Closed
Bug 214176
Opened 21 years ago
Closed 21 years ago
Crash Opening Mail/News Component
Categories
(MailNews Core :: Backend, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jay, Assigned: brendan)
References
Details
(Keywords: crash, fixed1.4.1)
Attachments
(2 files)
|
3.70 KB,
text/plain
|
Details | |
|
3.94 KB,
patch
|
brendan
:
review+
asa
:
approval1.4.1+
|
Details | Diff | Splinter Review |
Win98SE Build 2003072804 1.5b Trunk Opening mail/news causes crash in KERNEL32.DLL 100% reproducible
|
Reporter | |
Comment 1•21 years ago
|
||
talkback ID=TB22263310Z
Summary: Crash Opening Mail/News Component → Crash Opening Mail/News Component
I get a hang here on Solaris with today's CVS build when opening the Mail/News component. Rebuilding with Debug on and will provide a stack asap.
|
|
Reporter | |
Comment 3•21 years ago
|
||
Win98SE PC Stack Trace http://www.ufaq.org/mailnewscrash.txt
Here's a nicer UNIX stack. Looks like some sort of memory freeing that's perhaps not allocated (or double free ?) Note, jsscope.c was checked in by brendan onthe 26th so some possibility to be the cause of this.
shouldn't jsscope.c:339 be
nbytes = newsize * sizeof(JSScopeProperty *);
I recompiled with my recommended fix and it seems to be working now. Brendan can you confirm/deny the fix pls.
|
Assignee | |
Comment 7•21 years ago
|
||
The stack indicates heap corruption, not the bug Mitch found (thanks!) where the new table is over-large. I'm fixing the newsize computation bug Mitch found, but I wonder if there isn't still an impurity somewhere (not clear where) that various malloc callers will still trip over. /be
Lost all my email settings mailboxes, and browser bookmarks. Talkback IDs TB22269547E, TB22269532H. Marking DATALOSS and elevating to Blocker
Severity: critical → blocker
Keywords: dataloss
I take that back. Inadvertently changed profile when restarting, panicked and thought I'd lost all my settings. No dataloss, but DOES crash 100% of the time. I'll leave the blocker.
Keywords: dataloss
|
|
Assignee | |
Comment 10•21 years ago
|
||
But again, this fix seems to me only to hide the impurity, if it makes the crash go away. Without this fix, scope tables that grow or shrink are oversized by a factor of seven. It seems as though that changes the layout of memory enough to cause (or to make more likely) the crash. /be
|
|
Assignee | |
Comment 11•21 years ago
|
||
Comment on attachment 128731 [details] [diff] [review] fix for the jsscope.c overlarge allocation bug This is a non-minimal change. I wondered why I wasn't using the SCOPE_TABLE_SIZE macro, and noticed it wasn't used anywhere. I renamed it and used it to scale consistently throughout. /be
Attachment #128731 -
Flags: review?(Mitch)
|
|
Assignee | |
Comment 12•21 years ago
|
||
The followup change to jsscript.c for bug 208030, now backed out in its essential part, may be the cause of this impurity being exposed. Or it may have been the cause of the impurity, period. If someone can retest with an up to date js/src/jsscript.c and verify that the bug here can't be reproduced, with or without my patch attachment 128731 [details] [diff] [review], then I would like to close this bug as a dup of 208030. But I'd like to get the patch in -- Mitch found a real footprint bloat bug, due to a stupid almost-typo (the sizeof(JSScopeProperty) rather than sizeof(JSScopeProperty *) dates from an old version of the jsscope.c code that didn't have a property tree in which to share JSScopeProperty structs, pointed at by many scope hash table entries). /be
Assignee: sspitzer → brendan
|
||
Comment 13•21 years ago
|
||
Brendan, looks fine to me. I can't retest till tomorrow (since i'm at home) on Solaris, but seems to do the right thing by using the macro.
|
|
Assignee | |
Comment 14•21 years ago
|
||
Checked in. I think the crash was a dup of 208030, but I'm just going to close this, since it did turn up a different bug and capture a reviewed patch. /be
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 16•21 years ago
|
||
Comment on attachment 128731 [details] [diff] [review] fix for the jsscope.c overlarge allocation bug This patch applies with some hunk offset slop to 1.4.1. I have an exact patch created via cvs up -j that I'll check in, if it is approved. /be
Attachment #128731 -
Flags: review?(Mitch)
Attachment #128731 -
Flags: review+
Attachment #128731 -
Flags: approval1.4.x?
|
||
Comment 17•21 years ago
|
||
Comment on attachment 128731 [details] [diff] [review] fix for the jsscope.c overlarge allocation bug a=asa (on behalf of drivers) for checkin to the 1.4 branch.
Attachment #128731 -
Flags: approval1.4.x? → approval1.4.x+
|
|
||
Updated•21 years ago
|
Flags: blocking1.4.x?
|
||
Updated•20 years ago
|
Product: MailNews → Core
|
||
Updated•16 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•