Closed
Bug 28404
Opened 25 years ago
Closed 25 years ago
illegal use of char flavor of nsString method which may damage non ASCII data
Categories
(Core :: XUL, defect, P3)
Core
XUL
Tracking
()
RESOLVED
FIXED
M15
People
(Reporter: ftang, Assigned: saari)
References
Details
I add the following assertion into my system try to catch illegal use of char*
flavor of nsString routine which may damange non ASCII data- here is one I got
when I try to typ home.netscape.com in the location bar-
the theChar is 0x00bf - out of ASCII range
nsAutoString::nsAutoString(const char * 0x0012e3c4, int 0xffffffff) line 2240
nsXULKeyListenerImpl::HandleEventUsingKeyset(nsXULKeyListenerImpl * const
0x0267cc70, nsIDOMElement * 0x02eb08a4, nsIDOMKeyEvent * 0x030e7fc0, eEventType
eKeyDown, nsIDOMXULDocument * 0x02eace0c, int & 0x00000000) line 1353
nsXULKeyListenerImpl::LocateAndExecuteKeyBinding(nsXULKeyListenerImpl * const
0x0267cc70, nsIDOMKeyEvent * 0x030e7fc0, eEventType eKeyDown, nsIDOMXULDocument
* 0x02eace0c, int & 0x00000000) line 1235 + 37 bytes
nsXULKeyListenerImpl::DoKey(nsIDOMEvent * 0x030e7fc4, eEventType eKeyDown) line 562
nsXULKeyListenerImpl::KeyDown(nsIDOMEvent * 0x030e7fc4) line 439
nsEventListenerManager::HandleEvent(nsIPresContext * 0x021a5ec0, nsEvent *
0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus *
0x0012f58c) line 993 + 17 bytes
nsXULDocument::HandleDOMEvent(nsXULDocument * const 0x021a3e00, nsIPresContext *
0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int
0x00000002, nsEventStatus * 0x0012f58c) line 1913
nsXULElement::HandleDOMEvent(nsXULElement * const 0x026309d0, nsIPresContext *
0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int
0x00000002, nsEventStatus * 0x0012f58c) line 3001 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x026819a0, nsIPresContext *
0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int
0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02691820, nsIPresContext *
0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int
0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02691690, nsIPresContext *
0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int
0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x02693f50, nsIPresContext *
0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int
0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes
to try it, apply the following patch and change the DEBUG_ftang to your name
rebuild xpcom/ds and type "home.netscape.com"
I think the fix is easy just replace
char tempChar[2];
tempChar[0] = theChar;
tempChar[1] = 0;
nsAutoString tempChar2 = tempChar;
to
PRUnichar tempChar[2];
tempChar[0] = theChar;
tempChar[1] = 0;
nsAutoString tempChar2 = tempChar;
reassign to brendan because cvsblame tell me so.
here is the patch for you to catch it.
Index: ds/bufferRoutines.h
===================================================================
RCS file: /m/pub/mozilla/xpcom/ds/bufferRoutines.h,v
retrieving revision 1.38
diff -c -r1.38 bufferRoutines.h
*** bufferRoutines.h 2000/02/13 17:45:01 1.38
--- bufferRoutines.h 2000/02/18 18:58:37
***************
*** 45,50 ****
--- 45,56 ----
#define KSHIFTLEFT (0)
#define KSHIFTRIGHT (1)
+ #if defined(DEBUG_ftang)
+ #define DEBUG_ILLEGAL_CAST_DOWN
+ #define DEBUG_ILLEGAL_CAST_UP
+ #define TRACE_ILLEGAL_CAST_UP(c, s, m) NS_ASSERTION((c), (m))
+ #define TRACE_ILLEGAL_CAST_DOWN(c, s, m) NS_ASSERTION((c), (m))
+ #endif
inline PRUnichar GetUnicharAt(const char* aString,PRUint32 anIndex) {
return ((PRUnichar*)aString)[anIndex];
***************
*** 172,183 ****
--- 178,200 ----
const unsigned char* first= (const unsigned char*)aSource+anOffset;
const unsigned char* last = first+aCount;
+ #ifdef DEBUG_ILLEGAL_CAST_UP
+ PRBool illegal= PR_FALSE;
+ #endif
//now loop over characters, shifting them left...
while(first<last) {
*to=(PRUnichar)(*first);
+ #ifdef DEBUG_ILLEGAL_CAST_UP
+ if(*to >= 0x0080)
+ illegal= PR_TRUE;
+ #endif
to++;
first++;
}
+ #ifdef DEBUG_ILLEGAL_CAST_UP
+ TRACE_ILLEGAL_CAST_UP((!illegal), aSource, "illegal cast up in CopyChars1To2");
+ #endif
+
}
***************
*** 196,209 ****
--- 213,236 ----
const PRUnichar* first= theSource+anOffset;
const PRUnichar* last = first+aCount;
+ #ifdef DEBUG_ILLEGAL_CAST_DOWN
+ PRBool illegal= PR_FALSE;
+ #endif
//now loop over characters, shifting them left...
while(first<last) {
if(*first<256)
*to=(char)*first;
else *to='.';
+ #ifdef DEBUG_ILLEGAL_CAST_DOWN
+ if(*first & 0x80)
+ illegal= PR_TRUE;
+ #endif
to++;
first++;
}
+ #ifdef DEBUG_ILLEGAL_CAST_DOWN
+ TRACE_ILLEGAL_CAST_DOWN((!illegal), theSource, "illegal cast down in
CopyChars2To1");
+ #endif
}
/**
Reporter | ||
Comment 1•25 years ago
|
||
thanks rickg to point out that I forget to mention some important information.
The 'theChar' is declare as
1296 hangas 1.57 PRUint32 theChar;
and the value I got is 0xbf when I type "home.netscape.com/ja"
(I think it is the '/' not sure. somehow we are using keycode here ? )
Comment 2•25 years ago
|
||
I believe Brendan's on sabbatical. Chris, could you re-assign to the right
person? Thanks.
Assignee: brendan → saari
Reporter | ||
Comment 3•25 years ago
|
||
OK, I have a better patch that I post on http://warp/u/ftang/tmp/buftrace.txt
This is simplar to my last patch, but it will dump the stack trace to a file
called "nsStringTrace.txt" in Linux (in the bin directory) instead of assert.
Reporter | ||
Comment 4•25 years ago
|
||
sorry, I should be clear the patch I mention is a patch to CATCH the problem,
not a patch to fix the problem.
Assignee | ||
Updated•25 years ago
|
Status: NEW → ASSIGNED
Target Milestone: M15
Comment 5•25 years ago
|
||
*IGNORE* - massive spam changing open XPToolkit bug's QA contact to
jrgm@netscape.com
QA Contact: paulmac → jrgm
Reporter | ||
Comment 6•25 years ago
|
||
fixed by change from char to PRUnichar
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in
before you can comment on or make changes to this bug.
Description
•