Closed
Bug 291029
Opened 19 years ago
Closed 19 years ago
reversed args to memcpy results in write to readonly memory [@ memcpy - CopyToLowerCase::write]
Categories
(Core :: Internationalization, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: timeless, Assigned: timeless)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.21 KB,
patch
|
dougt
:
review+
roc
:
superreview+
asa
:
approval1.8b2+
|
Details | Diff | Splinter Review |
Unhandled exception at 0x1021646c (msvcr71d.dll) in mozilla.exe: 0xC0000005:
Access violation writing location 0x0284b92c.
+ aSource 0x0284b92c "chromehidden" const unsigned short *
+ dest 0x0012f788 "" unsigned short *
msvcr71d.dll!memcpy(unsigned char * dst=0x0284b92c, unsigned char *
src=0x0012f788, unsigned long count=0x00000018) Line 287 Asm
> gklayout.dll!CopyToLowerCase::write(const unsigned short * aSource=0x0284b92c,
unsigned int aSourceLength=0x0000000c) Line 158 + 0x13 C++
gklayout.dll!nsCharSinkTraits<CopyToLowerCase>::write(CopyToLowerCase &
iter={...}, const unsigned short * s=0x0284b92c, unsigned int n=0x0000000c)
Line 736 C++
gklayout.dll!copy_string<nsReadingIterator<unsigned
short>,CopyToLowerCase>(nsReadingIterator<unsigned short> & first={...}, const
nsReadingIterator<unsigned short> & last={...}, CopyToLowerCase & result={...})
Line 95 + 0x27 C++
gklayout.dll!ToLowerCase(const nsAString & aSource={...}, nsAString &
aDest={...}) Line 175 + 0x23 C++
gklayout.dll!nsGenericHTMLElement::InternalGetExistingAttrNameFromQName(const
nsAString & aStr={...}) Line 4159 + 0x10 C++
gklayout.dll!nsGenericElement::GetAttribute(const nsAString & aName={...},
nsAString & aReturn={...}) Line 1311 + 0x12 C++
gklayout.dll!nsHTMLHtmlElement::GetAttribute(const nsAString & name={...},
nsAString & _retval={...}) Line 61 + 0x14 C++
appshell.dll!nsContentTreeOwner::ApplyChromeFlags() Line 678 + 0x3a C++
appshell.dll!nsXULWindow::OnChromeLoaded() Line 934 C++
appshell.dll!nsWebShellWindow::OnStateChange(nsIWebProgress *
aProgress=0x01a05854, nsIRequest * aRequest=0x01a353a8, unsigned int
aStateFlags=0x000c0010, unsigned int aStatus=0x804b0002) Line 1293 C++
docshell.dll!nsDocLoaderImpl::FireOnStateChange(nsIWebProgress *
aProgress=0x01a05854, nsIRequest * aRequest=0x01a353a8, int
aStateFlags=0x000c0010, unsigned int aStatus=0x804b0002) Line 1235 C++
docshell.dll!nsDocLoaderImpl::doStopDocumentLoad(nsIRequest *
request=0x01a353a8, unsigned int aStatus=0x804b0002) Line 840 C++
docshell.dll!nsDocLoaderImpl::DocLoaderIsEmpty() Line 731 C++
docshell.dll!nsDocLoaderImpl::OnStopRequest(nsIRequest * aRequest=0x01a353a8,
nsISupports * aCtxt=0x00000000, unsigned int aStatus=0x804b0002) Line 663 C++
necko.dll!nsLoadGroup::RemoveRequest(nsIRequest * request=0x01a353a8,
nsISupports * ctxt=0x00000000, unsigned int aStatus=0x804b0002) Line 701 + 0x2c C++
necko.dll!nsLoadGroup::Cancel(unsigned int status=0x804b0002) Line 376 C++
docshell.dll!nsDocLoaderImpl::Stop() Line 330 + 0x1f C++
docshell.dll!nsDocLoaderImpl::Stop() Line 327 C++
docshell.dll!nsDocLoaderImpl::Destroy() Line 415 C++
docshell.dll!nsDocLoaderImpl::~nsDocLoaderImpl() Line 208 C++
docshell.dll!nsDocLoaderImpl::`scalar deleting destructor'() + 0xf C++
docshell.dll!nsDocLoaderImpl::Release() Line 239 + 0x91 C++
xpcom_core.dll!nsCOMPtr_base::assign_assuming_AddRef(nsISupports *
newPtr=0x00000000) Line 463 C++
xpcom_core.dll!nsCOMPtr_base::assign_with_AddRef(nsISupports *
rawPtr=0x00000000) Line 90 C++
xpcom_core.dll!nsCOMPtr<nsISupports>::operator=(nsISupports * rhs=0x00000000)
Line 865 C++
xpcom_core.dll!FreeServiceContractIDEntryEnumerate(PLDHashTable *
aTable=0x002acbb4, PLDHashEntryHdr * aHdr=0x00b14cf8, unsigned int
aNumber=0x000002af, void * aData=0x00000000) Line 2009 C++
xpcom_core.dll!PL_DHashTableEnumerate(PLDHashTable * table=0x002acbb4,
PLDHashOperator (PLDHashTable *, PLDHashEntryHdr *, unsigned int, void *)*
etor=0x008acda0, void * arg=0x00000000) Line 619 + 0x19 C
xpcom_core.dll!nsComponentManagerImpl::FreeServices() Line 2021 + 0x13 C++
xpcom_core.dll!NS_ShutdownXPCOM_P(nsIServiceManager * servMgr=0x00000000)
Line 791 C++
mozilla.exe!NS_ShutdownXPCOM(nsIServiceManager * servMgr=0x00000000) Line
198 + 0xa C++
Attachment #181207 -
Flags: superreview?(roc)
Attachment #181207 -
Flags: review?(dougt)
Comment on attachment 181207 [details] [diff] [review] fix order of params to memcpy ow
Attachment #181207 -
Flags: superreview?(roc) → superreview+
|
||
Comment 3•19 years ago
|
||
Comment on attachment 181207 [details] [diff] [review] fix order of params to memcpy wow.
Attachment #181207 -
Flags: review?(dougt) → review+
|
||
Comment 5•19 years ago
|
||
I can only assume it was me. I hang my head in shame.
|
||
Comment 6•19 years ago
|
||
Comment on attachment 181207 [details] [diff] [review] fix order of params to memcpy a=asa for landing on frozen trunk.
Attachment #181207 -
Flags: approval1.8b2+
|
||
Comment 7•19 years ago
|
||
fixed? http://bonsai.mozilla.org/cvsquery.cgi?treeid=default&module=SeaMonkeyAll&branch=HEAD&branchtype=match&dir=&file=&filetype=match&who=&whotype=match&sortby=Date&hours=2&date=explicit&mindate=2005-04-21+15%3A30&maxdate=2005-04-21+15%3A30&cvsroot=%2Fcvsroot 2005-04-21 15:30 timeless%mozdev.org mozilla/ intl/ unicharutil/ util/ nsUnicharUtils.cpp 1.27 2/2 Bug 291029 reversed args to memcpy results in write to readonly memory [@ memcpy - CopyToLowerCase::write] r=dougt sr=roc a=asa http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&subdir=mozilla/intl/unicharutil/util&command=DIFF_FRAMESET&file=nsUnicharUtils.cpp&rev1=1.26&rev2=1.27&root=/cvsroot
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
|
||
Updated•19 years ago
|
Flags: blocking1.8b2?
|
||
Updated•13 years ago
|
Crash Signature: [@ memcpy - CopyToLowerCase::write]
You need to log in
before you can comment on or make changes to this bug.
Description
•