Closed Bug 52061 Opened 25 years ago Closed 25 years ago

Crash when page is loaded. Caused by evil JavaScript code?

Categories

(Core :: Networking, defect, P3)

x86
All
defect

Tracking

()

VERIFIED DUPLICATE of bug 52397

People

(Reporter: kleist, Assigned: gagan)

References

()

Details

(Keywords: crash)

Attachments

(2 files)

Build ID: 2000090908 / RH 6.2 + glibc-2.1.3-21
Sorry, forgot talkback incident ID: TB17207107Y
Huge resource suckage due to webpage (which sadly is nothing to do with Monty Python and more to do with trouser python) launching a truckload of windows. Linux 2000091021
Browser, not engine. Will attach stack trace. Not sure which component is responsible, so will assign to Browser-General for analysis of trace -
Assignee: rogerl → asa
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Browser-General
Ever confirmed: true
QA Contact: pschwartau → doronr
(Stack trace obtained using Linux debug tip build 2000-09-13, 12PM Pacific Time) Crash also occurs on WinNT (Mozilla binary 2000091505); changing OS to "All" NOTE: IE 4.7 has no problem with this URL. The mini-window that comes up travels left to right across the screen, and appears to the eye as just one window. In Mozilla, however, you are aware of many, many windows being created. Could this bug be considered a Security issue (denial-of-service attack)? NN4.7 displays the page just as IE 4.7 does. To the eye, the child window appears as a single window moving left to right. However, if I reloaded the URL (note: this was on Linux), I kept getting a warning dialog box: Netscape: subprocess diagnostics (stdout/stderr) Warning: Name: vscroll Class: XmScrollBar The scrollbar minimum value is greater than or equal to the scrollbar maximum value. Warning: Name: vscroll Class: XmScrollBar Specified slider size is greater than the scrollbar maximum value minus the scrollbar minimum value.
OS: Linux → All
updating component and setting default owner.
Assignee: asa → rayw
Component: Browser-General → XPCOM
QA Contact: doronr → rayw
Is there more info on how to dupe this problem simply in Mozilla, i.e. open Mozilla, retrieve the following URL...
Using Mozilla tip builds 2000-09-18 7 PM Pacific Time on WinNT, Linux. To duplicate the problem: just open Mozilla and load the given URL: http://www.pythonvideo.com/ On Linux: still crashes, just a few seconds after the URL loads On WinNT: endless sequence of small windows opening; I did not wait to crash Compare: with NN4.7, you get one small window moving left to right above the main window of the URL. Not thousands of small windows opening and remaining open in the same spot. CPU does not get pegged, either.
I get the following JS errors, when running the script, which I think we need to deal with first as possibly contributing to the problem. Enabling Quirk StyleSheet Enabling Quirk StyleSheet JavaScript strict warning: line 9: function onget does not always return a value JavaScript strict warning: line 9: function onset does not always return a value JavaScript strict warning: chrome://navigator/content/navigator.js line 1970: reference to undefined property window._content.HTTPIndex Document http://www.mozilla.org/ loaded successfully JavaScript strict warning: chrome://navigator/content/navigator.js line 1970: reference to undefined property window._content.HTTPIndex JavaScript strict warning: line 84: reference to undefined property me.noDirectMatch JavaScript strict warning: line 84: reference to undefined property me.noDirectMatch JavaScript strict warning: line 84: reference to undefined property me.noDirectMatch S_OK S_OK ->>>>>>>>>>>>>> Write Clipboard to memory ->>>>>>>>>>>>>> Read Clipboard from memory JavaScript strict warning: line 79: reference to undefined property me.menuOpen JavaScript strict warning: line 179: reference to undefined property me.menuOpen JavaScript strict warning: line 84: reference to undefined property me.noDirectMatch JavaScript strict warning: line 84: reference to undefined property me.noDirectMatch JavaScript strict warning: line 84: reference to undefined property me.noDirectMatch JavaScript strict warning: line 179: reference to undefined property me.menuOpen JavaScript strict warning: line 79: reference to undefined property me.menuOpen JavaScript strict warning: line 79: reference to undefined property me.menuOpen Enabling Quirk StyleSheet WEBSHELL+ = 5 WEBSHELL+ = 6 Enabling Quirk StyleSheet Enabling Quirk StyleSheet JavaScript strict warning: chrome://navigator/content/navigator.js line 1970: reference to undefined property window._content.HTTPIndex WEBSHELL- = 5 WEBSHELL+ = 6 WEBSHELL+ = 7 Enabling Quirk StyleSheet Setting content window *** Pulling out the charset JavaScript strict warning: chrome://navigator/content/navigator.js line 433: reference to undefined property window.arguments JavaScript strict warning: chrome://navigator/content/navigator.js line 456: reference to undefined property window.arguments in SetSecurityButton WEBSHELL- = 6 WEBSHELL- = 5 WEBSHELL- = 4 WEBSHELL- = 3 WEBSHELL- = 2 Shut down app shell component {33e569b0-40f8-11d4-9a41-000064657374}, rv=0x00000000 Shut down app shell component {18c2f989-b09f-11d2-bcde-00805f0e1353}, rv=0x00000000 Reassigning to Javascript.
Assignee: rayw → rogerl
Component: XPCOM → Javascript Engine
QA Contact: rayw → pschwartau
*spam* adding crash keyword...
Keywords: crash
Using Mozilla tip builds 2000-09-21, on Linux and WinNT. Using Mozilla binaries 2000092321 on Linux, 2000092320 on WinNT. Current status: The page seems to load fine on both platforms now. We now have the correct behavior for the child window: it moves from left to right. The parent page loads without a crash, and when you dismiss the child window you do not crash. Good progress... However, if you now hit "Reload", you crash on Linux (but not on WinNT). Not getting the JavaScript errors in the console that Ray reported I have javascript.options.strict set to false in bin/defaults/pref/all.js Here is a Linux stack trace: #0 0x40a05714 in nsHTTPServerListener::OnDataAvailable (this=0x87e6878, channel=0x85e5ad4, context=0x88c5948, i_pStream=0x86d80f0, i_SourceOffset=0, i_Length=2697) at nsHTTPResponseListener.cpp:467 #1 0x4099ae3f in nsOnDataAvailableEvent::HandleEvent (this=0x422026f8) at nsAsyncStreamListener.cpp:400 #2 0x4099a0c7 in nsStreamListenerEvent::HandlePLEvent (aEvent=0x42202720) at nsAsyncStreamListener.cpp:97 #3 0x4012718e in PL_HandleEvent (self=0x42202720) at plevent.c:575 #4 0x40126fac in PL_ProcessPendingEvents (self=0x80aa1c0) at plevent.c:508 #5 0x40128df9 in nsEventQueueImpl::ProcessPendingEvents (this=0x80aa198) at nsEventQueue.cpp:356 #6 0x40c61a44 in event_processor_callback (data=0x80aa198, source=8, condition=GDK_INPUT_READ) at nsAppShell.cpp:158 #7 0x40c6167f in our_gdk_io_invoke (source=0x8149998, condition=G_IO_IN, data=0x8209ec8) at nsAppShell.cpp:58 #8 0x40e2852a in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0 #9 0x40e29be6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0 #10 0x40e2a1a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0 #11 0x40e2a341 in g_main_run () from /usr/lib/libglib-1.2.so.0 #12 0x40d54209 in gtk_main () from /usr/lib/libgtk-1.2.so.0 #13 0x40c6213a in nsAppShell::Run (this=0x810ab10) at nsAppShell.cpp:335 #14 0x407493d4 in nsAppShellService::Run (this=0x80fc7d8) at nsAppShellService.cpp:407 #15 0x805576f in main1 (argc=1, argv=0xbffffb54, nativeApp=0x0) at nsAppRunner.cpp:958 #16 0x8055e3e in main (argc=1, argv=0xbffffb54) at nsAppRunner.cpp:1139 This involves Necko functions at the top; reassigning to Networking component. Note similarity of this trace to those in bug 52949 and bug 52314.
Assignee: rogerl → gagan
Component: Javascript Engine → Networking
QA Contact: pschwartau → tever
The patch posted above prevents this crash. However, it's likely that something bigger is wrong, and my patch is probably not getting at the real problem.
*** This bug has been marked as a duplicate of 52397 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
verified dup
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: