Closed
Bug 97958
Opened 23 years ago
Closed 23 years ago
[CRASH] on :jar protocol - M094 [@ ntdll.dll - nsInputStreamTee::TeeSegment]
Categories
(Core :: Networking, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla0.9.4
People
(Reporter: jrspm, Assigned: darin.moz)
References
()
Details
(4 keywords, Whiteboard: [PDT+] [Fixed on 6.2])
Crash Data
Attachments
(4 files, 1 obsolete file)
538 bytes,
text/plain
|
Details | |
321 bytes,
text/plain
|
Details | |
267.56 KB,
text/plain
|
Details | |
2.06 KB,
patch
|
darin.moz
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
Using build 2001083109 on Win2k (SP2)
Going to the URL in the URL bar causes Mozilla to crash.
Steps to reproduce:
1. load URL:
jar:http://www.visi.com/~hoju/assets/resources/resources_test.jar!/images/apache
_pb.gif
2. Watch Mozilla crash
Actual results: crash
Expected results: see Apache Web Server image
Note: other bugs related to the :jar protocol are:
bug 26496
bug 36102
Jake
Reporter | ||
Comment 1•23 years ago
|
||
Woops, forgot to add the talkback ID
Talkback ID: TB34824314Y
Actually, this one was obtained by going to:
http://www.visi.com/~hoju/resources_test.html
which contains an <img> tag that looks like:
<img
src="jar:http://www.visi.com/~hoju/assets/resources/resources_test.jar!/images/a
pache_pb.gif"
alt="Image loaded from jar file" />
I think the crash is the same whether loaded from the <img> tag or loaded
directly from Mozilla's URL bar.
Jake
Comment 2•23 years ago
|
||
wfm with win2k build 20010901..
CC stephend for the Talkback...
Reporter | ||
Comment 3•23 years ago
|
||
ummm... maybe I'm missing something, but how can you have tested this with a
build that doesn't exist?...or did you build it yourself? The last official
win32 builds were done 8/31 at 10:54. No win32 builds were done on 9/1.
Also, when you say "WFM", are you saying that you saw the apache web server
image???
Jake
Comment 5•23 years ago
|
||
I build myself and therefore i added the 2 ".." at the end of my build ID.
I saw the apache image without a crash. I tested the .HTML page and the direct
Jar link.
And too bad that the stack trace from the Talkback is useless..
Reporter | ||
Comment 6•23 years ago
|
||
Just tested in today's builds. Crashed just like before.
Matthias, you must be doing something different when you build. Both yours and
the official builds come from the same source, I presume? What the heck???
New Talkback: TB34955748Y
Hopefully that one isn't useless.
Jake
Reporter | ||
Comment 8•23 years ago
|
||
This is still crashing in build 2001090703 on Win2k (SP2)
I would think this should be fixed for the 0.94 milestone since it worked in
previous milestones.
Can this get some more priority???
Jake
Severity: normal → major
Reporter | ||
Comment 9•23 years ago
|
||
Using build 2001091815 on Win2k (SP2)
Ok, I don't mean to be a pest, but this is a CRASHER that got released with
0.94 where previous milestones did NOT crash on the jar protocol. What if some
company bases a production product on 0.94? At that point, I couldn't be
certain that I could even use URL's that point to jar archives because I
couldn't guarantee that it would work or, at the very least, do no harm to the
user's browser. What a shame for such a useful protocol!!!
I figured that with this since this is a much newer build, I'd post another
talkback.
Talkback ID: TB35589955E
crashed on page: http://www.visi.com/~hoju/resources_test.html
So, what's the deal? I'm not going to be an ass and up severity to "critical"
since I'm not going to be the one to actually fix it, but at least lets set a
priority, target, and maybe up the severity so this doesn't end up in the next
milestone.
Jake
Comment 10•23 years ago
|
||
+crash.
Next time, mark it up. We have a lot of bugs. If you don't do the right thing
when you have the chance, who will?
+relnote - I'll make text once this is isolated.
Reporter | ||
Comment 11•23 years ago
|
||
Reporter | ||
Comment 12•23 years ago
|
||
Any work being done on this?
Just adding another Talkback to keep up with the new builds:
Talkback Id: TB37050193M
Again, crashed after attempting to load:
http://www.visi.com/~hoju/resources_test.html
Jake
Comment 13•23 years ago
|
||
Tested with Arun and really crashes with win98 and win2K. Adding Mitchell Stoltz
to the cc since this affects signed scripts.
Comment 14•23 years ago
|
||
Firstly, this bug occurs on Windows only, and Mac and Linux aren't affected. I
consistently crashed Win2000 and Win98 builds of Moz'.
Secondly, since our signed script policy no longer uses ARCHIVE and ID
attributes and now makes the jar: protocol an *integral* part of the signed
script recommendations (see
http://www.mozilla.org/projects/security/components/signed-scripts.html),
effectively this means signed scripts on Windows are completely broken because
of this bug.
It really ought to get nominated.
Comment 15•23 years ago
|
||
wierd. I am not crashing on the trunk nor a old moz094 build. Let me update
the branch, to see if I can reproduce this.
I will hold onto this bug for now.
Assignee: neeti → dougt
Reporter | ||
Comment 16•23 years ago
|
||
Ok, here is another talkback to prove it. I was using build 2001111410 on
Win2k (SP2) and visiting the url in the URL field above.
Talkback: TB38060178G
I also tried this in KMeleon 0.5 and it crashed too. I think 0.4 delbt with it
just fine (can't be sure, though).
So, it is definitely crashing.
jake
Comment 17•23 years ago
|
||
I believe you. I am just not seeing it in my debug 0.9.4 or trunk build. I do
see it in a opt Netscape 6.2.
