Closed Bug 1121191 Opened 11 years ago Closed 8 years ago

crash in unsigned char* nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::AppendElements<unsigned char>(unsigned char const*, unsigned int)

Categories

(Firefox OS Graveyard :: NFC, defect)

Product:
Firefox OS Graveyard
Component:
NFC
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: nhirata, Unassigned)

Details

(Keywords: crash)

Crash Data

This bug was filed from the Socorro interface and is report bp-8d38eef3-a3fb-4c30-b98f-405c92150110. ============================================================= 0 libc.so libc.so@0x2223e 1 libxul.so unsigned char* nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::AppendElements<unsigned char>(unsigned char const*, unsigned int) /builds/slave/b2g_m-cen_flm-kk_ntly-00000000/build/objdir-gecko/dist/include/nsTArray.h:525 2 libxul.so mozilla::NfcMessageHandler::TechDiscoveredNotification(android::Parcel const&, mozilla::EventOptions&) dom/nfc/gonk/NfcMessageHandler.cpp 3 libxul.so mozilla::NfcEventRunnable::Run() dom/nfc/gonk/NfcService.cpp 4 libxul.so nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp 5 libxul.so NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp 6 libxul.so mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp 7 libxul.so MessageLoop::RunInternal() ipc/chromium/src/base/message_loop.cc 8 libxul.so MessageLoop::Run() ipc/chromium/src/base/message_loop.cc 9 libxul.so nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp 10 libnss3.so _pt_root nsprpub/pr/src/pthreads/ptthread.c Ø 11 libc.so libc.so@0xd22a Ø 12 libc.so libc.so@0xd3c2 Show/hide other threads More crashes: https://crash-stats.mozilla.com/signature/?product=B2G&android_device=flame&date=%3E%3D2015-01-01+00%3A00%3A00&signature=unsigned+char*+nsTArray_Impl%3Cunsigned+char%2C+nsTArrayInfallibleAllocator%3E%3A%3AAppendElements%3Cunsigned+char%3E%28unsigned+char+const*%2C+unsigned+int%29&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&page=1 Looks like NFC crashes.
STR: 1. enable NFC on a flame-kk 2. enable NFC on a nexus-5 running android 3. touch the backs of the phones together
Here's TechDiscoveredNotification: bool NfcMessageHandler::TechDiscoveredNotification(const Parcel& aParcel, EventOptions& aOptions) { aOptions.mSessionId = aParcel.readInt32(); aOptions.mIsP2P = aParcel.readInt32(); int32_t techCount = aParcel.readInt32(); aOptions.mTechList.AppendElements( static_cast<const uint8_t*>(aParcel.readInplace(techCount)), techCount); int32_t idCount = aParcel.readInt32(); aOptions.mTagId.AppendElements( static_cast<const uint8_t*>(aParcel.readInplace(idCount)), idCount); ... Parcel::readInplace can return a null pointer. We need to check for this before calling AppendElements.
Crash Signature: [@ unsigned char* nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::AppendElements<unsigned char>(unsigned char const*, unsigned int)] → [@ unsigned char* nsTArray_Impl<unsigned char, nsTArrayInfallibleAllocator>::AppendElements<unsigned char>(unsigned char const*, unsigned int)] [@ unsigned char* nsTArray_Impl<T>::AppendElements<T>]
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.