Closed Bug 210305 Opened 22 years ago Closed 17 years ago

crash [@ nsJARChannel::nsJARChannel] NS_ADDREF(gJarHandler) because gJarHandler is 0

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(1 file, 1 obsolete file)

wallpaper using NS_GENERIC_FACTORY_SINGELTON_CONSTRUCTOR
3.26 KB, patch
darin.moz
: review+
darin.moz
: superreview+
Details | Diff | Splinter Review
I was running in xpcshell the first thing i loaded was <file name="sc.js" description="spellchecker"> var checker; if (!checker) {checker=Components.classes ["@mozilla.org/spellchecker/myspell;1"].createInstance (Components.interfaces.mozISpellCheckingEngine); checker.dictionary="en-US"; } function sc(corpus) { var list=corpus.split(/[^a-z]+/i); var words={}; for (i in list) words[list[i]]=""; for (i in words) if (!checker.check(i)) { var alts= {}; checker.suggest(i,alts,{}); print ((alts.value.length) ? i+':'+alts.value : i); } return void(0); } </file> Spellchecker is harmless, (i'm working on it) I was searching for a corpus (to test the spellchecker), there used to be one and i thought i could guess the filename, so i just load()d arbitrary files [yes, that's not a good idea..] then i tried loading <file name="0.js"> const C=Components.classes,I=Components.interfaces; for (a in C) try {C[a].createInstance(I.nsIInputStream); print(a)}catch(e){} </file> // hold an owning reference to the jar handler NS_ADDREF(gJarHandler); + gJarHandler 0x00000000 nsJARChannel::nsJARChannel() line 174 + 6 bytes nsJARProtocolHandler::NewChannel(nsJARProtocolHandler * const 0x02bafbd0, nsIURI * 0x0254f880, nsIChannel * * 0x0012d854) line 194 + 30 bytes nsIOService::NewChannelFromURI(nsIOService * const 0x025416e0, nsIURI * 0x0254f880, nsIChannel * * 0x0012d854) line 490 + 40 bytes nsChromeProtocolHandler::NewChannel(nsChromeProtocolHandler * const 0x02bbbcd0, nsIURI * 0x0254fb30, nsIChannel * * 0x0012db68) line 709 + 71 bytes nsIOService::NewChannelFromURI(nsIOService * const 0x025416e0, nsIURI * 0x0254fb30, nsIChannel * * 0x0012db68) line 490 + 40 bytes nsIOService::NewChannel(nsIOService * const 0x025416e0, const nsACString & {...}, const char * 0x02548030, nsIURI * 0x00000000, nsIChannel * * 0x0012db68) line 503 + 25 bytes XPTC_InvokeByIndex(nsISupports * 0x025416e0, unsigned int 9, unsigned int 4, nsXPTCVariant * 0x0012db38) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2017 + 42 bytes XPC_WN_CallMethod(JSContext * 0x00462c50, JSObject * 0x00f8d7d8, unsigned int 3, long * 0x00f97a00, long * 0x0012dd74) line 1269 + 11 bytes js_Invoke(JSContext * 0x00000001, unsigned int 3, unsigned int 0) line 843 + 17 bytes js_Interpret(JSContext * 0x00462c50, long * 0x0012df8c) line 2856 js_Invoke(JSContext * 0x00000001, unsigned int 3, unsigned int 2) line 860 + 10 bytes nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJSClass * const 0x02bc0350, nsXPCWrappedJS * 0x02c56900, unsigned short 3, const nsXPTMethodInfo * 0x01057dc0, nsXPTCMiniVariant * 0x0012e314) line 1332 + 22 bytes nsXPCWrappedJS::CallMethod(nsXPCWrappedJS * const 0x02c56900, unsigned short 3, const nsXPTMethodInfo * 0x01057dc0, nsXPTCMiniVariant * 0x0012e314) line 429 PrepareAndDispatch(nsXPTCStubBase * 0x02c56900, unsigned int 3, unsigned int * 0x0012e3c4, unsigned int * 0x0012e3b4) line 117 + 31 bytes SharedStub() line 147 mozJSComponentLoader::GetFactory(mozJSComponentLoader * const 0x00462e00, const nsID & {...}, const char * 0x00fb17c0, const char * 0x004212e0, nsIFactory * * 0x0012e438) line 444 + 38 bytes nsFactoryEntry::GetFactory(nsIFactory * * 0x0012e438, nsComponentManagerImpl * 0x004154b0) line 324 + 58 bytes nsComponentManagerImpl::CreateInstance(nsComponentManagerImpl * const 0x004154b0, const nsID & {...}, nsISupports * 0x00000000, const nsID & {...}, void * * 0x0012e4f0) line 1975 + 16 bytes nsComponentManager::CreateInstance(const nsID & {...}, nsISupports * 0x00000000, const nsID & {...}, void * * 0x0012e4f0) line 103 nsJSCID::CreateInstance(nsJSCID * const 0x0254ccd0, nsISupports * * 0x0012e6bc) line 791 + 48 bytes XPTC_InvokeByIndex(nsISupports * 0x0254ccd0, unsigned int 10, unsigned int 1, nsXPTCVariant * 0x0012e6bc) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2017 + 42 bytes XPC_WN_CallMethod(JSContext * 0x00462c50, JSObject * 0x00f8d6f0, unsigned int 1, long * 0x00f9785c, long * 0x0012e8f8) line 1269 + 11 bytes js_Invoke(JSContext * 0x00000001, unsigned int 1, unsigned int 0) line 843 + 17 bytes js_Interpret(JSContext * 0x00462c50, long * 0x0012eb50) line 2856 js_Execute(JSContext * 0x00f8c8c0, JSObject * 0x00f8c8c0, JSScript * 0x025116b0, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012eb50) line 1057 JS_ExecuteScript(JSContext * 0x00462c50, JSObject * 0x00f8c8c0, JSScript * 0x025116b0, long * 0x0012eb50) line 3378 + 25 bytes Load(JSContext * 0x00462c50, JSObject * 0x00f8c8c0, unsigned int 1, long * 0x00f97834, long * 0x0012eb9c) line 230 + 22 bytes js_Invoke(JSContext * 0x00000001, unsigned int 1, unsigned int 0) line 843 + 17 bytes js_Interpret(JSContext * 0x00462c50, long * 0x0012fe20) line 2856 js_Execute(JSContext * 0x00f8c8c0, JSObject * 0x00f8c8c0, JSScript * 0x02511c20, JSStackFrame * 0x00000000, unsigned int 0, long * 0x0012fe20) line 1057 JS_ExecuteScript(JSContext * 0x00462c50, JSObject * 0x00f8c8c0, JSScript * 0x02511c20, long * 0x0012fe20) line 3378 + 25 bytes ProcessFile(JSContext * 0x00462c50, JSObject * 0x00f8c8c0, const char * 0x00000000, _iobuf * 0x10256808 _iob) line 638 + 22 bytes Process(JSContext * 0x00462c50, JSObject * 0x00f8c8c0, const char * 0x00000000) line 693 + 21 bytes ProcessArgs(JSContext * 0x00462c50, JSObject * 0x00f8c8c0, char * * 0x00414554, int 0) line 802 + 17 bytes main(int 0, char * * 0x00414554, char * * 0x00410e10) line 1060 + 21 bytes I'm not sure what nsJARChannel expected to have happen first, but it didn't...
hmm.. very strange. nsJARProtocolHandler::nsJARProtocolHandler assign gJarHandler to |this|, and the dtor clears gJarHandler. but, from the stack trace it seems unlikely that the ctor wouldn't have run and it seems equally unlikely that the dtor already ran. i don't get it.
Attached patch wallpaper (obsolete) — Splinter Review
ok, it turns out that the constructor ran twice and the destructor had run once. if this sharing needs to exist, then nsJARProtocolHandlerConstructor or whatever should addref and return gJarHandler instead of allowing a second to be created.
Comment on attachment 126391 [details] [diff] [review] wallpaper hmm... clever, but i think i'd rather see code that calls NS_GENERIC_FACTORY_SINGELTON_CONSTRUCTOR.
Attachment #126391 - Flags: review-
Attachment #126391 - Attachment is obsolete: true
Attachment #186973 - Flags: superreview?(darin)
Attachment #186973 - Flags: review?(darin)
darin?
Comment on attachment 186973 [details] [diff] [review] wallpaper using NS_GENERIC_FACTORY_SINGELTON_CONSTRUCTOR >Index: nsJARFactory.cpp >+NS_GENERIC_FACTORY_SINGLETON_CONSTRUCTOR(nsJARProtocolHandler, nsJARProtocolHandler::GetSingleton) break long line at 80 chars? >Index: nsJARProtocolHandler.h >+ static nsJARProtocolHandler* >+ GetSingleton(); put this all on one line :) r+sr=darin
Attachment #186973 - Flags: superreview?(darin)
Attachment #186973 - Flags: superreview+
Attachment #186973 - Flags: review?(darin)
Attachment #186973 - Flags: review+
Your checkin has stuck for a bit over three years, I think it's safe to go ahead and close the bug now.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsJARChannel::nsJARChannel]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: