Closed
Bug 193429
Opened 22 years ago
Closed 22 years ago
A bug in a plug-in can crash browser.
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 156493
People
(Reporter: Malmberg, Assigned: peterlubczynski-bugs)
Details
User-Agent: Mozilla/5.0 (X11; U; OpenVMS COMPAQ_AlphaServer_DS10_466_MHz; en-US; rv:1.3b) Gecko/20030207
Build Identifier: Mozilla/5.0 (X11; U; OpenVMS COMPAQ_AlphaServer_DS10_466_MHz; en-US; rv:1.3b) Gecko/20030207
A bug in a plug-in can crash the browser.
All calls to entry points to plug-ins should be set up to intercept errors and
terminate the plug-in function instead of allowing the entire browser to crash.
A diagnostic should be displayed when a plug-in hits a fatal error.
As part of the test procedure, a set of plug-ins, one for each entry point that
can be called should be made. These plug-ins should make an illegal memory
access. The browser should not crash.
There are many bug reports in Bugzilla about plug-in's crashing the browser, but
the fixes seem to be concentrating on the specific plug-in, instead of fixing
the common vulnerability in the browser.
Reproducible: Sometimes
Steps to Reproduce:
1.Install a user written plug-in like the OpenVMS flash viewer.
2.Go to a page with flash (it may take a couple of tries to find one)
A current example is: http://www.adelphia-econnections.com/
3.
Actual Results:
%SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000000000
0000, PC=00000000065D8190, PS=0000001B
%TRACE-F-TRACEBACK, symbolic stack dump follows
image module routine line rel PC abs PC
LIBFLASHPLUGIN graphic setMovieDimension
8804 0000000000000560 00000000065D8190
LIBFLASHPLUGIN flash FlashGraphicInit
8845 000000000000046C 00000000065C45BC
LIBFLASHPLUGIN PLUGIN FlashGraphicInitX11
26593 0000000000001414 00000000065C3414
LIBFLASHPLUGIN PLUGIN NPP_Write 26199 0000000000000B5C 00000000065C2B5C
LIBFLASHPLUGIN NPUNIX Private_Write 11216 0000000000000744 00000000065C3C54
LIBGKPLUGIN NS4XPLUGININSTANCE OnDataAvailable
92161 0000000000000D8C 0000000002A9ED9C
LIBGKPLUGIN NSPLUGINHOSTIMPL OnDataAvailable
100121 000000000000A33C 0000000002AAB6AC
LIBNECKO NSHTTPCHANNEL OnDataAvailable
65972 000000000001246C 000000000111F79C
LIBNECKO NSINPUTSTREAMPUMP OnStateTransfer
43208 0000000000001A04 0000000001091E94
LIBNECKO NSINPUTSTREAMPUMP OnInputStreamReady
43123 00000000000016AC 0000000001091B3C
LIBXPCOM NSSTREAMUTILS EventHandler 14163 000000000000034C 00000000009867AC
LIBXPCOM PLEVENT PL_HandleEvent 41022 0000000000000E08 00000000009B5618
LIBXPCOM PLEVENT PL_ProcessPendingEvents
40952 0000000000000C3C 00000000009B544C
LIBXPCOM NSEVENTQUEUE ProcessPendingEvents
27060 0000000000001704 00000000009AC174
LIBWIDGET_GTK NSAPPSHELL our_gdk_io_invoke
71616 0000000000000544 0000000001FF4624
LIBGLIB GMAIN g_main_dispatch 19265 0000000000000B80 0000000000181FD0
LIBGLIB GMAIN g_main_iterate 19486 000000000000132C 000000000018277C
LIBGLIB GMAIN g_main_run 19544 0000000000001548 0000000000182998
LIBGTK GTKMAIN gtk_main 21888 0000000000000AD8 00000000003FFDE8
LIBWIDGET_GTK NSAPPSHELL Run 71886 0000000000001414 0000000001FF54F4
MOZILLA-BIN NSAPPRUNNER main1 84192 00000000000075A4 00000000000775A4
MOZILLA-BIN NSAPPRUNNER main 84555 0000000000008218 0000000000078218
MOZILLA-BIN NSAPPRUNNER __MAIN 0 00000000000000B8 00000000000700B8
MOZILLA-BIN 0 00000000000A2FF8 00000000000B2FF8
PTHREAD$RTL 0 000000000003E5B0 000000007BCFE5B0
PTHREAD$RTL 0 000000000001C31C 000000007BCDC31C
0 FFFFFFFF8028563C FFFFFFFF8028563C
Expected Results:
Mozilla should have posted a dialog box about the plug-in being terminated due
to errors. It should also give the name of the function that it intercepted the
error on, and any other information it can determine about the error.
Even though this information is automatically captured by Bugzilla, If I do not
post this copy, someone always posts a request to have me enter it.
Mozilla 1.3b
Mozilla/5.0 (X11; U; OpenVMS COMPAQ_AlphaServer_DS10_466_MHz; en-US; rv:1.3b)
Gecko/20030207
Comment 1•22 years ago
|
||
*** This bug has been marked as a duplicate of 156493 ***
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Updated•2 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•