203978 - Invalid read of size 4 const nsString FunctionCall::INVALID_PARAM_VALUE(NS_LITERAL_STRING("invalid parameter value for function: "));

Status: RESOLVED FIXED

(Core :: XSLT, defect, P3)

Description

[timeless]

28138== Invalid read of size 4
==28138==    at 0x4044B399: nsMemory::Free(void *) (/mnt/ibm/mozhack/mozilla/xpcom/glue/nsMemory.cpp:107)
==28138==    by 0x40441DFA: nsStrPrivate::Free(nsStr &) (/mnt/ibm/mozhack/mozilla/string/obsolete/nsStr.cpp:1007)
==28138==    by 0x4043FB12: nsStrPrivate::Destroy(nsStr &) (/mnt/ibm/mozhack/mozilla/string/obsolete/nsStr.cpp:110)
==28138==    by 0x40445241: nsString::~nsString(void) (/mnt/ibm/mozhack/mozilla/string/obsolete/nsString2.cpp:104)
==28138==    by 0x440775E8: __static_initialization_and_destruction_0 (/mnt/ibm/mozhack/mozilla/extensions/transformiix/source/xpath/FunctionCall.cpp:39)
==28138==    by 0x4407765A: global destructors keyed to FunctionCall::FunctionCall(void) (../../../../dist/include/string/nsBufferHandle.h:399)
==28138==    by 0x44055313: (within /mnt/ibm/mozhack/obj-i686-pc-linux-gnu-qt/extensions/transformiix/build/libtransformiix.so)
==28138==    by 0x440DE099: (within /mnt/ibm/mozhack/obj-i686-pc-linux-gnu-qt/extensions/transformiix/build/libtransformiix.so)
==28138==    by 0x4000A816: (within /lib/ld-2.2.5.so)
==28138==    by 0x405A7B14: exit (in /lib/libc-2.2.5.so)
==28138==    by 0x40594183: (within /lib/libc-2.2.5.so)
==28138==    by 0x804AAB1: (within /mnt/ibm/mozhack/obj-i686-pc-linux-gnu-qt/js/src/xpconnect/shell/xpcshell)
==28138==    Address 0x415E658C is 0 bytes inside a block of size 72 free'd
==28138==    at 0x40047092: __builtin_delete (vg_clientfuncs.c:194)
==28138==    by 0x404100B6: nsMemoryImpl::~nsMemoryImpl(void) (/mnt/ibm/mozhack/mozilla/xpcom/base/nsMemoryImpl.cpp:264)
==28138==    by 0x4040FD0A: nsMemoryImpl::Release(void) (/mnt/ibm/mozhack/mozilla/xpcom/base/nsMemoryImpl.cpp:217)
==28138==    by 0x4037E24F: NS_ShutdownXPCOM (/mnt/ibm/mozhack/mozilla/xpcom/build/nsXPComInit.cpp:769)
==28138==    by 0x804CCDB: main (/mnt/ibm/mozhack/mozilla/js/src/xpconnect/shell/xpcshell.cpp:1010)
==28138==    by 0x4059417D: __libc_start_main (in /lib/libc-2.2.5.so)
==28138==    by 0x804AAB1: (within /mnt/ibm/mozhack/obj-i686-pc-linux-gnu-qt/js/src/xpconnect/shell/xpcshell)

This is a crash if you aren't running on valgrind, or if you tell valgrind to continue

File: /mnt/ibm/mozhack/mozilla/extensions/transformiix/source/xpath/FunctionCall.cpp
const nsString FunctionCall::INVALID_PARAM_VALUE(
        NS_LITERAL_STRING("invalid parameter value for function: "));

http://www.mozilla.org/hacking/portable-cpp.html#dont_use_static_constructors

I have a patch to transformiix to cleanup a NSPR API violation and a patch to
XPCOM so that PR_Cleanup is called and some other irrelevant patches.

./run-mozilla.sh ./xpcshell
const C=Components.classes
for (a in C) if (/transformiix/.test(a)) C[a].createInstance()
quit()

Comment 1

[Peter Van der Beken [:peterv]]

Don't spam unnecessarily.

Comment 2

[Peter Van der Beken [:peterv]]

Attachment: v1

Comment 3

[Peter Van der Beken [:peterv]]

Attachment: v1

Comment 4

[Axel Hecht]

Comment on attachment 122622 [details] [diff] [review]
v1

good enough, I'll kill those strings for good someday. hopefully. yay nsresult.
r=axel@pike.org

Comment 5

[Johnny Stenback (:jst)]

Comment on attachment 122622 [details] [diff] [review]
v1

sr=jst

Comment 6

[Peter Van der Beken [:peterv]]

Checked in.