Closed Bug 28404 Opened 25 years ago Closed 25 years ago

illegal use of char flavor of nsString method which may damage non ASCII data

Categories

(Core :: XUL, defect, P3)

defect

Tracking

()

RESOLVED FIXED

People

(Reporter: ftang, Assigned: saari)

References

Details

I add the following assertion into my system try to catch illegal use of char* flavor of nsString routine which may damange non ASCII data- here is one I got when I try to typ home.netscape.com in the location bar- the theChar is 0x00bf - out of ASCII range nsAutoString::nsAutoString(const char * 0x0012e3c4, int 0xffffffff) line 2240 nsXULKeyListenerImpl::HandleEventUsingKeyset(nsXULKeyListenerImpl * const 0x0267cc70, nsIDOMElement * 0x02eb08a4, nsIDOMKeyEvent * 0x030e7fc0, eEventType eKeyDown, nsIDOMXULDocument * 0x02eace0c, int & 0x00000000) line 1353 nsXULKeyListenerImpl::LocateAndExecuteKeyBinding(nsXULKeyListenerImpl * const 0x0267cc70, nsIDOMKeyEvent * 0x030e7fc0, eEventType eKeyDown, nsIDOMXULDocument * 0x02eace0c, int & 0x00000000) line 1235 + 37 bytes nsXULKeyListenerImpl::DoKey(nsIDOMEvent * 0x030e7fc4, eEventType eKeyDown) line 562 nsXULKeyListenerImpl::KeyDown(nsIDOMEvent * 0x030e7fc4) line 439 nsEventListenerManager::HandleEvent(nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 993 + 17 bytes nsXULDocument::HandleDOMEvent(nsXULDocument * const 0x021a3e00, nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 1913 nsXULElement::HandleDOMEvent(nsXULElement * const 0x026309d0, nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 3001 + 39 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x026819a0, nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x02691820, nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x02691690, nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes nsXULElement::HandleDOMEvent(nsXULElement * const 0x02693f50, nsIPresContext * 0x021a5ec0, nsEvent * 0x0012f548, nsIDOMEvent * * 0x0012f490, unsigned int 0x00000002, nsEventStatus * 0x0012f58c) line 2995 + 39 bytes to try it, apply the following patch and change the DEBUG_ftang to your name rebuild xpcom/ds and type "home.netscape.com" I think the fix is easy just replace char tempChar[2]; tempChar[0] = theChar; tempChar[1] = 0; nsAutoString tempChar2 = tempChar; to PRUnichar tempChar[2]; tempChar[0] = theChar; tempChar[1] = 0; nsAutoString tempChar2 = tempChar; reassign to brendan because cvsblame tell me so. here is the patch for you to catch it. Index: ds/bufferRoutines.h =================================================================== RCS file: /m/pub/mozilla/xpcom/ds/bufferRoutines.h,v retrieving revision 1.38 diff -c -r1.38 bufferRoutines.h *** bufferRoutines.h 2000/02/13 17:45:01 1.38 --- bufferRoutines.h 2000/02/18 18:58:37 *************** *** 45,50 **** --- 45,56 ---- #define KSHIFTLEFT (0) #define KSHIFTRIGHT (1) + #if defined(DEBUG_ftang) + #define DEBUG_ILLEGAL_CAST_DOWN + #define DEBUG_ILLEGAL_CAST_UP + #define TRACE_ILLEGAL_CAST_UP(c, s, m) NS_ASSERTION((c), (m)) + #define TRACE_ILLEGAL_CAST_DOWN(c, s, m) NS_ASSERTION((c), (m)) + #endif inline PRUnichar GetUnicharAt(const char* aString,PRUint32 anIndex) { return ((PRUnichar*)aString)[anIndex]; *************** *** 172,183 **** --- 178,200 ---- const unsigned char* first= (const unsigned char*)aSource+anOffset; const unsigned char* last = first+aCount; + #ifdef DEBUG_ILLEGAL_CAST_UP + PRBool illegal= PR_FALSE; + #endif //now loop over characters, shifting them left... while(first<last) { *to=(PRUnichar)(*first); + #ifdef DEBUG_ILLEGAL_CAST_UP + if(*to >= 0x0080) + illegal= PR_TRUE; + #endif to++; first++; } + #ifdef DEBUG_ILLEGAL_CAST_UP + TRACE_ILLEGAL_CAST_UP((!illegal), aSource, "illegal cast up in CopyChars1To2"); + #endif + } *************** *** 196,209 **** --- 213,236 ---- const PRUnichar* first= theSource+anOffset; const PRUnichar* last = first+aCount; + #ifdef DEBUG_ILLEGAL_CAST_DOWN + PRBool illegal= PR_FALSE; + #endif //now loop over characters, shifting them left... while(first<last) { if(*first<256) *to=(char)*first; else *to='.'; + #ifdef DEBUG_ILLEGAL_CAST_DOWN + if(*first & 0x80) + illegal= PR_TRUE; + #endif to++; first++; } + #ifdef DEBUG_ILLEGAL_CAST_DOWN + TRACE_ILLEGAL_CAST_DOWN((!illegal), theSource, "illegal cast down in CopyChars2To1"); + #endif } /**
thanks rickg to point out that I forget to mention some important information. The 'theChar' is declare as 1296 hangas 1.57 PRUint32 theChar; and the value I got is 0xbf when I type "home.netscape.com/ja" (I think it is the '/' not sure. somehow we are using keycode here ? )
I believe Brendan's on sabbatical. Chris, could you re-assign to the right person? Thanks.
Assignee: brendan → saari
Blocks: 28424
OK, I have a better patch that I post on http://warp/u/ftang/tmp/buftrace.txt This is simplar to my last patch, but it will dump the stack trace to a file called "nsStringTrace.txt" in Linux (in the bin directory) instead of assert.
sorry, I should be clear the patch I mention is a patch to CATCH the problem, not a patch to fix the problem.
Status: NEW → ASSIGNED
Target Milestone: M15
*IGNORE* - massive spam changing open XPToolkit bug's QA contact to jrgm@netscape.com
QA Contact: paulmac → jrgm
fixed by change from char to PRUnichar
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: jrgmorrison → xptoolkit.widgets
You need to log in before you can comment on or make changes to this bug.