Closed
Bug 235355
Opened 21 years ago
Closed 21 years ago
hangs/crashes after choosing Server Settings in Mail&Newsgroup Account Settings, click o.k.
Categories
(Core :: XPCOM, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.7beta
People
(Reporter: tobias, Assigned: darin.moz)
Details
(Keywords: crash)
Attachments
(1 file)
5.72 KB,
patch
|
dbaron
:
review+
dbaron
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent:
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; de-AT; rv:1.7a) Gecko/20040223
In "Mail&Newsgroup Account Settings" left Pane mark one after another the
"Server Settings" without doing any changes, then leaving the Dialogue clicking
"O.K." and Mozilla crashes.
While crashing Mozilla uses a lot of Memory. The saved Username and Password for
Newsgroup Accounts are deleted after the crash.
Reproducible: Always
Steps to Reproduce:
1. In Mail-News go to "Edit" "Mail&Newsgroup Account Settings"
2. Mark one after another "Server Settings" for every of the Accounts without
change anything
3. Leave "Mail&Newsgroup Account Settings" with the O.K.-Button
Actual Results:
Mozilla crashes.
Expected Results:
Close the Dialogue.
This Bug was first reported by Hartmut Figge in d.c.s.m.nb
<4037BA94.20804@hfigge.myfqdn.de> under Debian GNU-Linux, thanks to him. I have
succesfull tried to reproduce this crash under w2k.
Adding Part of the DrWatson Crash Stack-Back-Trace:
Funktion: nsSubstring::Replace
1004ab69 55 push ebp
1004ab6a 8bcb mov ecx,ebx
1004ab6c e8fffaffff call EmptyCString+0x250 (1004a670)
1004ab71 85ff test edi,edi
1004ab73 7617 jbe nsComponentManager::EnumerateContractIDs+0xbec
(1005368c)
1004ab75 8b4304 mov eax,[ebx+0x4]
ds:00bb7ae6=????????
1004ab78 8d0c3f lea ecx,[edi+edi]
ds:2f857558=????????
1004ab7b 8bd1 mov edx,ecx
1004ab7d 8d3c68 lea edi,[eax+ebp*2]
ds:0fbfffee=????????
1004ab80 c1e902 shr ecx,0x2
FEHLER ->1004ab83 f3a5 rep movsd ds:0012dcb0=006f0074
es:2f857558=????????
1004ab85 8bca mov ecx,edx
1004ab87 83e103 and ecx,0x3
1004ab8a f3a4 rep movsb ds:0012dcb0=74
es:2f857558=??
1004ab8c 5f pop edi
1004ab8d 5e pop esi
1004ab8e 5d pop ebp
1004ab8f 5b pop ebx
1004ab90 81c498000000 add esp,0x98
1004ab96 c21000 ret 0x10
1004ab99 8bbc24b8000000 mov edi,[esp+0xb8]
ss:0012db9c=00000006
1004aba0 83ffff cmp edi,0xff
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0FBFFFEE 00000000 00000000 00000000 00000000 00000000 !nsSubstring::Replace
Comment 1•21 years ago
|
||
memcpy(unsigned char * 0x2f8c66b6, unsigned char * 0x0012bd58, unsigned long
0x00000042) line 242
nsCharTraits<unsigned short>::copy(unsigned short * 0x2f8c66b6, const unsigned
short * 0x0012bd58, unsigned int 0x00000021) line 150 + 19 bytes
nsSubstring::Replace(unsigned int 0x0fbfffeb, unsigned int 0x00000000, const
unsigned short * 0x0012bd58, unsigned int 0x00000021) line 408 + 29 bytes
nsSubstring::Replace(unsigned int 0x0fbfffeb, unsigned int 0x00000000, const
nsSubstring & {...}) line 230 + 41 bytes
nsString::ReplaceSubstring(const nsString & {...}, const nsString & {...}) line 392
nsMsgIncomingServer::OnUserOrHostNameChanged(nsMsgIncomingServer * const
0x054eb618, const char * 0x00000000, const char * 0x05bf49e0) line 1280
nsNntpIncomingServer::OnUserOrHostNameChanged(nsNntpIncomingServer * const
0x054eb618, const char * 0x00000000, const char * 0x05bf49e0) line 2005 + 18 bytes
nsMsgIncomingServer::SetRealUsername(nsMsgIncomingServer * const 0x054eb618,
const char * 0x05bf49e0) line 1363 + 25 bytes
XPTC_InvokeByIndex(nsISupports * 0x054eb618, unsigned int 0x00000011, unsigned
int 0x00000001, nsXPTCVariant * 0x0012c150) line 102
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
CALL_SETTER) line 2022 + 43 bytes
XPCWrappedNative::SetAttribute(XPCCallContext & {...}) line 1887 + 14 bytes
XPC_WN_GetterSetter(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, unsigned int
0x00000001, long * 0x05b78e74, long * 0x0012c434) line 1311 + 12 bytes
js_Invoke(JSContext * 0x0570dbd8, unsigned int 0x00000001, unsigned int
0x00000002) line 941 + 23 bytes
js_InternalInvoke(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, long
0x05b95560, unsigned int 0x00000000, unsigned int 0x00000001, long * 0x0012cd6c,
long * 0x0012cd6c) line 1035 + 20 bytes
js_InternalGetOrSet(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, long
0x054eea00, long 0x05b95560, int 0x00000008, unsigned int 0x00000001, long *
0x0012cd6c, long * 0x0012cd6c) line 1078 + 31 bytes
js_SetProperty(JSContext * 0x0570dbd8, JSObject * 0x05b94f08, long 0x054eea00,
long * 0x0012cd6c) line 2836 + 53 bytes
js_Interpret(JSContext * 0x0570dbd8, long * 0x0012cf0c) line 2816 + 2014 bytes
js_Invoke(JSContext * 0x0570dbd8, unsigned int 0x00000002, unsigned int
0x00000002) line 958 + 13 bytes
js_InternalInvoke(JSContext * 0x0570dbd8, JSObject * 0x05464fe0, long
0x059edb48, unsigned int 0x00000000, unsigned int 0x00000002, long * 0x05a218f0,
long * 0x0012d0a4) line 1035 + 20 bytes
JS_CallFunctionValue(JSContext * 0x0570dbd8, JSObject * 0x05464fe0, long
0x059edb48, unsigned int 0x00000002, long * 0x05a218f0, long * 0x0012d0a4) line
3592 + 31 bytes
nsJSContext::CallEventHandler(JSObject * 0x05464fe0, JSObject * 0x059edb48,
unsigned int 0x00000002, long * 0x05a218f0, long * 0x0012d0a4) line 1267 + 33 bytes
GlobalWindowImpl::RunTimeout(nsTimeoutImpl * 0x05a21878) line 5145 + 81 bytes
GlobalWindowImpl::TimerCallback(nsITimer * 0x05a21980, void * 0x05a21878) line 5508
nsTimerImpl::Fire() line 382 + 17 bytes
nsTimerManager::FireNextIdleTimer(nsTimerManager * const 0x00f3cbb0) line 616
nsAppShell::GetNativeEvent(nsAppShell * const 0x056cc088, int & 0x00000001, void
* & 0x02230180 msg) line 197
nsXULWindow::ShowModal(nsXULWindow * const 0x0548a388) line 362 + 31 bytes
nsWebShellWindow::ShowModal(nsWebShellWindow * const 0x0548a388) line 1106
nsContentTreeOwner::ShowAsModal(nsContentTreeOwner * const 0x0522f5dc) line 449
nsWindowWatcher::OpenWindowJS(nsWindowWatcher * const 0x010d544c, nsIDOMWindow *
0x04efed24, const char * 0x056b1ba8, const char * 0x0012d7f0, const char *
0x0012d848, int 0x00000001, unsigned int 0x00000001, long * 0x055c7708,
nsIDOMWindow * * 0x0012d8a0) line 784
GlobalWindowImpl::OpenInternal(GlobalWindowImpl * const 0x04efed20, const
nsAString & {...}, const nsAString & {...}, const nsAString & {...}, int
0x00000001, long * 0x055c76fc, unsigned int 0x00000004, nsISupports *
0x00000000, nsIDOMWindow * * 0x0012dc5c) line 4770 + 140 bytes
GlobalWindowImpl::OpenDialog(GlobalWindowImpl * const 0x04efed28, nsIDOMWindow *
* 0x0012dc5c) line 3461 + 59 bytes
XPTC_InvokeByIndex(nsISupports * 0x04efed28, unsigned int 0x00000010, unsigned
int 0x00000001, nsXPTCVariant * 0x0012dc5c) line 102
XPCWrappedNative::CallMethod(XPCCallContext & {...}, XPCWrappedNative::CallMode
CALL_METHOD) line 2022 + 43 bytes
XPC_WN_CallMethod(JSContext * 0x04f804e0, JSObject * 0x04e543c8, unsigned int
0x00000004, long * 0x055c76fc, long * 0x0012df2c) line 1287 + 14 bytes
js_Invoke(JSContext * 0x04f804e0, unsigned int 0x00000004, unsigned int
0x00000000) line 941 + 23 bytes
js_Interpret(JSContext * 0x04f804e0, long * 0x0012e860) line 2962 + 15 bytes
js_Invoke(JSContext * 0x04f804e0, unsigned int 0x00000001, unsigned int
0x00000002) line 958 + 13 bytes
js_InternalInvoke(JSContext * 0x04f804e0, JSObject * 0x04e530d8, long
0x05464d20, unsigned int 0x00000000, unsigned int 0x00000001, long * 0x0012eadc,
long * 0x0012ead8) line 1035 + 20 bytes
JS_CallFunctionValue(JSContext * 0x04f804e0, JSObject * 0x04e530d8, long
0x05464d20, unsigned int 0x00000001, long * 0x0012eadc, long * 0x0012ead8) line
3592 + 31 bytes
nsJSContext::CallEventHandler(JSObject * 0x04e530d8, JSObject * 0x05464d20,
unsigned int 0x00000001, long * 0x0012eadc, long * 0x0012ead8) line 1267 + 33 bytes
nsJSEventListener::HandleEvent(nsJSEventListener * const 0x05255498, nsIDOMEvent
* 0x052ef648) line 174 + 52 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x05257ca8,
nsIDOMEvent * 0x052ef648, nsIDOMEventTarget * 0x052ef5f8, unsigned int
0x00000008, unsigned int 0x00000007) line 1434 + 20 bytes
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x05255440,
nsIPresContext * 0x04efd760, nsEvent * 0x0012f2b8, nsIDOMEvent * * 0x0012f194,
nsIDOMEventTarget * 0x052ef5f8, unsigned int 0x00000007, nsEventStatus *
0x0012f308) line 1527 + 56 bytes
nsXULElement::HandleDOMEvent(nsIPresContext * 0x04efd760, nsEvent * 0x0012f2b8,
nsIDOMEvent * * 0x0012f194, unsigned int 0x00000007, nsEventStatus * 0x0012f308)
line 2881
PresShell::HandleDOMEventWithTarget(PresShell * const 0x04fa1a40, nsIContent *
0x05252298, nsEvent * 0x0012f2b8, nsEventStatus * 0x0012f308) line 6169
nsMenuFrame::Execute(nsGUIEvent * 0x0012f77c) line 1648
nsMenuFrame::HandleEvent(nsMenuFrame * const 0x055d11a8, nsIPresContext *
0x04efd760, nsGUIEvent * 0x0012f77c, nsEventStatus * 0x0012f570) line 447
PresShell::HandleEventInternal(nsEvent * 0x0012f77c, nsIView * 0x054fe5e8,
unsigned int 0x00000001, nsEventStatus * 0x0012f570) line 6133 + 33 bytes
PresShell::HandleEvent(PresShell * const 0x04fa1a5c, nsIView * 0x054fe5e8,
nsGUIEvent * 0x0012f77c, nsEventStatus * 0x0012f570, int 0x00000000, int &
0x00000001) line 5981 + 25 bytes
nsViewManager::HandleEvent(nsView * 0x05734ee8, nsGUIEvent * 0x0012f77c, int
0x00000000) line 2301
nsViewManager::DispatchEvent(nsViewManager * const 0x04fa1148, nsGUIEvent *
0x0012f77c, nsEventStatus * 0x0012f668) line 2039 + 20 bytes
HandleEvent(nsGUIEvent * 0x0012f77c) line 79
nsWindow::DispatchEvent(nsWindow * const 0x05734fa4, nsGUIEvent * 0x0012f77c,
nsEventStatus & nsEventStatus_eIgnore) line 1064 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012f77c) line 1085
nsWindow::DispatchMouseEvent(unsigned int 0x0000012d, unsigned int 0x00000000,
nsPoint * 0x00000000) line 5207 + 21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 0x0000012d, unsigned int
0x00000000, nsPoint * 0x00000000) line 5462
nsWindow::ProcessMessage(unsigned int 0x00000202, unsigned int 0x00000000, long
0x0104003b, long * 0x0012fc28) line 4001 + 28 bytes
nsWindow::WindowProc(HWND__ * 0x005103b4, unsigned int 0x00000202, unsigned int
0x00000000, long 0x0104003b) line 1346 + 27 bytes
USER32! 77e2a2d0()
USER32! 77e045e5()
USER32! 77e0a816()
nsAppShellService::Run(nsAppShellService * const 0x010d6478) line 484
main1(int 0x00000002, char * * 0x00263f88, nsISupports * 0x00ed3c90) line 1291 +
32 bytes
main(int 0x00000002, char * * 0x00263f88) line 1678 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e987e7()
Assignee | ||
Comment 2•21 years ago
|
||
this looks like a result of my string branch landing...
-> me
this probably results from a missing null-check somewhere. investigating...
Assignee: sspitzer → darin
Assignee | ||
Updated•21 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P1
Target Milestone: --- → mozilla1.7beta
Assignee | ||
Comment 3•21 years ago
|
||
here's a somewhat simplified testcase:
const char *oldName = nsnull;
const char *newName = "user";
nsString acctName = NS_LITERAL_STRING("forums.foo.com");
nsAutoString newAcctName, oldVal, newVal;
oldVal.AssignWithConversion(oldName);
newVal.AssignWithConversion(newName);
newAcctName.Assign(acctName);
newAcctName.ReplaceSubstring(oldVal, newVal);
the ReplaceSubstring call never finishes. it just loops forever. i didn't
observe any crash.
Summary: crash after choosing Server Settings in Mail&Newsgroup Account Settings, click o.k. → hangs/crashes after choosing Server Settings in Mail&Newsgroup Account Settings, click o.k.
Assignee | ||
Comment 4•21 years ago
|
||
-> strings
Component: Account Manager → String
Product: MailNews → Browser
Assignee | ||
Comment 5•21 years ago
|
||
patch + testcase
Assignee | ||
Comment 6•21 years ago
|
||
Comment on attachment 142195 [details] [diff] [review]
v1 patch
i checked with the old nsString2.cpp code, and saw that indeed it would return
early if ReplaceSubstring was called with aTarget equal to the empty string.
it also would returned early if aNewValue was empty, but that makes little
sense to me. what if you wanted to replace a certain substring with an empty
value? that should be supported. this makes that happen.
i also corrected the adjustment of the iteration variable |i| in the
algorithm's loop. i think it is correct for it to resume replacing after the
end of the last replaced substring. previously what it was doing was pretty
bogus.
Attachment #142195 -
Flags: superreview?(dbaron)
Attachment #142195 -
Flags: review?(dbaron)
Attachment #142195 -
Flags: superreview?(dbaron)
Attachment #142195 -
Flags: superreview+
Attachment #142195 -
Flags: review?(dbaron)
Attachment #142195 -
Flags: review+
Assignee | ||
Comment 7•21 years ago
|
||
fixed on trunk
Status: ASSIGNED → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Updated•4 years ago
|
Component: String → XPCOM
You need to log in
before you can comment on or make changes to this bug.
Description
•