Closed Bug 270075 Opened 20 years ago Closed 20 years ago

crash [@ nsFtpState::StopProcessing]

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: darin.moz, Assigned: darin.moz)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

v1 patch
2.13 KB, patch
Biesinger
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
Looks like this crash is occuring on many of the tinderboxen.  This stack trace
is from the Linux "balsa" tinderbox:

  nsProfileLock::FatalSignalHandler(int)+0x00000146
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libprofile.so
+0x0002C954]
  UNKNOWN [/lib/i686/libpthread.so.0 +0x000098D5]
  UNKNOWN [/lib/i686/libc.so.6 +0x0002E848]
  nsFtpState::StopProcessing()+0x0000034F
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so
+0x0011A409]
  nsFtpState::Process()+0x0000025C
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so
+0x00114698]
  UNKNOWN
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so
+0x00113DBF]
  UNKNOWN
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so
+0x0011DD09]
  nsInputStreamPump::OnStateTransfer()+0x0000027A
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so
+0x00081E00]
  UNKNOWN
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so
+0x000819B0]
  nsInputStreamReadyEvent::EventHandler(PLEvent*)+0x00000071
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so
+0x000C4CAB]
  PL_HandleEvent+0x00000055
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so
+0x000E8359]
  PL_ProcessEventsBeforeID+0x00000156
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so
+0x000E8A78]
  processQueue(void*, void*)+0x00000030
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so
+0x00029882]
  nsVoidArray::EnumerateForwards(int (*)(void*, void*), void*)+0x00000052
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so
+0x0009EC9A]
  nsAppShell::ProcessBeforeID(unsigned long)+0x0000003A
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so
+0x000298C8]
  handle_gdk_event(_GdkEvent*, void*)+0x000005FA
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so
+0x00037724]
  UNKNOWN [/usr/lib/libgdk-1.2.so.0 +0x00017D7F]
  UNKNOWN [/usr/lib/libglib-1.2.so.0 +0x00011773]
  UNKNOWN [/usr/lib/libglib-1.2.so.0 +0x00011D39]
  g_main_run+0x0000008C [/usr/lib/libglib-1.2.so.0 +0x00011EEC]
  gtk_main+0x000000D3 [/usr/lib/libgtk-1.2.so.0 +0x00094333]
  UNKNOWN
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so
+0x0002950E]
  UNKNOWN
[/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libappcomps.so
+0x000E818C]
  UNKNOWN [mozilla-bin +0x000106DF]
  main+0x00000375 [mozilla-bin +0x0001154D]
  __libc_start_main+0x00000093 [/lib/i686/libc.so.6 +0x0001C507]

Must be a regression from my patch for bug 261083.
Attached patch v1 patchSplinter Review 
simple fix.  mListener->OnDataAvailable can cause nsFtpControlConnection::
SetStreamListener(nsnull) to be called, and that may release the last reference
to mListener.  mListener is actually an nsFtpState instance.

The fix is to AddRef mListener before calling any of its methods, and then
Release the extra reference when done (using a nsCOMPtr on the stack).	This is
consistent with the old code that used to step inside a mutex to get a
reference to mListener.  That mutex was unnecessary since this code is only
ever used on the main thread, but removing the mutex had the side-effect of
removing the extra pair of AddRef and Release calls necessary to avoid
crashing.
Attachment #166055 - Flags: review?(cbiesinger)
Comment on attachment 166055 [details] [diff] [review]
v1 patch

sr=bzbarsky for when biesi reviews.
Attachment #166055 - Flags: superreview+
Attachment #166055 - Flags: review?(cbiesinger) → review+
fixed-on-trunk
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Summary: crash @[nsFtpState::StopProcessing()] → crash [@ nsFtpState::StopProcessing]
Crash Signature: [@ nsFtpState::StopProcessing]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: