Closed Bug 235355 Opened 21 years ago Closed 21 years ago

hangs/crashes after choosing Server Settings in Mail&Newsgroup Account Settings, click o.k.

Categories

(Core :: XPCOM, defect, P1)

x86
Windows 2000
defect

Tracking

()

RESOLVED FIXED
mozilla1.7beta

People

(Reporter: tobias, Assigned: darin.moz)

Details

(Keywords: crash)

Attachments

(1 file)

User-Agent: Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.7a) Gecko/20040223 In "Mail&Newsgroup Account Settings" left Pane mark one after another the "Server Settings" without doing any changes, then leaving the Dialogue clicking "O.K." and Mozilla crashes. While crashing Mozilla uses a lot of Memory. The saved Username and Password for Newsgroup Accounts are deleted after the crash. Reproducible: Always Steps to Reproduce: 1. In Mail-News go to "Edit" "Mail&Newsgroup Account Settings" 2. Mark one after another "Server Settings" for every of the Accounts without change anything 3. Leave "Mail&Newsgroup Account Settings" with the O.K.-Button Actual Results: Mozilla crashes. Expected Results: Close the Dialogue. This Bug was first reported by Hartmut Figge in d.c.s.m.nb <4037BA94.20804@hfigge.myfqdn.de> under Debian GNU-Linux, thanks to him. I have succesfull tried to reproduce this crash under w2k. Adding Part of the DrWatson Crash Stack-Back-Trace: Funktion: nsSubstring::Replace 1004ab69 55 push ebp 1004ab6a 8bcb mov ecx,ebx 1004ab6c e8fffaffff call EmptyCString+0x250 (1004a670) 1004ab71 85ff test edi,edi 1004ab73 7617 jbe nsComponentManager::EnumerateContractIDs+0xbec (1005368c) 1004ab75 8b4304 mov eax,[ebx+0x4] ds:00bb7ae6=???????? 1004ab78 8d0c3f lea ecx,[edi+edi] ds:2f857558=???????? 1004ab7b 8bd1 mov edx,ecx 1004ab7d 8d3c68 lea edi,[eax+ebp*2] ds:0fbfffee=???????? 1004ab80 c1e902 shr ecx,0x2 FEHLER ->1004ab83 f3a5 rep movsd ds:0012dcb0=006f0074 es:2f857558=???????? 1004ab85 8bca mov ecx,edx 1004ab87 83e103 and ecx,0x3 1004ab8a f3a4 rep movsb ds:0012dcb0=74 es:2f857558=?? 1004ab8c 5f pop edi 1004ab8d 5e pop esi 1004ab8e 5d pop ebp 1004ab8f 5b pop ebx 1004ab90 81c498000000 add esp,0x98 1004ab96 c21000 ret 0x10 1004ab99 8bbc24b8000000 mov edi,[esp+0xb8] ss:0012db9c=00000006 1004aba0 83ffff cmp edi,0xff *----> Stack Back Trace <----* FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name 0FBFFFEE 00000000 00000000 00000000 00000000 00000000 !nsSubstring::Replace
memcpy(unsigned char * 0x2f8c66b6, unsigned char * 0x0012bd58, unsigned long 0x00000042) line 242 nsCharTraits<unsigned short>::copy(unsigned short * 0x2f8c66b6, const unsigned short * 0x0012bd58, unsigned int 0x00000021) line 150 + 19 bytes nsSubstring::Replace(unsigned int 0x0fbfffeb, unsigned int 0x00000000, const unsigned short * 0x0012bd58, unsigned int 0x00000021) line 408 + 29 bytes nsSubstring::Replace(unsigned int 0x0fbfffeb, unsigned int 0x00000000, const nsSubstring & {...}) line 230 + 41 bytes nsString::ReplaceSubstring(const nsString & {...}, const nsString & {...}) line 392 nsMsgIncomingServer::OnUserOrHostNameChanged(nsMsgIncomingServer * const 0x054eb618, const char * 0x00000000, const char * 0x05bf49e0) line 1280 nsNntpIncomingServer::OnUserOrHostNameChanged(nsNntpIncomingServer * const 0x054eb618, const char * 0x00000000, const char * 0x05bf49e0) line 2005 + 18 bytes nsMsgIncomingServer::SetRealUsername(nsMsgIncomingServer * const 0x054eb618, const char * 0x05bf49e0) line 1363 + 25 bytes XPTC_InvokeByIndex(nsISupports * 0x054eb618, unsigned int 0x00000011, unsigned int 0x00000001, nsXPTCVariant * 0x0012c150) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_SETTER) line 2022 + 43 bytes XPCWrappedNative::SetAttribute(XPCCallContext & {...