Closed Bug 118279 Opened 23 years ago Closed 23 years ago

URL Loads, displays, then segfaults in nsCOMPtr_base::~nsCOMPtr_base(void)

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: harik, Assigned: dougt)

References

(
URL
)

Details

(Keywords: crash, stackwanted) 

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011229
BuildID:    20011229

Something's clobbering a pointer, and it's in C++ nastyness so I'm
at a loss.  The actuall code in question seems innocent,

if (pointer) MACRO_FREE(pointer), but somehow the address in the
object for the pointer is getting zeroed.

I let it dump core and went in with gdb, more information is available
there.

Reproducible: Always
Steps to Reproduce:
1. Start browser.
2. Load URL.
3. Core dump.

(gdb) bt
#0  0x401a721f in nsCOMPtr_base::~nsCOMPtr_base () from /usr/lib/libxpcom.so
(gdb) disass
Dump of assembler code for function _._13nsCOMPtr_base:
0x401a7208 <_._13nsCOMPtr_base>:        push   %ebp
0x401a7209 <_._13nsCOMPtr_base+1>:      mov    %esp,%ebp
0x401a720b <_._13nsCOMPtr_base+3>:      sub    $0x10,%esp
0x401a720e <_._13nsCOMPtr_base+6>:      push   %esi
0x401a720f <_._13nsCOMPtr_base+7>:      push   %ebx
0x401a7210 <_._13nsCOMPtr_base+8>:      call   0x401a7215 <_._13nsCOMPtr_base+13>
0x401a7215 <_._13nsCOMPtr_base+13>:     pop    %ebx
0x401a7216 <_._13nsCOMPtr_base+14>:     add    $0x1f4e7,%ebx
0x401a721c <_._13nsCOMPtr_base+20>:     mov    0x8(%ebp),%esi
0x401a721f <_._13nsCOMPtr_base+23>:     mov    (%esi),%edx
0x401a7221 <_._13nsCOMPtr_base+25>:     test   %edx,%edx
0x401a7223 <_._13nsCOMPtr_base+27>:     je     0x401a7233 <_._13nsCOMPtr_base+43>
0x401a7225 <_._13nsCOMPtr_base+29>:     add    $0xfffffff4,%esp
0x401a7228 <_._13nsCOMPtr_base+32>:     mov    (%edx),%eax
0x401a722a <_._13nsCOMPtr_base+34>:     push   %edx
0x401a722b <_._13nsCOMPtr_base+35>:     mov    0x10(%eax),%eax
0x401a722e <_._13nsCOMPtr_base+38>:     call   *%eax
http://finance.yahoo.com/ alone yields the crash, the extra information is
personilzation and requires a login.

Where is this destructor getting called from (what're the next 10-20 things on 
the stack?)
WFM, Linux 2002010308.
Reporter, do you still crash with latest nightly build ?
Build available here:
http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu-sea.tar.gz
Keywords: crash, stackwanted
Resolving worksforme - more than a month since a request to the reporter (Dan
Merillat) and no reply. Reporter - please reopen this bug if it still occurs in
a recent (Moz 1.0RC1+) build.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.