Closed Bug 235201 Opened 21 years ago Closed 20 years ago

selecting "downloads" in "options" cause segfault [@ nsGNOMERegistry::GetFromType]

Categories

(Core Graveyard :: File Handling, defect)

Product:
Core Graveyard
Component:
File Handling
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: basic, Assigned: chpe)

Details

Attachments

(1 file)

proposed fix
1.70 KB, patch
bryner
: superreview+
Details | Diff | Splinter Review 
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040222 Firefox/0.8.0+

selecting "downloads" in "options" cause segfault. Backtrace below.

#0  0x40810006 in nanosleep () from /lib/i686/libc.so.6
#1  0xffffffa0 in ?? ()
#2  0x08062316 in ah_crap_handler(int) (signum=11) at nsSigHandlers.cpp:135
#3  0x41c54346 in nsProfileLock::FatalSignalHandler(int) (signo=0)
    at /mnt/build/mozilla/profile/dirserviceprovider/src/nsProfileLock.cpp:209
#4  0x4022f4ec in __pthread_clock_settime () from /lib/i686/libpthread.so.0
#5  0x4078dca8 in __libc_sigaction () from /lib/i686/libc.so.6
#6  0x41f201c5 in nsDependentCString (this=0xbfff843c, data=0xbfff84b8
"\177\003ÿÿ#\001ÿÿÿÿÿÿ")
    at nsTDependentString.h:90
#7  0x41f557df in nsGNOMERegistry::GetFromType(char const*) (aMIMEType=0x8a9ab30
"text/x-javascript")
    at /mnt/build/mozilla/uriloader/exthandler/unix/nsGNOMERegistry.cpp:297
#8  0x41f53180 in nsOSHelperAppService::GetFromType(char const*) (this=0x8152190,
    aMIMEType=0x8a9ab30 "text/x-javascript")
    at /mnt/build/mozilla/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1531
#9  0x41f53312 in nsOSHelperAppService::GetMIMEInfoFromOS(char const*, char
const*, int*) (this=0x8152190,
    aType=0x8a9ab30 "text/x-javascript", aFileExt=0x0, aFound=0xbfff9098)
    at /mnt/build/mozilla/uriloader/exthandler/unix/nsOSHelperAppService.cpp:1619
#10 0x41f43aef in nsExternalHelperAppService::GetFromTypeAndExtension(char
const*, char const*, nsIMIMEInfo**) (
    this=0x8152190, aMIMEType=0x8a9ab30 "text/x-javascript", aFileExt=0x0,
_retval=0xbfff9300)
    at /mnt/build/mozilla/uriloader/exthandler/nsExternalHelperAppService.cpp:2198
#11 0x401a6f7d in XPTC_InvokeByIndex () from
/mnt/build/mozilla/obj-firefox/dist/bin/libxpcom.so
#12 0x40b49019 in XPCWrappedNative::CallMethod(XPCCallContext&,
XPCWrappedNative::CallMode) (ccx=@0xbfff93a0,
    mode=CALL_METHOD) at
/mnt/build/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp:2021
#13 0x40b51f00 in XPC_WN_CallMethod(JSContext*, JSObject*, unsigned, long*,
long*) (cx=0x879afa0, obj=0x84cf430,
    argc=2, argv=0x8a8ba30, vp=0xbfff94d0)
    at /mnt/build/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:1287
#14 0x40052714 in js_Invoke (cx=0x879afa0, argc=2, flags=0) at
/mnt/build/mozilla/js/src/jsinterp.c:941
#15 0x400589da in js_Interpret (cx=0x879afa0, result=0xbfff97fc)
    at /mnt/build/mozilla/js/src/jsinterp.c:2962
#16 0x400527dc in js_Invoke (cx=0x879afa0, argc=3, flags=2) at
/mnt/build/mozilla/js/src/jsinterp.c:958
#17 0x40b4223a in nsXPCWrappedJSClass::CallMethod(nsXPCWrappedJS*, unsigned
short, nsXPTMethodInfo const*, nsXPTCMiniVariant*) (this=0x89db778,
wrapper=0x89e20e0, methodIndex=7, info=0x868f168, nativeParams=0xbfff9c10)
    at /mnt/build/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1336
#18 0x40b3c77f in nsXPCWrappedJS::CallMethod(unsigned short, nsXPTMethodInfo
const*, nsXPTCMiniVariant*) (
    this=0x89e20e0, methodIndex=7, info=0x868f168, params=0xbfff9c10)
    at /mnt/build/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp:449
#19 0x401a71f4 in PrepareAndDispatch (methodIndex=7, self=0x89e20e0, args=0x868f168)
---Type <return> to continue, or q <return> to quit---
    at
/mnt/build/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_gcc_x86_unix.cpp:100
#20 0x419ace4b in
CompositeAssertionEnumeratorImpl::GetEnumerator(nsIRDFDataSource*,
nsISimpleEnumerator**) (
    this=0x408919a0, aDataSource=0xbfff8158, aResult=0x8a4c4f0)
    at /mnt/build/mozilla/rdf/base/src/nsCompositeDataSource.cpp:573
#21 0x419ac504 in CompositeEnumeratorImpl::HasMoreElements(int*)
(this=0x86777b0, aResult=0xbfff9dd4)
    at /mnt/build/mozilla/rdf/base/src/nsCompositeDataSource.cpp:240
#22 0x4157eb6f in nsRDFPropertyTestNode::FilterInstantiations(InstantiationSet&,
void*) const (this=0x8a600f0,
    aInstantiations=@0xbfffa050, aClosure=0xbfffa2b0)
    at /mnt/build/mozilla/content/xul/templates/src/nsRDFPropertyTestNode.cpp:245
#23 0x41582359 in TestNode::Propagate(InstantiationSet const&, void*)
(this=0x8a600f0,
    aInstantiations=@0xbfffa0c0, aClosure=0xbfffa2b0)
    at /mnt/build/mozilla/content/xul/templates/src/nsRuleNetwork.cpp:1045
#24 0x41582411 in TestNode::Propagate(InstantiationSet const&, void*)
(this=0x8a4c390,
    aInstantiations=@0xbfffa130, aClosure=0xbfffa2b0)
    at /mnt/build/mozilla/content/xul/templates/src/nsRuleNetwork.cpp:1054
#25 0x41582411 in TestNode::Propagate(InstantiationSet const&, void*)
(this=0x8a601a0,
    aInstantiations=@0xbfffa1a0, aClosure=0xbfffa2b0)
    at /mnt/build/mozilla/content/xul/templates/src/nsRuleNetwork.cpp:1054
#26 0x41582411 in TestNode::Propagate(InstantiationSet const&, void*)
(this=0x8a4c4a8,
    aInstantiations=@0xbfffa320, aClosure=0xbfffa2b0)
    at /mnt/build/mozilla/content/xul/templates/src/nsRuleNetwork.cpp:1054
#27 0x415819da in RootNode::Propagate(InstantiationSet const&, void*)
(this=0x8741d48,
    aInstantiations=@0xbfffa320, aClosure=0xbfffa2b0)
    at /mnt/build/mozilla/content/xul/templates/src/nsRuleNetwork.cpp:761
#28 0x41587425 in nsXULContentBuilder::CreateContainerContents(nsIContent*,
nsIRDFResource*, int, nsIContent**, int*) (this=0x8741d08, aElement=0x89fe720,
aResource=0xbfffa320, aNotify=0, aContainer=0xbfffa480,
    aNewIndexInContainer=0xbfffa458)
    at /mnt/build/mozilla/content/xul/templates/src/nsXULContentBuilder.cpp:1227
#29 0x415871bc in
nsXULContentBuilder::CreateTemplateAndContainerContents(nsIContent*,
nsIContent**, int*) (
    this=0x8741d08, aElement=0x89fe720, aContainer=0xbfffa480,
aNewIndexInContainer=0xbfffa458)
    at /mnt/build/mozilla/content/xul/templates/src/nsXULContentBuilder.cpp:1147
#30 0x415896e4 in nsXULContentBuilder::RebuildAll() (this=0x8741d08)
    at /mnt/build/mozilla/content/xul/templates/src/nsXULContentBuilder.cpp:1965
#31 0x4159bf87 in nsXULTemplateBuilder::Rebuild() (this=0x8741d08)
    at /mnt/build/mozilla/content/xul/templates/src/nsXULTemplateBuilder.cpp:237
#32 0x4159c127 in nsXULTemplateBuilder::AttributeChanged(nsIDocument*,
nsIContent*, int, nsIAtom*, int) (
    this=0x8741d08, aDocument=0x8742650, aContent=0x89fe720, aNameSpaceID=0,
aAttribute=0x8136798, aModType=2)
---Type <return> to continue, or q <return> to quit---
Assignee: firefox → darin
hm, this is an interesting crash

basic: Can you paste the output of running "locale" in this bug?
my locale is as below:

LANG=en_SG
LC_CTYPE=en_SG
LC_NUMERIC=ms_MY
LC_TIME=en_SG
LC_COLLATE=en_SG
LC_MONETARY=ms_MY
LC_MESSAGES=en_SG
LC_PAPER=ms_MY
LC_NAME=ms_MY
LC_ADDRESS=ms_MY
LC_TELEPHONE=ms_MY
LC_MEASUREMENT=ms_MY
LC_IDENTIFICATION=ms_MY
LC_ALL=
I doubt this has anything to do with my locale as when I set it to en_US I still
see the crash.
http://lxr.mozilla.org/seamonkey/source/uriloader/exthandler/unix/nsGNOMERegistry.cpp

291   gchar *commandPath = g_find_program_in_path(nativeCommand);
292 
293   g_free(nativeCommand);
294 
295   nsCOMPtr<nsILocalFile> appFile;
296   NS_NewNativeLocalFile(nsDependentCString(commandPath), PR_TRUE,
297                         getter_AddRefs(appFile));

nsDependentCString can't wrap a NULL buffer, but g_find_program_in_path()
returns NULL when the program is not found in the path.
Attached patch proposed fixSplinter Review 
I noticed another early return leaked a GnomeVFSMimeApplication object, fixed
that too.
Attachment #142258 - Flags: superreview?(bryner)
Attachment #142258 - Flags: review?(cbiesinger)
Comment on attachment 142258 [details] [diff] [review]
proposed fix

looks good

hm... but is this the crash from comment 0? well, this is the right thing in
any case.
Attachment #142258 - Flags: review?(cbiesinger) → review+
Comment on attachment 142258 [details] [diff] [review]
proposed fix

just tested this patch, no more crash.
Summary: selecting "downloads" in "options" cause segfault → selecting "downloads" in "options" cause segfault [@ nsGNOMERegistry::GetFromType]
Attachment #142258 - Flags: superreview?(bryner) → superreview+
Could someone please check this in?  I won't be able to in the next few days...
I'll do it in the morning (Sat)
Assignee: darin → chpe
Component: Preferences → File Handling
Product: Firefox → Browser
Version: unspecified → Trunk
I checked this in while I was doing some other checkins
Checking in nsGNOMERegistry.cpp;
/cvsroot/mozilla/uriloader/exthandler/unix/nsGNOMERegistry.cpp,v  <-- 
nsGNOMERegistry.cpp
new revision: 1.8; previous revision: 1.7
done
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: