[Bug 1106] Icedtea 1.2.1 crashes Firefox

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Fri Aug 3 12:26:09 PDT 2012


--- Comment #8 from Vlastimil Babka <caster at gentoo.org> ---
(In reply to comment #6)
> Looking at the trace, it appears this patch may be to blame:
> http://icedtea.classpath.org/hg/release/icedtea-web-1.2/rev/a49edd57b1b3
> Assigning to patch owner (Adam) to cc:

Indeed appears to be due to the patch. Here's my relevant gdb output:

#5  0x00007fffc0adbb68 in memcpy (__src=0x7ffff66df460, __dest=0x7fffc0cff940,
__len=<optimized out>) at /usr/include/bits/string3.h:52
#6  initialize_browser_functions (browserTable=0x7ffff66df460) at
#7  NP_Initialize (browserTable=0x7ffff66df460, pluginTable=0x7fffc0d71210) at

(gdb) up
#6  initialize_browser_functions (browserTable=0x7ffff66df460) at
2057      memcpy(&browser_functions, browserTable, browserTable->size);
(gdb) l
2052      }
2054      //Ensure any unused fields are NULL
2055      memset(&browser_functions, 0, sizeof(NPNetscapeFuncs));
2056      //Copy fields according to given size
2057      memcpy(&browser_functions, browserTable, browserTable->size);
2059      return true;
2060    }
(gdb) print (browserTable->size)
$1 = 472
(gdb) print (sizeof(NPNetscapeFuncs))
$2 = 448
(gdb) quit

So apparently it memcopies a larger memory area into a smaller one. At first
sight, the patch checks if the browserTable->size is large enough to contain
all necessary functions, but does not check if the size isn't larger than the
allocated area.

Now I have little idea about this API, so dunno how it's possible that
NPNetscapeFuncs is smaller than the actual size. Could be related to npapi-sdk
version? In Gentoo I have 0.27 installed.

However maybe it could work to just memcpy only the area of usedSize, or just
cap the reported size by the sizeof(NPNetscapeFuncs)?

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20120803/9d51ac7f/attachment.html 

More information about the distro-pkg-dev mailing list