Closed
Bug 52061
Opened 25 years ago
Closed 25 years ago
Crash when page is loaded. Caused by evil JavaScript code?
Categories
(Core :: Networking, defect, P3)
Tracking
()
People
(Reporter: kleist, Assigned: gagan)
References
()
Details
(Keywords: crash)
Attachments
(2 files)
11.98 KB,
text/plain
|
Details | |
4.44 KB,
patch
|
Details | Diff | Splinter Review |
Build ID: 2000090908 / RH 6.2 + glibc-2.1.3-21
Reporter | ||
Comment 1•25 years ago
|
||
Sorry, forgot talkback incident ID: TB17207107Y
Comment 2•25 years ago
|
||
Huge resource suckage due to webpage (which sadly is nothing to do with Monty
Python and more to do with trouser python) launching a truckload of windows.
Linux 2000091021
Comment 3•25 years ago
|
||
Browser, not engine. Will attach stack trace. Not sure which component is
responsible, so will assign to Browser-General for analysis of trace -
Assignee: rogerl → asa
Status: UNCONFIRMED → NEW
Component: Javascript Engine → Browser-General
Ever confirmed: true
QA Contact: pschwartau → doronr
Comment 4•25 years ago
|
||
Comment 5•25 years ago
|
||
(Stack trace obtained using Linux debug tip build 2000-09-13, 12PM Pacific Time)
Crash also occurs on WinNT (Mozilla binary 2000091505); changing OS to "All"
NOTE:
IE 4.7 has no problem with this URL. The mini-window that comes up travels
left to right across the screen, and appears to the eye as just one window.
In Mozilla, however, you are aware of many, many windows being created.
Could this bug be considered a Security issue (denial-of-service attack)?
NN4.7 displays the page just as IE 4.7 does. To the eye, the child window
appears as a single window moving left to right. However, if I reloaded
the URL (note: this was on Linux), I kept getting a warning dialog box:
Netscape: subprocess diagnostics (stdout/stderr)
Warning:
Name: vscroll
Class: XmScrollBar
The scrollbar minimum value is greater than or equal to the
scrollbar maximum value.
Warning:
Name: vscroll
Class: XmScrollBar
Specified slider size is greater than the scrollbar maximum value
minus the scrollbar minimum value.
OS: Linux → All
Comment 6•25 years ago
|
||
updating component and setting default owner.
Assignee: asa → rayw
Component: Browser-General → XPCOM
QA Contact: doronr → rayw
Comment 7•25 years ago
|
||
Is there more info on how to dupe this problem simply in Mozilla, i.e. open
Mozilla, retrieve the following URL...
Comment 8•25 years ago
|
||
Using Mozilla tip builds 2000-09-18 7 PM Pacific Time on WinNT, Linux.
To duplicate the problem: just open Mozilla and load the given URL:
http://www.pythonvideo.com/
On Linux: still crashes, just a few seconds after the URL loads
On WinNT: endless sequence of small windows opening; I did not wait to crash
Compare: with NN4.7, you get one small window moving left to right above
the main window of the URL. Not thousands of small windows opening
and remaining open in the same spot. CPU does not get pegged, either.
Comment 9•25 years ago
|
||
I get the following JS errors, when running the script, which I think we need to
deal with first as possibly contributing to the problem.
Enabling Quirk StyleSheet
Enabling Quirk StyleSheet
JavaScript strict warning:
line 9: function onget does not always return a value
JavaScript strict warning:
line 9: function onset does not always return a value
JavaScript strict warning:
chrome://navigator/content/navigator.js line 1970: reference to undefined
property window._content.HTTPIndex
Document http://www.mozilla.org/ loaded successfully
JavaScript strict warning:
chrome://navigator/content/navigator.js line 1970: reference to undefined
property window._content.HTTPIndex
JavaScript strict warning:
line 84: reference to undefined property me.noDirectMatch
JavaScript strict warning:
line 84: reference to undefined property me.noDirectMatch
JavaScript strict warning:
line 84: reference to undefined property me.noDirectMatch
S_OK
S_OK
->>>>>>>>>>>>>> Write Clipboard to memory
->>>>>>>>>>>>>> Read Clipboard from memory
JavaScript strict warning:
line 79: reference to undefined property me.menuOpen
JavaScript strict warning:
line 179: reference to undefined property me.menuOpen
JavaScript strict warning:
line 84: reference to undefined property me.noDirectMatch
JavaScript strict warning:
line 84: reference to undefined property me.noDirectMatch
JavaScript strict warning:
line 84: reference to undefined property me.noDirectMatch
JavaScript strict warning:
line 179: reference to undefined property me.menuOpen
JavaScript strict warning:
line 79: reference to undefined property me.menuOpen
JavaScript strict warning:
line 79: reference to undefined property me.menuOpen
Enabling Quirk StyleSheet
WEBSHELL+ = 5
WEBSHELL+ = 6
Enabling Quirk StyleSheet
Enabling Quirk StyleSheet
JavaScript strict warning:
chrome://navigator/content/navigator.js line 1970: reference to undefined
property window._content.HTTPIndex
WEBSHELL- = 5
WEBSHELL+ = 6
WEBSHELL+ = 7
Enabling Quirk StyleSheet
Setting content window
*** Pulling out the charset
JavaScript strict warning:
chrome://navigator/content/navigator.js line 433: reference to undefined
property window.arguments
JavaScript strict warning:
chrome://navigator/content/navigator.js line 456: reference to undefined
property window.arguments
in SetSecurityButton
WEBSHELL- = 6
WEBSHELL- = 5
WEBSHELL- = 4
WEBSHELL- = 3
WEBSHELL- = 2
Shut down app shell component {33e569b0-40f8-11d4-9a41-000064657374},
rv=0x00000000
Shut down app shell component {18c2f989-b09f-11d2-bcde-00805f0e1353},
rv=0x00000000
Reassigning to Javascript.
Assignee: rayw → rogerl
Component: XPCOM → Javascript Engine
QA Contact: rayw → pschwartau
Comment 11•25 years ago
|
||
Using Mozilla tip builds 2000-09-21, on Linux and WinNT.
Using Mozilla binaries 2000092321 on Linux, 2000092320 on WinNT.
Current status: The page seems to load fine on both platforms now.
We now have the correct behavior for the child window: it moves from left
to right. The parent page loads without a crash, and when you dismiss the
child window you do not crash. Good progress...
However, if you now hit "Reload", you crash on Linux (but not on WinNT).
Not getting the JavaScript errors in the console that Ray reported
I have javascript.options.strict set to false in bin/defaults/pref/all.js
Here is a Linux stack trace:
#0 0x40a05714 in nsHTTPServerListener::OnDataAvailable (this=0x87e6878,
channel=0x85e5ad4, context=0x88c5948,
i_pStream=0x86d80f0, i_SourceOffset=0, i_Length=2697) at
nsHTTPResponseListener.cpp:467
#1 0x4099ae3f in nsOnDataAvailableEvent::HandleEvent (this=0x422026f8) at
nsAsyncStreamListener.cpp:400
#2 0x4099a0c7 in nsStreamListenerEvent::HandlePLEvent (aEvent=0x42202720) at
nsAsyncStreamListener.cpp:97
#3 0x4012718e in PL_HandleEvent (self=0x42202720) at plevent.c:575
#4 0x40126fac in PL_ProcessPendingEvents (self=0x80aa1c0) at plevent.c:508
#5 0x40128df9 in nsEventQueueImpl::ProcessPendingEvents (this=0x80aa198) at
nsEventQueue.cpp:356
#6 0x40c61a44 in event_processor_callback (data=0x80aa198, source=8,
condition=GDK_INPUT_READ) at nsAppShell.cpp:158
#7 0x40c6167f in our_gdk_io_invoke (source=0x8149998, condition=G_IO_IN,
data=0x8209ec8) at nsAppShell.cpp:58
#8 0x40e2852a in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#9 0x40e29be6 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#10 0x40e2a1a1 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#11 0x40e2a341 in g_main_run () from /usr/lib/libglib-1.2.so.0
#12 0x40d54209 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#13 0x40c6213a in nsAppShell::Run (this=0x810ab10) at nsAppShell.cpp:335
#14 0x407493d4 in nsAppShellService::Run (this=0x80fc7d8) at
nsAppShellService.cpp:407
#15 0x805576f in main1 (argc=1, argv=0xbffffb54, nativeApp=0x0) at
nsAppRunner.cpp:958
#16 0x8055e3e in main (argc=1, argv=0xbffffb54) at nsAppRunner.cpp:1139
This involves Necko functions at the top; reassigning to Networking component.
Note similarity of this trace to those in bug 52949 and bug 52314.
Assignee: rogerl → gagan
Component: Javascript Engine → Networking
QA Contact: pschwartau → tever
Comment 12•25 years ago
|
||
Comment 13•25 years ago
|
||
The patch posted above prevents this crash. However, it's likely that
something bigger is wrong, and my patch is probably not getting at the
real problem.
Comment 14•25 years ago
|
||
*** This bug has been marked as a duplicate of 52397 ***
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•