Closed
Bug 118279
Opened 23 years ago
Closed 23 years ago
URL Loads, displays, then segfaults in nsCOMPtr_base::~nsCOMPtr_base(void)
Categories
(Core :: XPCOM, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: harik, Assigned: dougt)
References
()
Details
(Keywords: crash, stackwanted)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.7) Gecko/20011229
BuildID: 20011229
Something's clobbering a pointer, and it's in C++ nastyness so I'm
at a loss. The actuall code in question seems innocent,
if (pointer) MACRO_FREE(pointer), but somehow the address in the
object for the pointer is getting zeroed.
I let it dump core and went in with gdb, more information is available
there.
Reproducible: Always
Steps to Reproduce:
1. Start browser.
2. Load URL.
3. Core dump.
(gdb) bt
#0 0x401a721f in nsCOMPtr_base::~nsCOMPtr_base () from /usr/lib/libxpcom.so
(gdb) disass
Dump of assembler code for function _._13nsCOMPtr_base:
0x401a7208 <_._13nsCOMPtr_base>: push %ebp
0x401a7209 <_._13nsCOMPtr_base+1>: mov %esp,%ebp
0x401a720b <_._13nsCOMPtr_base+3>: sub $0x10,%esp
0x401a720e <_._13nsCOMPtr_base+6>: push %esi
0x401a720f <_._13nsCOMPtr_base+7>: push %ebx
0x401a7210 <_._13nsCOMPtr_base+8>: call 0x401a7215 <_._13nsCOMPtr_base+13>
0x401a7215 <_._13nsCOMPtr_base+13>: pop %ebx
0x401a7216 <_._13nsCOMPtr_base+14>: add $0x1f4e7,%ebx
0x401a721c <_._13nsCOMPtr_base+20>: mov 0x8(%ebp),%esi
0x401a721f <_._13nsCOMPtr_base+23>: mov (%esi),%edx
0x401a7221 <_._13nsCOMPtr_base+25>: test %edx,%edx
0x401a7223 <_._13nsCOMPtr_base+27>: je 0x401a7233 <_._13nsCOMPtr_base+43>
0x401a7225 <_._13nsCOMPtr_base+29>: add $0xfffffff4,%esp
0x401a7228 <_._13nsCOMPtr_base+32>: mov (%edx),%eax
0x401a722a <_._13nsCOMPtr_base+34>: push %edx
0x401a722b <_._13nsCOMPtr_base+35>: mov 0x10(%eax),%eax
0x401a722e <_._13nsCOMPtr_base+38>: call *%eax
Reporter | ||
Comment 1•23 years ago
|
||
http://finance.yahoo.com/ alone yields the crash, the extra information is
personilzation and requires a login.
![]() |
||
Comment 2•23 years ago
|
||
Where is this destructor getting called from (what're the next 10-20 things on
the stack?)
Comment 4•23 years ago
|
||
Reporter, do you still crash with latest nightly build ?
Build available here:
http://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu-sea.tar.gz
Keywords: crash,
stackwanted
Comment 5•23 years ago
|
||
Resolving worksforme - more than a month since a request to the reporter (Dan
Merillat) and no reply. Reporter - please reopen this bug if it still occurs in
a recent (Moz 1.0RC1+) build.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•