Maybe this will give an idea of *why* its crashing... Digging around in the mozilla source code (http://www.mozilla.org), I found these references to the content type of "internal/parser" : --[ from net.h in /mozilla/include ]-- /* This is like text/html, but also implies that the charset is that of the window. This type should not escape to the outside world! */ #define INTERNAL_PARSER "internal/parser" --[ from mimemoz.c in /mozilla/lib/libmime/ ]-- /* If we've converted to HTML, then we've already done charset conversion, so label this data as "internal/parser" to prevent it from being passed through the charset converters again. */ if (msd->options->write_html_p && !strcasecomp(type, TEXT_HTML)) type = INTERNAL_PARSER; ______________________________________________________________ If you are curious to how this makes it crash, grep the source code for "INTERNAL_PARSER" and you can see the many places that data with this content type, but not in that format will crash the browser. Here are some other interesting cuts from mozilla source: --[ from mozilla.cpp in /mozilla/cmd/winfe ]-- // added by ftang & jliu, just remap it from memory_stream->net_ColorHTMLStream NET_RegisterContentTypeConverter(INTERNAL_PARSER, FO_VIEW_SOURCE, TEXT_HTML, net_ColorHTMLStream); --[ from pagescan.c in /mozilla/network/main/ ]-- if ((URL_s->server_status >= 400) || /* don't attempt to parse non-html */ ((PL_strstr(URL_s->content_type, TEXT_HTML) == NULL) && (PL_strstr(URL_s->content_type, INTERNAL_PARSER) == NULL))) { /* URL_s->dont_cache = PR_FALSE; */ obj->page->dontFollow = PR_TRUE; } Here is the NPL disclaimer so I dont get bitched at for quoting source code: /* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 2 -*- * * The contents of this file are subject to the Netscape Public License * Version 1.0 (the "NPL"); you may not use this file except in * compliance with the NPL. You may obtain a copy of the NPL at * http://www.mozilla.org/NPL/ * * Software distributed under the NPL is distributed on an "AS IS" basis, * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the NPL * for the specific language governing rights and limitations under the * NPL. * * The Initial Developer of this code under the NPL is Netscape * Communications Corporation. Portions created by Netscape are * Copyright (C) 1998 Netscape Communications Corporation. All Rights * Reserved. */ /* Please leave outside of ifdef for windows precompiled headers */ Jim Paris wrote: > Netscape 4.x will crash when given a content-type of "internal/parser". > Earlier versions seem unaffected. Tested versions are 4.05 and 4.5b1. > Under Win95 it simply hangs and needs a three finger salute to kill it. > It dies with a bus fault under Linux. To test it, try > http://www.jtan.com/~jim/netscape-crash.cgi , which contains > > #!/bin/sh > echo Content-type: internal/parser > echo > echo If you can see this, your browser is OK! > > It may be possible to do worse than crash a browser. If this data is > going to the same place that parsed pages go, I would imagine that > buffer overflows are present. > > I submitted a bug report to Netscape. > > -jim
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:02 PDT