Closed Bug 183871 Opened 21 years ago Closed 20 years ago

Crash on "Show hidden files and directories" [@ nsFileView::SetDirectory(nsIFile*) ]

Categories

(Core Graveyard :: File Handling, defect)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla1.7alpha

People

(Reporter: relf, Assigned: Biesinger)

References

Details

(Keywords: crash)

Crash Data

Attachments

(2 files, 3 obsolete files)

stacktrace
15.47 KB, text/plain
Details
patch
3.20 KB, patch
dougt
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
Linux build 2002120508

To reproduce:
1. Open Edit->Preferences...->Advanced->Cache->Choose Folder
2. Click on "Show hidden files and directories" checkbox
3. Mozilla crashes
That happens when "Choose Cache Folder" dialog says:
"You do not have the permissions necessary to view this directory".
can you post Talkback ID or stack trace ?
Keywords: crash, stackwanted
How to get them?

are you using a .mozilla.org build?  this bug has been reported multiple times,
all by users of debian builds except for one running RPMS from Red Hat.  see bug
158036
Max, for the Talkback part, see "mozilla/bin/components/talkback/talkback" give
you actually submitted Feedback when the Netscape Feedback agent popped up after
Mozilla crashed.
yeah. i'm using mozilla.org build
ftp://ftp.mozilla.org/pub/mozilla/nightly/latest/mozilla-i686-pc-linux-gnu.tar.gz

I don't see talkback subdirectory in mozilla/conponents.

The bug is easily reproducible here. Just let me know which build/tool to use to
provide you necessary information.

talkback is not included in the .tar.gz builds.  You need to get the "sea" or
"installer" build.
Attached file Talkback info (obsolete) — 

    
    

    
  
we just need the talkback ID.  run mozilla/components/talkback/talkback and grab
the talkback ID for the report you sent in.

    
    

    
  
I didn't get how to learn ID.
I click 'Send' in Talkback agent, it disappears, and nothing happen.


    
    

    
  
> I click 'Send' in Talkback agent, it disappears, and nothing happen.

that's fine.  now go to the mozilla directory (i.e. /usr/local/mozilla) and then
go to components/talkback.  run the talkback executable in that directory.

in an attempt to know why you're seeing this when nobody else is... what Mozilla
theme are you using?  what gtk theme are you using?

    
    

    
  
Ok. Talkback ID: TB14817508W

I see the bug with any theme including default Modern one.
I'm using Debian release 3.0 - dunno what gtk it comes with.


    
  

        Attachment #108541 -
        Attachment is obsolete: true

    
  
Whiteboard: TB14817508W

    
  
Blocks: 185584

    
  
No longer blocks: 185584

    
    

    
  
we need a new TB ID, this one has expired (30 days).
Whiteboard: TB14817508W

    
    

    
  
Ok. This is a fresh one.
Linux build 2003010610
Keywords: stackwanted
Whiteboard: TB15870027Y

    
    

    
  
Trigger Reason  	SIGSEGV: Segmentation Fault: (signal 11)

    
  
Keywords: stackwanted
Whiteboard: TB15870027Y

    
    

    
  
bug 176886 strikes again.

    
    

    
  
Olivier, do you want a new stack again?
From which build?


    
    

    
  
Max, we'd need a stack from GDB with a debug build you'd compile yourself. I
can't reproduce this on my Linux box and Talkback sometimes totally misses the
stack.

    
    

    
  
you could also try running with a clean profile.  if there's something in your
profile that's triggering the crash, we'd need to know what it is to reproduce
the crash.

    
    

    
  
Clean profile works fine. And I've found what causes the crash.

I have two primary OS installed: OS/2 and Linux. And I'm trying to share Mozilla
settings between them that is objected by the bug 137006. So I have to use some
tricks to pass over that bug (at least partially). Mozilla settings are located
on OS/2 drive O: which is mounted as /O: directory in Linux.
Well... The current crash problem arises when I use profile from OS/2 version
containing line like

user_pref("browser.cache.disk.parent_directory",
"O:\\Home\\Mozilla\\Profiles\\relf\\lq1ln66p.slt");

Hope, this will help.


    
    

    
  
thanks, Max.  I can reproduce it with that setting.

marking NEW.  it's an invalid pref setting, but Mozilla shouldn't crash.
stacktrace to follow.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: stackwanted

    
    

    
  

      
      
      
      

        Attached file
          
        stacktrace
      

    


  
(gdb) frame 7
#7  0x41ff39d3 in nsFileView::SetDirectory(nsIFile*) (this=0x8878488,
aDirectory=0x1) at nsFileView.cpp:244
244	  aDirectory->GetDirectoryEntries(getter_AddRefs(dirEntries));
(gdb) p aDirectory
$1 = (nsIFile *) 0x1
(gdb) p *aDirectory
Cannot access memory at address 0x1
(gdb) frame 8
#8  0x41ff37c2 in nsFileView::SetShowHiddenFiles(int) (this=0x8878488,
aShowHidden=1076661060)
    at nsFileView.cpp:158
158	    SetDirectory(mDirectoryPath);
(gdb) p mDirectoryPath
$2 = {mRawPtr = 0x0}

    
    

    
  
to bryner, since he's most familiar with this code....
Assignee: law → bryner

    
    

    
  
BTW, i disagree that pref is invalid. In Linux it can be treated as a valid
directory whose name contains '\' and ':' symbols. Nothing wrong with that.


    
    

    
  
this kind of this is supposed to be handled (see bug 105809).

http://lxr.mozilla.org/mozilla/source/xpfe/components/filepicker/res/content/filepicker.js#162
162   if (!directory || !(sfile.exists() && sfile.isDirectory())) {
163     // Start in the user's home directory
164     sfile.initWithPath(homeDir.path);
165   }

sfile.exists() returns false, but it still checks sfile.isDirectory(), which
throws an unhandled Javascript exception, so the directory never gets reset.


    
    

    
  

      
      
      
      

        Attached patch
          
          
        patch (obsolete)
        — Splinter Review
      

    


  
just check exists() and isDirectory() separately.

    
    

    
  
umm.... if sfile.exists() returns false (are you sure that it does?) then it
checking sfile.directory() there is a blatant bug in JS, which is defined to do
operator short-circuiting....

Are you sure that's what's going on?

    
  

        Attachment #111325 -
        Flags: review?(bryner)

    
    

    
  
Comment on attachment 111325 [details] [diff] [review]
patch

it appears that the exception was from some debugging I had, but the patch did
fix things.  However, backing out the patch now also works.  I'm confused.

        Attachment #111325 -
        Flags: review?(bryner)

    
    

    
  
Comment on attachment 111325 [details] [diff] [review]
patch

ok, to reproduce this bug, you have to actually visit a page so that it creates
the bogus cache directory (relative to the current directory).	If the
directory does not exist, then the filepicker behaves as advertised and falls
back to the home directory.

        Attachment #111325 -
        Attachment is obsolete: true

    
    

    
  
ok, the real problem is that filepicker's populateAncestorList() accesses
directory.parent, which returns NS_ERROR_FILE_INVALID_PATH because the path does
not contain a '/':
http://lxr.mozilla.org/mozilla/source/xpcom/io/nsLocalFileUnix.cpp#1176
GetParent seems to expect an absolute path, so a path without a '/' is
inherently invalid.

try/catching the access to directory.parent and the while loop seems to fix
things up a bit.  The directory is properly displayed in the filepicker and
turning on hidden files doesn't crash, but (of course) the "Look in" dropdown is
unpopulated and hitting "Up" doesn't do anything.

    
    

    
  
Ugh.  So yes, getComplexValue from prefs will call setPersistentDescriptor with
whatever garbage is in the pref.  And nsLocalFileUnix will cheerfully let itself
be initialized (through InitWithNativePath()) with a path that has nothing to do
with a Unix path... even though it later totally fails to deal (eg see assertion
in GetParent, the logic in AppendRelativeNativePath, etc, etc).

Adding some exception catching code to the filepicker is fine with me, but only
if .parent is allowed to throw.  Too bad we didn't bother documenting that in
nsIFile...

Should InitWithNativePath throw when the path is obviously bogus?

    
    

    
  
Initializing nsLocalFileUnix w/ a bogus value sounds like bad client logic. If
nsLocalFileUnix is crashing, that is a different story.

I tried to reproduce on debian, but no crash.

--pete

    
    

    
  
Um... the client (prefs) initializes an nsILocalFile.  It does not know what the
underlying impl is and it should not care, since it makes no sense to put the
validity checks in _all_ the clients when those would be much more cleanly
encapsulated in the nsILocalFile implementations.

More to the point, nsLocalFileWin, nsLocalFileMac, nsLocalFileOS2,
nsLocalFileOSX,  all perform sanity-checking on the path and will return
NS_ERROR_UNRECOGNIZED_PATH if the path is not recognized (makes sense, eh?). 
Yeah, every single client of nsILocalFile could include the
couple-of-hundred-lines of ifdeffed error checking... do you really think that
is the right approach?

No, nsLocalFileUnix does not crash.  It will simply throw exceptions that the
interface does not define as being thrown and behave in completely ridiculous
ways in other cases....  It seems to me, that it would make more sense to throw
an exception where callers are actually expecting one and prepared to deal...


    
    

    
  
Would fixing this be as easy as adding a check for file existance in
InitWithNativePath?

    
    

    
  
You can created nsIFiles pointing to non-existing places and then call Create()
or CreateUnique() on them, you know...  Breaking that would be BAD (frozen
interface, yadda yadda).  ;)

    
    

    
  
how about this, can we make the unix localfile implementation throw an exception
if Init is called with a relative path?

    
    

    
  
~/ should still be supported.

    
  
Blocks: 219107

    
  
Summary: Crash on "Show hidden files and directories" → Crash on "Show hidden files and directories" [@ nsFileView::SetDirectory(nsIFile*) ]

    
    

    
  


  
well... unfortunately this patch breaks xpcshell, which tries to init nsIFiles
with "."

    
    

    
  

      
      
      
      

        Attached patch
          
          
        patchSplinter Review
      

    


  
well the real problem was that nsDirectoryService.cpp was relying on the fact
that nsLocalFileUnix::InitWithNativePath accepted relative paths. That
contradicted its interface documentation, but oh well...

        Attachment #137189 -
        Attachment is obsolete: true

    
    

    
  
taking
Assignee: bryner → file-handling
QA Contact: chrispetersen → ian
Target Milestone: --- → mozilla1.7alpha

    
    

    
  
really taking this time
Assignee: file-handling → cbiesinger
Status: NEW → ASSIGNED

    
    

    
  
Comment on attachment 137198 [details] [diff] [review]
patch

Is there a nsDirectoryService.cpp patch?

Why can't the value of PR_GetEnv(...) be a canonicalized absolute path and drop
this realpath business?  

I think that your change to xpcom/io/nsLocalFileUnix.cpp may break things. 
Yes, the interface says one thing but as you pointed out, the callers do
another.  What kind of testing have you done?

    
    

    
  
>Is there a nsDirectoryService.cpp patch?

yes, in the exact attachment you commented on

>Why can't the value of PR_GetEnv(...) be a canonicalized absolute path and drop
>this realpath business? 

let me note that GRE_GetCurrentProcessDirectory already uses the realpath solution.

>I think that your change to xpcom/io/nsLocalFileUnix.cpp may break things. 

Well, nsLocalFileUnix seems to not always deal with that either - GetLeafName
seems to require absolute paths. Also GetParent.

>What kind of testing have you done?

run xpcshell, run mozilla, do some browsing, run mailnews, attach patches (using
the filepicker).
do you have anything specific in mind that you suspect of breaking?

    
    

    
  
Comment on attachment 137198 [details] [diff] [review]
patch

lets get this into 1.7a.

        Attachment #137198 -
        Flags: review?(dougt) → review+

        Attachment #137198 -
        Flags: superreview?(bz-vacation)

    
    

    
  
Comment on attachment 137198 [details] [diff] [review]
patch

sr=bzbarsky

        Attachment #137198 -
        Flags: superreview?(bz-vacation) → superreview+

    
    

    
  
ok, checked in
Checking in nsDirectoryService.cpp;
/cvsroot/mozilla/xpcom/io/nsDirectoryService.cpp,v  <--  nsDirectoryService.cpp
new revision: 1.67; previous revision: 1.66
done
Checking in nsLocalFileUnix.cpp;
/cvsroot/mozilla/xpcom/io/nsLocalFileUnix.cpp,v  <--  nsLocalFileUnix.cpp
new revision: 1.109; previous revision: 1.108
done

Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED

    
    

    
  
(In reply to comment #43)
> I think that your change to xpcom/io/nsLocalFileUnix.cpp may break things.

Just for the record, dougt was right and this change did cause bug 238290.
Crash Signature: [@ nsFileView::SetDirectory(nsIFile*) ]
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.