}) line 1887 + 14 bytes XPC_WN_GetterSetter(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, unsigned int 0x00000001, long * 0x05b78e74, long * 0x0012c434) line 1311 + 12 bytes js_Invoke(JSContext * 0x0570dbd8, unsigned int 0x00000001, unsigned int 0x00000002) line 941 + 23 bytes js_InternalInvoke(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, long 0x05b95560, unsigned int 0x00000000, unsigned int 0x00000001, long * 0x0012cd6c, long * 0x0012cd6c) line 1035 + 20 bytes js_InternalGetOrSet(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, long 0x054eea00, long 0x05b95560, int 0x00000008, unsigned int 0x00000001, long * 0x0012cd6c, long * 0x0012cd6c) line 1078 + 31 bytes js_SetProperty(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, long 0x054eea00, long * 0x0012cd6c) line 2836 + 53 bytes js_Interpret(JSContext * 0x0570dbd8, long * 0x0012cf0c) line 2816 + 2014 bytes js_Invoke(JSContext * 0x0570dbd8, unsigned int 0x00000002, unsigned int 0x00000002) line 958 + 13 bytes js_InternalInvoke(JSContext * 0x0570dbd8, JSObject * 0x05464fe0, long 0x059edb48, unsigned int 0x00000000, unsigned int 0x00000002, long * 0x05a218f0, long * 0x0012d0a4) line 1035 + 20 bytes JS_CallFunctionValue(JSContext * 0x0570dbd8, JSObject * 0x05464fe0, long 0x059edb48, unsigned int 0x00000002, long * 0x05a218f0, long * 0x0012d0a4) line 3592 + 31 bytes nsJSContext::CallEventHandler(JSObject * 0x05464fe0, JSObject * 0x059edb48, unsigned int 0x00000002, long * 0x05a218f0, long * 0x0012d0a4) line 1267 + 33 bytes GlobalWindowImpl::RunTimeout(nsTimeoutImpl * 0x05a21878) line 5145 + 81 bytes GlobalWindowImpl::TimerCallback(nsITimer * 0x05a21980, void * 0x05a21878) line 5508 nsTimerImpl::Fire() line 382 + 17 bytes nsTimerManager::FireNextIdleTimer(nsTimerManager * const 0x00f3cbb0) line 616 nsAppShell::GetNativeEvent(nsAppShell * const 0x056cc088, int & 0x00000001, void * & 0x02230180 msg) line 197 nsXULWindow::ShowModal(nsXULWindow * const 0x0548a388) line 362 + 31 bytes nsWebShellWindow::ShowModal(nsWebShellWindow * const 0x0548a388) line 1106 nsContentTreeOwner::ShowAsModal(nsContentTreeOwner * const 0x0522f5dc) line 449 nsWindowWatcher::OpenWindowJS(nsWindowWatcher * const 0x010d544c, nsIDOMWindow * 0x04efed24, const char * 0x056b1ba8, const char * 0x0012d7f0, const char * 0x0012d848, int 0x00000001, unsigned int 0x00000001, long * 0x055c7708, nsIDOMWindow * * 0x0012d8a0) line 784 GlobalWindowImpl::OpenInternal(GlobalWindowImpl * const 0x04efed20, const nsAString & {...}, const nsAString & {...}, const nsAString & {...}, int 0x00000001, long * 0x055c76fc, unsigned int 0x00000004, nsISupports * 0x00000000, nsIDOMWindow * * 0x0012dc5c) line 4770 + 140 bytes GlobalWindowImpl::OpenDialog(GlobalWindowImpl * const 0x04efed28, nsIDOMWindow * * 0x0012dc5c) line 3461 + 59 bytes XPTC_InvokeByIndex(nsISupports * 0x04efed28, unsigned int 0x00000010, unsigned int 0x00000001, nsXPTCVariant * 0x0012dc5c) line 102 XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode CALL_METHOD) line 2022 + 43 bytes XPC_WN_CallMethod(JSContext * 0x04f804e0, JSObject * 0x04e543c8, unsigned int 0x00000004, long * 0x055c76fc, long * 0x0012df2c) line 1287 + 14 bytes js_Invoke(JSContext * 0x04f804e0, unsigned int 0x00000004, unsigned int 0x00000000) line 941 + 23 bytes js_Interpret(JSContext * 0x04f804e0, long * 0x0012e860) line 2962 + 15 bytes js_Invoke(JSContext * 0x04f804e0, unsigned int 0x00000001, unsigned int 0x00000002) line 958 + 13 bytes js_InternalInvoke(JSContext * 0x04f804e0, JSObject * 0x04e530d8, long 0x05464d20, unsigned int 0x00000000, unsigned int 0x00000001, long * 0x0012eadc, long * 0x0012ead8) line 1035 + 20 bytes JS_CallFunctionValue(JSContext * 0x04f804e0, JSObject * 0x04e530d8, long 0x05464d20, unsigned int 0x00000001, long * 0x0012eadc, long * 0x0012ead8) line 3592 + 31 bytes nsJSContext::CallEventHandler(JSObject * 0x04e530d8, JSObject * 0x05464d20, unsigned int 0x00000001, long * 0x0012eadc, long * 0x0012ead8) line 1267 + 33 bytes nsJSEventListener::HandleEvent(nsJSEventListener * const 0x05255498, nsIDOMEvent * 0x052ef648) line 174 + 52 bytes nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x05257ca8, nsIDOMEvent * 0x052ef648, nsIDOMEventTarget * 0x052ef5f8, unsigned int 0x00000008, unsigned int 0x00000007) line 1434 + 20 bytes nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x05255440, nsIPresContext * 0x04efd760, nsEvent * 0x0012f2b8, nsIDOMEvent * * 0x0012f194, nsIDOMEventTarget * 0x052ef5f8, unsigned int 0x00000007, nsEventStatus * 0x0012f308) line 1527 + 56 bytes nsXULElement::HandleDOMEvent(nsIPresContext * 0x04efd760, nsEvent * 0x0012f2b8, nsIDOMEvent * * 0x0012f194, unsigned int 0x00000007, nsEventStatus * 0x0012f308) line 2881 PresShell::HandleDOMEventWithTarget(PresShell * const 0x04fa1a40, nsIContent * 0x05252298, nsEvent * 0x0012f2b8, nsEventStatus * 0x0012f308) line 6169 nsMenuFrame::Execute(nsGUIEvent * 0x0012f77c) line 1648 nsMenuFrame::HandleEvent(nsMenuFrame * const 0x055d11a8, nsIPresContext * 0x04efd760, nsGUIEvent * 0x0012f77c, nsEventStatus * 0x0012f570) line 447 PresShell::HandleEventInternal(nsEvent * 0x0012f77c, nsIView * 0x054fe5e8, unsigned int 0x00000001, nsEventStatus * 0x0012f570) line 6133 + 33 bytes PresShell::HandleEvent(PresShell * const 0x04fa1a5c, nsIView * 0x054fe5e8, nsGUIEvent * 0x0012f77c, nsEventStatus * 0x0012f570, int 0x00000000, int & 0x00000001) line 5981 + 25 bytes nsViewManager::HandleEvent(nsView * 0x05734ee8, nsGUIEvent * 0x0012f77c, int 0x00000000) line 2301 nsViewManager::DispatchEvent(nsViewManager * const 0x04fa1148, nsGUIEvent * 0x0012f77c, nsEventStatus * 0x0012f668) line 2039 + 20 bytes HandleEvent(nsGUIEvent * 0x0012f77c) line 79 nsWindow::DispatchEvent(nsWindow * const 0x05734fa4, nsGUIEvent * 0x0012f77c, nsEventStatus & nsEventStatus_eIgnore) line 1064 + 10 bytes nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f77c) line 1085 nsWindow::DispatchMouseEvent(unsigned int 0x0000012d, unsigned int 0x00000000, nsPoint * 0x00000000) line 5207 + 21 bytes ChildWindow::DispatchMouseEvent(unsigned int 0x0000012d, unsigned int 0x00000000, nsPoint * 0x00000000) line 5462 nsWindow::ProcessMessage(unsigned int 0x00000202, unsigned int 0x00000000, long 0x0104003b, long * 0x0012fc28) line 4001 + 28 bytes nsWindow::WindowProc(HWND__ * 0x005103b4, unsigned int 0x00000202, unsigned int 0x00000000, long 0x0104003b) line 1346 + 27 bytes USER32! 77e2a2d0() USER32! 77e045e5() USER32! 77e0a816() nsAppShellService::Run(nsAppShellService * const 0x010d6478) line 484 main1(int 0x00000002, char * * 0x00263f88, nsISupports * 0x00ed3c90) line 1291 + 32 bytes main(int 0x00000002, char * * 0x00263f88) line 1678 + 37 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e987e7()
Severity: normal → critical
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
this looks like a result of my string branch landing... -> me this probably results from a missing null-check somewhere. investigating...
Assignee: sspitzer → darin
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.7beta
here's a somewhat simplified testcase: const char *oldName = nsnull; const char *newName = "user"; nsString acctName = NS_LITERAL_STRING("forums.foo.com"); nsAutoString newAcctName, oldVal, newVal; oldVal.AssignWithConversion(oldName); newVal.AssignWithConversion(newName); newAcctName.Assign(acctName); newAcctName.ReplaceSubstring(oldVal, newVal); the ReplaceSubstring call never finishes. it just loops forever. i didn't observe any crash.
Summary: crash after choosing Server Settings in Mail&Newsgroup Account Settings, click o.k. → hangs/crashes after choosing Server Settings in Mail&Newsgroup Account Settings, click o.k.
-> strings
Component: Account Manager → String
Product: MailNews → Browser
Attached patch v1 patchSplinter Review
patch + testcase
Comment on attachment 142195 [details] [diff] [review] v1 patch i checked with the old nsString2.cpp code, and saw that indeed it would return early if ReplaceSubstring was called with aTarget equal to the empty string. it also would returned early if aNewValue was empty, but that makes little sense to me. what if you wanted to replace a certain substring with an empty value? that should be supported. this makes that happen. i also corrected the adjustment of the iteration variable |i| in the algorithm's loop. i think it is correct for it to resume replacing after the end of the last replaced substring. previously what it was doing was pretty bogus.
Attachment #142195 - Flags: superreview?(dbaron)
Attachment #142195 - Flags: review?(dbaron)
Attachment #142195 - Flags: superreview?(dbaron)
Attachment #142195 - Flags: superreview+
Attachment #142195 - Flags: review?(dbaron)
Attachment #142195 - Flags: review+
fixed on trunk
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Component: String → XPCOM
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: