Closed Bug 553982 Opened 14 years ago Closed 14 years ago

myvidoop.com login broken on trunk

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
blocking2.0 --- beta2+

People

(Reporter: hsivonen, Assigned: bholley)

References

(
URL
)

Details

(Whiteboard: [decodeondraw])

Attachments

(2 files, 2 obsolete files)

Standalone testcase, no php server needed
325 bytes, text/html
Details
patch v2
2.78 KB, patch
joe
: review+
Details | Diff | Splinter Review 
Steps to reproduce:
 1) Make sure you have a myvidoop.com account.
 2) Go to https://myvidoop.com/login (old parser or HTML5 parser doesn't make a difference here)
 3) Enter your userid.
 4) Press the button.

Actual results:
A DHTML box comes up, but it's horizontally collapsed, so you don't see any useful content in the box and can't interact with it.

Expected results:
Expected the DHTML box to contain the next step of the login process (either a request form for browser activation code or a grid of 9 images depending on whether you already have the activation cookie).

Additional info:
Works in Firefox 3.5.
Can you give me a usable userid to reproduce this?  (Obviously I don't need a password.)
The user id hsivonen takes you to the buggy page.
Interesting.  On trunk, I get the same behavior no matter what I put in the username field.
Regression range on m-c on Mac: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ff3496b1f6c7&tochange=bf0fdec8f43b

I have no idea why the imagelib changes would have affected this....
blocking2.0: --- → ?
Component: General → ImageLib
QA Contact: general → imagelib
We need to figure out how decode-on-draw broke this.
blocking2.0: ? → beta1+
Whiteboard: [decodeondraw]
blocking2.0: beta1+ → beta2+
I investigated this this afternoon. In a pre-decode-on-draw nightly, entering a bogus username and hitting submit sends your browser to a new page. In a post-decode-on-draw nightly, entering a bogus username and hitting submit opens up a broken and unreadable DHTML window.

In a nutshell, the site seems to be doing a bunch of really funky conditional stuff based on the loading of images and flash objects in pursuit of security. It's not clear to me how effective this is, because I don't understand what they're trying to do.

The relevant code is here (see the onsubmit handler):
https://myvidoop.com/js/vidsec_grid.js

I've sent an email to the parent company to see if I can get in touch with an engineer. Hopefully I'll hear back soon.
Assignee: nobody → bobbyholley+bmo
Attached file Test case (obsolete) — 
blank.php must have no characters in it.

Try http://stechz.com/scratch/testimage.php to see test case in action.

        Attachment #455511 -
        Attachment is obsolete: true

    
    

    
  
Figured this out.

Normally a bogus image (for example, <img src="foo.html">) will trigger onerror, because the first few bytes fail to sniff to a usable mimetype in OnDataAvailable(), which throws subsequently throws an error. However, If there are actually zero bytes of data, OnDataAvailable() never gets called, and we jump straight to OnStopRequest().

In 1.9.2, we checked in OnStopRequest to make sure that we had actually instantiated mImage:

http://hg.mozilla.org/releases/mozilla-1.9.2/file/09e35043fedb/modules/libpr0n/src/imgRequest.cpp#l847

However, this check got lost during the rewrite:
http://hg.mozilla.org/mozilla-central/file/f67e48bacc76/modules/libpr0n/src/imgRequest.cpp#l1011

I've written a one-line patch that adds the check. It fixes the myvidoop issue. I'm going to add in a mochitest and then put it up for review.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch v1 (obsolete)
        — Splinter Review
      

    


  
Added a patch with tests. Flagging joe for review.

pushed to try as 132d1e5a9ca1

        Attachment #455585 -
        Flags: review?(joe)

    
    

    
  
That test will pass if neither event fires.  It might be better to have the test structured by having a boolean defaulting false that the correct event will set to true and then in the page onload asserting the boolean is true.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch v2Splinter Review
      

    


  
Updated patch to address bz's concerns.

        Attachment #455585 -
        Attachment is obsolete: true

        Attachment #455637 -
        Flags: review?(joe)

        Attachment #455585 -
        Flags: review?(joe)

    
    

    
  
This looks green on try. I'll push it as soon as I get review from joe.

        Attachment #455637 -
        Flags: review?(joe) → review+

    
    

    
  
pushed to mozilla-central:

http://hg.mozilla.org/mozilla-central/rev/4e1d168e50cf

Resolving fixed.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Depends on: 584092

    
  
No longer depends on: 584092

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: