Closed
Bug 667618
Opened 13 years ago
Closed 13 years ago
Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla7
People
(Reporter: marcia, Assigned: bzbarsky)
References
Details
(Keywords: crash, regression, Whiteboard: [qa-])
Crash Data
Attachments
(2 files, 1 obsolete file)
6.82 KB,
patch
|
Details | Diff | Splinter Review | |
8.11 KB,
patch
|
sicking
:
review+
|
Details | Diff | Splinter Review |
Seen while looking at trunk crash stats. http://tinyurl.com/3dwbys9. Crashes started showing up on the trunk using the 2011062600 build. There is one lone crash in this stack in 4.0.1. Possible pushlog regression: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ce10fd5d82c6&tochange=fc7d76664c79 https://crash-stats.mozilla.com/report/index/a13ff338-a910-46c6-9e67-729162110627 Frame Module Signature [Expand] Source 0 mozcrt19.dll strlen strlen.asm:69 1 xul.dll AppendASCIItoUTF16 xpcom/string/src/nsReadableUtils.cpp:189 2 xul.dll NS_ConvertASCIItoUTF16::NS_ConvertASCIItoUTF16 obj-firefox/dist/include/nsString.h:121 3 xul.dll nsContentUtils::GetLocalizedString content/base/src/nsContentUtils.cpp:2712 4 xul.dll nsContentUtils::ReportToConsole content/base/src/nsContentUtils.cpp:2760 5 xul.dll nsContentUtils::ReportToConsole content/base/src/nsContentUtils.cpp:2807 6 xul.dll nsIDocument::WarnOnceAbout content/base/src/nsDocument.cpp:8180 7 xul.dll nsDOMAttribute::GetTextContent content/base/src/nsDOMAttribute.cpp:639 8 xul.dll nsIDOMNode_GetTextContent obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:7440 9 mozjs.dll js::Shape::get js/src/jsscopeinlines.h:284 10 mozjs.dll js_GetPropertyHelper js/src/jsobj.cpp:5350 11 mozjs.dll js::Interpret js/src/jsinterp.cpp:4066 12 mozjs.dll JSCompartment::wrap js/src/jscompartment.cpp:224 13 mozjs.dll js::ExternalExecute js/src/jsinterp.cpp:944 14 mozjs.dll EvaluateUCScriptForPrincipalsCommon js/src/jsapi.cpp:4984 15 mozjs.dll JS_EvaluateUCScriptForPrincipalsVersion js/src/jsapi.cpp:5000 16 xul.dll nsJSContext::EvaluateString dom/base/nsJSEnvironment.cpp:1453 17 xul.dll nsScriptLoader::EvaluateScript content/base/src/nsScriptLoader.cpp:906 18 xul.dll nsScriptLoader::ProcessRequest content/base/src/nsScriptLoader.cpp:799 19 xul.dll nsScriptLoader::ProcessScriptElement 20 xul.dll nsScriptElement::MaybeProcessScript content/base/src/nsScriptElement.cpp:182 21 xul.dll nsHTMLScriptElement::MaybeProcessScript content/html/content/src/nsHTMLScriptElement.cpp:586 22 xul.dll nsHTMLScriptElement::DoneAddingChildren content/html/content/src/nsHTMLScriptElement.cpp:513 23 xul.dll nsHtml5TreeOpExecutor::RunScript parser/html/nsHtml5TreeOpExecutor.cpp:730 24 xul.dll nsHtml5TreeOpExecutor::RunFlushLoop parser/html/nsHtml5TreeOpExecutor.cpp:525 25 xul.dll nsHtml5ExecutorFlusher::Run parser/html/nsHtml5StreamParser.cpp:156 26 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:617 27 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:110 28 xul.dll xul.dll@0xb76f87 29 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:202 30 xul.dll xul.dll@0x3726cf 31 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:176 32 xul.dll mozilla::storage::AsyncExecuteStatements::AsyncExecuteStatements storage/src/mozStorageAsyncStatementExecution.cpp:242 33 xul.dll nsBaseAppShell::Run widget/src/xpwidgets/nsBaseAppShell.cpp:189 34 @0x761bffff 35 xul.dll nsAppStartup::Run toolkit/components/startup/nsAppStartup.cpp:222 36 xul.dll XRE_main toolkit/xre/nsAppRunner.cpp:3573 37 firefox.exe wmain toolkit/xre/nsWindowsWMain.cpp:107 38 firefox.exe firefox.exe@0x4043 39 firefox.exe _RTC_Initialize 40 mozcrt19.dll _initterm obj-firefox/memory/jemalloc/crtsrc/crt0dat.c:852 41 firefox.exe firefox.exe@0x2087 42 ntdll.dll WinSqmSetIfMaxDWORD 43 ntdll.dll _RtlUserThreadStart 44 firefox.exe firefox.exe@0x1cef 45 firefox.exe firefox.exe@0x1cef
Reporter | ||
Updated•13 years ago
|
Summary: Firefox Crash@ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&) → Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
Comment 1•13 years ago
|
||
http://mxr.mozilla.org/mozilla-central/source/content/base/public/nsIDocument.h#1529 has 31 entries http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsDocument.cpp#8133 has 30 entries. This is a serious looking regression that should block
Comment 2•13 years ago
|
||
This was caused by bug 661327, and specifically eNormalize is in one array but not the other. We should be able to statically assert the correct length by adding a eLastDeprecatedWarning value, and then PR_STATIC_ASSERT(NS_ARRAY_LENGTH(kWarnings) == eLastDeprecatedWarning - 1).
Assignee | ||
Comment 3•13 years ago
|
||
Or just generate both arrays from a single header included in two ways. That would have the fringe benefit of ensuring not only matching length but matching order.
Assignee | ||
Comment 4•13 years ago
|
||
Stealing, since this is blocking some of my work.
Assignee: Ms2ger → bzbarsky
Priority: -- → P1
Comment 5•13 years ago
|
||
Assignee | ||
Comment 6•13 years ago
|
||
Attachment #542594 -
Flags: review?(jonas)
Assignee | ||
Updated•13 years ago
|
Whiteboard: [need review]
Assignee | ||
Comment 7•13 years ago
|
||
Attachment #542602 -
Flags: review?(jonas)
Assignee | ||
Updated•13 years ago
|
Attachment #542594 -
Attachment is obsolete: true
Attachment #542594 -
Flags: review?(jonas)
Attachment #542602 -
Flags: review?(jonas) → review+
Assignee | ||
Comment 8•13 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/59a6f5524476
Flags: in-testsuite-
Whiteboard: [need review]
Target Milestone: --- → mozilla7
Assignee | ||
Comment 9•13 years ago
|
||
And http://hg.mozilla.org/integration/mozilla-inbound/rev/072083211e32 to fix build bustage on maemo.
Comment 10•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/59a6f5524476 http://hg.mozilla.org/mozilla-central/rev/072083211e32
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 11•13 years ago
|
||
No crashes on builds later than the 29th so far (people kept crashing yesterday with builds from previous days, though).
Comment 12•13 years ago
|
||
Kairo, how's this look on Aurora [7]?
Reporter | ||
Comment 13•13 years ago
|
||
Crash stats look good on Aurora - last crash was with 20110629030813. (In reply to comment #12) > Kairo, how's this look on Aurora [7]?
Updated•13 years ago
|
status-firefox7:
--- → fixed
Comment 14•13 years ago
|
||
Mozilla/5.0 (Windows NT 6.1; rv:7.0) Gecko/20100101 Firefox/7.0 Could you provide some testcases on how can i test if the issue was fixed? Thanks.
Comment 15•13 years ago
|
||
qa- as no QA verification needed (check crashstats if you want to mark VERIFIED)
Whiteboard: [qa-]
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•