Closed Bug 171333 Opened 22 years ago Closed 22 years ago

crash at startup in nsFileChannel if chrome modified [@ nsFileChannel::GetFile]

Categories

(Core :: Networking: File, defect)

Product:
Core
Component:
Networking: File
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jay.yan, Assigned: dougt)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file, 1 obsolete file)

patch v.2
2.08 KB, patch
danm.moz
: review+
brendan
: superreview+
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529

trunk code (I got the source snapshot of Sept26, and update it from trunk 7:pm
Sept.27 California time)

Build it(configure with enable-chrome-format=flat)

launch /dist/bin/mozilla

Segmentation fault signal received. following is the output.


[jay@dhcp-cbjs04-217-13 bin]$ ./mozilla        
Type Manifest File:
/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/xpti.dat
+++ JavaScript debugging hooks installed.
nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file
nsStaticNameTable.cpp, line 139
Break: at file nsStaticNameTable.cpp, line 139
###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file
nsStaticNameTable.cpp, line 139
Break: at file nsStaticNameTable.cpp, line 139
###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file
nsStaticNameTable.cpp, line 139
Break: at file nsStaticNameTable.cpp, line 139
WARNING: nsXKBModeSwitch::ControlWorkaround:, file nsKeyboardUtils.cpp, line 78
WARNING:     grab_during, file nsKeyboardUtils.cpp, line 79
WARNING:     ungrab_duri, file nsKeyboardUtils.cpp, line 80
WARNING: 

nsXKBModeSwitch::HandleMappingNotify: no Mode_switch

, file nsKeyboardUtils.cpp, line 152
WARNING: 

nsXKBModeSwitch::HandleMappingNotify:, file nsKeyboardUtils.cpp, line 154
WARNING:     gModeSwitch, file nsKeyboardUtils.cpp, line 155
WARNING:     gModeSwitch, file nsKeyboardUtils.cpp, line 156
GFX: dpi=108 t2p=0.0769231 p2t=13 depth=24
WEBSHELL+ = 1
IsPluginFile(/home/jay/work/mozilla/trunk/default/mozilla/modules/plugin/samples/default/unix/libnullplugin.so)
== TRUE
WEBSHELL+ = 2
bad FastLoad file version

Program ./mozilla-bin (pid = 1725) received Segmentation fault signal.
Stack:
nsProfileLock::FatalSignalHandler(int)+0x00000119
[/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libprofile.so
+0x0002BCC5]
UNKNOWN 0x40329f75
UNKNOWN 0x42029098
nsChromeProtocolHandler::NewChannel(nsIURI *, nsIChannel **)+0x00001397
[/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libchrome.so
+0x00049757]
nsIOService::NewChannelFromURI(nsIURI *, nsIChannel **)+0x0000041F
[/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libnecko.so
+0x0009DFDF]
NS_NewChannel(nsIChannel **, nsIURI *, nsIIOService *, nsILoadGroup *, nsIInterf
aceRequestor *, unsigned int)+0x000000BA [/home/jay/work/mozilla/trunk/default/m
ozilla/dist/bin/components/libdocshell.so +0x0006817E]
nsDocShell::DoURILoad(nsIURI *, nsIURI *, nsISupports *, nsIInputStream *, nsIIn
putStream *, int, nsIDocShell **, nsIRequest **)+0x000001AE [/home/jay/work/mozi
lla/trunk/default/mozilla/dist/bin/components/libdocshell.so +0x00049E42]
nsDocShell::InternalLoad(nsIURI *, nsIURI *, nsISupports *, int, unsigned short 
const *, nsIInputStream *, nsIInputStream *, unsigned int, nsISHEntry *, int, ns
IDocShell **, nsIRequest **)+0x00001077 [/home/jay/work/mozilla/trunk/default/mo
zilla/dist/bin/components/libdocshell.so +0x0004974F]
nsDocShell::LoadURI(nsIURI *, nsIDocShellLoadInfo *, unsigned int, int)+0x00000B
5B [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libdocshell
.so +0x00036667]
nsWindowWatcher::OpenWindowJS(nsIDOMWindow *, char const *, char const *, char c
onst *, int, unsigned int, long *, nsIDOMWindow **)+0x00002119 [/home/jay/work/m
ozilla/trunk/default/mozilla/dist/bin/components/libembedcomponents.so +0x000413
B5]
nsWindowWatcher::OpenWindow(nsIDOMWindow *, char const *, char const *, char con
st *, nsISupports *, nsIDOMWindow **)+0x0000007F [/home/jay/work/mozilla/trunk/d
efault/mozilla/dist/bin/components/libembedcomponents.so +0x0003F273]
UNKNOWN 0x805aa73
UNKNOWN 0x805a5fd
UNKNOWN 0x805b52f
UNKNOWN 0x805bfaa
nsPref::EnumerateChildren(char const *, void (*)(char const *, void *), void *)+
0x00000075 [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/lib
pref.so +0x000166A9]
UNKNOWN 0x805c1d6
DoCommandLines(nsICmdLineService *, int, int *)+0x000000D4 [./mozilla-bin +0x000
14460]
UNKNOWN 0x805f29a
main+0x00000213 [./mozilla-bin +0x00018363]
__libc_start_main+0x00000095 [./mozilla-bin +0x00017499]
Sleeping for 5 minutes.
Type 'gdb ./mozilla-bin 1725' to attatch your debugger to this thread.
Done sleeping...
[jay@dhcp-cbjs04-217-13 bin]$ 






Reproducible: Always

Steps to Reproduce:
It is the log of using DDD to debug:

GNU DDD 3.3.1 (i386-redhat-linux-gnu), by Dorothea Lütkehaus and Andreas Zeller.
Copyright © 1995-1999 Technische Universität Braunschweig, Germany.
Copyright © 1999-2001 Universität Passau, Germany.
(gdb) run
[New Thread 1024 (LWP 1585)]
Type Manifest File:
/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/xpti.dat
+++ JavaScript debugging hooks installed.
nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file
nsStaticNameTable.cpp, line 139
Break: at file nsStaticNameTable.cpp, line 139
###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file
nsStaticNameTable.cpp, line 139
Break: at file nsStaticNameTable.cpp, line 139
###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file
nsStaticNameTable.cpp, line 139
Break: at file nsStaticNameTable.cpp, line 139
^G[New Thread 2049 (LWP 1593)]
[New Thread 1026 (LWP 1594)]
[New Thread 2051 (LWP 1595)]
WARNING: nsXKBModeSwitch::ControlWorkaround:, file nsKeyboardUtils.cpp, line 78
WARNING:     grab_during, file nsKeyboardUtils.cpp, line 79
WARNING:     ungrab_duri, file nsKeyboardUtils.cpp, line 80
WARNING: 

nsXKBModeSwitch::HandleMappingNotify: no Mode_switch

, file nsKeyboardUtils.cpp, line 152
WARNING: 

nsXKBModeSwitch::HandleMappingNotify:, file nsKeyboardUtils.cpp, line 154
WARNING:     gModeSwitch, file nsKeyboardUtils.cpp, line 155
WARNING:     gModeSwitch, file nsKeyboardUtils.cpp, line 156
GFX: dpi=108 t2p=0.0769231 p2t=13 depth=24
WEBSHELL+ = 1
IsPluginFile(/home/jay/work/mozilla/trunk/default/mozilla/modules/plugin/samples/default/unix/libnullplugin.so)
== TRUE
[New Thread 3076 (LWP 1598)]
[New Thread 4101 (LWP 1599)]
WEBSHELL+ = 2
bad FastLoad file version

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1024 (LWP 1585)]
0x4093dfa0 in nsFileChannel::GetFile (this=0x8203250, result=0xbfffe640) at
nsFileChannel.cpp:728
/home/jay/work/mozilla/trunk/default/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp:728:20837:beg:0x4093dfa0
(gdb) backtrace
#0  0x4093dfa0 in nsFileChannel::GetFile (this=0x8203250, result=0xbfffe640) at
nsFileChannel.cpp:728
#1  0x41310757 in nsChromeProtocolHandler::NewChannel (this=0x81ed718,
aURI=0x8159f70, aResult=0xbfffe88c) at nsChromeProtocolHandler.cpp:737
#2  0x408a5fdf in nsIOService::NewChannelFromURI (this=0x815eac0,
aURI=0x8159f70, result=0xbfffe88c) at nsIOService.cpp:511
#3  0x419eb17e in NS_NewChannel (result=0xbfffe980, uri=0x8159f70,
ioService=0x815eac0, loadGroup=0x81fcbb8, notificationCallbacks=0x81f5c38,
loadAttributes=524288) at ../../dist/include/necko/nsNetUtil.h:164
#4  0x419cce42 in nsDocShell::DoURILoad (this=0x81f5c10, aURI=0x8159f70,
aReferrerURI=0x0, aOwner=0x0, aPostData=0x0, aHeadersData=0x0, firstParty=1,
aDocShell=0x0, aRequest=0x0) at nsDocShell.cpp:5096
#5  0x419cc74f in nsDocShell::InternalLoad (this=0x81f5c10, aURI=0x8159f70,
aReferrer=0x0, aOwner=0x0, aInheritOwner=1, aWindowTarget=0x81ff708,
aPostData=0x0, aHeadersData=0x0, aLoadType=1, aSHEntry=0x0, firstParty=1,
aDocShell=0x0, aRequest=0x0) at nsDocShell.cpp:5014
#6  0x419b9667 in nsDocShell::LoadURI (this=0x81f5c10, aURI=0x8159f70,
aLoadInfo=0x81f9af8, aLoadFlags=0, firstParty=1) at nsDocShell.cpp:714
#7  0x407563b5 in nsWindowWatcher::OpenWindowJS (this=0x8145998, aParent=0x0,
aUrl=0x817fca8 "chrome://navigator/content/navigator.xul", aName=0x806cc91
"_blank", aFeatures=0xbffff070 "chrome,dialog=no,all", aDialog=1, argc=1,
argv=0x812f1e0, _retval=0xbffff0c0) at nsWindowWatcher.cpp:770
#8  0x40754273 in nsWindowWatcher::OpenWindow (this=0x8145998, aParent=0x0,
aUrl=0x817fca8 "chrome://navigator/content/navigator.xul", aName=0x806cc91
"_blank", aFeatures=0xbffff070 "chrome,dialog=no,all", aArguments=0x80dad08,
_retval=0xbffff0c0) at nsWindowWatcher.cpp:459
#9  0x0805aa73 in OpenWindow (aChromeURL=@0xbffff190, aAppArgs=@0xbffff170,
aWidth=-1, aHeight=-1) at nsAppRunner.cpp:508
#10 0x0805a5fd in OpenWindow (aChromeURL=@0xbffff190, aAppArgs=@0xbffff170) at
nsAppRunner.cpp:439
#11 0x0805b52f in LaunchApplication (aParam=0x81e8f30 "browser", height=-1,
width=-1, windowOpened=0xbffff29c) at nsAppRunner.cpp:592
#12 0x0805bfaa in startupPrefEnumerationFunction (prefName=0x81e8f20
"general.startup.browser", data=0xbffff290) at nsAppRunner.cpp:745
#13 0x407ef6a9 in nsPref::EnumerateChildren (this=0x8114030, parent=0x806cdc6
"general.startup.", callback=0x805bee4 <startupPrefEnumerationFunction(char
const *, void *)>, arg=0xbffff290) at nsPref.cpp:653
#14 0x0805c1d6 in HandleArbitraryStartup (cmdLineArgs=0x813a960,
prefs=0x8114030, heedGeneralStartupPrefs=1, windowOpened=0xbffff3dc) at
nsAppRunner.cpp:798
#15 0x0805c460 in DoCommandLines (cmdLine=0x813a960, heedGeneralStartupPrefs=1,
windowOpened=0xbffff3dc) at nsAppRunner.cpp:851
#16 0x0805f29a in main1 (argc=1, argv=0xbffff544, nativeApp=0x80a3988) at
nsAppRunner.cpp:1470
#17 0x08060363 in main (argc=1, argv=0xbffff544) at nsAppRunner.cpp:1883
#18 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6
(gdb) 
Segmentation fault happened in 

   NS_ADDREF(*result)

of function 

   nsFileChannel::GetFile

of file

   netwerk/protocol/file/nsFileChannel.cpp

If the line of NS_ADDREF is commented, then mozilla can startup. but obviously,
this is not the right solution.
Status: UNCONFIRMED → NEW
Ever confirmed: true
tried again as another user, which has no .mozilla directory.

also segemenation fault.

the output log is similar. only one difference: no "bad FastLoad file version" line.


Rev 1.131 (9/27/2002) of nsFileChannel.cpp removed initialization of the mFile
member variable from the Init method. The null member variable is causing a
crash in GetFile at startup if your chrome has been changed so the fastload file
has to be regenerated.

fix:

Index: netwerk/protocol/file/src/nsFileChannel.cpp
===================================================================
RCS file: /cvsroot/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp,v
retrieving revision 1.131
diff -u -r1.131 nsFileChannel.cpp
--- netwerk/protocol/file/src/nsFileChannel.cpp 27 Sep 2002 03:13:09 -00001.131
+++ netwerk/protocol/file/src/nsFileChannel.cpp 28 Sep 2002 15:34:01 -0000
@@ -85,7 +85,7 @@
     mPerm = perm;
     mURI = uri;
     mGenerateHTMLDirs = generateHTMLDirs;
-    return NS_OK;
+    return EnsureFile();
 }

 nsFileChannel::~nsFileChannel()
Severity: normal → critical
OS: Linux → All
Hardware: PC → All
Summary: Received Segmentation fault signal when mozilla starts on redhat7.3 → crash at startup in nsFileChannel if chrome modified
this crash blows all other current crashers away
http://ftp.mozilla.org/pub/data/crash-data/Trunk-topcrashers.html
Keywords: crash
Summary: crash at startup in nsFileChannel if chrome modified → crash at startup in nsFileChannel if chrome modified [@ nsFileChannel::GetFile]
dougt, you didn't make a compatible change there -- is danm's patch good to go?
 He and I noticed other places in nsFileChannel.cpp that are not consistent in
how they null-check or do not null-check mFile.

/be
Cc'ing all reviewers of the patch that regressed nsFileChannel.cpp.

/be
*** Bug 171390 has been marked as a duplicate of this bug. ***
the point was to delay knowing if mFile is valid.  check the fix in, and I can
clean this up next week.
Attached patch proposed fix (obsolete) — Splinter Review 

    
    

    
  
Comment on attachment 101021 [details] [diff] [review]
proposed fix

>Index: nsFileChannel.cpp
>===================================================================
>RCS file: /cvsroot/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp,v
>retrieving revision 1.131
>diff -u -1 -0 -r1.131 nsFileChannel.cpp
>--- nsFileChannel.cpp	27 Sep 2002 03:13:09 -0000	1.131
>+++ nsFileChannel.cpp	28 Sep 2002 23:51:37 -0000
>@@ -451,20 +451,24 @@

Back at line 262, can you fix GetFileTransport so it doesn't set rv twice in a
row, first to NS_OK uselessly, then to the r.v. of EnsureFile()?

Also, line 411 is overindented in any program and/or OS that uses 8-space tab
stops due to tabs.

>@@ -546,20 +550,21 @@
>     request->GetStatus(&mStatus);
> #ifdef DEBUG
>     NS_ASSERTION(mInitiator == PR_GetCurrentThread(),
>                  "wrong thread calling this routine");
> #endif
>     NS_ASSERTION(mRealListener, "No listener...");
>     nsresult rv = NS_OK;
>     if (mRealListener) {
>         if (mGenerateHTMLDirs)
>         {

Nit: someone infected code like the above with a discordant brace style.  Fix
if you	agree and have the chance.

>+            NS_ENSURE_TRUE(mFile, NS_ERROR_UNEXPECTED);

Is this because some higher layer must have called GetFile or GetFileTransport
before OSR is called?  It wasn't obvious to me what the rules were, but in the
old version (2 revs back), mFile was set by Init, so it seems possible that
(especially given a general interface to this code) callers might not
GetFile{,Transport} before calling OSR.

/be

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch v.2Splinter Review
      

    


  
everything except line 411 is addressed.  I didn't see a problem on 411.

        Attachment #101021 -
        Attachment is obsolete: true

    
    

    
  
Comment on attachment 101032 [details] [diff] [review]
patch v.2

Line 411 is indented with tabs, just search for tabs in the file and expand 'em
all.

Thanks for the comment in OSR, but fix it to say "GetFileTransport" if that's
right -- I couldn't find a "GetTransport" method.

sr=brendan@mozilla.org with those nit-fixes.

/be

        Attachment #101032 -
        Flags: superreview+

    
    

    
  
marking topcrash following Comment #5
Keywords: crashtopcrash

    
  
Keywords: crash, 
          
            zt4newcrash

    
    

    
  
this should go in soon, the patch fixes that crash, as seen by me and
sirLurxalot (on IRC).

    
    

    
  
Comment on attachment 101032 [details] [diff] [review]
patch v.2

This patch addresses all currently unguarded accesses of mFile. I like it.
r=me.

        Attachment #101032 -
        Flags: review+

    
    

    
  
Checking in nsFileChannel.cpp;
/cvsroot/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp,v  <-- 
nsFileChannel.cpp
new revision: 1.132; previous revision: 1.131
done


Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 171625 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 171687 has been marked as a duplicate of this bug. ***

    
    

    
  
*** Bug 171865 has been marked as a duplicate of this bug. ***

    
    

    
  
No crashes since the checkin on 9/29.  Verified fixed per Talkback data.
Status: RESOLVED → VERIFIED

    
    

    
  
*** Bug 171692 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsFileChannel::GetFile]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: