306493 - recent cvs build of firefox crashes [@ nsUnicodeToTamilTTF::SetOutputErrorBehavior] [@ nsUnicodeToJamoTTF::SetOutputErrorBehavior]

Status: RESOLVED FIXED

(Core :: Internationalization, defect)

Description

[Will Fiveash]

User-Agent:       Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8b3) Gecko/20050711 Firefox/1.0+
Build Identifier: Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.8b3) Gecko/20050711 Firefox/1.0+

The latest cvs build of firefox (Aug 30, 2005) consistenly crashes on different
websites.  Note that I do use flashblock extension.  I will add the stack trace
and other info.  Also note that an older build of cvs firefox (Jul 11, 2005)
does not crash nearly as quickly.

Reproducible: Didn't try




At the top of the stack I see:

ffbfa8f0 libc.so.1`_lwp_kill+8(b, ffbfa9b0, 0, b, ffff0000, 1)
  %l0-%l3: ff252000        0        0      400
  %l4-%l7:        0      400        1        0
  __1cNnsProfileLockSFatalSignalHandler6Fi_v_+0xe8:
  call      +0x1cd74      <PLT=libc.so.1`raise>

ffbfa950 __1cNnsProfileLockSFatalSignalHandler6Fi_v_+0xe8(b, 200, 479c0, 0, a, 
dc)
  %l0-%l3:        0        0    4a83c        0
  %l4-%l7:        0        0        0    2b438
  libc.so.1`__sighndlr+0xc:jmpl      %i3, %o7

ffbfa9c0 libc.so.1`__sighndlr+0xc(b, 0, ffbfab20, 2b484, 0, 1)
  %l0-%l3:        0 ff369c44        0 ffbffeff
  %l4-%l7: ffbffeff      400        1        a
  libc.so.1`call_user_handler+0x3b8:
  call      +0xab88       <libc.so.1`__sighndlr>

ffbfaa20 libc.so.1`call_user_handler+0x3b8(b, ffbffeff, 0, 0, ff252000, ffbfab20
)
  %l0-%l3: ffbfab20        0        0        0
  %l4-%l7:        0     ffff ffbffeff        0
  
  libctl.so`__1cTnsUnicodeToSunIndicWSetOutputErrorBehavior6MipnRnsIUnicharEncod
  er_H_I_+0x44:jmpl      %l5, %o7

ffbfadd8 0(b2b648, 2, 0, 3f, 270, 3f0000)
  %l0-%l3:       1a        0 80000000       3f
  %l4-%l7:   160018        0   6da4e0   160018
  libgfx_gtk.so`__1cOGetFontXftInfo6FpnK_FcPattern__pnNnsFontXftInfo__+0x12c:
  call      -0x28c        <libgfx_gtk.so`__1cMGetConverter6FpkcppnRnsIUnicodeEnc
  oder__I_>

ffbfae38 
libgfx_gtk.so`__1cOGetFontXftInfo6FpnK_FcPattern__pnNnsFontXftInfo__+0x12c(1, 
95eaa8, 15c90c8, 15c90c0, faa13b00, ffbfaeb8)
  %l0-%l3:      274 756e6800        3 ff2313f4
  %l4-%l7: ff2314ac ff231434      43c        0
  libgfx_gtk.so`__1cQnsFontMetricsXftHDoMatch6Mi_v_+0x218:
  call      +0x3adc       <libgfx_gtk.so`__1cOGetFontXftInfo6FpnK_FcPattern__pnN
  nsFontXftInfo__>

Comment 1

[Will Fiveash]

Attachment: stack and registers of firefox core

Comment 2

[Will Fiveash]

Attachment: libs associated with firefox in core

Comment 3

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

May be related to bug 295145, but I don't see how.

Comment 4

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Actually, I think I do.  Nothing null-initializes mErrEncoder in the constructor
of any of these classes.

Comment 5

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

(But really they should just use nsCOMPtr.)

Comment 6

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

This should be fixed on the branch (by backing out bug 295145, if needed,
although the fix should be trivial).  Plussing.

Comment 7

[Simon Montagu :smontagu]

Attachment: nsCOMPtrification

Comment 8

[Christian :Biesinger (don't email me, ping me on IRC)]

(hrm, I thought I mentioned nsCOMPtr in that bug, but clearly I did it on IRC
only...)

Comment 9

[Will Fiveash]

I applied the attached patch, rebuilt the cvs source and this appears to have
fixed the crash that I was seeing.  Thanks.

Comment 10

[Jens-Uwe]

*** Bug 306838 has been marked as a duplicate of this bug. ***

Comment 11

[Jungshik Shin]

Comment on attachment 194421 [details] [diff] [review]
nsCOMPtrification

r=jshin

Comment 12

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Comment on attachment 194421 [details] [diff] [review]
nsCOMPtrification

sr=dbaron

(Does anyone actually use these?)

Comment 13

[Jo Hermans]

(In reply to comment #12)
> (From update of attachment 194421 [details] [diff] [review] [edit])
> sr=dbaron
> 
> (Does anyone actually use these?)
> 

The stacktraces are clearly visible in Talkback. See the ones from today (look
for SetOutputErrorBehavior)

- on Firefox 1.5 branch, it's position 4 & 35
- on Firefox trunk, it's position 6 & 7
- on Thunderbird 1.5 branch, it's position 14
- on Thunderbird trunk, it's position 6

Comment 14

[Jo Hermans]

Note that the talkback traces are all coming from Linux/86 platforms. It's not
just for Solaris.

Comment 15

[Christian :Biesinger (don't email me, ping me on IRC)]

> (Does anyone actually use these?)


I'm pretty sure that nobody calls these functions with a non-null aErrEncoder,
if nothing else because before bug 295145 these functions didn't work.

Comment 16

[Simon Montagu :smontagu]

Checked in on trunk.

Comment 17

[Jesse Ruderman]

This is the #1 topcrash in branch nightlies, so it would be nice if this were
fixed before Firefox 1.5 Beta 1.

Comment 18

[Asa Dotzler [:asa]]

Comment on attachment 194421 [details] [diff] [review]
nsCOMPtrification

this needs to land asap if it's gonna make the beta.

Comment 19

[Jo Hermans]

*** Bug 307257 has been marked as a duplicate of this bug. ***

Comment 20

[Jay Patel [:jay]]

Adding crash, topcrash+ keywords for tracking since this is the current #1
topcrash on the branch...let's try to get this in for 1.5 beta 1.

Comment 21

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Checked in on MOZILLA_1_8_BRANCH.