Closed Bug 73845 Opened 24 years ago Closed 23 years ago

stdURL parsing is broken.

Categories

(Core :: Networking, defect, P1)

Product:
Core
Component:
Networking
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.2

People

(Reporter: jud, Assigned: dougt)

References

(
URL
)

Details

(Keywords: crash, Whiteboard: PDT+, critical for 0.9.2; ready for checkin)

Attachments

(3 files)

nsIIOService interface change
1.51 KB, patch
Details | Diff | Splinter Review
patch v.1
96.98 KB, patch
Details | Diff | Splinter Review
suggested js modifications
4.11 KB, patch
Details | Diff | Splinter Review
There are various crashers cropping up because parsing a url sometimes produces a null mScheme. The said URL points to the place where we can wind up w/ a null mScheme. The crashers manifest themselves in ::IsScheme() when we go to dereference mScheme.
Blocks: 64833
Keywords: mozilla0.9
Perhaps we should do the following for now? Index: nsStdURL.cpp =================================================================== RCS file: /cvsroot/mozilla/netwerk/base/src/nsStdURL.cpp,v retrieving revision 1.69 diff -u -r1.69 nsStdURL.cpp --- nsStdURL.cpp 2001/03/13 02:00:54 1.69 +++ nsStdURL.cpp 2001/03/28 22:24:11 @@ -347,6 +347,11 @@ nsresult rv = mURLParser->ParseAtScheme(i_Spec, &mScheme, &mUsername, &mPassword, &mHost, &mPort, &ePath); + NS_ASSERTION(mScheme, "we should have a scheme"); + if (!mScheme) { + CRTFREEIF(ePath); + return NS_ERROR_FAILURE; + } if (NS_SUCCEEDED(rv)) { // Now parse the path rv = mURLParser->ParseAtDirectory(ePath, &mDirectory, &mFileBaseName,
Am going to investigate this tonight. We could avoid the crash as jud suggests but I am keen to find out how we got here. If anyone has a reproducible case to lead us to this state I'd appreciate it.
rick: jud tells me that you may have a reproducible case for this?
I've forwarded gagan a mail msg that causes this crash.
Keywords: crash
Here's what Rick found during investigation. There's code that creates *raw* uri/url objects (nsSimpleURI, or nsStdURL) using the component manager. That code then turns around and does a uri->SetSpec("some uri string"); . Then it turns around and asks for the scheme, host, username, pwd, whatever. Point being that people are creating urls just to get string parsing functionality out of them. This is bad for several reasons: 1. if the string they pass in isn't recognized by our parser, we fail. 2. building up a url object for parsing is overkill. 3. it allows a URL to be created w/ out a scheme 4. the model circumvents our entirely flexible necko protocol handler model because it doesn't go through necko for uri creation. Suggested fixes: 1. hang general uri string parsing off of nsIIOService so all these parsing usages can use that. nsIOService's impl would *just* do *simple* specification based heuristic parsing on the string. and hand out strings to the caller (much like the old NET_ParseURL() did. 2. For those really needing a URL object, they would need to be fixed up to go through necko as originally intended.
Target Milestone: --- → mozilla1.0
due to high interest from the very important embedding customer I'm setting this to 0.9.1 (for renewed consideration)
Target Milestone: mozilla1.0 → mozilla0.9.1
Blocks: 75664
Whiteboard: needed by 05/08/01
the overall cleanup is going to be bigger than the scope of this bug. But I would go ahead and add this check proposed by jud to prevent crashing (for now) someone give me an sr on jud's patch?
we should sooo avoid my patch, it will sweep the problem under the carpet and we'll forget about the real solution and battle incarnations of this for years to come.
no you misunderstood my comments. Your patch is a temporary fix to get over the problem while me and rpotts are working on the good-clean fix which is possibly going to take longer than 0.9.1 deadline. I am totally in favor for fixing this the right way. Just that we may not be able to get that "right" way in time.
gagan, could we do the following? - keep this bug open - create a new bug just for the patch in the current bug - check-in the patch in both 0.9 branch and 0.9.1 trunk by 11/May/01 (after the proper procedures are observed) - close the newly created bug for the patch and keep the current bug open
dougt taking over URL parsing stuff...
Assignee: gagan → dougt
#73323. another bug where the caller had to be fixed. when this land, we need to make sure to remove all these temporary fixes.
Blocks: 73323
REPEAT OF QUESTIONS TO GAGAN: dougt, could we do the following? - keep this bug open - create a new bug just for the patch in the current bug - check-in the patch in both 0.9 branch and 0.9.1 trunk by 11/May/01 (after the proper procedures are observed) - close the newly created bug for the patch and keep the current bug open
No longer blocks: 64833, 75664
well: - keep this bug open until it is fixed, I will :-) - create a new bug just for the patch in the current bug I don't see the point. - check-in the patch in both 0.9 branch and 0.9.1 trunk by 11/May/01 (after the proper procedures are observed) we are past this date. - close the newly created bug for the patch and keep the current bug open I don't see the point. I am with Jud here. The patch is not something that we should do. people will be implementing against 0.9 and they may do the wrong thing here. If your customer want to patch their tree, have them do that, but lets not apply this patch to mozilla.
First, "hang[ing] general uri string parsing off of nsIIOService", is not really that easy. Parsing URI's is nontrival and I don't want to see it in two places. The way to do URL parsing is to create a URL Parser via the component manager. A problem is that there are 3 parsers to choose from: std, auth, and noauth. This is what creating a standard uri buys you - not having to deal with the complexities of parsing. If users are going to call SetSpec on a standard url that they created via the component manager, they must expect null's on the standard getters. Garbage in - Garbage out. Any simplified parser (as suggested) would not be expected to do more. I don't think that "building up a url object for parsing is overkill.". It is the only way to avoid "circumvent[ing] our entirely flexible necko protocol handler model". My suggestion is that clients call NS_NewURI() to ensure that they will support pluggable protocols. repeat contrapositive - if you don't want to support pluggable protocols, don't call NS_NewURI(). If clients have a hell-bent need for creating a standard uri outside of necko, remember to pass in qualified url string and program defensively. I am not sure that this should be officially supported in any embedding context. Just some thoughts.... comments?
Status: NEW → ASSIGNED
the problem is that we have several clients in the current tree who don't understand the plugable protocol architecture, and subsequently they don't expect nulls back. as a result, when you put our code in a plugged protocol environment (someone adding their own protocol handler) we fail in several places because people are trying to parse urls using the object from the component manager. the idea behind the url parsing off of nsIIOService was to just allow basic string parsing, nothing fancy, like the old Net_ParseURL() function. creating a full blown URI object is indeed overkill if all you're doing, over and over and over again is looking for the scheme. the point is that we have many places in the system where all people want is string parsing, and it's been suggested that we provide a centralized place for that, nsIIOService, so we get *some* degree of consistency. another option would be go to around to all those places and have them do the string parsing themselves (lots of room for error there). and another option, which you point out is that all callers could be "fixed" to use NS_NewURI() and deal w/ failures gracefully.
I think that I am arguing that all callers should either (a) be "fixed" to use NS_NewURI(), or (b) if their parsing is simple enough (like getting the scheme) they should do it themselves. I think that exposing some "simple url parser" on the IOService will just be plagued with bugs: "It does handle a, b, c", "I breaks this load", ect. I much rather have correct parsing even it if cost a bit more.
Blocks: 75664
Call sites (as of May 21) that must change: content\xbl\src\nsBindingManager.cpp(877) content\xbl\src\nsXBLService.cpp(1151) editor\base\nsHTMLDataTransfer.cpp(662) embedding\browser\powerplant\source\CBrowserApp.cp(416) embedding\components\ui\helperAppDlg\nsHelperAppDlg.js(422) extensions\inspector\resources\content\prefs\pref-sidebar.js(17) extensions\pipella\ui\content\protoCommon.js(435) extensions\python\xpcom\file.py(78) extensions\python\xpcom\file.py(155) extensions\wallet\signonviewer\SignonViewer.js(166) extensions\wallet\src\singsign.cpp(2044) extensions\wallet\src\singsign.cpp(2168) extensions\xml-rpc\src\nsXmlRpcClient.js(81) js\src\xpconnect\loader\mozJSComponentLoader.cpp(88) mailnews\base\src\nsMsgServiceProvider.cpp(107) mailnews\base\src\nsStatusBarBiffManager.cpp(115) mailnews\compose\resources\content\MsgComposeCommands.js(1937) mailnews\compose\src\nsMsgCompFields.cpp(130) modules\libimg\src\if.cpp(1749) netwerk\build\nsNetCID.h(71) netwerk\build\nsNetModule.cpp(635) rdf\chrome\src\nsChromeRegistry.cpp(213) rdf\chrome\src\nsChromeRegistry.cpp(1321) rdf\chrome\src\nsChromeRegistry.cpp(2514) rdf\chrome\src\nsChromeRegistry.cpp(2541) rdf\chrome\src\nsChromeRegistry.cpp(2837) rdf\chrome\src\nsChromeRegistry.cpp(3134) uriloader\exthandler\nsExternalHelperAppService.cpp(172) webshell\tests\viewer\samples\soundtest.html(8) widget\src\beos\nsFilePicker.cpp(236) widget\src\mac\nsFilePicker.cpp(627) widget\src\os2\nsFilePicker.cpp(229) widget\src\windows\nsClipboard.cpp(659) widget\src\windows\nsFilePicker.cpp(269) xpfe\browser\resources\content\metadata.js(414) xpfe\browser\resources\content\sessionHistoryUI.js(132) xpfe\browser\resources\content\sessionHistoryUI.js(135) xpfe\communicator\resources\content\contentAreaDD.js(275) xpfe\communicator\resources\content\nsContextMenu.js(676) xpfe\components\filepicker\res\content\filepicker.js(32) xpfe\components\filepicker\src\nsFilePicker.js(90) xpfe\components\prefwindow\resources\content\pref-applications-edit.xul(156) xpfe\components\prefwindow\resources\content\pref-applications-new.js(75) xpfe\components\prefwindow\resources\content\pref-applications.js(72) xpfe\components\search\src\nsInternetSearchService.cpp(1219) xpfe\components\sidebar\resources\customize.js(259) xpfe\components\sidebar\resources\sidebarOverlay.js(630) xpfe\components\sidebar\src\nsSidebar.js(44)
I am updating all callers sites that use SetSpec. I posted a question on the newsgroup regarding callers to SetFile. If you are interested, please comment.
Open Networking bugs, qa=tever -> qa to me.
QA Contact: tever → benc
has dougt ever given up on widesweeping changes that could hork the tree? ;-) lets take jud's short term crash protection scheme for 0.9.1/beta
LoL. The current patch is only 87 K this time and touches a mere 46 files. I am still working out the kinks, but it should be ready in a day or two.
Patch to convert callers is more risky then valeski's patch per PDT. Jud, can you check in your "hack". Once it is in, I can move this bug to 0.9.2.
once we cut a branch for 0.9.1, I'll put my patch on the branch, my patch is the wrong thing and I don't want it on the trunk.
Whiteboard: needed by 05/08/01 → workaround ready and will check into branch
workaround bug number = http://bugzilla.mozilla.org/show_bug.cgi?id=82385 Moving this bug out a milestone.
Keywords: mozilla0.9
Whiteboard: workaround ready and will check into branch
Target Milestone: mozilla0.9.1 → mozilla0.9.2
I don't think you need a full blown uri/url-object to get url-parsing, you only need the urlparser-object itself. And, if I remember correctly, the three available parsers are kind of static (global instances) with necko for performance reasons. To get urlparsing you can just use one of these "preloaded" parsers.
Andreas, that is what the nsStdURL does for you. It determines which preloaded parser you should get. The problem with going directly to one of these parsers outside of NS_NewURI is that addon protocol schemes will be ignored. There needs to be one bottlenecko for all URI creation
Doug, Currently, nsStdURL does alot more than simple URL parsing :-( It is MUCH more expensive to create a URI object than it is to simply parse the string. Maybe the "right" thing to do is to make nsStdURL *much less expensive*... But unless we do, I don't think that we can wash our hands of the problem and say "use NS_NewURI(...) or write your own parser..." I think that the WORST situation we can end up in is if consumers ACTUALLY START DOING THEIR OWN URL PARSING!! This would be a HUGE disaster and would ensure that pluggable protocols never worked :-( I think that we need to evaluate whether we can make URI object creation cheap enough that we can create millions of them for the sole purpose of string parsing... If we cannot, then I think that we must expose a consistant means of parsing URIs at the Necko level that is effecient...
I don't think that you can make url parsing less expensive while preserving plugablity.
Doug, why not use nsStdURLParser as default parser? I think it is currently done this way. If you don't wish for a special parser (bound to the scheme) you get the StDURLParser. It is designed to work for all protocols that are not simple. There are certain corner cases which make the other parsers necessary, but StdURLParser usually does the job if the urlsyntax fits the usual scheme. I think we can offer an api to access the StdURLParser without creating an URI-object.
Well, under-the-hood this is what we are going to basically do. There is some additional work to make this work pluggable protocols/uri parsers (a mapping of scheme to urlparser). The jist is to add a function on the IO service that would take a scheme (or string containing a scheme), and return a nsIURLParser. This *could* be QI'ed for a protocol specific uri parser if needed. Another function would be added which would take a uri string and part key, and would return you the request string part of of the URI similar to what netlib did. I will attach some IDL's early next week for comment.
