Closed
Bug 236274
Opened 20 years ago
Closed 20 years ago
Crash when exporting bookmarks [@ nsCharTraits<unsigned short>::length]
Categories
(SeaMonkey :: Bookmarks & History, defect)
SeaMonkey
Bookmarks & History
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 236003
People
(Reporter: tsangal, Assigned: p_ch)
References
Details
(Keywords: crash, regression)
Crash Data
User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:) Gecko/20040302 Mozilla crashes when I try to export my bookmarks to a file. Reproducible: Always Steps to Reproduce: 1. Open the Bookmark Manager (Bookmarks -> Manage Bookmarks) 2. Select Tools -> Export... 3. Enter a filename if desired, and press Save. Actual Results: Mozilla hangs for a second, then Windows presents a standard crash dialog. Expected Results: Exported bookmarks to file and resumed normal operation. about:buildconfig Build platform target i586-pc-msvc Build tools Compiler Version Compiler flags $(CYGWIN_WRAPPER) cl 12.00.8804 -TC -nologo -W3 -nologo -Gy -Fd$(PDBFILE) $(CYGWIN_WRAPPER) cl 12.00.8804 -TP -nologo -W3 -nologo -Gy -Fd$(PDBFILE) -I/usr/X11R6/include Configure arguments --without-system-jpg --without-system-zlib --enable-extensions=default,tasks --enable-crypto --disable-auto-deps --disable-debug --enable-optimize
Reproduced on build 2004030409 Mozilla/5.0 (Windows; U; Win98; en-US; rv:) Gecko/20040304 Dr. Watson's diagnosis: $ performed an invalid memory access. Module Name: XPCOM.DLL Description: $ Version: 1.7b: 2004030108 Product: Mozilla Manufacturer: Mozilla Foundation Application Name: Mozilla.exe Description: Mozilla Version: 1.7b: 2004030108 Product: Mozilla Manufacturer: Mozilla Foundation
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 2•20 years ago
|
||
I can reprodue it too on Windows 2000 (custom build from 20040304 tarbal). Call stack is as follows: nsCharTraits<unsigned short>::length(const unsigned short * 0x00000000) line 192 + 5 bytes nsSubstring::Equals(const unsigned short * 0x00000000, const nsStringComparator & {...}) line 540 + 9 bytes nsBookmarksService::exportBookmarks(nsISupportsArray * 0x04584f18) line 4823 + 39 bytes nsBookmarksService::DoCommand(nsBookmarksService * const 0x03a515bc, nsISupportsArray * 0x045849c0, nsIRDFResource * 0x03a84bb0, nsISupportsArray * 0x04584f18) line 4913 + 15 bytes XPTC_InvokeByIndex(nsISupports * 0x03a515bc, unsigned int 19, unsigned int 3, nsXPTCVariant * 0x0012cb74) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2027 + 43 bytes XPC_WN_CallMethod(JSContext * 0x043e77a8, JSObject * 0x04470628, unsigned int 3, long * 0x0457634c, long * 0x0012ce3c) line 1287 + 14 bytes js_Invoke(JSContext * 0x043e77a8, unsigned int 3, unsigned int 0) line 941 + 23 bytes js_Interpret(JSContext * 0x043e77a8, long * 0x0012d770) line 2962 + 15 bytes js_Invoke(JSContext * 0x043e77a8, unsigned int 1, unsigned int 2) line 958 + 13 bytes nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJSClass * const 0x04185488, nsXPCWrappedJS * 0x04500cd0, unsigned short 5, const nsXPTMethodInfo * 0x031efb80, nsXPTCMiniVariant * 0x0012dab0) line 1336 + 22 bytes nsXPCWrappedJS::CallMethod(nsXPCWrappedJS * const 0x04500cd0, unsigned short 5, const nsXPTMethodInfo * 0x031efb80, nsXPTCMiniVariant * 0x0012dab0) line 450 PrepareAndDispatch(nsXPTCStubBase * 0x04500cd0, unsigned int 5, unsigned int * 0x0012db60, unsigned int * 0x0012db50) line 117 + 31 bytes SharedStub() line 147 XPTC_InvokeByIndex(nsISupports * 0x04500cd0, unsigned int 5, unsigned int 1, nsXPTCVariant * 0x0012dcd0) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2027 + 43 bytes XPC_WN_CallMethod(JSContext * 0x043e77a8, JSObject * 0x04539558, unsigned int 1, long * 0x045760e8, long * 0x0012df98) line 1287 + 14 bytes js_Invoke(JSContext * 0x043e77a8, unsigned int 1, unsigned int 0) line 941 + 23 bytes js_Interpret(JSContext * 0x043e77a8, long * 0x0012e8cc) line 2962 + 15 bytes js_Invoke(JSContext * 0x043e77a8, unsigned int 1, unsigned int 2) line 958 + 13 bytes js_InternalInvoke(JSContext * 0x043e77a8, JSObject * 0x045399d0, long 72588232, unsigned int 0, unsigned int 1, long * 0x0012eb40, long * 0x0012eb3c) line 1035 + 20 bytes JS_CallFunctionValue(JSContext * 0x043e77a8, JSObject * 0x045399d0, long 72588232, unsigned int 1, long * 0x0012eb40, long * 0x0012eb3c) line 3589 + 31 bytes nsJSContext::CallEventHandler(JSObject * 0x045399d0, JSObject * 0x04539bc8, unsigned int 1, long * 0x0012eb40, long * 0x0012eb3c) line 1267 + 33 bytes nsJSEventListener::HandleEvent(nsJSEventListener * const 0x04458a78, nsIDOMEvent * 0x04574c48) line 175 + 52 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x04459db8, nsIDOMEvent * 0x04574c48, nsIDOMEventTarget * 0x04575f30, unsigned int 8, unsigned int 7) line 1434 + 20 bytes nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x04458a20, nsIPresContext * 0x04405148, nsEvent * 0x0012f31c, nsIDOMEvent * * 0x0012f1f8, nsIDOMEventTarget * 0x04575f30, unsigned int 7, nsEventStatus * 0x0012f36c) line 1529 nsXULElement::HandleDOMEvent(nsIPresContext * 0x04405148, nsEvent * 0x0012f31c, nsIDOMEvent * * 0x0012f1f8, unsigned int 7, nsEventStatus * 0x0012f36c) line 2879 PresShell::HandleDOMEventWithTarget(PresShell * const 0x044065c0, nsIContent * 0x04440108, nsEvent * 0x0012f31c, nsEventStatus * 0x0012f36c) line 6105 nsMenuFrame::Execute(nsGUIEvent * 0x0012f7a4) line 1650 nsMenuFrame::HandleEvent(nsMenuFrame * const 0x04566864, nsIPresContext * 0x04405148, nsGUIEvent * 0x0012f7a4, nsEventStatus * 0x0012f598) line 447 PresShell::HandleEventInternal(nsEvent * 0x0012f7a4, nsIView * 0x044efc90, unsigned int 1, nsEventStatus * 0x0012f598) line 6069 + 33 bytes PresShell::HandleEvent(PresShell * const 0x044065dc, nsIView * 0x044efc90, nsGUIEvent * 0x0012f7a4, nsEventStatus * 0x0012f598, int 0, int & 1) line 5918 + 25 bytes nsViewManager::HandleEvent(nsView * 0x045653e8, nsGUIEvent * 0x0012f7a4, int 0) line 2301 nsViewManager::DispatchEvent(nsViewManager * const 0x04405e38, nsGUIEvent * 0x0012f7a4, nsEventStatus * 0x0012f690) line 2039 + 20 bytes HandleEvent(nsGUIEvent * 0x0012f7a4) line 79 nsWindow::DispatchEvent(nsWindow * const 0x045654a4, nsGUIEvent * 0x0012f7a4, nsEventStatus & nsEventStatus_eIgnore) line 1064 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f7a4) line 1085 nsWindow::DispatchMouseEvent(unsigned int 301, unsigned int 0, nsPoint * 0x00000000) line 5207 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 301, unsigned int 0, nsPoint * 0x00000000) line 5462 nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 4128811, long * 0x0012fc28) line 4001 + 28 bytes nsWindow::WindowProc(HWND__ * 0x000302e6, unsigned int 514, unsigned int 0, long 4128811) line 1346 + 27 bytes USER32! 77e3a2d0() USER32! 77e145e5() USER32! 77e1a816() nsAppShellService::Run(nsAppShellService * const 0x0313e4e0) line 484 main1(int 1, char * * 0x002c6d00, nsISupports * 0x03067f60) line 1291 + 32 bytes main(int 1, char * * 0x002c6d00) line 1678 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 7c5987e7() Crash will happen in nsCharTraits.h line 192. The pointer passed in is NULL.
Comment 3•20 years ago
|
||
I seeing this on linux with the same stack as comment 2, but only with builds starting with 2004030508 (2004030405 does not crash). anyway, I suspected strings due to recent shakeups, but I don't see any changes in the relevant code (bookmarks or string). Anyway, the bookmarks code is pretty wrong: http://lxr.mozilla.org/mozilla/source/xpfe/components/bookmarks/src/nsBookmarksService.cpp#4808 1. format is initialized to NULL 2. if getArgumentN succeeds, format is set to something and it is checked for being NULL. 3. format is compared against "RDF" if getArgumentN fails, Mozilla is guaranteed to crash.
Updated•20 years ago
|
Summary: Crash when exporting bookmarks → Crash when exporting bookmarks [@ nsCharTraits<unsigned short>::length]
Comment 4•20 years ago
|
||
*** Bug 236743 has been marked as a duplicate of this bug. ***
Comment 5•20 years ago
|
||
dupe of a bug getting more attention (crash already fixed) *** This bug has been marked as a duplicate of 236003 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Flags: blocking1.7b?
Resolution: --- → DUPLICATE
Updated•20 years ago
|
Product: Browser → Seamonkey
Updated•13 years ago
|
Crash Signature: [@ nsCharTraits<unsigned short>::length]
You need to log in
before you can comment on or make changes to this bug.
Description
•