Preview of new mozilla package ... breaks kazehakase [patch attached]

Alexander Sack asac at jwsdot.com
Wed Aug 31 21:45:42 UTC 2005 

Hi,


I have prepared new mozilla packages (2:1.7.8-1sarge2) that tries to
tackle all vulnerabilities. It's basically the full upstream patch from
1.7.8 to 1.7.10 without version bumping.

I uploaded it to http://people.debian.org/~asac/security/

Anyway, there is one regression I found while testing:

Galeon, epiphany appear work, but kazehakase segfaults if you 
don't open a tab explicitly before entering or selecting an URI. In
consequence, opening new tabs by clicking on links with middle-mouse 
segfaults in the same way. From what I can see in the code, kazehakase
relies on the fact that gtk_widget_realize is called *before* any
signal is invoked (e.g. stop_net) mozembed. However this 
isn't true for 1.7.10 anymore.

AFAIK, the same is true for current unstable kazehakase.

The fix is quite simple. Its just a kazehakase issue. I think the way
they use the realize, net_stop as a startup sequence is quite dubios
IMO.

Attached comes the patch for kazehakase. Maybe you can upload a
functional package to stable-proposed and state that this fix is
needed to prevent segfaults in kazehakase. The earlier the better.


fwiw, the backtrace:
look at #4.... you have a priv->wrapper that is NULL
(kz-mozembed.cpp:962).
With old mozilla it was !- NULL; the reason I found: the _realize
function was called in advance.


#0  KzMozWrapper::GetDocShell (this=0x0, aDocShell=0x0) at nsCOMPtr.h:692
#1  0x0808f16b in KzMozWrapper::GetMainDomDocument (this=0x0, aDOMDocument=0x0) at nsCOMPtr.h:1211
#2  0x0808081f in net_stop_proccess (kzembed=0x84073e0) at nsCOMPtr.h:1211
#3  0x08080c22 in kz_moz_embed_net_stop (embed=0x84073e0) at kz-mozembed.cpp:1018
#4  0x406bb2a6 in g_cclosure_marshal_VOID__VOID () from /usr/lib/libgobject-2.0.so.0
#5  0x406a99c9 in g_cclosure_new_swap () from /usr/lib/libgobject-2.0.so.0
#6  0x406a9736 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0
#7  0x406ba651 in g_signal_emit_by_name () from /usr/lib/libgobject-2.0.so.0
#8  0x406b9e9c in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0
#9  0x406ba126 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0
#10 0x080ab883 in EmbedProgress::OnStateChange (this=0x8409308, aWebProgress=0x840c73c,
    aRequest=0x0, aStateFlags=262160, aStatus=2152398850) at EmbedProgress.cpp:96
#11 0x420b318d in nsDocLoaderImpl::FireOnStateChange ()
   from /usr/lib/mozilla/components/libdocshell.so
#12 0x420b267f in nsDocLoaderImpl::doStopDocumentLoad ()
   from /usr/lib/mozilla/components/libdocshell.so
#13 0x420b24df in nsDocLoaderImpl::DocLoaderIsEmpty ()
   from /usr/lib/mozilla/components/libdocshell.so
#14 0x420b222b in nsDocLoaderImpl::~nsDocLoaderImpl ()
   from /usr/lib/mozilla/components/libdocshell.so
#15 0x40de54cc in NSGetModule () from /usr/lib/mozilla/components/libnecko.so
#16 0x40de4ecf in NSGetModule () from /usr/lib/mozilla/components/libnecko.so
#17 0x420b1cbe in nsDocLoaderImpl::~nsDocLoaderImpl ()
   from /usr/lib/mozilla/components/libdocshell.so
#18 0x420b0a04 in nsURILoader::~nsURILoader () from /usr/lib/mozilla/components/libdocshell.so
#19 0x42097393 in nsDocShell::IsPrintingOrPP () from /usr/lib/mozilla/components/libdocshell.so
#20 0x4209cd96 in nsDocShell::CheckLoadingPermissions ()
   from /usr/lib/mozilla/components/libdocshell.so
#21 0x42090680 in nsDocShell::ConvertLoadTypeToDocShellLoadInfo ()
   from /usr/lib/mozilla/components/libdocshell.so
#22 0x42095489 in nsDocShell::IsPrintingOrPP () from /usr/lib/mozilla/components/libdocshell.so
#23 0x4205bdfe in NSGetModule () from /usr/lib/mozilla/components/libwebbrwsr.so
#24 0x0809c845 in EmbedPrivate::LoadCurrentURI (this=0xbfffe1d0) at nsCOMPtr.h:710
#25 0x0809a24b in gtk_moz_embed_realize (widget=0x84073e0) at gtkmozembed2.cpp:471
#26 0x0807f5e8 in kz_moz_embed_realize (widget=0x84073e0) at kz-mozembed.cpp:563



-- 
 GPG messages preferred.   |  .''`.  ** Debian GNU/Linux **
 Alexander Sack            | : :' :      The  universal
 asac at debian.org           | `. `'      Operating System
 http://www.asoftsite.org  |   `-    http://www.debian.org
-------------- next part --------------
diff -uwr src.orig/mozilla/kz-mozembed.cpp src/mozilla/kz-mozembed.cpp
--- kazehakase.orig/src/mozilla/kz-mozembed.cpp	2005-06-30 15:50:53.000000000 +0200
+++ kazehakase/src/mozilla/kz-mozembed.cpp	2005-08-31 23:32:41.410770191 +0200
@@ -527,7 +528,7 @@
 	// After "about:balnk" was loaded, the first url start to load.  
 	if (url)
 		priv->first_url = g_strdup(url);
-	//kz_moz_embed_load_url(KZ_EMBED(kzembed), url);
+	kz_moz_embed_load_url(KZ_EMBED(kzembed), url);
 
 	return GTK_WIDGET(kzembed);
 }
@@ -943,6 +948,10 @@
 {
 	KzMozEmbedPrivate *priv = KZ_MOZ_EMBED_GET_PRIVATE (kzembed);
 
+	if(!priv->wrapper) {
+		return;
+	}
+
 	gboolean create_thumbnail = FALSE, store_cache = TRUE;
 	KZ_CONF_GET("Global", "create_thumbnail", create_thumbnail, BOOL);
 	KZ_CONF_GET("History", "store_cache", store_cache, BOOL);

More information about the pkg-mozilla-maintainers mailing list