Closed Bug 108880 Opened 23 years ago Closed 23 years ago

crash / segfault on view-source - Trunk [@ 0x00000000 - nsDefaultURIFixup::CreateFixupURI]

Categories

(Core :: DOM: Navigation, defect)

Product:
Core
Component:
DOM: Navigation
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: axel, Assigned: adamlock)

References

Details

(Keywords: crash, smoketest, topcrash)

Crash Data

Attachments

(2 files)

backtrace, 2001110606 linux
4.75 KB, text/plain
Details
patch
1.09 KB, patch
Details | Diff | Splinter Review 
Here a stack, coming from bug 108869, I see this on all pages.

(As well as the crash when viewing source;
#0  __strtol_internal (nptr=0xbfffcb14 "", endptr=0xbfffcb04, base=2, group=0)
    at eval.c:36
#1  0x40167fea in nsPromiseFlatString::get () at eval.c:41
#2  0x411c7f4a in NSGetModule () from libdocshell.so
Keywords: crash, smoketest
seeing this on linux and mac as well with this mornings latest builds:

linux 2001-11-07-06-trunk
mac 2001-11-07-04-trunk

note windows doesn't crash, but the View Page source window is blank.
OS: Solaris → All
Hardware: Sun → All

    
    

    
  
sorry - attachment from 2001110706 linux
TB37694325M

    
  
Summary: segfault on view-source → crash / segfault on view-source

    
    

    
  
cc'ing dbaron (bug 104651, dependent string changes)

    
    

    
  
Over to adam lock who was in the fixup code yesterday.

Better stack trace:

#0  __strtol_internal (nptr=0xbfffdb24 "Ра\030@\200в\030@", endptr=0xbfffda64, 
    base=2, group=0) at eval.c:36
#1  0x4016ac86 in nsPromiseFlatString::get (this=0xbfffdb24)
    at nsPromiseFlatString.cpp:74
#2  0x41372dfa in nsDefaultURIFixup::CreateFixupURI (this=0x8290a30, 
    aStringURI=0x8851630, aFixupFlags=1, aURI=0xbfffde64)
    at ../../dist/include/string/nsPromiseFlatString.h:277
#3  0x4136680b in nsDocShell::CreateFixupURI (this=0x891c368, 
    aStringURI=0x8851630, aURI=0xbfffde64)
    at ../../dist/include/xpcom/nsCOMPtr.h:650
#4  0x41361628 in nsDocShell::LoadURI (this=0x891c368, aURI=0x8851630, 
    aLoadFlags=0) at ../../dist/include/xpcom/nsCOMPtr.h:1132
#5  0x40159892 in XPTC_InvokeByIndex (that=0x891c378, methodIndex=8, 
    paramCount=2, params=0xbfffe0c0) at xptcinvoke_unixish_x86.cpp:153
#6  0x40865ee4 in XPCWrappedNative::CallMethod (ccx=@0xbfffe180, 
    mode=CALL_METHOD) at xpcwrappednative.cpp:2009
#7  0x4086c03d in XPC_WN_CallMethod (cx=0x88b6100, obj=0x43300f40, argc=2, 
    argv=0x88581a4, vp=0xbfffe2b0) at xpcwrappednativejsops.cpp:1266
#8  0x40069478 in js_Invoke (cx=0x88b6100, argc=2, flags=0) at jsinterp.c:832
#9  0x400711f7 in js_Interpret (cx=0x88b6100, result=0xbfffe4ec)
    at jsinterp.c:2791
#10 0x400694cf in js_Invoke (cx=0x88b6100, argc=1, flags=2) at jsinterp.c:849
#11 0x400696c9 in js_InternalInvoke (cx=0x88b6100, obj=0x41782fb8, 
---Type <return> to continue, or q <return> to quit---
    fval=1098397080, flags=0, argc=1, argv=0xbfffe74c, rval=0xbfffe678)
    at jsinterp.c:924
#12 0x4004ba1a in JS_CallFunctionValue (cx=0x88b6100, obj=0x41782fb8, 
    fval=1098397080, argc=1, argv=0xbfffe74c, rval=0xbfffe678) at jsapi.c:3417
#13 0x415c9038 in nsJSContext::CallEventHandler (this=0x883f928, 
    aTarget=0x41782fb8, aHandler=0x41783598, argc=1, argv=0xbfffe74c, 
    aBoolResult=0xbfffe730, aReverseReturnResult=0) at nsJSEnvironment.cpp:987
#14 0x415f3469 in nsJSEventListener::HandleEvent (this=0x88f6ca0, 
    aEvent=0x88e20cc) at ../../../dist/include/xpcom/nsCOMPtr.h:650
#15 0x41080809 in nsEventListenerManager::HandleEventSubType (this=0x8840a10, 
    aListenerStruct=0x88503e8, aDOMEvent=0x88e20cc, aCurrentTarget=0x883f818, 
    aSubType=1, aPhaseFlags=7) at nsEventListenerManager.cpp:1213
#16 0x4108248e in nsEventListenerManager::HandleEvent (this=0x8840a10, 
    aPresContext=0x8854d00, aEvent=0xbfffec50, aDOMEvent=0xbfffebb4, 
    aCurrentTarget=0x883f818, aFlags=7, aEventStatus=0xbfffec4c)
    at nsEventListenerManager.cpp:1886
#17 0x415cd1cc in GlobalWindowImpl::HandleDOMEvent (this=0x883f808, 
    aPresContext=0x8854d00, aEvent=0xbfffec50, aDOMEvent=0xbfffebb4, aFlags=1, 
    aEventStatus=0xbfffec4c) at ../../../dist/include/xpcom/nsCOMPtr.h:650
#18 0x411d2dbe in DocumentViewerImpl::LoadComplete (this=0x868d830, aStatus=0)
    at ../../../dist/include/xpcom/nsCOMPtr.h:650
#19 0x41363d13 in nsDocShell::EndPageLoad (this=0x868eba0, 
    aProgress=0x868fd24, aChannel=0x8840be8, aStatus=0)
---Type <return> to continue, or q <return> to quit---
    at ../../dist/include/xpcom/nsCOMPtr.h:649
#20 0x4136f287 in nsWebShell::EndPageLoad (this=0x868eba0, 
    aProgress=0x868fd24, channel=0x8840be8, aStatus=0) at nsWebShell.cpp:906
#21 0x41363b29 in nsDocShell::OnStateChange (this=0x868eba0, 
    aProgress=0x868fd24, aRequest=0x8840be8, aStateFlags=131088, aStatus=0)
    at ../../dist/include/xpcom/nsCOMPtr.h:643
#22 0x40e1ef5b in nsDocLoaderImpl::FireOnStateChange (this=0x868fd10, 
    aProgress=0x868fd24, aRequest=0x8840be8, aStateFlags=131088, aStatus=0)
    at ../../dist/include/xpcom/nsCOMPtr.h:650
#23 0x40e1e497 in nsDocLoaderImpl::doStopDocumentLoad (this=0x868fd10, 
    request=0x8840be8, aStatus=0) at nsDocLoader.cpp:738
#24 0x40e1e37b in nsDocLoaderImpl::DocLoaderIsEmpty (this=0x868fd10)
    at ../../dist/include/xpcom/nsCOMPtr.h:643
#25 0x40e1e38f in nsDocLoaderImpl::DocLoaderIsEmpty (this=0x89120c0)
    at nsDocLoader.cpp:648
#26 0x40e1e1ee in nsDocLoaderImpl::OnStopRequest (this=0x89120c0, 
    aRequest=0x8912610, aCtxt=0x0, aStatus=0) at nsDocLoader.cpp:575
#27 0x409653ea in nsLoadGroup::RemoveRequest (this=0x8912168, 
    request=0x8912610, ctxt=0x0, aStatus=0) at nsLoadGroup.cpp:525
#28 0x40960a72 in nsStreamIOChannel::OnStopRequest (this=0x8912610, 
    request=0x8912404, context=0x0, aStatus=0) at nsInputStreamChannel.cpp:479
#29 0x409bc99d in nsOnStopRequestEvent::HandleEvent (this=0x43205468)
    at ../../../dist/include/xpcom/nsCOMPtr.h:650
---Type <return> to continue, or q <return> to quit---
#30 0x40969893 in nsARequestObserverEvent::HandlePLEvent (plev=0x43205468)
    at nsRequestObserverProxy.cpp:79
#31 0x401436fb in PL_HandleEvent (self=0x43205468) at plevent.c:590
#32 0x40143609 in PL_ProcessPendingEvents (self=0x8058478) at plevent.c:520
#33 0x401446cb in nsEventQueueImpl::ProcessPendingEvents (this=0x8081e18)
    at nsEventQueue.cpp:388
#34 0x407900f6 in event_processor_callback (data=0x8081e18, source=6, 
    condition=GDK_INPUT_READ) at nsAppShell.cpp:184
#35 0x4078fe45 in our_gdk_io_invoke (source=0x82bed30, condition=G_IO_IN, 
    data=0x812cce0) at nsAppShell.cpp:77
#36 0x4037af9e in g_io_unix_dispatch () from /usr/lib/libglib-1.2.so.0
#37 0x4037c773 in g_main_dispatch () from /usr/lib/libglib-1.2.so.0
#38 0x4037cd39 in g_main_iterate () from /usr/lib/libglib-1.2.so.0
#39 0x4037ceec in g_main_run () from /usr/lib/libglib-1.2.so.0
#40 0x40297333 in gtk_main () from /usr/lib/libgtk-1.2.so.0
#41 0x407905e6 in nsAppShell::Run (this=0x8088a70) at nsAppShell.cpp:364
#42 0x407699f6 in nsAppShellService::Run (this=0x808faf0)
    at ../../../dist/include/xpcom/nsCOMPtr.h:650
#43 0x08051464 in main1 (argc=1, argv=0xbffff794, nativeApp=0x0)
    at ../../dist/include/xpcom/nsCOMPtr.h:650
#44 0x08051dbb in main (argc=1, argv=0xbffff794) at nsAppRunner.cpp:1630
#45 0x404c3627 in __libc_start_main (main=0x8051c70 <main>, argc=1, 
    ubp_av=0xbffff794, init=0x804c084 <_init>, fini=0x8052db0 <_fini>, 
---Type <return> to continue, or q <return> to quit---
    rtld_fini=0x4000dcd4 <_dl_fini>, stack_end=0xbffff78c)
    at ../sysdeps/generic/libc-start.c:129

Assignee: asa → adamlock

    
  
Component: Browser-General → Embedding: Docshell

    
    

    
  
*** Bug 108894 has been marked as a duplicate of this bug. ***

    
    

    
  
Would nsAutoString be better?

r=adamlock

    
    

    
  
Comment on attachment 56896 [details] [diff] [review]
patch

we shouldn't _need_ to do this, but deeper investigation is required to find out what's going wrong.  In the meanwhile, this is a reasonable fix for the blocker.  sr=scc (and I'll keep looking)

    
    

    
  
Fix is checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
Oops, I just changed it to an auto string.  Did you? :)  No biggie if we didn't.

    
    

    
  
Yes, I made it an nsAutoString. Thanks for the patch Chris.

    
    

    
  
is the crash in js_strncpy in new bug 108832 related?

    
    

    
  
Did someone file a bug on PromiseFlatString?  Or was that really the problem?

    
    

    
  
scc knows about it and said that he was working on it.  You should talk to him.

    
    

    
  
Adding topcrash keyword and Trunk [@ 0x00000000 -
nsDefaultURIFixup::CreateFixupURI] to summary for tracking, since this has been
a topcrasher with recent MozillaTrunk builds.
Keywords: topcrash
Summary: crash / segfault on view-source → crash / segfault on view-source - Trunk [@ 0x00000000 - nsDefaultURIFixup::CreateFixupURI]

    
    

    
  
*** Bug 109338 has been marked as a duplicate of this bug. ***

    
    

    
  
is anyone still seeing this?  please verify

    
    

    
  
This has worked OK for a while, and no crash on a 10h old linux CVS either. WFM.

    
    

    
  
Verified, stack signature not showing up in trunk, M097, or N621
Status: RESOLVED → VERIFIED
Crash Signature: [@ 0x00000000 - nsDefaultURIFixup::CreateFixupURI]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: