Closed Bug 10063 Opened 22 years ago Closed 21 years ago

SIGSEGV in rdf_HashWideString()

Categories

(Core Graveyard :: RDF, defect, P3)

Product:
Core Graveyard
Component:
RDF
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: jim_nance, Assigned: waterson)

References

Details

When trying to compose an email message from mail.yahoo.com
I get a SEGV in rdf_HashWideString() when I press the send
button (the button is rendered in an html page from yahoo):

#0  0x409dbc37 in rdf_HashWideString (key=0xea60)
    at /home/jlnance/src/19980429/mozilla/rdf/base/src/nsRDFService.cpp:416
411
412     static PLHashNumber
413     rdf_HashWideString(const void* key)
414     {
415         PLHashNumber result = 0;
416 >       for (PRUnichar* s = (PRUnichar*) key; *s != nsnull; ++s)
417             result = (result >> 28) ^ (result << 4) ^ *s;
418         return result;
419     }
420
(gdb) p key
$1 = (void *) 0xea60
(gdb) p s
$2 = (PRUnichar *) 0xea60
(gdb) p *key
Attempt to dereference a generic pointer.
(gdb) p *s
Cannot access memory at address 0xea60.
(gdb) bt
#0  0x409dbc37 in rdf_HashWideString (key=0xea60)
    at /home/jlnance/src/19980429/mozilla/rdf/base/src/nsRDFService.cpp:416
#1  0x404df168 in ?? () from /home/jlnance/src/19980429/prefix/lib/libplds3.so
#2  0x409dc6ad in ServiceImpl::GetLiteral (this=0x80c3c08, aValue=0xea60,
    aLiteral=0xbfffeab8)
    at /home/jlnance/src/19980429/mozilla/rdf/base/src/nsRDFService.cpp:652
#3  0x40a15e92 in RDFXULBuilderImpl::OnSetAttribute (this=0x8edec28,
    aElement=0x8ee42d8, aName=@0xbfffebf4, aValue=@0xbfffd5c0)
    at
/home/jlnance/src/19980429/mozilla/rdf/content/src/nsRDFXULBuilder.cpp:1745
#4  0x40a2934d in XULDocumentImpl::OnSetAttribute (this=0x8e49e60,
    aElement=0x8ee42d8, aName=@0xbfffebf4, aValue=@0xbfffd5c0)
    at /home/jlnance/src/19980429/mozilla/rdf/content/src/nsXULDocument.cpp:3775
#5  0x409ed96e in RDFElementImpl::SetAttribute (this=0x8ee42d8,
    aName=@0xbfffebf4, aValue=@0xbfffd5c0)
    at /home/jlnance/src/19980429/mozilla/rdf/content/src/nsRDFElement.cpp:971
#6  0x40166f22 in setAttribute (shell=0x8e60630,
    id=0x40177397 "NetDialog:Message", name=0x40177392 "text",
    value=@0xbfffd5c0)
    at
/home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsNetSupportDialog.cpp:83
#7  0x4016837e in nsNetSupportDialog::ConstructBeforeJavaScript (
    this=0x8e61198, aWebShell=0x8e60630)
    at
/home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsNetSupportDialog.cpp:478
#8  0x4016160a in nsWebShellWindow::ExecuteStartupCode (this=0x8e613f0)
    at
/home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp:2166
#9  0x4016062d in nsWebShellWindow::OnEndDocumentLoad (this=0x8e613f0,
    loader=0x8e607e8, aURL=0x8d54bd8, aStatus=0, aDocObserver=0x8e60644)
    at
/home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp:1792
#10 0x402bebb4 in nsWebShell::OnEndDocumentLoad (this=0x8e60630,
    loader=0x8e607e8, aURL=0x8d54bd8, aStatus=0, aWebShell=0x8e60644)
    at /home/jlnance/src/19980429/mozilla/webshell/src/nsWebShell.cpp:3019
#11 0x402b60c5 in nsDocLoaderImpl::FireOnEndDocumentLoad (this=0x8e607e8,
    aLoadInitiator=0x8e607e8, aStatus=0)
    at /home/jlnance/src/19980429/mozilla/webshell/src/nsDocLoader.cpp:1096
#12 0x402b65f3 in nsDocLoaderImpl::LoadURLComplete (this=0x8e607e8,
    aURL=0x8e9e958, aBindInfo=0x8e9ea00, aStatus=0)
    at /home/jlnance/src/19980429/mozilla/webshell/src/nsDocLoader.cpp:1361
#13 0x402b77ac in nsDocumentBindInfo::OnStopRequest (this=0x8e9ea00,
    aURL=0x8e9e958, aStatus=0, aMsg=0xbfffef44)
    at /home/jlnance/src/19980429/mozilla/webshell/src/nsDocLoader.cpp:2114
#14 0x4012cc3c in stub_complete (stream=0x8e6a098)
    at /home/jlnance/src/19980429/mozilla/network/module/nsStubContext.cpp:772
#15 0x4003ea12 in ?? ()
   from /usr/local/home/jlnance/src/19980429/nbt/dist/bin/./libfileurl.so
#16 0x400fb56e in NET_ProcessNet (ready_fd=0x0, fd_type=1)
    at /home/jlnance/src/19980429/mozilla/network/main/mkgeturl.c:3357
#17 0x401035d5 in NET_PollSockets ()
    at /home/jlnance/src/19980429/mozilla/network/main/mkselect.c:298
#18 0x40126312 in nsNetlibService::NetPollSocketsCallback (aTimer=0x8e76a38,
    aClosure=0x80e4990)
    at /home/jlnance/src/19980429/mozilla/network/module/nsNetService.cpp:1271
#19 0x804be45 in nsTimerGtk::FireTimeout (this=0x8e76a38)
    at /home/jlnance/src/19980429/mozilla/timer/src/unix/gtk/nsTimerGtk.cpp:28
#20 0x804c20e in nsTimerExpired (aCallData=0x8e76a38)
    at /home/jlnance/src/19980429/mozilla/timer/src/unix/gtk/nsTimerGtk.cpp:142
#21 0x4068efa3 in ?? () from /usr/lib/libglib-1.2.so.0
#22 0x4068e2c6 in ?? () from /usr/lib/libglib-1.2.so.0
#23 0x4068e801 in ?? () from /usr/lib/libglib-1.2.so.0
#24 0x4068e979 in ?? () from /usr/lib/libglib-1.2.so.0
#25 0x405bcf3a in ?? () from /usr/lib/libgtk-1.2.so.0
#26 0x40230ed9 in ?? ()
   from /usr/local/home/jlnance/src/19980429/nbt/dist/bin/./libwidgetgtk.so
#27 0x401589ed in nsAppShellService::Run (this=0x80ad158)
    at /home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsAppShellService.cp
p:428
#28 0x804b3b0 in main (argc=3, argv=0xbffff5b4)
    at /home/jlnance/src/19980429/mozilla/xpfe/bootstrap/nsAppRunner.cpp:696
Status: NEW → ASSIGNED
Target Milestone: M10
Blocks: 11414
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
The OnSetAttribute codepath has been exorcised.
QA Contact massive update.
Status: RESOLVED → VERIFIED
verified per engineers comments
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.