latest build crashes going into address book.

VERIFIED WORKSFORME

Status

defect
P3
major
VERIFIED WORKSFORME
20 years ago
3 years ago

People

(Reporter: slogan, Assigned: slogan)

Tracking

Trunk
x86
Windows NT

Firefox Tracking Flags

(Not tracked)

Details

Start moz, goto mail news. In windows, you'll need to F5 through an assert. Then
go to the tasks menu, select address book. Here is the stack crawl:

nsCRT::strlen(const unsigned short * 0x01d1a000) line 261 + 5 bytes
nsString::Append(const unsigned short * 0x01d19618, int 1) line 1017 + 9 bytes
nsExpatTokenizer::HandleCharacterData(void * 0x00000000, const char *
0x01d19618, int 1) line 435
doContent(void * 0x02879cc0, int 0, const encoding * 0x010e1660
little2_encoding, const char * 0x01d3096e, const char * 0x01d31c80, const char *
* 0x0012fc84) line 1521 + 35 bytes
contentProcessor(void * 0x02879cc0, const char * 0x01d3031a, const char *
0x01d31c80, const char * * 0x0012fc84) line 1028 + 30 bytes
doProlog(void * 0x02879cc0, const encoding * 0x010e1660 little2_encoding, const
char * 0x01d3031a, const char * 0x01d31c80, int 29, const char * 0x01d3031a,
const char * * 0x0012fc84) line 2261 + 21 bytes
prologProcessor(void * 0x02879cc0, const char * 0x01d2dc80, const char *
0x01d31c80, const char * * 0x0012fc84) line 2132 + 36 bytes
prologInitProcessor(void * 0x02879cc0, const char * 0x01d2dc80, const char *
0x01d31c80, const char * * 0x0012fc84) line 2121 + 21 bytes
XML_Parse(void * 0x02879cc0, const char * 0x01d2dc80, int 16384, int 0) line 852
+ 40 bytes
nsExpatTokenizer::ParseXMLBuffer(const char * 0x01d2dc80, unsigned int 16384,
int 0) line 282 + 24 bytes
nsExpatTokenizer::ConsumeToken(nsScanner & {...}) line 325 + 18 bytes
nsParser::Tokenize(int 0) line 1248 + 21 bytes
nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 878 + 12 bytes
nsParser::OnDataAvailable(nsParser * const 0x02877604, nsIURI * 0x02876fa0,
nsIInputStream * 0x02875150, unsigned int 8192) line 1153 + 19 bytes
nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x028750a0,
nsIURI * 0x02876fa0, nsIInputStream * 0x02875150, unsigned int 8192) line 2023 +
24 bytes
OnDataAvailableProxyEvent::HandleEvent(OnDataAvailableProxyEvent * const
0x028763b0) line 634
StreamListenerProxyEvent::HandlePLEvent(PLEvent * 0x028763b4) line 473 + 12
bytes
PL_HandleEvent(PLEvent * 0x028763b4) line 509 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00c47e80) line 470 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x006301d6, unsigned int 49317, unsigned int 0,
long 12877440) line 932 + 9 bytes
USER32! 77e71250()
00c47e80()
I tried debugging this. The memory strlen() is being passed consists of 20 00 DD
DD ... The code:

PRUint32 nsCRT::strlen(const PRUnichar* s)
{
  PRUint32 len = 0;
  if(s) {
    while (*s++ != 0) {
      len++;
    }
  }
  return len;
}

is walking over an unsigned short *. So, if my C skills are up to snuff, this
means we first compare 20 00 != 0, then DD DD != 0, ... Perhaps garbage is being
passed in.
I think the bug is here perhaps in nsExpatTokenizer::HandleCharacterData:

    if(newToken) {
      if ((s[0] != kNewLine) && (s[0] != CR)) {
        nsString& theString=newToken->GetStringValueXXX();
        theString.Append((PRUnichar *) s,len);
      }

*Perhaps* s should be converted to PRUnichar *, not simply cast tp PRUnichar *.
Now it happens to me at startup. If memory is zero'd after the single character
string, you get lucky, and it works.
Assignee: don → syd
Syd, why did you assign me this bug?
Syd - are you still getting this problem?  If so, Paul, would you get this bug?
If this problem still exists in the same place then it is odd that it has not

blocked QA from testing the address book.  If someone is still seeing the problem

going to the address book then feel fre to reassign it to me so that I can find a

better owner.
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
Does not seem to happen anymore for me. I suspect it is now a non-problem.
marking worksforme.
Status: RESOLVED → VERIFIED
Not reproducible.  Marking Verified.
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.