[FIX]Crash in [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator] shutting down.

VERIFIED FIXED in mozilla1.3alpha

Status

()

Core
XPCOM
P1
critical
VERIFIED FIXED
16 years ago
14 years ago

People

(Reporter: stephend@netscape.com (gone - use stephen.donner@gmail.com instead), Assigned: bz)

Tracking

({crash})

Trunk
mozilla1.3alpha
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment)

Build ID: 2002-11-21-08, Windows XP.

Summary: Crash in nsCOMArrayEnumerator::~nsCOMArrayEnumerator shutting down the
browser (only Mail and Nav were open).

Steps to Reproduce:

I haven't been able to reproduce yet, but I had WinDVD running (as well as mIRC)
in the background.  Even though it didn't say 'App not responding' in the
taskmanager, it was taking a long time to close down the Mail window and when it
finally closed down mail, once I closed Nav down, I crashed.  (Catch all that? ;-)

Incident ID 14282742
Stack Signature nsCOMArrayEnumerator::~nsCOMArrayEnumerator f8b23811
Product ID MozillaTrunk
Build ID 2002112108
Trigger Time 2002-11-22 22:57:14
Platform Win32
Operating System Windows NT 5.1 build 2600
Module xpcom.dll
URL visited
User Comments I was just shutting down the browser (it was in the background]
Trigger Reason Access violation
Source File Name c:/builds/seamonkey/mozilla/xpcom/ds/nsArrayEnumerator.cpp
Trigger Line No. 135

Stack Trace

nsCOMArrayEnumerator::~nsCOMArrayEnumerator
[c:/builds/seamonkey/mozilla/xpcom/ds/nsArrayEnumerator.cpp, line 135]
nsCOMArrayEnumerator::`scalar deleting destructor'
ObserverListEnumerator::Release
[c:/builds/seamonkey/mozilla/xpcom/ds/nsObserverList.cpp, line 167]
nsCOMPtr_base::~nsCOMPtr_base
[c:/builds/seamonkey/mozilla/xpcom/glue/nsCOMPtr.cpp, line 65]
nsHttpHandler::OnExamineResponse
[c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpHandler.cpp, line 635]
nsHttpChannel::ProcessResponse
[c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 606]
nsHttpChannel::OnStartRequest
[c:/builds/seamonkey/mozilla/netwerk/protocol/http/src/nsHttpChannel.cpp, line 2922]
nsOnStartRequestEvent::HandleEvent
[c:/builds/seamonkey/mozilla/netwerk/base/src/nsRequestObserverProxy.cpp, line 162]
PL_HandleEvent [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c, line 645]
PL_ProcessPendingEvents [c:/builds/seamonkey/mozilla/xpcom/threads/plevent.c,
line 578]
nsEventQueueImpl::ProcessPendingEvents
[c:/builds/seamonkey/mozilla/xpcom/threads/nsEventQueue.cpp, line 392]
        NS_IF_RELEASE(mValueArray[mIndex++]);

is bad.... this expands to:

   PR_BEGIN_MACRO
     if (_ptr) {
       NS_LOG_RELEASE_CALL((_ptr), (_ptr)->Release(), __FILE__, __LINE__);
       (_ptr) = 0;
     }
   PR_END_MACRO

So mIndex++ is executed _4_ times during the NS_IF_RELEASE().  Side effects and
macros don't mix, mmkay?  ;)
Assignee: dougt → bzbarsky
Severity: major → critical
OS: Windows XP → All
Hardware: PC → All
Created attachment 107220 [details] [diff] [review]
Something like this may help

The point being that this makes us leak 3/4 the remaining objects if any and
access out-of-bounds memory if the number of remaining objects is not a
multiple of 4.	That's the only way I see for this code to be crashing,
really... 

In any case, we need to make this change no matter what.
Priority: -- → P1
Summary: Crash in [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator] shutting down. → [FIX]Crash in [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator] shutting down.
Target Milestone: --- → mozilla1.3alpha
Attachment #107220 - Flags: superreview?(alecf)
Attachment #107220 - Flags: review?(dougt)

Comment 3

16 years ago
Comment on attachment 107220 [details] [diff] [review]
Something like this may help

nice catch, sr=scc
Attachment #107220 - Flags: superreview?(alecf) → superreview+
Attachment #107220 - Flags: review?(dougt) → review?(alecf)

Comment 4

16 years ago
Comment on attachment 107220 [details] [diff] [review]
Something like this may help

r=alecf
Attachment #107220 - Flags: review?(alecf) → review+
fixed
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
Verified FIXED with build 2004-06-03-08 on Windows XP.

I've never seen this particular stack come up since...
Status: RESOLVED → VERIFIED
QA Contact: scc → stdonner
Crash Signature: [@nsCOMArrayEnumerator::~nsCOMArrayEnumerator]
You need to log in before you can comment on or make changes to this bug.