Open Bug 698247 Opened 9 years ago Updated 2 years ago

Null dereference with bad channel implementing URI in nsHTMLDocument::StartDocumentLoad

Categories

(Core :: DOM: Core & HTML, defect, P5)

defect

Tracking

()

People

(Reporter: WeirdAl, Unassigned)

Details

(Keywords: crash)

Attachments

(1 file)

I wrote a buggy nsIChannel implementation, which returned a null URI calling GetURI.  Mozilla crashed later on this line:

uri->GetScheme(scheme);

I have a patch for that but no active test.  My test at the time involved a JS-implemented channel.
Attachment #570527 - Flags: review?(jonas)
I would rather crash here than press on with a bogus channel impl and end up with a security hole or something...
Yeah, I think I agree with bz. Is there a particular reason you want to change this?
Oh, just a lovely little theory that I've held as an article of faith, which says JavaScript should never be able to cause a crash accidentally.

What would you say to a patch which forced a crash at the actual point (NS_RUNTIMEABORT), instead of some 70 lines later?
Given that we want to move towards implementing more stuff in JS, I don't think we can keep saying that JS should never be able to crash the browser.
https://bugzilla.mozilla.org/show_bug.cgi?id=1472046

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.