Closed Bug 57210 Opened 24 years ago Closed 24 years ago

If you have npjava32.dll in the Netscape 4.7x plugin dir, Mozilla crashes on startup

Categories

(Core Graveyard :: Plug-ins, defect, P1)

Product:
Core Graveyard
Component:
Plug-ins
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: kenkyee, Assigned: serhunt)

Details

(Keywords: crash, Whiteboard: [FIX IN HAND][rtm++])

Attachments

(4 files)

Patch fixing the problem
631 bytes, patch
Details | Diff | Splinter Review
dll
10.50 KB, application/octet-stream
Details
'Officially' looking patch, no typos here
836 bytes, patch
Details | Diff | Splinter Review
Patch corrected for waterson's suggestions
1.26 KB, patch
Details | Diff | Splinter Review 
As above.  The workaround is to rename npjava32.dll to something else before
starting Mozilla.  I can send my copy of npjava32.dll or my entire plugin
directory from Netscape if needed to reproduce this bug.
Netscape seems to be able to deal with renaming npjava32.dll so this is a
reasonable workaround.
This is regression introduced by fixing another bug (Mac "plugins"/"plug-ins" 
thing.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Keywords: regression, rtm
The fix is easy and perfectly safe. Just adding a check for npjava* filename.
Whiteboard: [FIX IN HAND][rtm+]

    
    

    
  
Adding ekrock.
Keywords: crash

    
  
Priority: P3 → P1

    
    

    
  
Correction. Regression was introduced when we decided not to load anything from 
the old installation except 'big three' and Java plugin. Check for npjava*.* was 
accidentally dropped in version 1.121 of nsPluginHostImpl.cpp.

    
    

    
  
Looks good.  r=edburns.

    
    

    
  
Marking [rtm need info] since I don't see a super review in here. Please mark
[rtm+] after getting one.
Whiteboard: [FIX IN HAND][rtm+] → [FIX IN HAND][rtm need info]

    
    

    
  
Hm... In fact, even without this patch no java dll should be picked from 4.x 
plugins.

Shrirang, can you reproduce the problem? I seem to loose all my old java 
plugins. Could be just invalid with current version of Mozilla.

    
    

    
  
Andrei, as you said, I lost my old java plugin and see some new files 
there(npjava130_01c.dll...). there is no npjava32.dll at all and this problem 
does not seem to happen. If I am not wrong, we stopped sniffing for java plugins 
at all on windows after it started crashing in beta1....

    
    

    
  
Reporter: if you do use one of the recent Mozilla spins, would you please send 
the dll in question to me, Shrirang or just attach it to the bug report?
Thanks.

    
    

    
  

      
      
      
      

        Attached file
          
        dll
      

    


  

    
    

    
  
Oh, this is IBM made plugin. I see the crash in PLC4.dll. Details to follow.

    
    

    
  
Please disregard all my previous comments. The problem is not with the java 
plugin itself. Any plugin can display this, and I beleive we saw this before. 
When we look through 4.x Plugins dir on start up we read all the plugins info in 
order to decide whether to ignore a specific plugin or to use it. It crashes on 
this stage, and it happens when the number of mime types listed in the plugin 
version stamp does not correspont to the number of file extensions. As I said we 
saw this with other plugins and our code is still not safe enough to deal with 
this.

I'll try to come up with the patch soon.

    
    

    
  
OK, here is one-liner which fixes the crash. So, now when the data contains less 
segments than variants it will just break off the loop.

static char** MakeStringArray(PRUint32 variants, char* data)
{
  if((variants <= 0) || (data == NULL))
    return NULL;

  char ** array = (char **)PR_Calloc(variants, sizeof(char *));
  if(array == NULL)
    return NULL;

  char * start = data;

  for(PRUint32 i = 0; variants; i++)
  {
    char * p = PL_strchr(start, '|');
    if(p != NULL)
      *p = 0;

    array[i] = PL_strdup(start);

+    if(p == NULL) // nothing more to look for
+      break;

    start = ++p;
  }
  return array;
}


    
    

    
  
This version could be safer, since there is no garantee that somewhere in the 
code it will not try to access array elemets without checking for null.

static char** MakeStringArray(PRUint32 variants, char* data)
{
  if((variants <= 0) || (data == NULL))
    return NULL;

  char ** array = (char **)PR_Calloc(variants, sizeof(char *));
  if(array == NULL)
    return NULL;

  char * start = data;

  for(PRUint32 i = 0; variants; i++)
  {
    char * p = PL_strchr(start, '|');
    if(p != NULL)
      *p = 0;

    array[i] = PL_strdup(start);

    if(p == NULL) // nothing more to look for
    {             // fill everything else with empty strings (safer?)
      for(; variants; i++)
        array[i] = PL_strdup("");
      break;
    }

    start = ++p;
  }
  return array;
}


    
    

    
  
As long as the memory gets freed, ok with me.  r=edburns.

    
    

    
  
This looks good. With respect to freeing the memory, I believe that this'll
happen in nsPluginFile::FreePluginInfo(). I only have two nits to pick:

1. Put a comment in that says something to the effect of, "although we expect
the MIME type and extension arrays to be of the same length, some plugins don't
adhere to this, so we need to be paranoid."

2. Instead of writing

   ++i;
   for (; i < variants; ++i)
     /* blah */

why not write

   while (++i < variants)
     /* blah */

(In fact, you may even want to work up a cleaner version of the patch for the
trunk that loops conditioned on the results of strchr, and then a second loop
that pads out if you've got records left over.)

Anyway, make the two changes above, and sr=waterson

    
    

    
  
Now, as I have sr=waterson, r=edburns, r=serge, I assume I can nominate it for 
rtm+. Clearing regression keyword.
Keywords: regression
Whiteboard: [FIX IN HAND][rtm need info] → [FIX IN HAND][rtm+]

    
    

    
  
rtm++
Whiteboard: [FIX IN HAND][rtm+] → [FIX IN HAND][rtm++]

    
    

    
  
Checked in to the branch.

    
    

    
  
Trunk got it too.

    
    

    
  
Matking fixed.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED

    
    

    
  
Verified that this is fixed on today's windows branch build. Adding keyword: 
vtrunk for trunk verification. Mozilla QA, to verify this bug, rename the 
attachment in this bug as "npjava32.dll' and save it in the plugins folder under 
4.x installation and launch seamonkey. There should be no crash and the browser 
should launch.
Keywords: vtrunk

    
    

    
  
shrir@netscape.com, thanks for the clear steps to verify.  I saved and renamed
the attachment to my 4.7 plugins folder and then launched Mozilla Seamonkey
without a crash.
Verified Fixed on Mozilla trunk
win32 installer build 102604 NT 4
Setting bug to Verified and removing vtrunk keyword

Status: RESOLVED → VERIFIED
Keywords: vtrunk

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: