Bug 53727 - plugger crashes when loading this page
Summary: plugger crashes when loading this page
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: plugger
Version: 1.0
Hardware: i686
OS: Linux
medium
high
Target Milestone: ---
Assignee: Than Ngo
QA Contact:
URL: http://www.feltmountain.com/2001/gold...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-09-17 04:13 UTC by George Karabin
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-09-17 08:17:21 UTC
Embargoed:


Attachments (Terms of Use)

Description George Karabin 2001-09-17 04:13:30 UTC
Description of Problem:

I've got the lastest Roswell installed. While checking mozilla's bugquest
for a mozilla crash on an unrelated problem, I did run across one similar
bug report, at http://bugzilla.mozilla.org/show_bug.cgi?id=97755

I was unable to duplicate the bug at this page because mozilla crashed on
it, but earlier, apparently for a different reason.

The page has some content that "plugger" tries to handle. Plugger crashes
on me.

I tried the same page under Netscape, which uses the same plugger library.
Netscape has no problems with it.


Version-Release number of selected component (if applicable):

3.3-4

How Reproducible:

The bug occurs every time.

Steps to Reproduce:
1. Open mozila or netscape
2. Load the URL:
"http://www.feltmountain.com/2001/goldfrapp.html".

Actual Results:

Mozilla crashes, Netscape doesn't.

Expected Results:

Mozilla shouldn't crash, multimedia content should play (some kind of
animation and sound clip play under netscape).

Additional Information:
	
The info on the plugger home page didn't make it look like plugger is well
supported for mozilla. It mentioned that the author had heard that it
should work on the 0.8 series...

Comment 1 George Karabin 2001-09-17 08:17:17 UTC
After compiling the source RPM with debugger symbols turned on, it looks like
plugger is dying in plugger.c, function NPP_StreamAsFile, on line 1219.

Changing line 1219 from this:
  if((!strcmp(THIS->command, "internal:url")) && fname)

to this:
  if((!THIS->command || !strcmp(THIS->command, "internal:url")) && fname)

fixes a NULL pointer dereference that is causing a segfault. Mozilla is passing
a NULL command string to plugger. With this change, mozilla doesn't crash, and
plugger seems to continue to work when I browse to, and select subsequent files
that cause plugger to run.

I'm not certain if this is the best fix or not - it might be better to
initialize the command pointer to a NULL-terminated string, but I didn't poke
around long enough to make sure I understood how to safely allocate and free
memory without leaks.

I'll send a link to this bug report to the plugger author (Fredrik H|binette:
hubbe) to see what he thinks about this.


Comment 2 Ngo Than 2001-09-17 11:04:31 UTC
thanks for your patch file. The plugger-3.3-5 in rawhide includes this patch.



Note You need to log in before you can comment on or make changes to this bug.