Open Bug 698247 Opened 9 years ago Updated 2 years ago

Null dereference with bad channel implementing URI in nsHTMLDocument::StartDocumentLoad


(Core :: DOM: Core & HTML, defect, P5)





(Reporter: WeirdAl, Unassigned)


(Keywords: crash)


(1 file)

I wrote a buggy nsIChannel implementation, which returned a null URI calling GetURI.  Mozilla crashed later on this line:


I have a patch for that but no active test.  My test at the time involved a JS-implemented channel.
Attachment #570527 - Flags: review?(jonas)
I would rather crash here than press on with a bogus channel impl and end up with a security hole or something...
Yeah, I think I agree with bz. Is there a particular reason you want to change this?
Oh, just a lovely little theory that I've held as an article of faith, which says JavaScript should never be able to cause a crash accidentally.

What would you say to a patch which forced a crash at the actual point (NS_RUNTIMEABORT), instead of some 70 lines later?
Given that we want to move towards implementing more stuff in JS, I don't think we can keep saying that JS should never be able to crash the browser.

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
You need to log in before you can comment on or make changes to this bug.