Closed Bug 20060 Opened 25 years ago Closed 25 years ago

Crash trying to load this website in nsScriptSecurityManager

Categories

(Core :: Security, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED DUPLICATE of bug 19933

People

(Reporter: mscott, Assigned: norrisboyd)

References

()

Details

Daver sent me a mail message that had the url listed above in it. When I tried to display the message, we crashed in nsScriptSecurityManager because subjectCodebase is null. Here's the whole stack trace: nsCOMPtr<nsICodebasePrincipal>::operator->() line 569 + 34 bytes nsScriptSecurityManager::CheckPermissions(nsScriptSecurityManager * const 0x0113d9b8, JSContext * 0x04e4c230, JSObject * 0x0355ab78, const char * 0x012c41d4, int * 0x0012f06c) line 936 + 32 bytes nsScriptSecurityManager::CheckScriptAccess(nsScriptSecurityManager * const 0x0113d9b8, nsIScriptContext * 0x04e4c3c0, void * 0x0355ab78, int 579, int 0, int * 0x0012f06c) line 357 + 28 bytes LocationToString(JSContext * 0x04e4c230, JSObject * 0x0355ab78, unsigned int 0, long * 0x048e8fd8, long * 0x0012f1d0) line 398 js_Invoke(JSContext * 0x04e4c230, unsigned int 0, unsigned int 2) line 673 + 26 bytes js_InternalCall(JSContext * 0x04e4c230, JSObject * 0x0355ab78, long 55946080, unsigned int 0, long * 0x00000000, long * 0x0012f328) line 766 + 15 bytes js_TryMethod(JSContext * 0x04e4c230, JSObject * 0x0355ab78, JSAtom * 0x03197c20, unsigned int 0, long * 0x00000000, long * 0x0012f328) line 2705 + 29 bytes js_DefaultValue(JSContext * 0x04e4c230, JSObject * 0x0355ab78, int 3, long * 0x0012f360) line 2267 + 34 bytes js_ValueToString(JSContext * 0x04e4c230, long 55946104) line 2214 + 25 bytes JS_ValueToString(JSContext * 0x04e4c230, long 55946104) line 500 + 13 bytes nsJSContext::EvaluateString(nsJSContext * const 0x04e4c3c0, const nsString & {" var isNav4, isIE4, isNav3, isIE3 if (navigator.appVersion.charAt(0) == "4") { if (navigator.appName == "Netscap"}, void * 0x034fa080, nsIPrincipal * 0x04f92310, const char * 0x050b37a0, unsigned int 566, const char * 0x00335468, nsString & {""}, int * 0x0012f438) line 240 + 17 bytes HTMLContentSink::EvaluateScript(nsString & {" var isNav4, isIE4, isNav3, isIE3 if (navigator.appVersion.charAt(0) == "4") { if (navigator.appName == "Netscap"}, int 566, const char * 0x00335468) line 3621 HTMLContentSink::ProcessSCRIPTTag(const nsIParserNode & {...}) line 3815 HTMLContentSink::AddLeaf(HTMLContentSink * const 0x04e65410, const nsIParserNode & {...}) line 2625 + 12 bytes CNavDTD::AddLeaf(const nsIParserNode * 0x04fb6aa0) line 3013 + 28 bytes CNavDTD::HandleScriptToken(const nsIParserNode * 0x04fb6aa0) line 1767 + 12 bytes CNavDTD::OpenContainer(const nsIParserNode * 0x04fb6aa0, nsHTMLTag eHTMLTag_script, int 1, int -1) line 2760 + 12 bytes CNavDTD::HandleDefaultStartToken(CToken * 0x032009d0, nsHTMLTag eHTMLTag_script, nsIParserNode * 0x04fb6aa0) line 1024 + 20 bytes CNavDTD::HandleStartToken(CToken * 0x032009d0) line 1328 + 22 bytes CNavDTD::HandleToken(CNavDTD * const 0x04758d30, CToken * 0x033a8d80, nsIParser * 0x04e65660) line 736 + 12 bytes CNavDTD::BuildModel(CNavDTD * const 0x04758d30, nsIParser * 0x04e65660, nsITokenizer * 0x04758cb0, nsITokenObserver * 0x00000000, nsIContentSink * 0x04e65410) line 529 + 20 bytes nsParser::BuildModel() line 1034 + 34 bytes nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 960 + 11 bytes nsParser::OnDataAvailable(nsParser * const 0x04e65664, nsIChannel * 0x04e644b0, nsISupports * 0x00000000, nsIInputStream * 0x04e65f58, unsigned int 24576, unsigned int 8192) line 1310 + 19 bytes
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
*** This bug has been marked as a duplicate of 19933 ***
Status: RESOLVED → VERIFIED
Verified duplicate.
Bulk moving all Browser Security bugs to new Security: General component. The previous Security component for Browser will be deleted.
Component: Security → Security: General
You need to log in before you can comment on or make changes to this bug.