Bug 11393 - Certain content causes coredump (bus error)
Certain content causes coredump (bus error)
Product: Red Hat Linux
Classification: Retired
Component: netscape (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Depends On:
  Show dependency treegraph
Reported: 2000-05-12 16:22 EDT by Torin Walker
Modified: 2014-03-16 22:13 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-05-16 12:22:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Torin Walker 2000-05-12 16:22:23 EDT
Dear RedHat Developers:

I have had an ongoing problem with Netscape ever since I switched to RedHat
6.1, and it continued into RedHat 6.2. The problem manifests itself in a
BUS ERROR every time I access sites with certain content. I've estimated
that approximately one in ten sites contains this content, which means I'm
forever reloading netscape. I must then either a) avoid the site, b) wait a
while for the banner ad to switch (yes, sometimes the banner itself causes
the problem, or c) rerun netscape as root. While running as root, this
problem does not occur.

I should also mention that a co-worker also experiences this same problem.
It is quite bothersome to say the least. Hopefully, you'll be able to
identify where the problem lies; I've captured one such culprit page and
narrowed it down to the following text:

  <SCRIPT SRC="http://localhost"></SCRIPT>

No header, no body, nothing...just the above text in a file all by itself
(even if it's contained in an email message...)

To reproduce the problem, start by creating a file, say, /tmp/bad.html and
fill it with:

  <SCRIPT SRC="http://localhost"></SCRIPT>

Then, in the URL location, type:

  file:/tmp/bad.html <enter>

The result is a shutdown of netscape, and a bus error.

It only occurs under a non-root account, and persists even when strace'ing
the application. Here is a dump of the above exactly as I've described it.

Output from the command:

  strace /usr/local/lib/netscape/netscape-communicator > /tmp/strace.txt

yields a complete startup and trace up until it coredumps. I can provide
more information, or a complete trace upon request.

  read(8, "\1\0\215\32\3\0\0\0\"\0\0\0\1\0\1\1\377\377\377\377\0\0"..., 32)
= 32
  read(8, "\37\200\"\1\37\200\"\1O\0s\10", 12) = 12
  read(8, "\1\10\216\32\0\0\0\0*\0\0\0\0\0\0\0\20\0\20\0\0\0\0\0\0"..., 32)
= 32
  time(NULL)                              = 958164763
  lseek(16, 0, SEEK_END)                  = 339968
  lseek(16, 245760, SEEK_SET)             = 245760
  read(16, "0\0\323\17\302\17\204\17s\17O\17>\17\n\17\371\16\305\16"...,
4096) = 4096
  time(NULL)                              = 958164763
  gettimeofday({958164763, 943768}, NULL) = 0
  time(NULL)                              = 958164763
  getpid()                                = 8999
  stat("/home/twalker/.netscape/cache/1B", {st_mode=S_IFDIR|0755,
st_size=4096, ...}) = 0
  --- SIGALRM (Alarm clock) ---
  gettimeofday({958164763, 968988}, NULL) = 0
  sigreturn()                             = ? (mask now [])
  stat("/home/twalker/.netscape/cache/1B/cache391C6F1B0002327", 0xbfffdff4)
= -1 ENOENT (No such file or directory)
  fchmod(23, 0600)                        = 0
  fstat64(0x17, 0xbfffe018)               = 0
0) = 0x402d0000
  --- SIGSEGV (Segmentation fault) ---
  getpid()                                = 8999
  kill(8999, SIGBUS)                      = 0
  --- SIGBUS (Bus error) ---
  +++ killed by SIGBUS +++


If there is any other information you'd like, I would be glad to be of

Comment 1 Bill Nottingham 2000-05-16 12:22:59 EDT
I can't reproduce this here; it works OK
as non-root (causes a javascript error, but
that's not the point...)

Note You need to log in before you can comment on or make changes to this bug.