[Bug 685] New: Plugin crash and data corruption

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Sun Apr 3 17:39:17 PDT 2011 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=685

           Summary: Plugin crash and data corruption
           Product: IcedTea
           Version: 6-1.9.7
          Platform: all
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: IcedTea6
        AssignedTo: unassigned at icedtea.classpath.org
        ReportedBy: unfair at unfairnet.com


OS: Ubuntu 10.04 LTS

Browsers:
Firefox 3.6.16
Opera 10.63 b6450 Linux i686, 2.6.32-30-generic
Chrome 11.0.696.28 beta

Using Firefox the Liveconnect functionality works properly, but in Chrome and
Opera I have reproducible issues.

In Chrome using Java code to raise an alert() in the browser (via JSObject's
.eval() method) results in the plugin crashing 100% of the time with this
error:

"The following plug-in has crashed: IcedTea NPR Web Browser Plugin (using
IcedTea6 1.9.7 (6b20-1.9.7-0ubuntu1~10.04.1))"

Example code:
HTML:
<input type="button" value="test" onclick="document.testapplet.ShowAlert()">

Java:
public void ShowAlert()
{
        RunJS("TestAlert()");
}

private void RunJS(String myJS)
{
        try
        {
                if (myBrowser != null)
                {
                        myBrowser.eval(myJS);
                }
                else
                {
                        ChangeStatus("Could not retrieve browser reference!");
                }
        }
        catch (Exception ex)
        {
                ChangeStatus(ex.toString());
        }
}

Javascript:
function TestAlert()
{
        alert('test popup box');
}



Using Opera there is some sort of buffer overflow/data corruption. Executing
this Java function:

public void Login(String UserName, String Password)
{
        RunJS("LoginSuccess('" + UserName + "')");
}


Calls this Javascript:

function LoginSuccess(UserName)
{
        setElemInner('CurrentUser',UserName.length + ":" + UserName);
}

function setElemInner(ElemID,ElemData)
{
        var LElem = document.getElementById(ElemID);
        if (LElem != null)
        {
                LElem.innerHTML = ElemData;
        }
}

HTML:
<span id="CurrentUser"></span>

Which results in data like this:
12:TempUser�ȿ1
13:TempUserfere
12:TempUser��ȿ
13:TempUser://nx11;


-- 
Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the distro-pkg-dev mailing list