Reporter | ||
Comment 18•23 years ago
|
||
On which OS are you testing?
Jake
Assignee | ||
Comment 20•23 years ago
|
||
dbaron and i investigated this for a bit... after going crazy stepping through
assembly code, we discovered that the nsWriteSegmentFun in nsDownloader.cpp was
not declared properly. nsWriteSegmentFun is declared NS_METHOD, which on win32
maps to |nsresult __stdcall|, but nsDownloader::ConsumeData was declared
without NS_METHOD, so the calling convention didn't match, resulting in all
kinds of chaos and effectively the corruption of the stack pointer.
Assignee | ||
Comment 21•23 years ago
|
||
Comment on attachment 58037 [details] [diff] [review]
v1.0 patch
got r=dbaron on this.
Attachment #58037 -
Flags: review+
Comment 22•23 years ago
|
||
Comment on attachment 58037 [details] [diff] [review]
v1.0 patch
remove that cast..line 147
Attachment #58037 -
Flags: superreview+
Attachment #58037 -
Flags: needs-work+
Assignee | ||
Comment 23•23 years ago
|
||
Attachment #58037 -
Attachment is obsolete: true
Assignee | ||
Comment 24•23 years ago
|
||
Comment on attachment 58039 [details] [diff] [review]
v1.1 revised per dougt's comments
r=dbaron, sr=dougt
Attachment #58039 -
Flags: superreview+
Attachment #58039 -
Flags: review+
Assignee | ||
Updated•23 years ago
|
Assignee | ||
Comment 25•23 years ago
|
||
*** Bug 95179 has been marked as a duplicate of this bug. ***
Assignee | ||
Comment 26•23 years ago
|
||
fixed-on-trunk
Comment 27•23 years ago
|
||
CC'ing Bindu Sharma for QA of signed JS on trunk.
Comment 28•23 years ago
|
||
Adding M094 [@ ntdll.dll - nsInputStreamTee::TeeSegment]
Summary: [CRASH] on :jar protocol → [CRASH] on :jar protocol - M094 [@ ntdll.dll - nsInputStreamTee::TeeSegment]
Comment 29•23 years ago
|
||
Darin thought Bug 95179 might be dup of this, so I added the stacksignature from
that bug here and adding topcrash keyword too for tracking, since this has been
a topcrasher for a while (for N610 and M094).
Keywords: topcrash
Updated•23 years ago
|
Blocks: 104864
Keywords: mozilla0.9.6+
Assignee | ||
Comment 30•23 years ago
|
||
blizzard fixed this on the 0.9.6 branch... retargeting for the 0.9.4 branch.
Target Milestone: mozilla0.9.7 → mozilla0.9.4
Comment 31•23 years ago
|
||
please checkin to 0.9.4 branch when you have a chance, and add "fixed0.9.4"
keyword to the keyword field when it lands.
Updated•23 years ago
|
Whiteboard: PDT → [PDT] [Fix ready for PDT]
Updated•23 years ago
|
Whiteboard: [PDT] [Fix ready for PDT] → [PDT] [Fix in hand]
Comment 34•23 years ago
|
||
The example test page still crashes my N 6.2.
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011019
Netscape6/6.2
Reporter | ||
Comment 35•23 years ago
|
||
Dave,
Unfortunately, the 0.9.4 branch that Netscape used to build Netscape 6.2
contained this bug. This is why I was pushing pretty hard early on to get this
fixed *before* a major vendor released a browser that included this bug. Now,
if I am to use the jar protocol to link to resources such as images, css, or
javascript, I will have to check to make sure the browser isn't Netscape 6.2 or
K-Meleon .05 and .06, otherwise, I'll cause their browsers to crash and they
probably won't want to visit my site anymore.
I don't want to come down too hard on the overworked developers of Mozilla, but
stuff like this creates bad backward compatibility issues! Granted, no other
major browser out there supports the jar protocol (that I know of), so it is
unlikely to cause a major problem, but making even one release of a browser
with a crasher bug like this sets back the regular use of such a feature by a
long time. I just wish this bug received the attention it has gotten of late
much earlier so I wouldn't have to say this.
Anyway, despite this, Mozilla still rules and I don't want that point to get
lost during its criticism.
Jake
Comment 36•23 years ago
|
||
If the test case(s) look good, pls check this one into the 6.2 branch before 9
am PST = PDT+
Whiteboard: [PDT] [Fix in hand] → [PDT+] [Fix in hand]
Assignee | ||
Comment 37•23 years ago
|
||
fixed on 6.2 branch, resolving fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Updated•23 years ago
|
Whiteboard: [PDT+] [Fix in hand] → [PDT+] [Fixed on 6.2]
Comment 38•23 years ago
|
||
not seeing crash at the url listed
verified: Win2000 branch 2001-11-26-18
Status: RESOLVED → VERIFIED
Comment 39•23 years ago
|
||
Verified on 2001-11-26-6.2.1 build on WinNT, Win98, Linux (7.2), Mac OS X, Mac
OS 9.1.
All the basic signed script test case passes. Following is the link to the suite
http://voodoolady.mcom.com/security/signedscripts
Comment 40•23 years ago
|
||
Reporter: are you satisfied this is fixed?
Reporter | ||
Comment 41•23 years ago
|
||
Yes, very much so!
I just re-verified that things work in the current build and everything checks
out. Thanks for getting this in :-)
Jake
Comment 42•23 years ago
|
||
VERIFIED (094):
clicked on link, no crash, saw image.
Keywords: fixed0.9.4 → verified0.9.4
Updated•14 years ago
|
Crash Signature: [@ ntdll.dll - nsInputStreamTee::TeeSegment]
You need to log in
before you can comment on or make changes to this bug.
Description
•