Bug 192058

Summary: URL corrupted in navigation bar
Product: [Fedora] Fedora Reporter: James Hunt <jamesodhunt>
Component: firefoxAssignee: Christopher Aillon <caillon>
Status: CLOSED INSUFFICIENT_DATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6CC: mcepl, mcepl, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-15 14:40:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Hunt 2006-05-17 08:58:21 UTC
Description of problem:

Visiting a particular site, and clicking a long link results in a corrupted URL
being displayed in the navigation bar.

Version-Release number of selected component (if applicable):

firefox-1.5.0.3-1.1.fc5

How reproducible:

always

Steps to Reproduce:
1. Go to this page: http://www.xfree86.org/current/xlib.html
2. Type Control-F and then type "maprequest" in search box.
3. The part of the page where the first "hit" for maprequest is found is
   a *very* long link which should occupy the entire window.
4. Click any of the text

Actual results:

URL in navigation bar changes from "http://www.xfree86.org/current/xlib.html"
to complete garbage.

Expected results:

Sane behaviour.

Additional info:

I imagine there are 2 possible explanations to this bug:

1) Buffer overflow (the link appears to be over 76,000 bytes long)
2) Redraw problem where the url is being broken up into chunks and each chunk
   is being overlayed into the URL box in the navigation bar.

I suspect (2) as the most likely as I cannot make firefox crash. Also, if you
look carefully at the corrupted URL, you'll notice that that first part of it
isn't corrupted (ie "http://ww" looks fine). I'm guessing that firefox is
writing the start of the URL into the URL box, but it is also writing the end of
the url into the box too (and right-aligning it).

Comment 1 James Hunt 2007-01-25 10:40:06 UTC
This is *still* a problem in firefox 1.5.0.9 (firefox-1.5.0.9-1.fc6). Could
somebody determine if this maybe is actually a buffer overflow / security issue?

Thanks.


Comment 2 Matěj Cepl 2007-01-30 13:38:32 UTC
Can reproduce with both firefox-1.5.0.9-6.el5 and epiphany-2.16.0-4.fc6 (using
the  Gecko from that firefox).


Comment 4 James Hunt 2007-04-09 21:54:57 UTC
I'm running fc6, not EL5. Problem still occurs using latest
firefox-1.5.0.10-5.fc6. Trying with epiphany-2.16.3-4.fc6 gives a different
result though: the url is still insanely long, but it doesn't get "corrupted".
The start of the URL after clicking shows:

http://www.xfree86.org/current/xlib.html#3.1.%20Visual%20TypesOn%20some%20display%20hardware,%20it%20may%20be%20possible%20to%20deal%20withcolor%20resources%20in%

However, if you focus in the URL bar, and press the END key, you get a seemingly
blank URL. However, if you use the cursor to go left and right, there is text
there - it's just not being displayed (or maybe it is, but in white?).

Can you recreate this problem? I cannot imagine it is related to my particular
environment.


Comment 5 James Hunt 2007-04-11 20:36:01 UTC
konqueror (from kdebase-3.5.6-0.1.fc6) is quite happy with the page, and handles
it perfectly.

galeon-2.0.3-6.fc6 gives the same result as epiphany, and helpfully tells me
that it is loading over 3Mb of data (that'll be the size of the URL I believe).

Hey - maybe we could get the firefox/gecko guys to use
http://www.xfree86.org/current/xlib.html as one of their test cases? I hereby
proclaim http://www.xfree86.org/current/xlib.html to be "acid3" :-)

Comment 6 Matěj Cepl 2007-12-10 09:24:56 UTC
Fedora Core 6 is no longer supported, could you please reproduce this with the
updated version of the currently supported distribution (Fedora 7, 8, or
Rawhide)? If this issue turns out to still be reproducible, please let us know
in this bug report. If after a month's time we have not heard back from you, we
will have to close this bug as CANTFIX.

Setting status to NEEDINFO, and awaiting information from the reporter.

[This is mass-filed message to all open Fedora Core 6 bugs related to Xorg or
Gecko. If you see any other reason, why this bug shouldn't be closed, please,
comment on it here.]

Comment 7 Matěj Cepl 2008-01-15 14:40:24 UTC
Since there are insufficient details provided in this report for us to
investigate the issue further, and we have not received feedback to the
information we have requested above, we will assume the problem was not
reproducible, or has been fixed in one of the updates we have released for the
reporter's distribution.

Users who have experienced this problem are encouraged to upgrade to the latest
update of their distribution, and if this issue turns out to still be
reproducible in the latest update, please reopen this bug with additional
information.

Closing as INSUFFICIENT_DATA.

{This is mass-closing of all obsolete bugs; if this bug was in your opinion
closed by mistake, please, reopen it with additional information; thanks a lot
and I am sorry for bothering you in such case.}