Closed Bug 145147 Opened 22 years ago Closed 22 years ago

Crashes Sniffing Mime types M1RC2 Trunk [@ imgRequest::SniffMimeType]

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.0

People

(Reporter: greer, Assigned: pavlov)

Details

(Keywords: crash, qawanted, topcrash, Whiteboard: [ADT2 RTM])

Crash Data

Attachments

(3 files, 2 obsolete files)

Stack values
1.36 KB, text/plain
Details
User comments
1.86 KB, text/plain
Details
Don't use GetService at all
2.15 KB, patch
Bienvenu
: review+
mscott
: superreview+
endico
: approval+
Details | Diff | Splinter Review 
The topcrash list for M1RC2 has a number of crashes at this signature. Looking 
at past data, this problem showed up between M099 and M1RC1 (between March 11 
and April 17). Blame points to cbeisinger's patch for bug 104906 (March 23) in 
imgRequest.cpp.

imgRequest::SniffMimeType   
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp, line 788]         
sniff_mimetype_callback   
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp, line 779]         
nsPipe::nsPipeInputStream::ReadSegments   
[d:\builds\seamonkey\mozilla\xpcom\io\nsPipe2.cpp, line 420]         
imgRequest::OnDataAvailable   
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgRequest.cpp, line 691]         
ProxyListener::OnDataAvailable   
[d:\builds\seamonkey\mozilla\modules\libpr0n\src\imgLoader.cpp, line 705]         
nsHttpChannel::OnDataAvailable   
[d:\builds\seamonkey\mozilla\netwerk\protocol\http\src\nsHttpChannel.cpp, line 
2965]         nsOnDataAvailableEvent::HandleEvent   
[d:\builds\seamonkey\mozilla\netwerk\base\src\nsStreamListenerProxy.cpp, line 
203]         PL_HandleEvent   
[d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, line 597]         
PL_ProcessPendingEvents   [d:\builds\seamonkey\mozilla\xpcom\threads\plevent.c, 
line 530]         nsEventQueueImpl::ProcessPendingEvents   
[d:\builds\seamonkey\mozilla\xpcom\threads\nsEventQueue.cpp, line 392]

The values at the time of the crash are:
cc'ing cbiesinger who checked in the fix for bug 104906.
Keywords: crash, qawanted, topcrash
Attached file Stack values 
Attachment with the values from the top three stack frames on the main thread
at the time of crash.
Attached file User comments 
User comments for help with repro/testcase.
I can neither reproduce this nor can see why this function can cause a crash...
I'd suspect that do_GetService fails, but don't know why that would fail.

The other possibility is that |this| is invalid, because it was deleted or
points to invalid memory...

It's hard to fix this when I don't know what causes it...
Whiteboard: [grr]
Is it possible to find out where the nsCOMPtr<imgILoader> points to?
Unfortunately, no, we can't see where nsCOMPtr<imgILoader> points to. Talkback 
does not resolve smart pointers.
I hit this crash, and it was because I closed down the browser while it was
still loading (my.netscape.com) - the get service call failed, because I was
shutting down. A simple check for a null loader will fix this - I manually
continued on and shut down fine. I'll attach the trivial patch.
Attached patch proposed fix (obsolete) — Splinter Review 

    
    

    
  
I'd like to make sure this is OK with pav.

    
    

    
  


  

        Attachment #84855 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 84940 [details] [diff] [review]
patch with assertion per pav's request

r=pavlov

        Attachment #84940 -
        Flags: review+

    
    

    
  


  
convert this to use a static method on imgLoader and avoid the GetService stuff
completly.

        Attachment #84940 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 84946 [details] [diff] [review]
Don't use GetService at all

r=bienvenu

        Attachment #84946 -
        Flags: review+

    
    

    
  
Comment on attachment 84946 [details] [diff] [review]
Don't use GetService at all

sr=mscott

        Attachment #84946 -
        Flags: superreview+

    
  
Status: NEW → ASSIGNED
Keywords: nsbeta1
Target Milestone: --- → mozilla1.0

    
    

    
  
fixed on trunk.  need a='s from drivers and adt

    
    

    
  
->nsbeta1+ and added adt1.0.0
Keywords: nsbeta1adt1.0.0, 
          
            nsbeta1+
Whiteboard: [grr] → [grr][ADT1]

    
    

    
  
Comment on attachment 84946 [details] [diff] [review]
Don't use GetService at all

a=roc,scc,shaver

please check this in to
the mozilla 1.0 branch asap

        Attachment #84946 -
        Flags: approval+

    
    

    
  
adt1.0.0+ (on ADT's behalf) for approval to checkin to the 1.0 branch. After,
checking in, please add the fixed1.0 keyword.
Keywords: adt1.0.0adt1.0.0+
Whiteboard: [grr][ADT1] → [grr] [ADT2 RTM]

    
    

    
  
fix on trunk and branch now
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Keywords: fixed1.0.0
Resolution: --- → FIXED

    
    

    
  
Verified fix checked into branch and trunk, marking verified
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.0verified1.0.0

    
  
Whiteboard: [grr] [ADT2 RTM] → [ADT2 RTM]
Crash Signature: [@ imgRequest::SniffMimeType]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: