Closed Bug 109353 Opened 24 years ago Closed 23 years ago

N621, Trunk & M098 crash [@ libpthread.so.0 - PL_strfree]

Categories

(Core Graveyard :: Java: OJI, defect)

Product:
Core Graveyard
Component:
Java: OJI
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.9

People

(Reporter: jcarpenter0524, Assigned: srgchrpv)

References

Details

(Keywords: crash, qawanted, topcrash)

Crash Data

Attachments

(2 files, 2 obsolete files)

Talkback data for N620 & Trunk
7.87 KB, text/plain
Details
new patch v1
8.77 KB, patch
peterlubczynski-bugs
: review+
beard
: superreview+
Details | Diff | Splinter Review
This bug is a topcrasher for N620. Min/Max Seconds since last crash: 0 - 110088 Min/Max Runtime: 0 - 322990 Crash data range: 2001-10-30 to 2001-11-08 Build ID range: 2001102217 to 2001102217 Keyword List : load(4), start(5), install(6), Stack Trace: libpthread.so.0 + 0x7bc7 (0x401dabc7) libc.so.6 + 0x80be8 (0x40507be8) COMMENTS/URLs: (37761443) Comments: Offline saving of mail to send later: cannot save mail check folders etc.All folders are correctly set up! (37731266) URL: www.freechal.com/feynman (37731266) Comments: During log in that page the browser has killed (37731167) URL: www.freechal.com/feynman (37731167) Comments: During loading bbs the browser has dead (37696639) URL: www.salon.com (37659831) Comments: Attempting to download and install the java2 plugin for linux (37656491) URL: www.wi-fi.org (37621709) Comments: It had just started up and I clicked on the link for Lord of the Rings (37586505) Comments: I was attempting to launch netscape after installing the beatnik player plugin via CrossOver from CodeWeavers.It was simply a test and easy enough to remove and start back up (37574444) Comments: when i installed plugger plug in (37529130) Comments: Starting up Netscape just after upgrading from 6.1 to 6.2 (37505754) Comments: <Zwischenablage leer> (37497893) Comments: Starting up Netsape Navigator (37476851) Comments: Starting it up after installing real player 8 (37476293) Comments: I've installed SuSE Linux downloaded Netscape 6.1 for it and am running it for the first time. I didn't know it failed. (37444051) Comments: Tried to bring up a page that included a Java applet just after having downloaded and installed the Java support.
Adding crash, topcrash to keywords. (56 crashes on todays topcrash report, more info when available.)
Keywords: crash, topcrash
Severity: normal → critical
Wrong component for such bugs. If you think, that this problem is Java-plugin related, please submit bug to OJI. Java-Implemented Plugins - are Plug-in's that are written in the Java programming language(http://mozilla.org/projects/blackwood/java-plugins/).
Assignee: idk → joe.chou
Component: Java-Implemented Plugins → OJI
QA Contact: avm → pmac
Keywords: mozilla1.0
Target Milestone: --- → mozilla0.9.8
There's not information in this bug. Can we get additional talkback data? This seems potentially more related to plugins than OJI.
Assignee: joe.chou → av
Component: OJI → Plug-ins
QA Contact: pmac → shrir
This crash is also showing up on the trunk, added trunk to summary. I'll add the talkback info as an attachment. Changed component to OJI as suggested.
Component: Plug-ins → OJI
Summary: N620 crash [@ libpthread.so.0 ] → N620 trunk crash [@ libpthread.so.0 ]
This has also been a topcrasher with Mozilla 0.9.6: Rank StackSignature Count 4 libpthread.so.0 73 109353 NEW av@netscape.com mozilla0.9.8 14:32:22 101673 RESO WORK av@netscape.com --- 2001-10-15 ==================================================================================================== Count Offset Real Signature [ 7 libpthread.so.0 + 0x7cc7 (0x401e8cc7) e7cac911 - PL_strfree() ] [ 4 libpthread.so.0 + 0x5e05 (0x401dfe05) 470c3b25 - PL_strfree() ] [ 3 libpthread.so.0 + 0x7d48 (0x401ecd48) de98930a - PL_strfree() ] [ 3 libpthread.so.0 + 0x7d48 (0x401ead48) 1a416de8 - PL_strfree() ] [ 3 libpthread.so.0 + 0x7c40 (0x401e8c40) 58cdd339 - PL_strfree() ] [ 3 libpthread.so.0 + 0x7c37 (0x401ebc37) 0d1e2892 - PL_strfree() ] [ 3 libpthread.so.0 + 0x7c37 (0x401e7c37) 65c8c442 - PL_strfree() ] [ 2 libpthread.so.0 + 0x81d0 (0x401f31d0) 3b3331d9 - PL_strfree() ] [ 2 libpthread.so.0 + 0x81d0 (0x401e81d0) f0e51152 - PL_strfree() ] Crash date range: 2001-12-04 to 2001-12-11 Min/Max Seconds since last crash: 0 - 1466579 Min/Max Runtime: 3 - 1541111 Keyword List : Count Platform List 7 Linux 2.4.9-13 6 Linux 2.4.2-2 6 Linux 2.4.16 4 Linux 2.4.5-9cl 4 Linux 2.2.19 3 Linux 2.4.8-26mdk Count Build Id List 30 2001112012 No of Unique Users 10 Stack trace(Frame) libpthread.so.0 + 0x7cc7 (0x401e8cc7) libc.so.6 + 0x80cc8 (0x40516cc8) PL_strfree() nsPluginFile::FreePluginInfo() nsPluginHostImpl::ScanPluginsDirectory() nsPluginHostImpl::LoadPlugins() nsPluginHostImpl::GetPluginFactory() nsJVMManager::StartupJVM() nsJVMManager::MaybeStartupLiveConnect() nsJVMManager::StartupLiveConnect() nsJSEnvironment::nsJSEnvironment() nsJSEnvironment::GetScriptingEnvironment() NS_CreateScriptContext() nsDOMSOFactory::NewScriptContext() nsDocShell::EnsureScriptEnvironment() nsWebShell::GetInterface() operator []() nsCOMPtr_base::assign_from_helper() nsAppShellService::GetHiddenWindowAndJSContext() nsAppShellService::SetXPConnectSafeContext() nsAppShellService::CreateHiddenWindow() main1() main() libc.so.6 + 0x1c627 (0x404b2627) (43968) Comments: Just created a link to the java plugin (j2sdk 1.4 beta) in mozilla home'splugin directory. Mozilla now crashes when it comes up. ==================================================================================================== Count Offset Real Signature [ 2 libpthread.so.0 + 0x7e10 (0x401e6e10) 42713a2c - libpthread.so.0 + 0x7e10 (0x401e6e10) ] Crash date range: 2001-12-03 to 2001-12-04 Min/Max Seconds since last crash: 369 - 6656 Min/Max Runtime: 137793 - 239088 Keyword List : Count Platform List 2 Linux 2.4.10 Count Build Id List 2 2001112012 No of Unique Users 1 Stack trace(Frame) libpthread.so.0 + 0x7e10 (0x401e6e10) libc.so.6 + 0x70aeb (0x404f8aeb) (31388) URL: foxhill.rnetwork.tv (31388) Comments: flash plugin crashesd browser (1346) URL: www.source4.tv (1346) Comments: Back button crashed browser.. was trying to go back to a confirmation page for a test order on our source4.tv site
Summary: N620 trunk crash [@ libpthread.so.0 ] → N620, Trunk & M096 crash [@ libpthread.so.0 - PL_strfree]
-->me investigating...
Assignee: av → serge
Attached patch patch v1 (obsolete) — Splinter Review
Attached patch patch v1.1 (obsolete) — Splinter Review
this patch does bulletproofing from an empty MIME descriptor returned by ns4xPlugin::GetMIMEDescription(const char**) we'll ignore the plugins without MIME descriptor.
Attachment #62993 - Attachment is obsolete: true
av, would you please review this? thanks.
I would really like to see |nsPluginDir::IsPluginFile()| doing this job. Do you think this is feasible to do? I understand that this will require loading plugin inside the method, but we are loading it anyway later, can we just move loading here and then use the mime info later in GetPluginInfo?
>I understand that this will require loading plugin inside the method, but we >are loading it anyway later, not exactly, we are doing that in most cases just once on installation of new plugin, thanks dp for implementation of plugin caching stuff. and some more, the code below 443 mdesc = PL_strdup(mimedescr); should not be ever exec if mimedescr == "", in other way, if remember correctly, we'll call free() on non alloced block of mem.
> not exactly, we are doing that in most cases just once on installation of new > plugin, thanks dp for implementation of plugin caching stuff. I know. Let's talk about it offline. > 443 mdesc = PL_strdup(mimedescr); > should not be ever exec if mimedescr == "", > in other way, if remember correctly, we'll call free() on non alloced block > of mem. Why not? Why is it not allocced? On Windows we do just that: PL_strdup("") and then PL_strfree() when needed. Is it bad? If it is we should fix it on Windows.
let me spend some time in debugger and dig it out what we free()
updating summary with M097...this continues to be topcrasher with Mozilla 0.9.7: Count Offset Real Signature [ 7 libpthread.so.0 + 0x8100 (0x401f7100) 1793e5a8 - PL_strfree() ] [ 6 libpthread.so.0 + 0x684c (0x401e384c) 5a97194f - PL_strfree() ] [ 5 libpthread.so.0 + 0x7c40 (0x401eec40) 51a0e668 - PL_strfree() ] [ 5 libpthread.so.0 + 0x7bc7 (0x401f1bc7) e1f3ccd9 - PL_strfree() ] [ 4 libpthread.so.0 + 0x7e97 (0x401eae97) 3198b835 - PL_strfree() ] [ 4 libpthread.so.0 + 0x7e10 (0x401ede10) e81d8038 - PL_strfree() ] [ 4 libpthread.so.0 + 0x7d38 (0x401eed38) c89810be - PL_strfree() ] [ 3 libpthread.so.0 + 0x7d28 (0x401efd28) 5fa8dd00 - PL_strfree() ] [ 2 libpthread.so.0 + 0x7f68 (0x401f5f68) 1368d937 - PL_strfree() ] Crash date range: 2002-01-08 to 2002-01-17 Min/Max Seconds since last crash: 0 - 87095 Min/Max Runtime: 0 - 788305 Keyword List : Count Platform List 7 Linux 2.4.9-2 6 Linux 2.2.19 5 Linux 2.4.9-ac14 5 Linux 2.4.7-10 4 Linux 2.4.18-pre3 4 Linux 2.4.16 4 Linux 2.4.10-4GB 3 Linux 2.4.8-26mdk 2 Linux 2.4.14-xfs Count Build Id List 40 2001122108 No of Unique Users 10 Stack trace(Frame) libpthread.so.0 + 0x8100 (0x401f7100) libc.so.6 + 0x7b7ac (0x405267ac) PL_strfree() nsPluginFile::FreePluginInfo() nsPluginHostImpl::ScanPluginsDirectory() nsPluginHostImpl::ScanPluginsDirectoryList() nsPluginHostImpl::LoadPlugins() nsPluginHostImpl::GetPluginFactory() nsJVMManager::StartupJVM() nsJVMManager::MaybeStartupLiveConnect() nsJVMManager::StartupLiveConnect() nsJSEnvironment::Init() NS_CreateScriptContext() nsDOMSOFactory::NewScriptContext() nsDocShell::EnsureScriptEnvironment() nsWebShell::GetInterface() operator []() nsCOMPtr_base::assign_from_helper() nsAppShellService::GetHiddenWindowAndJSContext() nsAppShellService::SetXPConnectSafeContext() nsAppShellService::CreateHiddenWindow() main1() main() libc.so.6 + 0x1be5e (0x404c6e5e) (1372727) URL: www.google.com (1372708) URL: www.google.com (1372705) URL: www.google.com (1372606) URL: www.google.com (1372606) Comments: this connector is failed (1372572) URL: www.google.com (1372537) URL: www.google.com ==================================================================================================== Count Offset Real Signature [ 3 libpthread.so.0 + 0x4355 (0x401e1355) d7d65735 - libpthread.so.0 + 0x4355 (0x401e1355) ] Crash date range: 2002-01-11 to 2002-01-15 Min/Max Seconds since last crash: 1776 - 26861 Min/Max Runtime: 62227 - 79671 Keyword List : Count Platform List 3 Linux 2.4.1 Count Build Id List 3 2001122108 No of Unique Users 1 Stack trace(Frame) libpthread.so.0 + 0x4355 (0x401e1355) (1701082) Comments: google search (1563117) Comments: poking around with Google For some reason, these newer crashes are all happening at google.com...weird.
Summary: N620, Trunk & M096 crash [@ libpthread.so.0 - PL_strfree] → N620, Trunk & M097 crash [@ libpthread.so.0 - PL_strfree]
all right, here what is wrong if mdesc == "" we do calc nun == 1 and malloc mem on lines 454-456 453 info.fVariantCount = num; 454 info.fMimeTypeArray = (char **)PR_Malloc(num * sizeof(char *)); 455 info.fMimeDescriptionArray = (char **)PR_Malloc(num * sizeof(char 456 info.fExtensionArray = (char **)PR_Malloc(num * sizeof(char *)); ... 461 start = mdesc; we do not go inside the loop, because *start==0 462 for(i = 0;i < num && *start;i++) { so we are not assigning any valid ptrs to arrays we malloced on lines454-456 but we are calling 505 nsresult nsPluginFile::FreePluginInfo(nsPluginInfo& info) and calling PL_srtfree with invalid ptr:(
Attached patch new patch v1Splinter Review
Here is the new patch, I've put mime type parsing code in single function which seems to me is more straight forward than it was before with CalculateVariantCount() and SetMIMETypeSeparator() calls.
Attachment #63142 - Attachment is obsolete: true
Comment on attachment 65954 [details] [diff] [review] new patch v1 r=peterl
Attachment #65954 - Flags: review+
This seems to be related to my bug. I have an example to work that crashes mozilla on linux hard.
Blocks: 113957
Comment on attachment 65954 [details] [diff] [review] new patch v1 sr=beard
Attachment #65954 - Flags: superreview+
checked in nsPluginsDirUnix.cpp,v <-- nsPluginsDirUnix.cpp new revision: 1.22; previous revision: 1.21
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Target Milestone: mozilla0.9.8 → mozilla0.9.9
Reopening and updating summary with M098, since I think this is still happening. Mozilla 0.9.8 Talkback data is showing a lot of these crashes: Count Offset Real Signature [ 6 libpthread.so.0 + 0x7f68 (0x40205f68) 42c37bea - PL_strfree() ] [ 6 libpthread.so.0 + 0x7f68 (0x40200f68) 8a7a2390 - PL_strfree() ] [ 3 libpthread.so.0 + 0x7d38 (0x40204d38) 9190ed2b - PL_strfree() ] [ 2 libpthread.so.0 + 0x7d48 (0x401fdd48) 316bc840 - PL_strfree() ] [ 2 libpthread.so.0 + 0x7d48 (0x401fcd48) ebff9e71 - PL_strfree() ] Crash date range: 2002-02-11 to 2002-02-19 Min/Max Seconds since last crash: 0 - 65925 Min/Max Runtime: 0 - 970752 Keyword List : Count Platform List 6 Linux 2.4.9-13 4 Linux 2.4.9-21 4 Linux 2.4.8-26mdk 3 Linux 2.4.10-64GB-SMP 2 Linux 2.4.18-rc1-2 Count Build Id List 19 2002020415 No of Unique Users 5 Stack trace(Frame) libpthread.so.0 + 0x7f68 (0x40205f68) libc.so.6 + 0x7cb9c (0x40550b9c) PL_strfree() nsPluginFile::FreePluginInfo() nsPluginHostImpl::ScanPluginsDirectory() nsPluginHostImpl::ScanPluginsDirectoryList() nsPluginHostImpl::LoadPlugins() nsPluginHostImpl::GetPluginFactory() nsJVMManager::StartupJVM() nsJVMManager::MaybeStartupLiveConnect() nsJVMManager::StartupLiveConnect() nsJSEnvironment::Init() NS_CreateScriptContext() nsDOMSOFactory::NewScriptContext() nsDocShell::EnsureScriptEnvironment() nsWebShell::GetInterface() operator []() nsCOMPtr_base::assign_from_helper() nsAppShellService::GetHiddenWindowAndJSContext() nsAppShellService::SetXPConnectSafeContext() nsAppShellService::CreateHiddenWindow() main1() main() libc.so.6 + 0x1c306 (0x404f0306) (3096327) Comments: crash after java2 plugin install (2779847) Comments: Starting to use Mozilla 0.98 after installing it using a file I downloaded a few days ago. Looking at the stack, it looks the same. Is this a regression or did the previous fix not cover all possible paths to this crash?
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Summary: N620, Trunk & M097 crash [@ libpthread.so.0 - PL_strfree] → N621, Trunk & M098 crash [@ libpthread.so.0 - PL_strfree]
Adding qawanted to see if we can reproduce this with a recent MozillaTrunk build. Oh, and I just realized that this fix might have not made it onto the M098 branch, just the MozillaTrunk. If that's the case, please resolve this fixed again. Otherwise we can wait for Mozilla 0.9.9 to see if this is still happening.
Keywords: qawanted
yes, 0.9.8 doesn't have this, sure lets wait till 0.9.9
nominating topcrash bugs for nsbeta1.
Keywords: nsbeta1
nsbeta1+ as per ADT triage. Patch already exists and needs to be tested.
Keywords: nsbeta1nsbeta1+
Looking at the latest MozillaTrunk data, I don't see this crash anymore at all (it was fixed on the Trunk on 2/1). Marking this resolved fixed again...we can verify once Mozilla 0.9.9 is released.
Status: REOPENED → RESOLVED
Closed: 23 years ago23 years ago
Resolution: --- → FIXED
0.9.9 is released. Jay, does this stack still show up in recent builds? If not, pls mark this verif.Thx!
v.fixed. I don't see any incidents in M099 or MozillaTrunk Talkback data.
Status: RESOLVED → VERIFIED
Product: Core → Core Graveyard
Crash Signature: [@ libpthread.so.0 - PL_strfree]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: