytes C
gkparser.dll!prologInitProcessor(XML_ParserStruct * parser=0x04921770, const char * s=0x0496fd70, const char * end=0x049701ea, const char * * nextPtr=0x0012f4e4) Line 3626 + 0x15 bytes C
gkparser.dll!MOZ_XML_Parse(XML_ParserStruct * parser=0x04921770, const char * s=0x0496fd70, int len=1146, int isFinal=0) Line 1528 + 0x2a bytes C
gkparser.dll!nsExpatDriver::ParseBuffer(const unsigned short * aBuffer=0x0496fd70, unsigned int aLength=573, int aIsFinal=0, unsigned int * aConsumed=0x0012f6dc) Line 989 + 0x1a bytes C++
gkparser.dll!nsExpatDriver::ConsumeToken(nsScanner & aScanner={...}, int & aFlushTokens=0) Line 1095 C++
gkparser.dll!nsParser::Tokenize(int aIsFinalChunk=0) Line 2372 + 0x21 bytes C++
gkparser.dll!nsParser::ResumeParse(int allowIteration=1, int aIsFinalChunk=0, int aCanInterrupt=1) Line 1598 + 0x1b bytes C++
gkparser.dll!nsParser::OnDataAvailable(nsIRequest * request=0x04a0d3a8, nsISupports * aContext=0x00000000, nsIInputStream * pIStream=0x049216e8, unsigned int sourceOffset=0, unsigned int aLength=573) Line 2236 + 0x17 bytes C++
docshell.dll!nsDocumentOpenInfo::OnDataAvailable(nsIRequest * request=0x04a0d3a8, nsISupports * aCtxt=0x00000000, nsIInputStream * inStr=0x049216e8, unsigned int sourceOffset=0, unsigned int count=573) Line 306 + 0x30 bytes C++
necko.dll!nsStreamListenerTee::OnDataAvailable(nsIRequest * request=0x04a0d3a8, nsISupports * context=0x00000000, nsIInputStream * input=0x0498f5f0, unsigned int offset=0, unsigned int count=573) Line 97 + 0x35 bytes C++
necko.dll!nsHttpChannel::OnDataAvailable(nsIRequest * request=0x0493d470, nsISupports * ctxt=0x00000000, nsIInputStream * input=0x0498f5f0, unsigned int offset=0, unsigned int count=573) Line 4497 + 0x5d bytes C++
necko.dll!nsInputStreamPump::OnStateTransfer() Line 508 + 0x40 bytes C++
necko.dll!nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream * stream=0x0498f5f0) Line 398 + 0xb bytes C++
xpcom_core.dll!nsInputStreamReadyEvent::Run() Line 112 C++
xpcom_core.dll!nsThread::ProcessNextEvent(int mayWait=1, int * result=0x0012f9ac) Line 491 C++
xpcom_core.dll!NS_ProcessNextEvent_P(nsIThread * thread=0x00bcd080, int mayWait=1) Line 227 + 0x16 bytes C++
gkwidget.dll!nsBaseAppShell::Run() Line 154 + 0xc bytes C++
tkitcmps.dll!nsAppStartup::Run() Line 170 + 0x1c bytes C++
xul.dll!XRE_main(int argc=1, char * * argv=0x00bc9a50, const nsXREAppData * aAppData=0x00bc9e28) Line 3142 + 0x25 bytes C++
seamonkey.exe!main(int argc=1, char * * argv=0x00bc9a50) Line 99 + 0x12 bytes C++
seamonkey.exe!__tmainCRTStartup() Line 586 + 0x19 bytes C
seamonkey.exe!mainCRTStartup() Line 403 C
kernel32.dll!7c816fd7()
[Frames below may be incorrect and/or missing, no symbols loaded for kernel32.dll]
js3250.dll!js_DeleteProperty(JSContext * cx=0x0075006c, JSObject * obj=0x002c0073, long id=7471216, long * rval=0x0063006f) Line 3938 + 0x2a bytes C
js3250.dll!js_DeleteProperty(JSContext * cx=0x0075006c, JSObject * obj=0x005f0073, long id=3473462, long * rval=0x00350039) Line 3938 + 0x2a bytes C
js3250.dll!js_DeleteProperty(JSContext * cx=0x0075006c, JSObject * obj=0x005f0073, long id=3473462, long * rval=0x00350039) Line 3938 + 0x2a bytes C
js3250.dll!js_DeleteProperty(JSContext * cx=0x00360062, JSObject * obj=0x00310034, long id=3407924, long * rval=0x00630063) Line 3938 + 0x2a bytes C
Posted testcase link in URL field. Requires XForms and webservices to be built on trunk to recreate, but bug not really related to either, I don't think. Could recreate with any c++ extension, I'd think.
|
||
Comment 2•18 years ago
|
||
This is basically bug 392322 (even to the nearly-identical summary).
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
|
|
||
Comment 3•17 years ago
|
||
The crash is fixed, but the code needs to Init() the XMLHttpRequest to work right. See bug 392322 comment 23.
I'll reopen this bug and change the title to account for the fact that this bug will no longer be about a crash but instead focuses on the fact that nsSchemaLoader::LoadAsync no longer works.
Assignee: nobody → aaronr
Status: RESOLVED → ASSIGNED
Resolution: DUPLICATE → ---
Summary: XMLHttpRequest crashes on file retrieval [@ nsCrossSiteListenerProxy::nsCrossSiteListenerProxy] → nsSchemaLoader::LoadAsync fails
Please file another bug for that... This one is fixed.
pain in the arse to recreate all of this history in another bug, but fine. Putting everything back the way it was.
Status: ASSIGNED → RESOLVED
Closed: 18 years ago → 17 years ago
Resolution: --- → DUPLICATE
Summary: nsSchemaLoader::LoadAsync fails → XMLHttpRequest crashes on file retrieval [@ nsCrossSiteListenerProxy::nsCrossSiteListenerProxy]
Oh, crap, I thought this was bug 392322... They both have the same summary :( Sorry about that aaron!
|
||
Updated•12 years ago
|
Component: DOM: Mozilla Extensions → DOM
|
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•