Closed Bug 119917 Opened 23 years ago Closed 23 years ago

Crash: entering a New card/Mail list into AB with accented chars in it

Categories

(MailNews Core :: Internationalization, defect)

Product:
MailNews Core
Component:
Internationalization
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla0.9.8

People

(Reporter: marina, Assigned: nhottanscp)

Details

(Keywords: crash, intl)

Attachments

(1 file)

Fix freeing wrong memory problem.
601 bytes, patch
racham
: review+
sspitzer
: superreview+
dbaron
: approval+
Details | Diff | Splinter Review
*** observed with 2002-01-14 build *** Steps to reproduce: - bring up a new card; - turn the french keybord on; - fill out the card using accented chars; - click ok to submit; //note: application quits, it doesn't happen when i create a new card using ascii chars.I don't see the talkback coming up, so i can not submit a report
i don't crash when i create a japanese card.
It doesn't crash when I use EN keyboard to create a French card.
Status: NEW → ASSIGNED
Keywords: crash
happens in case of Mail list as well
Keywords: crash
Summary: Crash: entering a new card into AB with accented chars in it → Crash: entering a New card/Mail list into AB with accented chars in it
it doesn't happen for me when i use french keyboard to create english card/list
crash log, it crashes in creating a collation key. Date/Time: 2002-01-14 10:44:45 -0800 OS Version: 10.1.2 (Build 5P48) Command: Netscape 6 PID: 763 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000008 Thread 0: #0 0x0054c6d0 in _pool_free #1 0x00000000 in 0x0 #2 0x0054c9e0 in free #3 0x004fe6d8 in 0x4fe6d8 #4 0x006082a4 in nsMemoryImpl::Free(void *) #5 0x00625ce8 in nsMemory::Free(void *) #6 0x02c5d750 in nsAbView::CreateCollationKey(wchar_t const *, unsigned char **, unsigned int *) #7 0x02c5d194 in nsAbView::GenerateCollationKeysForCard(wchar_t const *, AbCard *) #8 0x02c5dae4 in nsAbView::OnItemAdded(nsISupports *, nsISupports *) #9 0x02c27e94 in NotifyDirectoryItemAdded__17nsAddrBookSessionFP14nsIAbDirector #10 0x02c3ce10 in nsAbMDBDirectory::NotifyItemAdded(nsISupports *) #11 0x02c3fa18 in OnCardEntryChange__16nsAbMDBDirectoryFUiP9nsIAbCardP17nsIAddrD #12 0x02c0d12c in NotifyCardEntryChange__14nsAddrDatabaseFUiP9nsIAbCardP17nsIAdd #13 0x02c12134 in nsAddrDatabase::CreateNewCardAndAddToDB(nsIAbCard *, int) #14 0x02c3f210 in nsAbMDBDirectory::AddCard(nsIAbCard *, nsIAbCard **) #15 0x005be31c in XPTC_InvokeByIndex #16 0x005be210 in XPTC_InvokeByIndex #17 0x0385b1d0 in 0x385b1d0 #18 0x0386160c in XPC_WN_CallMethod(JSContext *, JSObject *, unsigned int, long *, long *) #19 0x01caa5ac in js_Invoke #20 0x01cb2664 in 0x1cb2664 #21 0x01caa604 in js_Invoke #22 0x01caa850 in js_InternalInvoke #23 0x01c8bb2c in JS_CallFunctionValue #24 0x023dd0d0 in nsJSContext::CallEventHandler(void *, void *, unsigned int, void *, int *, int) #25 0x023f96a0 in nsJSEventListener::HandleEvent(nsIDOMEvent *) #26 0x01fa2a40 in HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru #27 0x01fa4fb0 in HandleEvent__22nsEventListenerManagerFP14nsIPresContextP7nsEve #28 0x021c1bac in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #29 0x027303a0 in HandleDOMEventWithTarget__9PresShellFP10nsIContentP7nsEventP13 #30 0x0285c448 in MouseClicked__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEven #31 0x0285c068 in nsButtonBoxFrame::HandleEvent(nsIPresContext *, nsGUIEvent *) #32 0x0273022c in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent #33 0x0272ffb4 in HandleEventWithTarget #34 0x01fae8d0 in CheckForAndDispatchClick__19nsEventStateManagerFP14nsIPresCont #35 0x01fac830 in 0x1fac830 #36 0x02730270 in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent #37 0x0272fec4 in PresShell::HandleEvent(nsIView *, nsGUIEvent *, nsEventStatus *) #38 0x03754824 in nsView::HandleEvent(nsGUIEvent *, unsigned int, nsEventStatus *, int, int &) #39 0x0375e3c8 in 0x375e3c8 #40 0x03753cd8 in HandleEvent(nsGUIEvent *) #41 0x037a6504 in nsWindow::DispatchEvent(nsGUIEvent *, nsEventStatus &) #42 0x037a65dc in nsWindow::DispatchWindowEvent(nsGUIEvent &) #43 0x037a6728 in nsWindow::DispatchMouseEvent(nsMouseEvent &) #44 0x037b7458 in nsMacEventHandler::HandleMouseUpEvent(EventRecord &) #45 0x037b5a54 in nsMacEventHandler::HandleOSEvent(EventRecord &) #46 0x037b48e4 in nsMacWindow::DispatchEvent(void *, int *) #47 0x037bc230 in DispatchOSEventToRaptor__16nsMacMessagePumpFR11EventRecordP15O #48 0x037bbe00 in nsMacMessagePump::DoMouseUp(EventRecord &) #49 0x037bb20c in nsMacMessagePump::DispatchEvent(int, EventRecord *) #50 0x037bac78 in nsAppShell::DispatchNativeEvent(int, void *) #51 0x01d1127c in nsXULWindow::ShowModal(void) #52 0x01cfc540 in nsWebShellWindow::ShowModal(void) #53 0x01d0dfec in nsContentTreeOwner::ShowAsModal(void) #54 0x0244f808 in nsWindowWatcher::OpenWindowJS(nsIDOMWindow *, char const *, char const *, char const *, int, unsigned int, long *, *) #55 0x023f07bc in OpenInternal__16GlobalWindowImplFRC9nsAStringRC9nsAStringRC9ns #56 0x023ebe28 in GlobalWindowImpl::OpenDialog(nsIDOMWindow **) #57 0x005be31c in XPTC_InvokeByIndex #58 0x005be210 in XPTC_InvokeByIndex #59 0x0385b1d0 in 0x385b1d0 #60 0x0386160c in XPC_WN_CallMethod(JSContext *, JSObject *, unsigned int, long *, long *) #61 0x01caa5ac in js_Invoke #62 0x01cb2664 in 0x1cb2664 #63 0x01caa604 in js_Invoke #64 0x01caa850 in js_InternalInvoke #65 0x01c8bb2c in JS_CallFunctionValue #66 0x023dd0d0 in nsJSContext::CallEventHandler(void *, void *, unsigned int, void *, int *, int) #67 0x023f96a0 in nsJSEventListener::HandleEvent(nsIDOMEvent *) #68 0x01fa2a40 in HandleEventSubType__22nsEventListenerManagerFP16nsListenerStru #69 0x01fa4fb0 in HandleEvent__22nsEventListenerManagerFP14nsIPresContextP7nsEve #70 0x021c1bac in HandleDOMEvent__12nsXULElementFP14nsIPresContextP7nsEventPP11n #71 0x027303a0 in HandleDOMEventWithTarget__9PresShellFP10nsIContentP7nsEventP13 #72 0x0285c448 in MouseClicked__16nsButtonBoxFrameFP14nsIPresContextP10nsGUIEven #73 0x0285c068 in nsButtonBoxFrame::HandleEvent(nsIPresContext *, nsGUIEvent *) #74 0x0273022c in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent #75 0x0272ffb4 in HandleEventWithTarget #76 0x01fae8d0 in CheckForAndDispatchClick__19nsEventStateManagerFP14nsIPresCont #77 0x01fac830 in 0x1fac830 #78 0x02730270 in HandleEventInternal__9PresShellFP7nsEventP7nsIViewUiP13nsEvent #79 0x0272fec4 in PresShell::HandleEvent(nsIView *, nsGUIEvent *, nsEventStatus *) #80 0x03754824 in nsView::HandleEvent(nsGUIEvent *, unsigned int, nsEventStatus *, int, int &) #81 0x0375e3c8 in 0x375e3c8 #82 0x03753cd8 in HandleEvent(nsGUIEvent *) #83 0x037a6504 in nsWindow::DispatchEvent(nsGUIEvent *, nsEventStatus &) #84 0x037a65dc in nsWindow::DispatchWindowEvent(nsGUIEvent &) #85 0x037a6728 in nsWindow::DispatchMouseEvent(nsMouseEvent &) #86 0x037b7458 in nsMacEventHandler::HandleMouseUpEvent(EventRecord &) #87 0x037b5a54 in nsMacEventHandler::HandleOSEvent(EventRecord &) #88 0x037b48e4 in nsMacWindow::DispatchEvent(void *, int *) #89 0x037bc230 in DispatchOSEventToRaptor__16nsMacMessagePumpFR11EventRecordP15O #90 0x037bbe00 in nsMacMessagePump::DoMouseUp(EventRecord &) #91 0x037bb20c in nsMacMessagePump::DispatchEvent(int, EventRecord *) #92 0x037baed0 in nsMacMessagePump::DoMessagePump(void) #93 0x037ba80c in nsAppShell::Run(void) #94 0x01d01d9c in nsAppShellService::Run(void) #95 0x004c93f8 in main1(int, char **, nsISupports *) #96 0x004c9efc in main Thread 1: #0 0x7000497c in syscall #1 0x70557600 in BSD_waitevent #2 0x70554b80 in CarbonSelectThreadFunc #3 0x7002054c in _pthread_body Thread 2: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x705593ec in CarbonOperationThreadFunc #3 0x7002054c in _pthread_body Thread 3: #0 0x70044cf8 in semaphore_timedwait_signal_trap #1 0x70044cd8 in semaphore_timedwait_signal #2 0x7003f2b8 in _pthread_cond_wait #3 0x70283ea4 in TSWaitOnConditionTimedRelative #4 0x7027d748 in TSWaitOnSemaphoreCommon #5 0x702c2078 in TimerThread #6 0x7002054c in _pthread_body Thread 4: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x70250ab0 in TSWaitOnCondition #3 0x7027d730 in TSWaitOnSemaphoreCommon #4 0x70243d14 in AsyncFileThread #5 0x7002054c in _pthread_body Thread 5: #0 0x7003f4c8 in semaphore_wait_signal_trap #1 0x7003f2c8 in _pthread_cond_wait #2 0x7055b884 in CarbonInetOperThreadFunc #3 0x7002054c in _pthread_body Thread 6: #0 0x70000978 in mach_msg_overwrite_trap #1 0x70005a04 in mach_msg #2 0x70026a2c in _pthread_become_available #3 0x70026724 in pthread_exit #4 0x70020550 in _pthread_body PPC Thread State: srr0: 0x0054c6d0 srr1: 0x0000d030 vrsave: 0x00000000 xer: 0x20000014 lr: 0x0054c9e0 ctr: 0x0054c9c0 mq: 0x00000000 r0: 0x00000000 r1: 0xbfffab30 r2: 0x000e9000 r3: 0x000ee384 r4: 0x0877c3ec r5: 0x00000000 r6: 0xbfffa7f4 r7: 0x0000000c r8: 0x00000030 r9: 0x00000032 r10: 0x000000c4 r11: 0x44000284 r12: 0x000ea998 r13: 0x00000000 r14: 0x00000036 r15: 0xbfffee58 r16: 0x01068cb0 r17: 0x00000001 r18: 0x0106a868 r19: 0x0000120b r20: 0x00000000 r21: 0x0000001c r22: 0x70004234 r23: 0x700042c8 r24: 0x00000004 r25: 0x000006eb r26: 0x8081ab5c r27: 0x0106b180 r28: 0x00000000 r29: 0xbfffef00 r30: 0x8081d1cc r31: 0x00000001 **********
Keywords: crash
Hardware: PC → Macintosh
Severity: normal → critical
It looks like we allocate smaller buffer than needed by the API. For a string with 7 characters, the current estimate is 160, that is (7 + 1) * 5 * 4. But my test case with accented characters, the key returned by the API is 196. So we need to increase at least 7 times of the input string but we don't know if 7 times is large enough. Also we multiply by sizeof(UCCollationValue) which is 4 so it needs 28 bytes per one input character. I think that is too much, we might want to reconsider using this API. http://lxr.mozilla.org/seamonkey/source/intl/locale/src/mac/nsCollationMacUC.cpp#178 178 // According to the document, the length of the key should typically be 179 // at least 5 * textLength 180 *outLen = (1 + stringIn.Length()) * 5 * sizeof(UCCollationValue);
changed qa contact, added keywords, nominated for beta1
Keywords: intl, nsbeta1
QA Contact: ji → marina
http://developer.apple.com/techpubs/macosx/Carbon/text/UnicodeUtilities/Unicode_Utilities_Ref/Functions/Comparing_Unicode_Strings.html#//apple_ref/C/func/UCGetCollationKey The document says, "should typically be at least 5*textLength", but does not say how large it could be. The document does not specify about a way of getting a key length without actually creating a key (which is available in Win32 API). maxKeySize Supply an ItemCount value specifying the length of the UCCollationValue array passed in the collationKey parameter. This dimension should typically be at least 5*textLength, as the byte length of a collation key is typically more than 16 times the number of Unicode characters in the string.
I think I found the problem. The documentation says, "Supply an ItemCount value" while we actually set byte length. 180 *outLen = (1 + stringIn.Length()) * 5 * sizeof(UCCollationValue); Let me remove multiply by sizeof sizeof(UCCollationValue) and see if that solves the crash.
I was wrong, the current code does pass item count instead of the byte length (line 208). http://lxr.mozilla.org/seamonkey/source/intl/locale/src/mac/nsCollationMacUC.cpp#206 206 err = ::UCGetCollationKey(mCollator, (const UniChar*) PromiseFlatString(stringIn).get(), 207 (UniCharCount) stringIn.Length(), 208 (ItemCount) (keyLength / sizeof(UCCollationValue)), 209 &actual, (UCCollationValue *)key);
The reason it crash is because the mCollationKeyGenerator->CreateRawSortKey return error code and the 759 if (NS_FAILED(rv)) 760 { 761 nsMemory::Free(aKey); crash it in line 761. look at line 754 it said 754 *aKey = (PRUint8*) nsMemory::Alloc (*aKeyLen); so the line 761 should be nsMemory::Free(*aKey); instead of nsMemory::Free(aKey); (the * make the difference)
The patch avoids the crash, the sorting result is still not right. Bhuvan, Seth, could you r/sr? I think we want to fix at least the crash for 0.9.8.
Target Milestone: --- → mozilla0.9.8
Comment on attachment 65173 [details] [diff] [review] Fix freeing wrong memory problem. r=bhuvan
Attachment #65173 - Flags: review+
Comment on attachment 65173 [details] [diff] [review] Fix freeing wrong memory problem. r=bhuvan
Comment on attachment 65173 [details] [diff] [review] Fix freeing wrong memory problem. sr=sspitzer thanks for fixing my mistake.
Attachment #65173 - Flags: superreview+
Comment on attachment 65173 [details] [diff] [review] Fix freeing wrong memory problem. a=dbaron for 0.9.8
Attachment #65173 - Flags: approval+
Checked in to the trunk. I think the sort order is still incorrect because the patch fixed the crash only. Please test tomorrow's build and open a new bug for the sorting order issue.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
the verification is blocked by bug # 119918
it is working now, verified with 2002-01-23 build
Status: RESOLVED → VERIFIED
Please test sorting order and file a bug if that's not sorted correctly.
Naoki, i don't see a problem with sorting a mix of ascii/non-ascii cards, they all find their order
Okay thanks. Could you try the case below just to make sure? 1) Create cards with display names in this order. ááááááááááA ááááááááááZ ááááááááááAA ááááááááááZZ 2) Then sort:. 3) Expected result ááááááááááA ááááááááááAA ááááááááááZ ááááááááááZZ
yes, the order is the way you expect it to be, but as soon as i close AB and have IME or French keybord turned on, navigating between PAB, CA and non-ascii AB causes a crash, i am investigating the reason of the crash now.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: