Bug 53727

Summary: plugger crashes when loading this page
Product: [Retired] Red Hat Raw Hide Reporter: George Karabin <gkarabin>
Component: pluggerAssignee: Than Ngo <than>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: 1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
URL: http://www.feltmountain.com/2001/goldfrapp.html
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-09-17 08:17:21 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description George Karabin 2001-09-17 04:13:30 UTC 
Description of Problem:

I've got the lastest Roswell installed. While checking mozilla's bugquest
for a mozilla crash on an unrelated problem, I did run across one similar
bug report, at http://bugzilla.mozilla.org/show_bug.cgi?id=97755

I was unable to duplicate the bug at this page because mozilla crashed on
it, but earlier, apparently for a different reason.

The page has some content that "plugger" tries to handle. Plugger crashes
on me.

I tried the same page under Netscape, which uses the same plugger library.
Netscape has no problems with it.


Version-Release number of selected component (if applicable):

3.3-4

How Reproducible:

The bug occurs every time.

Steps to Reproduce:
1. Open mozila or netscape
2. Load the URL:
"http://www.feltmountain.com/2001/goldfrapp.html".

Actual Results:

Mozilla crashes, Netscape doesn't.

Expected Results:

Mozilla shouldn't crash, multimedia content should play (some kind of
animation and sound clip play under netscape).

Additional Information:
	
The info on the plugger home page didn't make it look like plugger is well
supported for mozilla. It mentioned that the author had heard that it
should work on the 0.8 series...
Comment 1 George Karabin 2001-09-17 08:17:17 UTC 
After compiling the source RPM with debugger symbols turned on, it looks like
plugger is dying in plugger.c, function NPP_StreamAsFile, on line 1219.

Changing line 1219 from this:
  if((!strcmp(THIS->command, "internal:url")) && fname)

to this:
  if((!THIS->command || !strcmp(THIS->command, "internal:url")) && fname)

fixes a NULL pointer dereference that is causing a segfault. Mozilla is passing
a NULL command string to plugger. With this change, mozilla doesn't crash, and
plugger seems to continue to work when I browse to, and select subsequent files
that cause plugger to run.

I'm not certain if this is the best fix or not - it might be better to
initialize the command pointer to a NULL-terminated string, but I didn't poke
around long enough to make sure I understood how to safely allocate and free
memory without leaks.

I'll send a link to this bug report to the plugger author (Fredrik H|binette:
hubbe) to see what he thinks about this.
Comment 2 Ngo Than 2001-09-17 11:04:31 UTC 
thanks for your patch file. The plugger-3.3-5 in rawhide includes this patch.