Closed Bug 171333 Opened 22 years ago Closed 22 years ago

crash at startup in nsFileChannel if chrome modified [@ nsFileChannel::GetFile]

Categories

(Core :: Networking: File, defect)

Product:
Core
Component:
Networking: File
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jay.yan, Assigned: dougt)

References

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file, 1 obsolete file)

patch v.2
2.08 KB, patch
danm.moz
: review+
brendan
: superreview+
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020529 trunk code (I got the source snapshot of Sept26, and update it from trunk 7:pm Sept.27 California time) Build it(configure with enable-chrome-format=flat) launch /dist/bin/mozilla Segmentation fault signal received. following is the output. [jay@dhcp-cbjs04-217-13 bin]$ ./mozilla Type Manifest File: /home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/xpti.dat +++ JavaScript debugging hooks installed. nsNativeComponentLoader: autoregistering begins. nsNativeComponentLoader: autoregistering succeeded nNCL: registering deferred (0) ###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file nsStaticNameTable.cpp, line 139 Break: at file nsStaticNameTable.cpp, line 139 ###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file nsStaticNameTable.cpp, line 139 Break: at file nsStaticNameTable.cpp, line 139 ###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file nsStaticNameTable.cpp, line 139 Break: at file nsStaticNameTable.cpp, line 139 WARNING: nsXKBModeSwitch::ControlWorkaround:, file nsKeyboardUtils.cpp, line 78 WARNING: grab_during, file nsKeyboardUtils.cpp, line 79 WARNING: ungrab_duri, file nsKeyboardUtils.cpp, line 80 WARNING: nsXKBModeSwitch::HandleMappingNotify: no Mode_switch , file nsKeyboardUtils.cpp, line 152 WARNING: nsXKBModeSwitch::HandleMappingNotify:, file nsKeyboardUtils.cpp, line 154 WARNING: gModeSwitch, file nsKeyboardUtils.cpp, line 155 WARNING: gModeSwitch, file nsKeyboardUtils.cpp, line 156 GFX: dpi=108 t2p=0.0769231 p2t=13 depth=24 WEBSHELL+ = 1 IsPluginFile(/home/jay/work/mozilla/trunk/default/mozilla/modules/plugin/samples/default/unix/libnullplugin.so) == TRUE WEBSHELL+ = 2 bad FastLoad file version Program ./mozilla-bin (pid = 1725) received Segmentation fault signal. Stack: nsProfileLock::FatalSignalHandler(int)+0x00000119 [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libprofile.so +0x0002BCC5] UNKNOWN 0x40329f75 UNKNOWN 0x42029098 nsChromeProtocolHandler::NewChannel(nsIURI *, nsIChannel **)+0x00001397 [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libchrome.so +0x00049757] nsIOService::NewChannelFromURI(nsIURI *, nsIChannel **)+0x0000041F [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libnecko.so +0x0009DFDF] NS_NewChannel(nsIChannel **, nsIURI *, nsIIOService *, nsILoadGroup *, nsIInterf aceRequestor *, unsigned int)+0x000000BA [/home/jay/work/mozilla/trunk/default/m ozilla/dist/bin/components/libdocshell.so +0x0006817E] nsDocShell::DoURILoad(nsIURI *, nsIURI *, nsISupports *, nsIInputStream *, nsIIn putStream *, int, nsIDocShell **, nsIRequest **)+0x000001AE [/home/jay/work/mozi lla/trunk/default/mozilla/dist/bin/components/libdocshell.so +0x00049E42] nsDocShell::InternalLoad(nsIURI *, nsIURI *, nsISupports *, int, unsigned short const *, nsIInputStream *, nsIInputStream *, unsigned int, nsISHEntry *, int, ns IDocShell **, nsIRequest **)+0x00001077 [/home/jay/work/mozilla/trunk/default/mo zilla/dist/bin/components/libdocshell.so +0x0004974F] nsDocShell::LoadURI(nsIURI *, nsIDocShellLoadInfo *, unsigned int, int)+0x00000B 5B [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/libdocshell .so +0x00036667] nsWindowWatcher::OpenWindowJS(nsIDOMWindow *, char const *, char const *, char c onst *, int, unsigned int, long *, nsIDOMWindow **)+0x00002119 [/home/jay/work/m ozilla/trunk/default/mozilla/dist/bin/components/libembedcomponents.so +0x000413 B5] nsWindowWatcher::OpenWindow(nsIDOMWindow *, char const *, char const *, char con st *, nsISupports *, nsIDOMWindow **)+0x0000007F [/home/jay/work/mozilla/trunk/d efault/mozilla/dist/bin/components/libembedcomponents.so +0x0003F273] UNKNOWN 0x805aa73 UNKNOWN 0x805a5fd UNKNOWN 0x805b52f UNKNOWN 0x805bfaa nsPref::EnumerateChildren(char const *, void (*)(char const *, void *), void *)+ 0x00000075 [/home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/lib pref.so +0x000166A9] UNKNOWN 0x805c1d6 DoCommandLines(nsICmdLineService *, int, int *)+0x000000D4 [./mozilla-bin +0x000 14460] UNKNOWN 0x805f29a main+0x00000213 [./mozilla-bin +0x00018363] __libc_start_main+0x00000095 [./mozilla-bin +0x00017499] Sleeping for 5 minutes. Type 'gdb ./mozilla-bin 1725' to attatch your debugger to this thread. Done sleeping... [jay@dhcp-cbjs04-217-13 bin]$ Reproducible: Always Steps to Reproduce:
It is the log of using DDD to debug: GNU DDD 3.3.1 (i386-redhat-linux-gnu), by Dorothea Lütkehaus and Andreas Zeller. Copyright © 1995-1999 Technische Universität Braunschweig, Germany. Copyright © 1999-2001 Universität Passau, Germany. (gdb) run [New Thread 1024 (LWP 1585)] Type Manifest File: /home/jay/work/mozilla/trunk/default/mozilla/dist/bin/components/xpti.dat +++ JavaScript debugging hooks installed. nsNativeComponentLoader: autoregistering begins. nsNativeComponentLoader: autoregistering succeeded nNCL: registering deferred (0) ###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file nsStaticNameTable.cpp, line 139 Break: at file nsStaticNameTable.cpp, line 139 ###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file nsStaticNameTable.cpp, line 139 Break: at file nsStaticNameTable.cpp, line 139 ###!!! ASSERTION: Entry already exists!: 'entry->mKey == 0', file nsStaticNameTable.cpp, line 139 Break: at file nsStaticNameTable.cpp, line 139 ^G[New Thread 2049 (LWP 1593)] [New Thread 1026 (LWP 1594)] [New Thread 2051 (LWP 1595)] WARNING: nsXKBModeSwitch::ControlWorkaround:, file nsKeyboardUtils.cpp, line 78 WARNING: grab_during, file nsKeyboardUtils.cpp, line 79 WARNING: ungrab_duri, file nsKeyboardUtils.cpp, line 80 WARNING: nsXKBModeSwitch::HandleMappingNotify: no Mode_switch , file nsKeyboardUtils.cpp, line 152 WARNING: nsXKBModeSwitch::HandleMappingNotify:, file nsKeyboardUtils.cpp, line 154 WARNING: gModeSwitch, file nsKeyboardUtils.cpp, line 155 WARNING: gModeSwitch, file nsKeyboardUtils.cpp, line 156 GFX: dpi=108 t2p=0.0769231 p2t=13 depth=24 WEBSHELL+ = 1 IsPluginFile(/home/jay/work/mozilla/trunk/default/mozilla/modules/plugin/samples/default/unix/libnullplugin.so) == TRUE [New Thread 3076 (LWP 1598)] [New Thread 4101 (LWP 1599)] WEBSHELL+ = 2 bad FastLoad file version Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1024 (LWP 1585)] 0x4093dfa0 in nsFileChannel::GetFile (this=0x8203250, result=0xbfffe640) at nsFileChannel.cpp:728 /home/jay/work/mozilla/trunk/default/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp:728:20837:beg:0x4093dfa0 (gdb) backtrace #0 0x4093dfa0 in nsFileChannel::GetFile (this=0x8203250, result=0xbfffe640) at nsFileChannel.cpp:728 #1 0x41310757 in nsChromeProtocolHandler::NewChannel (this=0x81ed718, aURI=0x8159f70, aResult=0xbfffe88c) at nsChromeProtocolHandler.cpp:737 #2 0x408a5fdf in nsIOService::NewChannelFromURI (this=0x815eac0, aURI=0x8159f70, result=0xbfffe88c) at nsIOService.cpp:511 #3 0x419eb17e in NS_NewChannel (result=0xbfffe980, uri=0x8159f70, ioService=0x815eac0, loadGroup=0x81fcbb8, notificationCallbacks=0x81f5c38, loadAttributes=524288) at ../../dist/include/necko/nsNetUtil.h:164 #4 0x419cce42 in nsDocShell::DoURILoad (this=0x81f5c10, aURI=0x8159f70, aReferrerURI=0x0, aOwner=0x0, aPostData=0x0, aHeadersData=0x0, firstParty=1, aDocShell=0x0, aRequest=0x0) at nsDocShell.cpp:5096 #5 0x419cc74f in nsDocShell::InternalLoad (this=0x81f5c10, aURI=0x8159f70, aReferrer=0x0, aOwner=0x0, aInheritOwner=1, aWindowTarget=0x81ff708, aPostData=0x0, aHeadersData=0x0, aLoadType=1, aSHEntry=0x0, firstParty=1, aDocShell=0x0, aRequest=0x0) at nsDocShell.cpp:5014 #6 0x419b9667 in nsDocShell::LoadURI (this=0x81f5c10, aURI=0x8159f70, aLoadInfo=0x81f9af8, aLoadFlags=0, firstParty=1) at nsDocShell.cpp:714 #7 0x407563b5 in nsWindowWatcher::OpenWindowJS (this=0x8145998, aParent=0x0, aUrl=0x817fca8 "chrome://navigator/content/navigator.xul", aName=0x806cc91 "_blank", aFeatures=0xbffff070 "chrome,dialog=no,all", aDialog=1, argc=1, argv=0x812f1e0, _retval=0xbffff0c0) at nsWindowWatcher.cpp:770 #8 0x40754273 in nsWindowWatcher::OpenWindow (this=0x8145998, aParent=0x0, aUrl=0x817fca8 "chrome://navigator/content/navigator.xul", aName=0x806cc91 "_blank", aFeatures=0xbffff070 "chrome,dialog=no,all", aArguments=0x80dad08, _retval=0xbffff0c0) at nsWindowWatcher.cpp:459 #9 0x0805aa73 in OpenWindow (aChromeURL=@0xbffff190, aAppArgs=@0xbffff170, aWidth=-1, aHeight=-1) at nsAppRunner.cpp:508 #10 0x0805a5fd in OpenWindow (aChromeURL=@0xbffff190, aAppArgs=@0xbffff170) at nsAppRunner.cpp:439 #11 0x0805b52f in LaunchApplication (aParam=0x81e8f30 "browser", height=-1, width=-1, windowOpened=0xbffff29c) at nsAppRunner.cpp:592 #12 0x0805bfaa in startupPrefEnumerationFunction (prefName=0x81e8f20 "general.startup.browser", data=0xbffff290) at nsAppRunner.cpp:745 #13 0x407ef6a9 in nsPref::EnumerateChildren (this=0x8114030, parent=0x806cdc6 "general.startup.", callback=0x805bee4 <startupPrefEnumerationFunction(char const *, void *)>, arg=0xbffff290) at nsPref.cpp:653 #14 0x0805c1d6 in HandleArbitraryStartup (cmdLineArgs=0x813a960, prefs=0x8114030, heedGeneralStartupPrefs=1, windowOpened=0xbffff3dc) at nsAppRunner.cpp:798 #15 0x0805c460 in DoCommandLines (cmdLine=0x813a960, heedGeneralStartupPrefs=1, windowOpened=0xbffff3dc) at nsAppRunner.cpp:851 #16 0x0805f29a in main1 (argc=1, argv=0xbffff544, nativeApp=0x80a3988) at nsAppRunner.cpp:1470 #17 0x08060363 in main (argc=1, argv=0xbffff544) at nsAppRunner.cpp:1883 #18 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6 (gdb)
Segmentation fault happened in NS_ADDREF(*result) of function nsFileChannel::GetFile of file netwerk/protocol/file/nsFileChannel.cpp If the line of NS_ADDREF is commented, then mozilla can startup. but obviously, this is not the right solution.
Status: UNCONFIRMED → NEW
Ever confirmed: true
tried again as another user, which has no .mozilla directory. also segemenation fault. the output log is similar. only one difference: no "bad FastLoad file version" line.
Rev 1.131 (9/27/2002) of nsFileChannel.cpp removed initialization of the mFile member variable from the Init method. The null member variable is causing a crash in GetFile at startup if your chrome has been changed so the fastload file has to be regenerated. fix: Index: netwerk/protocol/file/src/nsFileChannel.cpp =================================================================== RCS file: /cvsroot/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp,v retrieving revision 1.131 diff -u -r1.131 nsFileChannel.cpp --- netwerk/protocol/file/src/nsFileChannel.cpp 27 Sep 2002 03:13:09 -00001.131 +++ netwerk/protocol/file/src/nsFileChannel.cpp 28 Sep 2002 15:34:01 -0000 @@ -85,7 +85,7 @@ mPerm = perm; mURI = uri; mGenerateHTMLDirs = generateHTMLDirs; - return NS_OK; + return EnsureFile(); } nsFileChannel::~nsFileChannel()
Severity: normal → critical
OS: Linux → All
Hardware: PC → All
Summary: Received Segmentation fault signal when mozilla starts on redhat7.3 → crash at startup in nsFileChannel if chrome modified
this crash blows all other current crashers away http://ftp.mozilla.org/pub/data/crash-data/Trunk-topcrashers.html
Keywords: crash
Summary: crash at startup in nsFileChannel if chrome modified → crash at startup in nsFileChannel if chrome modified [@ nsFileChannel::GetFile]
dougt, you didn't make a compatible change there -- is danm's patch good to go? He and I noticed other places in nsFileChannel.cpp that are not consistent in how they null-check or do not null-check mFile. /be
Cc'ing all reviewers of the patch that regressed nsFileChannel.cpp. /be
*** Bug 171390 has been marked as a duplicate of this bug. ***
the point was to delay knowing if mFile is valid. check the fix in, and I can clean this up next week.
Attached patch proposed fix (obsolete) — Splinter Review
Comment on attachment 101021 [details] [diff] [review] proposed fix >Index: nsFileChannel.cpp >=================================================================== >RCS file: /cvsroot/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp,v >retrieving revision 1.131 >diff -u -1 -0 -r1.131 nsFileChannel.cpp >--- nsFileChannel.cpp 27 Sep 2002 03:13:09 -0000 1.131 >+++ nsFileChannel.cpp 28 Sep 2002 23:51:37 -0000 >@@ -451,20 +451,24 @@ Back at line 262, can you fix GetFileTransport so it doesn't set rv twice in a row, first to NS_OK uselessly, then to the r.v. of EnsureFile()? Also, line 411 is overindented in any program and/or OS that uses 8-space tab stops due to tabs. >@@ -546,20 +550,21 @@ > request->GetStatus(&mStatus); > #ifdef DEBUG > NS_ASSERTION(mInitiator == PR_GetCurrentThread(), > "wrong thread calling this routine"); > #endif > NS_ASSERTION(mRealListener, "No listener..."); > nsresult rv = NS_OK; > if (mRealListener) { > if (mGenerateHTMLDirs) > { Nit: someone infected code like the above with a discordant brace style. Fix if you agree and have the chance. >+ NS_ENSURE_TRUE(mFile, NS_ERROR_UNEXPECTED); Is this because some higher layer must have called GetFile or GetFileTransport before OSR is called? It wasn't obvious to me what the rules were, but in the old version (2 revs back), mFile was set by Init, so it seems possible that (especially given a general interface to this code) callers might not GetFile{,Transport} before calling OSR. /be
Attached patch patch v.2Splinter Review
everything except line 411 is addressed. I didn't see a problem on 411.
Attachment #101021 - Attachment is obsolete: true
Comment on attachment 101032 [details] [diff] [review] patch v.2 Line 411 is indented with tabs, just search for tabs in the file and expand 'em all. Thanks for the comment in OSR, but fix it to say "GetFileTransport" if that's right -- I couldn't find a "GetTransport" method. sr=brendan@mozilla.org with those nit-fixes. /be
Attachment #101032 - Flags: superreview+
marking topcrash following Comment #5
Keywords: crashtopcrash
Keywords: crash, zt4newcrash
this should go in soon, the patch fixes that crash, as seen by me and sirLurxalot (on IRC).
Comment on attachment 101032 [details] [diff] [review] patch v.2 This patch addresses all currently unguarded accesses of mFile. I like it. r=me.
Attachment #101032 - Flags: review+
Checking in nsFileChannel.cpp; /cvsroot/mozilla/netwerk/protocol/file/src/nsFileChannel.cpp,v <-- nsFileChannel.cpp new revision: 1.132; previous revision: 1.131 done
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
*** Bug 171625 has been marked as a duplicate of this bug. ***
*** Bug 171687 has been marked as a duplicate of this bug. ***
*** Bug 171865 has been marked as a duplicate of this bug. ***
No crashes since the checkin on 9/29. Verified fixed per Talkback data.
Status: RESOLVED → VERIFIED
*** Bug 171692 has been marked as a duplicate of this bug. ***
Crash Signature: [@ nsFileChannel::GetFile]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: