Closed Bug 535990 Opened 15 years ago Closed 14 years ago

SwitchProxy triggers a Firefox crash in [@ PL_DHashTableOperate] PREF_PrefIsLocked

Categories

(Core :: Preferences: Backend, defect)

1.9.1 Branch
x86_64
Linux
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla1.9.3a2
Tracking Status
status1.9.2 --- .2-fixed
status1.9.1 --- .9-fixed

People

(Reporter: glandium, Assigned: glandium)

References

Details

(Keywords: crash, verified1.9.2)

Crash Data

Attachments

(1 file)

Attached patch patchSplinter Review
This bug was reported on Debian, but also was reported independently on opensolaris ( http://defect.opensolaris.org/bz/show_bug.cgi?id=12968 )

When SwitchProxy is installed, a crash occurs with the following stack trace:
#6  0x00007f073b2e5dd1 in PL_DHashTableOperate (table=0x7f073baf6510, key=0x7f073b3901aa, op=PL_DHASH_LOOKUP) at pldhash.c:599
#7  0x00007f073ac3d851 in pref_HashTableLookup (key=0x7f073b3901aa) at prefapi.cpp:681
#8  0x00007f073ac3d871 in PREF_PrefIsLocked (pref_name=0x7f073baf6510 "") at prefapi.cpp:799
#9  0x00007f073ac3b24e in nsPrefBranch::GetComplexValue (this=0x7f072b658100, aPrefName=0x7f073b3901aa "intl.charset.default", aType=..., _retval=0x7fffe680a850) at nsPrefBranch.cpp:249
#10 0x00007f073addbb2f in nsContentUtils::GetLocalizedStringPref (aPref=0x7f073b3901aa "intl.charset.default") at nsContentUtils.cpp:2568
#11 0x00007f073acb3b4a in DocumentViewerImpl::GetDefaultCharacterSet (this=0x7f072304d220, aDefaultCharacterSet=...) at nsDocumentViewer.cpp:2890
#12 0x00007f073b0d87df in nsDocShell::SetupNewViewer (this=0x7f07206a3800, aNewViewer=0x7f071607b040) at nsDocShell.cpp:6608
#13 0x00007f073b0df308 in nsDocShell::Embed (this=0x7f07206a3800, aContentViewer=0x7f071607b040, aCommand=<value optimized out>, aExtraInfo=<value optimized out>) at nsDocShell.cpp:5123
#14 0x00007f073b0e545b in nsDocShell::CreateContentViewer (this=0x7f07206a3800, aContentType=<value optimized out>, request=0x7f0717021448, aContentHandler=<value optimized out>) at nsDocShell.cpp:6456
#15 0x00007f073b0eb7f9 in nsDSURIContentListener::DoContent (this=0x7f07206df040, aContentType=0x7f071fc9bc08 "text/html", aIsContentPreferred=0, request=0x7f0717021448, aContentHandler=0x7f0716484d48, 
    aAbortProcess=<value optimized out>) at nsDSURIContentListener.cpp:138
#16 0x00007f073b0ef21b in nsDocumentOpenInfo::TryContentListener (this=0x7f0716484d30, aListener=0x7f07206df040, aChannel=0x7f0717021448) at nsURILoader.cpp:736
#17 0x00007f073b0ef79c in nsDocumentOpenInfo::DispatchContent (this=0x7f0716484d30, request=0x7f0717021448, aCtxt=<value optimized out>) at nsURILoader.cpp:434
#18 0x00007f073b0efed4 in nsDocumentOpenInfo::OnStartRequest (this=0x7f0716484d30, request=0x7f0717021448, aCtxt=0x0) at nsURILoader.cpp:280
#19 0x00007f073b31f956 in NS_InvokeByIndex_P (that=0x7f073baf6510, methodIndex=993591722, paramCount=0, params=0x7f0722f2f2a0) at xptcinvoke_x86_64_linux.cpp:208
#20 0x00007f073ab65ff4 in XPCWrappedNative::CallMethod (ccx=..., mode=<value optimized out>) at xpcwrappednative.cpp:2456

In frame #6, table->ops is NULL, and the line that crashes says:
    keyHash = table->ops->hashKey(table, key);

So, this is a NULL dereference.

The attached patch should be enough to fix the problem. (It seems PREF_PrefIsLocked is the only function that doesn't check for ops)
Attachment #418513 - Attachment is patch: true
Attachment #418513 - Attachment mime type: application/octet-stream → text/plain
Attachment #418513 - Flags: review?(benjamin)
Assignee: nobody → mh+mozilla
Keywords: crash
Summary: SwitchProxy triggers a Firefox crash in PREF_PrefIsLocked → SwitchProxy triggers a Firefox crash in [@ PL_DHashTableOperate] PREF_PrefIsLocked
Attachment #418513 - Flags: review?(benjamin) → review+
Status: NEW → ASSIGNED
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/96d301b39c91
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a2
Comment on attachment 418513 [details] [diff] [review]
patch

Worth taking on the stable branches?
Attachment #418513 - Flags: approval1.9.2.2?
Attachment #418513 - Flags: approval1.9.1.9?
Comment on attachment 418513 [details] [diff] [review]
patch

a=beltzner for 1.9.2 and 1.9.1
Attachment #418513 - Flags: approval1.9.2.2?
Attachment #418513 - Flags: approval1.9.2.2+
Attachment #418513 - Flags: approval1.9.1.9?
Attachment #418513 - Flags: approval1.9.1.9+
I'll check this in myself later this week, but anyone wants to get to it first :-)
Keywords: checkin-needed
Using Ubuntu and SwitchProxy 1.4.1 with Firefox 3.5.8 or 3.6, I cannot reproduce a crash here before the fix so this is a bit hard to verify without some actual repro steps.
(In reply to comment #6)
> Using Ubuntu and SwitchProxy 1.4.1 with Firefox 3.5.8 or 3.6, I cannot
> reproduce a crash here before the fix so this is a bit hard to verify without
> some actual repro steps.

I think it only happens on 64-bits builds.
64-bit builds of what? We don't have a 64-bit Firefox.
(In reply to comment #8)
> 64-bit builds of what? We don't have a 64-bit Firefox.

... yet. http://armenzg.blogspot.com/2010/03/linux-64-packaged-tests-now-available.html

Also, all linux distributions have had 64-bit Firefox builds for years.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100319 Firefox/3.6.2
SwitchProxy Tool 1.4.1
Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic)

Using the above, I've been unable to recreate the crash.  However, when the add-on installs, there is no indication of usage in chrome or the tools menu.  I can't configure any proxies.  When I go to the Add-ons Manager, there is a SwitchProxy Tool entry but clicking on the Preferences button does nothing.

I'd like to request more defined steps to reproduce this...or is it simply installing the add-on and Firefox crashes on startup?  At any rate, a clearer indication of what user actions cause the crash is needed.
Re-reading the original bug report I got, it appears switchproxy triggers crashes at random times. In other words, instability. The produced crashes were always with the NULL dereference that is fixed here. They were apparently also reproducible on x86.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100319
Firefox/3.6.2
SwitchProxy Tool 1.4.1
Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic)

So I've just been using Firefox as I normally do to reproduce this crash.  According to comment 11, this is all that is required to crash with SwitchProxy installed (no clear indication of SwitchProxy usage is given).  Assuming I am correct that one only needs to have SwitchProxy installed/enabled, experiencing no crashes at all in the last 24 hours should be indicative of this bug being fixed.

Were reports of this crash ever submitted to crashstats.mozilla.org?  If so, a decrease or elimination of new instances of this crash would be added indication that this was fixed.

At any rate, if I do not experience this crash today, I'll mark it VERIFIED based on nothing more than I have already stated.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100319
Firefox/3.6.2
SwitchProxy Tool 1.4.1
Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic)


I've still not been able to reproduce this crash, marking VERIFIED.
Status: RESOLVED → VERIFIED
Keywords: verified1.9.2
Crash Signature: [@ PL_DHashTableOperate]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: