crash freeing memory when iterating through xpconnect newsgroup stuff

VERIFIED FIXED in M14

Status

MailNews Core
Backend
P3
normal
VERIFIED FIXED
19 years ago
10 years ago

People

(Reporter: cbegle, Assigned: (not reading, please use seth@sspitzer.org instead))

Tracking

Trunk
x86
Windows NT

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

19 years ago
BuildID: 2000012008
Platform: NT4.0

I have a script that iterates through all the mail/news XPConnect classes, and 
tries to figure out all the interfaces that each class implements.  The first 
time I run the script with the build above, some asserts are thrown but it 
complets okay.  The second time I run the script, Mozilla crashes.

Stack trace below; I'll attach the script.

_free_dbg_lk(void * 0xcdcdcdcd, int 1) line 1017 + 3 bytes
_free_dbg(void * 0xcdcdcdcd, int 1) line 970 + 13 bytes
free(void * 0xcdcdcdcd) line 926 + 11 bytes
PR_Free(void * 0xcdcdcdcd) line 66 + 10 bytes
nsNNTPNewsgroupList::CleanUp(nsNNTPNewsgroupList * const 0x03830ec0) line 154 + 
22 bytes
nsNNTPNewsgroupList::~nsNNTPNewsgroupList() line 101
nsNNTPNewsgroupList::`scalar deleting destructor'(unsigned int 1) + 15 bytes
nsNNTPNewsgroupList::Release(nsNNTPNewsgroupList * const 0x03830ec0) line 103 + 
131 bytes
nsXPCWrappedNative::~nsXPCWrappedNative() line 392 + 27 bytes
nsXPCWrappedNative::`scalar deleting destructor'(unsigned int 1) + 15 bytes
nsXPCWrappedNative::Release(nsXPCWrappedNative * const 0x03830040) line 70 + 31 
bytes
nsXPCWrappedNative::JSObjectFinalized(JSContext * 0x01fdd400, JSObject * 
0x02461a58) line 95
WrappedNative_Finalize(JSContext * 0x01fdd400, JSObject * 0x02461a58) line 648
js_FinalizeObject(JSContext * 0x01fdd400, JSObject * 0x02461a58) line 1381 + 114 
bytes
js_GC(JSContext * 0x01fdd400) line 891 + 11 bytes
js_ForceGC(JSContext * 0x01fdd400) line 678 + 9 bytes
JS_GC(JSContext * 0x01fdd400) line 1165 + 9 bytes
nsJSContext::GC(nsJSContext * const 0x01fd8030) line 747 + 13 bytes
nsJSContext::ScriptEvaluated(nsJSContext * const 0x01fd8030) line 767
nsJSContext::CallEventHandler(nsJSContext * const 0x01fd8030, void * 0x00dd2f30, 
void * 0x00dd2f38, unsigned int 1, void * 0x0012c22c, int * 0x0012c228) line 572
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x03619624) line 128 + 57 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x024ce3f0, 
nsIDOMEvent * 0x03619624, unsigned int 16) line 640 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x01fdf1a0, nsEvent * 
0x0012c830, nsIDOMEvent * * 0x0012c720, unsigned int 7, nsEventStatus * 
0x0012c778) line 1399 + 31 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x024ce520, nsIPresContext * 
0x01fdf1a0, nsEvent * 0x0012c830, nsIDOMEvent * * 0x0012c720, unsigned int 1, 
nsEventStatus * 0x0012c778) line 2795
nsXULElement::ExecuteJSCode(nsIDOMElement * 0x024ce534, nsEvent * 0x0012c830) 
line 3198
nsXULElement::ExecuteOnBroadcastHandler(nsIDOMElement * 0x024ce854, const 
nsString & {...}) line 3124 + 21 bytes
nsXULElement::SetAttribute(nsXULElement * const 0x02244b10, int 0, nsIAtom * 
0x01982a80, const nsString & {...}, int 1) line 2333
nsXULElement::SetAttribute(nsXULElement * const 0x02244b24, const nsString & 
{...}, const nsString & {...}) line 1147 + 35 bytes
setAttribute(nsIWebShell * 0x01973a00, const char * 0x02813bb0, const char * 
0x02813ba4, const nsString & {...}) line 1356 + 46 bytes
nsBrowserInstance::OnStartDocumentLoad(nsBrowserInstance * const 0x027044d4, 
nsIDocumentLoader * 0x0265f7c0, nsIURI * 0x0361ccc0, const char * 0x100772d0 
gCommonEmptyBuffer) line 1443 + 29 bytes
nsWebShell::OnStartDocumentLoad(nsWebShell * const 0x0265fce0, nsIDocumentLoader 
* 0x0265f7c0, nsIURI * 0x0361ccc0, const char * 0x100772d0 gCommonEmptyBuffer) 
line 3074
nsDocLoaderImpl::FireOnStartDocumentLoad(nsDocLoaderImpl * 0x0265f7c0, nsIURI * 
0x0361ccc0) line 762
nsDocLoaderImpl::OnStartRequest(nsDocLoaderImpl * const 0x0265f7c4, nsIChannel * 
0x0361cad0, nsISupports * 0x00000000) line 627
nsLoadGroup::AddChannel(nsLoadGroup * const 0x0265f760, nsIChannel * 0x0361cad0, 
nsISupports * 0x00000000) line 451 + 34 bytes
nsFileChannel::AsyncRead(nsFileChannel * const 0x0361cad0, unsigned int 0, int 
-1, nsISupports * 0x00000000, nsIStreamListener * 0x0361c180) line 305 + 32 
bytes
nsDocumentOpenInfo::Open(nsIChannel * 0x0361cad0, int 0, const char * 
0x00000000, nsISupports * 0x0265fcd0, nsISupports * 0x0265f760, nsISupports * * 
0x0012d1f4) line 171 + 22 bytes
nsURILoader::OpenURIVia(nsURILoader * const 0x01665cf0, nsIChannel * 0x0361cad0, 
int 0, const char * 0x00000000, nsISupports * 0x0265fcd0, nsISupports * 
0x0265f760, nsISupports * * 0x0012d1f4, unsigned int 0) line 432 + 32 bytes
nsURILoader::OpenURI(nsURILoader * const 0x01665cf0, nsIChannel * 0x0361cad0, 
int 0, const char * 0x00000000, nsISupports * 0x0265fcd0, nsISupports * 
0x0265f760, nsISupports * * 0x0012d1f4) line 406
nsDocLoaderImpl::LoadDocument(nsDocLoaderImpl * const 0x0265f7c0, nsIURI * 
0x0361ccc0, const char * 0x003907dc, nsISupports * 0x0265fcd0, nsIInputStream * 
0x00000000, nsISupports * 0x00000000, unsigned int 0, const unsigned int 0, 
const unsigned short * 0x00000000) line 384 + 90 bytes
nsWebShell::DoLoadURL(nsIURI * 0x0361ccc0, const char * 0x003907dc, 
nsIInputStream * 0x00000000, unsigned int 0, const unsigned int 0, const 
unsigned short * 0x00000000, int 1) line 1715 + 101 bytes
nsWebShell::LoadURI(nsWebShell * const 0x0265fcd0, nsIURI * 0x0361ccc0, const 
char * 0x003907dc, nsIInputStream * 0x00000000, int 0, unsigned int 0, const 
unsigned int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000) 
line 1987 + 40 bytes
nsWebShell::LoadURL(nsWebShell * const 0x0265fcd0, const unsigned short * 
0x0361c1e0, const char * 0x003907dc, nsIInputStream * 0x00000000, int 0, 
unsigned int 0, const unsigned int 0, nsISupports * 0x00000000, const unsigned 
short * 0x00000000) line 2218 + 52 bytes
nsWebShell::LoadURL(nsWebShell * const 0x0265fcd0, const unsigned short * 
0x0361c1e0, nsIInputStream * 0x00000000, int 0, unsigned int 0, const unsigned 
int 0, nsISupports * 0x00000000, const unsigned short * 0x00000000) line 1523
nsHistoryEntry::Load(nsIWebShell * 0x0265fcd0, int 1) line 555
nsSessionHistory::Goto(nsSessionHistory * const 0x027043f0, int 1, nsIWebShell * 
0x0265fcd0, int 1) line 1145 + 16 bytes
nsSessionHistory::Reload(nsSessionHistory * const 0x027043f0, nsIWebShell * 
0x0265fcd0, unsigned int 0) line 1163
nsBrowserInstance::Reload(nsBrowserInstance * const 0x027044dc, nsIWebShell * 
0x0265fcd0, unsigned int 0) line 1820 + 26 bytes
nsBrowserInstance::Reload(nsBrowserInstance * const 0x027044d0, unsigned int 0) 
line 307
XPTC_InvokeByIndex(nsISupports * 0x027044d0, unsigned int 5, unsigned int 1, 
nsXPTCVariant * 0x0012de34) line 139
nsXPCWrappedNativeClass::CallWrappedMethod(JSContext * 0x01fdd400, 
nsXPCWrappedNative * 0x027056f0, const XPCNativeMemberDescriptor * 0x02705bac, 
nsXPCWrappedNativeClass::CallMode CALL_METHOD, unsigned int 1, long * 
0x0241092c, long * 0x0012dfec) line 904 + 43 bytes
WrappedNative_CallMethod(JSContext * 0x01fdd400, JSObject * 0x00dd2db0, unsigned 
int 1, long * 0x0241092c, long * 0x0012dfec) line 191 + 34 bytes
js_Invoke(JSContext * 0x01fdd400, unsigned int 1, unsigned int 0) line 666 + 26 
bytes
js_Interpret(JSContext * 0x01fdd400, long * 0x0012e868) line 2262 + 15 bytes
js_Invoke(JSContext * 0x01fdd400, unsigned int 1, unsigned int 0) line 682 + 13 
bytes
js_Interpret(JSContext * 0x01fdd400, long * 0x0012f0a0) line 2262 + 15 bytes
js_Invoke(JSContext * 0x01fdd400, unsigned int 1, unsigned int 2) line 682 + 13 
bytes
js_InternalInvoke(JSContext * 0x01fdd400, JSObject * 0x0240aeb0, long 37793464, 
unsigned int 0, unsigned int 1, long * 0x0012f228, long * 0x0012f1d4) line 759 + 
19 bytes
JS_CallFunctionValue(JSContext * 0x01fdd400, JSObject * 0x0240aeb0, long 
37793464, unsigned int 1, long * 0x0012f228, long * 0x0012f1d4) line 2771 + 31 
bytes
nsJSContext::CallEventHandler(nsJSContext * const 0x01fd8030, void * 0x0240aeb0, 
void * 0x0240aeb8, unsigned int 1, void * 0x0012f228, int * 0x0012f224) line 564 
+ 33 bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x0361db14) line 128 + 57 bytes
nsEventListenerManager::HandleEventSubType(nsListenerStruct * 0x024ce920, 
nsIDOMEvent * 0x0361db14, unsigned int 8) line 640 + 19 bytes
nsEventListenerManager::HandleEvent(nsIPresContext * 0x01fdf1a0, nsEvent * 
0x0012f74c, nsIDOMEvent * * 0x0012f71c, unsigned int 7, nsEventStatus * 
0x0012f78c) line 1399 + 31 bytes
nsXULElement::HandleDOMEvent(nsXULElement * const 0x024cef90, nsIPresContext * 
0x01fdf1a0, nsEvent * 0x0012f74c, nsIDOMEvent * * 0x0012f71c, unsigned int 1, 
nsEventStatus * 0x0012f78c) line 2795
nsTitledButtonFrame::MouseClicked(nsIPresContext * 0x01fdf1a0) line 1282
nsTitledButtonFrame::HandleEvent(nsTitledButtonFrame * const 0x00e1256c, 
nsIPresContext * 0x01fdf1a0, nsGUIEvent * 0x0012f7d4, nsEventStatus * 
0x0012fa78) line 1214
nsEventStateManager::CheckForAndDispatchClick(nsEventStateManager * const 
0x02621690, nsIPresContext * 0x01fdf1a0, nsMouseEvent * 0x0012fb6c, 
nsEventStatus * 0x0012fa78) line 1577 + 30 bytes
nsEventStateManager::PostHandleEvent(nsEventStateManager * const 0x02621690, 
nsIPresContext * 0x01fdf1a0, nsGUIEvent * 0x0012fb6c, nsIFrame * 0x00e1256c, 
nsEventStatus * 0x0012fa78, nsIView * 0x0202fe40) line 783 + 24 bytes
PresShell::HandleEvent(PresShell * const 0x0202f934, nsIView * 0x0202fe40, 
nsGUIEvent * 0x0012fb6c, nsEventStatus * 0x0012fa78) line 2763 + 43 bytes
nsView::HandleEvent(nsView * const 0x0202fe40, nsGUIEvent * 0x0012fb6c, unsigned 
int 28, nsEventStatus * 0x0012fa78, int & 0) line 841
nsViewManager2::DispatchEvent(nsViewManager2 * const 0x0202ff70, nsGUIEvent * 
0x0012fb6c, nsEventStatus * 0x0012fa78) line 1002
HandleEvent(nsGUIEvent * 0x0012fb6c) line 69
nsWindow::DispatchEvent(nsWindow * const 0x0202fd14, nsGUIEvent * 0x0012fb6c, 
nsEventStatus & nsEventStatus_eIgnore) line 502 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fb6c) line 523
nsWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 3465 + 
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 
3683
nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 4259955, long * 
0x0012fdcc) line 2755 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x046703fe, unsigned int 514, unsigned int 0, long 
4259955) line 689 + 27 bytes
USER32! 77e71268()
00410073()
(Reporter)

Comment 1

19 years ago
Created attachment 4510 [details]
Test case script that will reproduce the crash.
I'll take this one.
Assignee: phil → sspitzer
fix in hand.  I forgot to initialize m_groupName
Status: NEW → ASSIGNED
Target Milestone: M14
fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED

Comment 5

19 years ago
verified 2-21-2000.  the script still crashes if you reload, but it's in RDF 
stuff and will file another bug for that.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.