Priority: -- → P3
sorry it took so long to get back to this bug, but now that 0.9.1 is done, I can focus on this for a while. The last attachment adds the two new interface that rick and I are proposing.
just out of curiosity: why isn't NS_IURLPARSER_KEY NS_URLPARSER_CONTRACTID? and shouldn't it be defined as "@mozilla.org/network/urlparser;1" instead of "@mozilla.org/urlparser;1"?
Attached patch patch v.1Splinter Review
The last patch changes all callers to use either the uri parsing api on the ioservice or to create a new URI via the NS_NewURI method. I know that I am leaking a URI in nsGlobalHistory::RemovePagesFromHost. Alec, can you help me out here? Is this what you meant by caching a URI? Can we just make this a nsCOMPtr and forget about it? Alec, darin, rick, please review my patch... Rick, that bug we were chasing existed on the trunk! D'oh.
Comments on the patch and API: for the sake of those of us who write javascript, can we please change this: + void extractUrlPart(in string urlString, + in short mask, + out unsigned long startPos, + out unsigned long endPos, + out string urlPart); to + string extractUrlPart(in string urlString, + in short mask, + out unsigned long startPos, + out unsigned long endPos); ---- GetParserForScheme hits the registry EVERY time - seems like we should be caching this in memory. Also, the entire function is enclosed in an "if (scheme) {..." why not just start the function with if (!scheme) return nsServiceManager::GetService(kStdURLParserCID, NS_GET_IID(nsIURLParser), (nsISupports **)_retval); I also notice that literally every single call to extractUrlPart() passes in null (and in fact, in SignonViewer, you're passing in 0, not null, which is wrong) - let's not create extra API parameters if nobody needs them.. (yes, I agree it would save allocations, etc, but I don't see any of the callers you list begging for it) Finally, I notice that in the API you refer to the first parameter as a "mask" which would imply that you could pass in a composition of values (i.e. url_Host | url_Username).. when in fact the API allows you to specify exactly one of these values. You need a new name, and you need to specify that in nsIIOService.idl...
D'Oh! Wrong patch! I think that I did mention to you yesterday that I was cacheing the stuff in GetParserForScheme. I will post a new patch over the weekend/monday. Also, I will change the api and JS callers to use the return value as the outstring. I will also change the parameter name from "mask" to "flag" to avoid confusion. However, I will not change the out vars for the start and end position. These all pass null now since under the hood we do a terrible job "guessing" what these values should be. Once the URI Parser is rewritten to use scc's string classes, these parameter we be more useful. I guess what you may be argueing for, or what I think I hear, is that you want an api that avoids extra parms. If this is the case, we could split this into two methods if you think that would be cleaner.
well, the way I look at it is if we're really bent on saving the allocations, we should be using ACString rather than "string" - that allows us to pass in a nsAWritableCString, which will avoid the allocations (not the copying, but I argue that the allocation is the bigger issue) - I'd like to here scc's advice on that..
I don't think nsACString is currently exposed to IDL, even though nsAString is. I'd like to see it exposed, because we would use it in the LDAP XPCOM SDK as well, if we could. scc?
It is all kind of a mute point since the uri parsers are not updated to scott strings....
Alec, this next patch will address most of your concerns. However, the one that I do not address is the return value being the string. I did not change this for two reasons: the first is that |extractScheme| already uses this syntax. Secondly, we are needing to land this in the next two days or a ton of stuff will fall off my plate. I know, that the best reasons/excuses, but I will file another bug to switch both extractScheme and extractUrlPart to the more use friendly forms sometime after 0.9.2. This next patch is only for mozilla/netwerk... the rest of the stuff stays the same. Alec, Darin can I please have a review?
looks good (r=darin) comments: - make sure you don't transfer your branch client.mk: MOZ_CO_TAG = DOUGT_URI_PARSER_06122001_BRANCH - from JS, you use 1<<1 instead of the actual urlpart flag... why not use ioService.url_Username? extensions/wallet/signonviewer/SignonViewer.js - the indentation seems off in: mailnews/base/src/nsMessengerMigrator.cpp netwerk/base/public/nsIIOService.idl - it seems unfortunate that in order to implement ExtractUrlPart, we have to parse the entire urlString.
thanks for reviewing this patch. It is long and boring.... - make sure you don't transfer your branch client.mk: MOZ_CO_TAG = DOUGT_URI_PARSER_06122001_BRANCH Doesn't everyone want to be on my branch?! :-) - from JS, you use 1<<1 instead of the actual urlpart flag... why not use ioService.url_Username? extensions/wallet/signonviewer/SignonViewer.js fixed. - the indentation seems off in: mailnews/base/src/nsMessengerMigrator.cpp netwerk/base/public/nsIIOService.idl ^M's will be pounded out... - it seems unfortunate that in order to implement ExtractUrlPart, we have to parse the entire urlString. Yeah, we need to optimized this later...
Priority: P3 → P1
I'll do a fuller review of this in a bit (just got back from vacation) but I really have to object over the IDL syntax of this change! When you IDLized nsIAtom, I asked for a similar change (re: ToString() and friends), and you said "I'll get to it later" - and here we are years later and no change. I write a lot of javascript for this product, and I /know/ I'll be using this down the road. It is a massive pain to have to use "out" values from JavaScript - and all told, there are only 3 changes you have to make to support this change, all JavaScript, because the C++ signature will not change in the slightest. Just search your patch for ".extractUrlPart" and you'll see the 3 places I'm talking about.
okay. I will change it. How is the rest of the patch?
You can't pass NULL for an XPCOM out param. End of story. Please pass pointers to dummy PRInt32s instead (they could both be the same one if you want to save the four bytes of stack). Similarly, you can't avoid creating the objects in JS. ioService.extractScheme(something, {}, {}, fourth); The {} is a clear way of showing that you're going to discard it, though you could make it a hair cheaper by doing: var unused = { }; ioService.extractScheme(something, unused, unused, fourth); The JS bit is a (large) style nit, but passing NULL as an out parameter is strictly verboten. Please do not check in this patch until you fix that.
is it verboten per XPConnect or JS? It seems silly to make that verboten - there are plenty of places where we have optional out parameters... the rest of the patch looks great though
The last patch should address the js out parameters. shaver, alec, can you review this please?
ack, unfortunately, your conversion from the out param to the return value isn't quite right ..example: try { - url = ioService.extractUrlPart(host, ioService.url_Username, 0, 0, username); // TODO verify! + username = ioService.extractUrlPart(host, ioService.url_Username, unused, unused); // TODO verify! } catch(e) {} if (username.value) { user = username.value; here, "username" is the actual value you're using, and "username.value" will have no value...the other two cases suffer the same ills..
yeah. I see. something like this would work right: + try { + username = ioService.extractUrlPart(host, ioService.url_Username, unused, unused); // TODO verify! + } catch(e) { + username = ""; + } + + if (username != "") { + user = username; } else { user = "<>"; } Also, I don't see the problem with the calls in sessionHistoryUI.js.
ah, I was reading that part wrong.. ok, with all of that, sr=alecf
great! alec, thank you for help.
Marking PDT+
Whiteboard: PDT+
a=blizzard on behalf of drivers for 0.9.2
Whiteboard: PDT+ → PDT+, critical for 0.9.2
I have a crasher bug 86800, crash because nsStdURL::SetSpec() does not do a null check on the parameter. I noticed a lot of stuff in that class does not have null checks. The patch here does not seem to add those null checks (but it might still fix my crasher, haven't checked yet). Anyway, do we really want to crash every time somebody calls these methods wrong? Wouldn't it be better to put some NS_ENSURE_ARG_POINTER magic in the file, so we would assert in debug builds and not crash and burn in optimized?
Heikki, the crashes were caused by a misuse of the nsStdURL implementation. I have fixed all the call sites. Read my post in the netlib newsgroup for more information.
Whiteboard: PDT+, critical for 0.9.2 → PDT+, critical for 0.9.2; ready for checkin
*** Bug 87131 has been marked as a duplicate of this bug. ***
fixed checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
+verifyme Is there a place I can verify these fixes, or are the qa people for the components that were sending null schemes going to need to check this?
Keywords: verifyme
The PDT list is shrinking, and I'd like to close this. Whats the steps to verify this?
verify that the patches were checked in?
VERIFYING, per bbaetz.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: