1446052 - Crash in <T>::operator() | mozilla::intl::LocaleService::NegotiateLanguages

Status: RESOLVED WORKSFORME

(Core :: Internationalization, defect, P3)

Description

[[:philipp]]

+++ This bug was initially created as a clone of Bug #1348797 +++

startup crashes on windows with this signature are showing up again after firefox 59 went to the release audience.

Comment 1

[Zibi Braniecki [:zbraniecki][:gandalf]]

Jonathan - in the previous approach we changed `if (!*s) {` to `if (!s || !*s) {` in the `validCharTags`. Any idea what may be crashing in this line now?

Comment 2

[Jonathan Kew [:jfkthame]]

AFAICS, the only reasonable explanation for a crash here is that the caller of NegotiateLanguages has passed an invalid (but not NULL) string pointer in one of the aRequested or aAvailable arrays, and then we crash when we try to dereference it.

The crash reports have a stack for the crashing thread that just shows:

0 xul.dll 	<lambda_8bcf245dc770bee1e905f184ef502c9e>::operator() 	intl/locale/LocaleService.cpp:755
1 xul.dll 	mozilla::intl::LocaleService::NegotiateLanguages(char const**, char const**, char const*, int, unsigned int, unsigned int, unsigned int*, char***) 	intl/locale/LocaleService.cpp:778
2 xul.dll 	XPTC__InvokebyIndex 	xpcom/reflect/xptcall/md/win32/xptcinvoke_asm_x86_64.asm:97
3 		@0x30055a7

The crashes are all occurring within seconds of startup; but I can't tell where the call to NegotiateLanguages comes from.

Hmm, looking at a report from 59.0b5, there's rather more stack shown: https://crash-stats.mozilla.com/report/index/5033bdd6-1300-400f-b8e9-b38c00180312. Still doesn't make me any the wiser, though. :(

Comment 3

[Makoto Kato [:m_kato]]

Interesting is that this occurs on x64 only

Comment 4

[Sylvestre Ledru [:Sylvestre]]

Moving to p3 because no activity for at least 24 weeks.

Comment 5

[BugBot [:suhaib / :marco/ :calixte]]

Closing because no crashes reported for 12 weeks.