Closed Bug 197653 Opened 21 years ago Closed 21 years ago

[@ nsFind::GetWordBreaker] crashes ADDREFing(0)

Categories

(Core :: DOM: Editor, defect)

Product:
Core
Component:
DOM: Editor
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: timeless, Assigned: timeless)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

fix
443 bytes, patch
akkzilla
: review+
kinmoz
: superreview+
Details | Diff | Splinter Review 
reproduced
on doron - w2k (mozilla-1.2.1)
on viper - lin (mozilla-1.3)
on boffo - lin (mozilla-trunk-tinderbox)

mozhack@boffo:~/obj-i686-pc-linux-gnu-qt/dist/bin$ ./run-mozilla.sh -g ./xpcshell
MOZILLA_FIVE_HOME=.
  LD_LIBRARY_PATH=.:./plugins:.
DISPLAY=localhost:10.0
FONTCONFIG_PATH=/etc/fonts:./res/Xft
DYLD_LIBRARY_PATH=.:.
     LIBRARY_PATH=.:./components:.
       SHLIB_PATH=.:.
          LIBPATH=.:.
       ADDON_PATH=.
      MOZ_PROGRAM=./xpcshell
      MOZ_TOOLKIT=
        moz_debug=1
     moz_debugger=
which: no ddd in
(/usr/bin:/mnt/ibm/mozhack/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/usr/games:/opt/kde/
bin:/usr/lib/qt-3.0.4/bin:.)
/usr/bin/gdb ./xpcshell -x /tmp/mozargs12036
GNU gdb 5.2
Copyright 2002 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-slackware-linux"...
(gdb) r
Starting program:
/mnt/ibm/mozhack/obj-i686-pc-linux-gnu-qt/js/src/xpconnect/shell/xpcshell
Type Manifest File:
/mnt/ibm/mozhack/obj-i686-pc-linux-gnu-qt/dist/bin/components/xpti.dat
+++ JavaScript debugging hooks installed.
nsNativeComponentLoader: autoregistering begins.
nsNativeComponentLoader: autoregistering succeeded
nNCL: registering deferred (0)
js> var gFinder =
Components.classes["@mozilla.org/embedcomp/rangefind;1"].createInstance()
js> gFinder instanceof Components.interfaces.nsIFind
true
js> gFinder.wordBreaker

Program received signal SIGSEGV, Segmentation fault.
0x405ffcc5 in nsFind::GetWordBreaker (this=0x80dab40, aWordBreaker=0xbfffd6a8)
    at /mnt/ibm/mozhack/mozilla/embedding/components/find/src/nsFind.cpp:247
247       NS_ADDREF(*aWordBreaker = mWordBreaker);
(gdb) print aWordBreaker
$1 = (nsIWordBreaker **) 0xbfffd6a8
(gdb) list
242     }
243
244     NS_IMETHODIMP
245     nsFind::GetWordBreaker(nsIWordBreaker** aWordBreaker)
246     {
247       NS_ADDREF(*aWordBreaker = mWordBreaker);
248       return NS_OK;
249     }
250
251     NS_IMETHODIMP
(gdb) where
#0  0x405ffcc5 in nsFind::GetWordBreaker (this=0x80dab40, aWordBreaker=0xbfffd6a8)
    at /mnt/ibm/mozhack/mozilla/embedding/components/find/src/nsFind.cpp:247
#1  0x402197f8 in XPTC_InvokeByIndex () from ./libxpcom.so
#2  0x4054bfc9 in XPCWrappedNative::CallMethod (ccx=@0xbfffd7a0, mode=CALL_GETTER)
    at /mnt/ibm/mozhack/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2023
#3  0x4054f182 in XPCWrappedNative::GetAttribute (ccx=@0xbfffd7a0)
    at /mnt/ibm/mozhack/mozilla/js/src/xpconnect/src/xpcprivate.h:1880
#4  0x405580f8 in XPC_WN_GetterSetter (cx=0x80bb260, obj=0x80921d8, argc=0,
argv=0x80dae40, vp=0xbfffd8e0)
    at /mnt/ibm/mozhack/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1324
#5  0x40061a9b in js_Invoke (cx=0x80bb260, argc=0, flags=2) at
/mnt/ibm/mozhack/mozilla/js/src/jsinterp.c:843
#6  0x40061e8f in js_InternalInvoke (cx=0x80bb260, obj=0x80921d8,
fval=134816328, flags=0, argc=0, argv=0x0,
    rval=0xbfffe31c) at /mnt/ibm/mozhack/mozilla/js/src/jsinterp.c:935
#7  0x40061fb2 in js_InternalGetOrSet (cx=0x80bb260, obj=0x80921d8,
id=135097800, fval=134816328,
    mode=JSACC_READ, argc=0, argv=0x0, rval=0xbfffe31c) at
/mnt/ibm/mozhack/mozilla/js/src/jsinterp.c:961
#8  0x40085358 in js_GetProperty (cx=0x80bb260, obj=0x80921d8, id=135097800,
vp=0xbfffe31c)
    at /mnt/ibm/mozhack/mozilla/js/src/jsobj.c:2548
#9  0x4006e863 in js_Interpret (cx=0x80bb260, result=0xbffff4bc)
    at /mnt/ibm/mozhack/mozilla/js/src/jsinterp.c:2659
#10 0x400622ca in js_Execute (cx=0x80bb260, chain=0x80918c0, script=0x808ee00,
down=0x0, special=0,
    result=0xbffff4bc) at /mnt/ibm/mozhack/mozilla/js/src/jsinterp.c:1038
#11 0x4002f6b7 in JS_ExecuteScript (cx=0x80bb260, obj=0x80918c0,
script=0x808ee00, rval=0xbffff4bc)
    at /mnt/ibm/mozhack/mozilla/js/src/jsapi.c:3279
#12 0x0804bf81 in Process (cx=0x80bb260, obj=0x80918c0, filename=0x0,
filehandle=0x4033ce40)
    at /mnt/ibm/mozhack/mozilla/js/src/xpconnect/shell/xpcshell.cpp:518
#13 0x0804c4f5 in ProcessArgs (cx=0x80bb260, obj=0x80918c0, argv=0xbffff658, argc=0)
    at /mnt/ibm/mozhack/mozilla/js/src/xpconnect/shell/xpcshell.cpp:656
#14 0x0804d0ae in main (argc=0, argv=0xbffff658)
    at /mnt/ibm/mozhack/mozilla/js/src/xpconnect/shell/xpcshell.cpp:911
#15 0x4038b17d in __libc_start_main () from /lib/libc.so.6
(gdb) print *aWordBreaker
$2 = (nsIWordBreaker *) 0x0
(gdb) print mWordBreaker
$3 = {mRawPtr = 0x0}


Steps to reproduce: run xpcshell
Components.classes["@mozilla.org/embedcomp/rangefind;1"].createInstance(Components.interfaces.nsIFind).wordBreaker

expected results:
null

actual results:
crash addrefing 0 (mWordBreaker)
Attached patch fixSplinter Review 
ok, let's change the expected results a bit, the thing in question isn't
scriptable so instead of getting null, the current expected results should be:

WARNING: Declared InterfaceInfo not found, file
/mnt/ibm/mozhack/mozilla/xpcom/reflect/xptinfo/src/xptiInterface
Info.cpp, line 434
uncaught exception: [Exception... "Cannot find interface information for
parameter arg 0 [nsIFind.wordBreaker]"
 nsresult: "0x80570006 (NS_ERROR_XPC_CANT_GET_PARAM_IFACE_INFO)"  location: "JS
frame :: typein :: <TOP_LEVEL> :
: line 3"  data: no]
Attachment #117373 - Flags: superreview?(kin)
Attachment #117373 - Flags: review?(akkana)
Comment on attachment 117373 [details] [diff] [review]
fix

r=akkana
Attachment #117373 - Flags: review?(akkana) → review+
Comment on attachment 117373 [details] [diff] [review]
fix

sr=kin@netscape.com

I personally would avoid doing assignments within *IF* macros since they
usually mean the assignment is done twice. Once for the |if| check and the
other for the addref.
Attachment #117373 - Flags: superreview?(kin) → superreview+
checked in
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
rs vrfy
Status: RESOLVED → VERIFIED
Crash Signature: [@ nsFind::GetWordBreaker]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: