Closed
Bug 245930
Opened 21 years ago
Closed 21 years ago
GTK2 branch (1.7 and aviary) builds crash on startup on Linux x86_64
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: jst, Assigned: jst)
Details
(Keywords: 64bit, fixed1.7, Whiteboard: fixed-aviary1.0)
Attachments
(2 files)
|
1.42 KB,
patch
|
dbaron
:
review+
darin.moz
:
superreview+
asa
:
approval1.7+
|
Details | Diff | Splinter Review |
|
1.98 KB,
patch
|
darin.moz
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
We crash at:
#0 0x00000031dae6fd40 in memcpy () from /lib64/tls/libc.so.6
#1 0x0000002a958703b3 in nsCharTraits<char>::copy (
s1=0x80bfffb577 <Address 0x80bfffb577 out of bounds>,
s2=0x2a9aaea63b "-*-*-*-*-*-*-*-*-*-*", n=20) at nsCharTraits.h:318
#2 0x0000002a9586fc06 in nsCSubstring::Replace (this=0x7fbfffb550,
cutStart=4294967295, cutLength=0,
data=0x2a9aaea63b "-*-*-*-*-*-*-*-*-*-*", length=20)
at nsTSubstring.cpp:408
#3 0x0000002a95868d31 in nsCSubstring::Insert (this=0x7fbfffb550,
data=0x2a9aaea63b "-*-*-*-*-*-*-*-*-*-*", pos=4294967295,
length=4294967295) at nsTSubstring.h:261
#4 0x0000002a95868365 in nsACString::Insert (this=0x7fbfffb550,
data=0x2a9aaea63b "-*-*-*-*-*-*-*-*-*-*", pos=4294967295)
at nsTAString.cpp:307
#5 0x0000002a9aacbafe in FFREToXLFDPattern (aFFREName=@0x7fbfffb6c0,
oPattern=@0x7fbfffb550)
at ../../../../mozilla/gfx/src/gtk/nsFontMetricsGTK.cpp:5680
and the crash is due to nsTSubstring::Replace() not checking if the cutStart
argument is greater than the length of the string we're replacing data in. Patch
coming up.
|
Assignee | |
Comment 1•21 years ago
|
||
|
|
Assignee | |
Updated•21 years ago
|
Attachment #150304 -
Flags: superreview?(darin)
Attachment #150304 -
Flags: review?(dbaron)
Comment on attachment 150304 [details] [diff] [review]
Fix startup crash.
r=dbaron if you update your tree and fix the recently added ReplaceASCII as
well.
Attachment #150304 -
Flags: review?(dbaron) → review+
|
|
Assignee | |
Comment 3•21 years ago
|
||
Yeah... that patch was against an aviary branch tree, where there is no
ReplaceASCII(). I've got that fixed in my trunk tree now. Thanks!
Status: NEW → ASSIGNED
Flags: blocking1.7?
|
|
Assignee | |
Comment 4•21 years ago
|
||
|
||
Updated•21 years ago
|
Attachment #150304 -
Flags: superreview?(darin) → superreview+
|
|
||
Comment 5•21 years ago
|
||
Comment on attachment 150305 [details] [diff] [review]
Same thing for the trunk.
r+sr=darin
Attachment #150305 -
Flags: superreview+
Attachment #150305 -
Flags: review+
|
|
Assignee | |
Updated•21 years ago
|
Attachment #150304 -
Flags: approval1.7?
|
|
Assignee | |
Comment 6•21 years ago
|
||
Fix landed on the trunk.
|
||
Comment 7•21 years ago
|
||
Comment on attachment 150304 [details] [diff] [review]
Fix startup crash.
a=asa (on behalf of drivers) for checkin to 1.7
Attachment #150304 -
Flags: approval1.7? → approval1.7+
|
|
||
Updated•21 years ago
|
Flags: blocking1.7? → blocking1.7+
|
|
Assignee | |
Updated•21 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Keywords: fixed1.7
Resolution: --- → FIXED
Whiteboard: fixed-aviary1.0
|
||
Comment 8•21 years ago
|
||
The note that this is broken should be removed from the release notes then, I guess.
|
||
Updated•4 years ago
|
Component: String → XPCOM
You need to log in
before you can comment on or make changes to this bug.
Description
•