Overview Description: When trying to surf the web with a home built mozilla from 18 July 1999 I consistantly crash with the stack shown below. It happens within the first 2-3 visited pages. The actual error is accessing the wrong memory. I first mentioned this in bug 10075 but I think it can be different than that on so I opens a new one. As I mention there I find it most interesting that the last function in the stack, nsCRT::strlen, is called with an argument of 0x00e01000 and the next to last, nsString::Append, is called with 0x00e00808. If I read the code correctly the two should be the same. I hope that it isn't a race condition of some kind knowing how hard they can be to find and reproduce. Since the call to the nsString class comes from the Parser I mark the bug as a such but I really don't know. Steps to Reproduce: 1) Start apprunner.exe 2) Visit a page or two Actual Results: A crash with the following stack trace. It's accessing the variable s that triggers the exception. nsCRT::strlen(const unsigned short * 0x00e01000) line 261 + 5 bytes nsString::Append(const unsigned short * 0x00e00808, int 999) line 1017 + 9 bytes nsScanner::Append(const char * 0x00e88298, unsigned int 999) line 256 nsParser::OnDataAvailable(nsParser * const 0x0217a9a4, nsIURI * 0x02111290, nsIInputStream * 0x02190f70, unsigned int 999) line 1142 nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x02111310, nsIURI * 0x02111290, nsIInputStream * 0x02190f70, unsigned int 999) line 2023 + 24 bytes OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const 0x02193b10) line 634 StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x02193b14) line 473 + 12 bytes PL_HandleEvent(PLEvent * 0x02193b14) line 509 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00cc9450) line 470 + 9 bytes _md_EventReceiverProc(HWND__ * 0x00240e32, unsigned int 49481, unsigned int 0, long 13407312) line 932 + 9 bytes USER32! 77e71820() 00cc9450() Expected Results: Nothing special Build Date & Platform Bug Found: 18 July 1999, Windows NT 4.0 SP5 Built with Visual C++ 6 SP3. Additional Builds and Platforms Tested On: None
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Fixed by last update to nsString. Allow non-null terminated string in cases where length is given.
I can verify that it works now.
You need to log in before you can comment on or make changes to this bug.