Closed
Bug 181592
Opened 22 years ago
Closed 22 years ago
[FIX]Crash in [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator] shutting down.
Categories
(Core :: XPCOM, defect, P1)
Core
XPCOM
Tracking
()
VERIFIED
FIXED
mozilla1.3alpha
People
(Reporter: stephend, Assigned: bzbarsky)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
815 bytes,
patch
|
alecf
:
review+
scc
:
superreview+
|
Details | Diff | Splinter Review |
Build ID: 2002-11-21-08, Windows XP. Summary: Crash in nsCOMArrayEnumerator::~nsCOMArrayEnumerator shutting down the browser (only Mail and Nav were open). Steps to Reproduce: I haven't been able to reproduce yet, but I had WinDVD running (as well as mIRC) in the background. Even though it didn't say 'App not responding' in the taskmanager, it was taking a long time to close down the Mail window and when it finally closed down mail, once I closed Nav down, I crashed. (Catch all that? ;-) Incident ID 14282742 Stack Signature nsCOMArrayEnumerator::~nsCOMArrayEnumerator f8b23811 Product ID MozillaTrunk Build ID 2002112108 Trigger Time 2002-11-22 22:57:14 Platform Win32 Operating System Windows NT 5.1 build 2600 Module xpcom.dll URL visited User Comments I was just shutting down the browser (it was in the background] Trigger Reason Access violation Source File Name c:/builds/seamonkey/mozilla/xpcom/ds/nsArrayEnumerator.cpp Trigger Line No. 135 Stack Trace nsCOMArrayEnumerator::~nsCOMArrayEnumerator [c:/builds/seamonkey/mozilla/xpcom/ds/nsArrayEnumerator.cpp, line 135] nsCOMArrayEnumerator::`scalar deleting destructor' ObserverListEnumerator::Release [c:/builds/seamonkey/mozilla/xpcom/ds/nsObserverList.cpp, line 167] nsCOMPtr_base::~nsCOMPtr_base [c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp, line 65] nsHttpHandler::OnExamineResponse [c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp, line 635] nsHttpChannel::ProcessResponse [c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 606] nsHttpChannel::OnStartRequest [c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 2922] nsOnStartRequestEvent::HandleEvent [c:/builds/seamonkey/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp, line 162] PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 645] PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 578] nsEventQueueImpl::ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/nsEventQueue.cpp, line 392]
Assignee | ||
Comment 1•22 years ago
|
||
NS_IF_RELEASE(mValueArray[mIndex++]); is bad.... this expands to: PR_BEGIN_MACRO if (_ptr) { NS_LOG_RELEASE_CALL((_ptr), (_ptr)->Release(), __FILE__, __LINE__); (_ptr) = 0; } PR_END_MACRO So mIndex++ is executed _4_ times during the NS_IF_RELEASE(). Side effects and macros don't mix, mmkay? ;)
Assignee: dougt → bzbarsky
Severity: major → critical
OS: Windows XP → All
Hardware: PC → All
Assignee | ||
Comment 2•22 years ago
|
||
The point being that this makes us leak 3/4 the remaining objects if any and access out-of-bounds memory if the number of remaining objects is not a multiple of 4. That's the only way I see for this code to be crashing, really... In any case, we need to make this change no matter what.
Assignee | ||
Updated•22 years ago
|
Priority: -- → P1
Summary: Crash in [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator] shutting down. → [FIX]Crash in [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator] shutting down.
Target Milestone: --- → mozilla1.3alpha
Assignee | ||
Updated•22 years ago
|
Attachment #107220 -
Flags: superreview?(alecf)
Attachment #107220 -
Flags: review?(dougt)
Comment 3•22 years ago
|
||
Comment on attachment 107220 [details] [diff] [review] Something like this may help nice catch, sr=scc
Attachment #107220 -
Flags: superreview?(alecf) → superreview+
Assignee | ||
Updated•22 years ago
|
Attachment #107220 -
Flags: review?(dougt) → review?(alecf)
Comment 4•22 years ago
|
||
Comment on attachment 107220 [details] [diff] [review] Something like this may help r=alecf
Attachment #107220 -
Flags: review?(alecf) → review+
Assignee | ||
Comment 5•22 years ago
|
||
fixed
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 6•20 years ago
|
||
Verified FIXED with build 2004-06-03-08 on Windows XP. I've never seen this particular stack come up since...
Status: RESOLVED → VERIFIED
QA Contact: scc → stdonner
Updated•13 years ago
|
Crash Signature: [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator]
You need to log in
before you can comment on or make changes to this bug.
Description
•