Closed Bug 10063 Opened 26 years ago Closed 26 years ago

SIGSEGV in rdf_HashWideString()

Categories

(Core Graveyard :: RDF, defect, P3)

Product:
Core Graveyard
Component:
RDF
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: jim_nance, Assigned: waterson)

References

Details

When trying to compose an email message from mail.yahoo.com I get a SEGV in rdf_HashWideString() when I press the send button (the button is rendered in an html page from yahoo): #0 0x409dbc37 in rdf_HashWideString (key=0xea60) at /home/jlnance/src/19980429/mozilla/rdf/base/src/nsRDFService.cpp:416 411 412 static PLHashNumber 413 rdf_HashWideString(const void* key) 414 { 415 PLHashNumber result = 0; 416 > for (PRUnichar* s = (PRUnichar*) key; *s != nsnull; ++s) 417 result = (result >> 28) ^ (result << 4) ^ *s; 418 return result; 419 } 420 (gdb) p key $1 = (void *) 0xea60 (gdb) p s $2 = (PRUnichar *) 0xea60 (gdb) p *key Attempt to dereference a generic pointer. (gdb) p *s Cannot access memory at address 0xea60. (gdb) bt #0 0x409dbc37 in rdf_HashWideString (key=0xea60) at /home/jlnance/src/19980429/mozilla/rdf/base/src/nsRDFService.cpp:416 #1 0x404df168 in ?? () from /home/jlnance/src/19980429/prefix/lib/libplds3.so #2 0x409dc6ad in ServiceImpl::GetLiteral (this=0x80c3c08, aValue=0xea60, aLiteral=0xbfffeab8) at /home/jlnance/src/19980429/mozilla/rdf/base/src/nsRDFService.cpp:652 #3 0x40a15e92 in RDFXULBuilderImpl::OnSetAttribute (this=0x8edec28, aElement=0x8ee42d8, aName=@0xbfffebf4, aValue=@0xbfffd5c0) at /home/jlnance/src/19980429/mozilla/rdf/content/src/nsRDFXULBuilder.cpp:1745 #4 0x40a2934d in XULDocumentImpl::OnSetAttribute (this=0x8e49e60, aElement=0x8ee42d8, aName=@0xbfffebf4, aValue=@0xbfffd5c0) at /home/jlnance/src/19980429/mozilla/rdf/content/src/nsXULDocument.cpp:3775 #5 0x409ed96e in RDFElementImpl::SetAttribute (this=0x8ee42d8, aName=@0xbfffebf4, aValue=@0xbfffd5c0) at /home/jlnance/src/19980429/mozilla/rdf/content/src/nsRDFElement.cpp:971 #6 0x40166f22 in setAttribute (shell=0x8e60630, id=0x40177397 "NetDialog:Message", name=0x40177392 "text", value=@0xbfffd5c0) at /home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsNetSupportDialog.cpp:83 #7 0x4016837e in nsNetSupportDialog::ConstructBeforeJavaScript ( this=0x8e61198, aWebShell=0x8e60630) at /home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsNetSupportDialog.cpp:478 #8 0x4016160a in nsWebShellWindow::ExecuteStartupCode (this=0x8e613f0) at /home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp:2166 #9 0x4016062d in nsWebShellWindow::OnEndDocumentLoad (this=0x8e613f0, loader=0x8e607e8, aURL=0x8d54bd8, aStatus=0, aDocObserver=0x8e60644) at /home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsWebShellWindow.cpp:1792 #10 0x402bebb4 in nsWebShell::OnEndDocumentLoad (this=0x8e60630, loader=0x8e607e8, aURL=0x8d54bd8, aStatus=0, aWebShell=0x8e60644) at /home/jlnance/src/19980429/mozilla/webshell/src/nsWebShell.cpp:3019 #11 0x402b60c5 in nsDocLoaderImpl::FireOnEndDocumentLoad (this=0x8e607e8, aLoadInitiator=0x8e607e8, aStatus=0) at /home/jlnance/src/19980429/mozilla/webshell/src/nsDocLoader.cpp:1096 #12 0x402b65f3 in nsDocLoaderImpl::LoadURLComplete (this=0x8e607e8, aURL=0x8e9e958, aBindInfo=0x8e9ea00, aStatus=0) at /home/jlnance/src/19980429/mozilla/webshell/src/nsDocLoader.cpp:1361 #13 0x402b77ac in nsDocumentBindInfo::OnStopRequest (this=0x8e9ea00, aURL=0x8e9e958, aStatus=0, aMsg=0xbfffef44) at /home/jlnance/src/19980429/mozilla/webshell/src/nsDocLoader.cpp:2114 #14 0x4012cc3c in stub_complete (stream=0x8e6a098) at /home/jlnance/src/19980429/mozilla/network/module/nsStubContext.cpp:772 #15 0x4003ea12 in ?? () from /usr/local/home/jlnance/src/19980429/nbt/dist/bin/./libfileurl.so #16 0x400fb56e in NET_ProcessNet (ready_fd=0x0, fd_type=1) at /home/jlnance/src/19980429/mozilla/network/main/mkgeturl.c:3357 #17 0x401035d5 in NET_PollSockets () at /home/jlnance/src/19980429/mozilla/network/main/mkselect.c:298 #18 0x40126312 in nsNetlibService::NetPollSocketsCallback (aTimer=0x8e76a38, aClosure=0x80e4990) at /home/jlnance/src/19980429/mozilla/network/module/nsNetService.cpp:1271 #19 0x804be45 in nsTimerGtk::FireTimeout (this=0x8e76a38) at /home/jlnance/src/19980429/mozilla/timer/src/unix/gtk/nsTimerGtk.cpp:28 #20 0x804c20e in nsTimerExpired (aCallData=0x8e76a38) at /home/jlnance/src/19980429/mozilla/timer/src/unix/gtk/nsTimerGtk.cpp:142 #21 0x4068efa3 in ?? () from /usr/lib/libglib-1.2.so.0 #22 0x4068e2c6 in ?? () from /usr/lib/libglib-1.2.so.0 #23 0x4068e801 in ?? () from /usr/lib/libglib-1.2.so.0 #24 0x4068e979 in ?? () from /usr/lib/libglib-1.2.so.0 #25 0x405bcf3a in ?? () from /usr/lib/libgtk-1.2.so.0 #26 0x40230ed9 in ?? () from /usr/local/home/jlnance/src/19980429/nbt/dist/bin/./libwidgetgtk.so #27 0x401589ed in nsAppShellService::Run (this=0x80ad158) at /home/jlnance/src/19980429/mozilla/xpfe/appshell/src/nsAppShellService.cp p:428 #28 0x804b3b0 in main (argc=3, argv=0xbffff5b4) at /home/jlnance/src/19980429/mozilla/xpfe/bootstrap/nsAppRunner.cpp:696
Status: NEW → ASSIGNED
Target Milestone: M10
Blocks: 11414
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
The OnSetAttribute codepath has been exorcised.
QA Contact massive update.
Status: RESOLVED → VERIFIED
verified per engineers comments
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.