Closed Bug 270075 Opened 21 years ago Closed 21 years ago

crash [@ nsFtpState::StopProcessing]

Categories

(Core Graveyard :: Networking: FTP, defect)

Product:
Core Graveyard
Component:
Networking: FTP
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: darin.moz, Assigned: darin.moz)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

v1 patch
2.13 KB, patch
Biesinger
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review
Looks like this crash is occuring on many of the tinderboxen. This stack trace is from the Linux "balsa" tinderbox: nsProfileLock::FatalSignalHandler(int)+0x00000146 [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libprofile.so +0x0002C954] UNKNOWN [/lib/i686/libpthread.so.0 +0x000098D5] UNKNOWN [/lib/i686/libc.so.6 +0x0002E848] nsFtpState::StopProcessing()+0x0000034F [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so +0x0011A409] nsFtpState::Process()+0x0000025C [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so +0x00114698] UNKNOWN [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so +0x00113DBF] UNKNOWN [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so +0x0011DD09] nsInputStreamPump::OnStateTransfer()+0x0000027A [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so +0x00081E00] UNKNOWN [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libnecko.so +0x000819B0] nsInputStreamReadyEvent::EventHandler(PLEvent*)+0x00000071 [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so +0x000C4CAB] PL_HandleEvent+0x00000055 [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so +0x000E8359] PL_ProcessEventsBeforeID+0x00000156 [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so +0x000E8A78] processQueue(void*, void*)+0x00000030 [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so +0x00029882] nsVoidArray::EnumerateForwards(int (*)(void*, void*), void*)+0x00000052 [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/libxpcom_core.so +0x0009EC9A] nsAppShell::ProcessBeforeID(unsigned long)+0x0000003A [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so +0x000298C8] handle_gdk_event(_GdkEvent*, void*)+0x000005FA [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so +0x00037724] UNKNOWN [/usr/lib/libgdk-1.2.so.0 +0x00017D7F] UNKNOWN [/usr/lib/libglib-1.2.so.0 +0x00011773] UNKNOWN [/usr/lib/libglib-1.2.so.0 +0x00011D39] g_main_run+0x0000008C [/usr/lib/libglib-1.2.so.0 +0x00011EEC] gtk_main+0x000000D3 [/usr/lib/libgtk-1.2.so.0 +0x00094333] UNKNOWN [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libwidget_gtk.so +0x0002950E] UNKNOWN [/builds/tinderbox/SeaMonkey-gcc3.4/Linux_2.4.7-10_Depend/mozilla/obj/dist/bin/components/libappcomps.so +0x000E818C] UNKNOWN [mozilla-bin +0x000106DF] main+0x00000375 [mozilla-bin +0x0001154D] __libc_start_main+0x00000093 [/lib/i686/libc.so.6 +0x0001C507] Must be a regression from my patch for bug 261083.
Attached patch v1 patchSplinter Review
simple fix. mListener->OnDataAvailable can cause nsFtpControlConnection:: SetStreamListener(nsnull) to be called, and that may release the last reference to mListener. mListener is actually an nsFtpState instance. The fix is to AddRef mListener before calling any of its methods, and then Release the extra reference when done (using a nsCOMPtr on the stack). This is consistent with the old code that used to step inside a mutex to get a reference to mListener. That mutex was unnecessary since this code is only ever used on the main thread, but removing the mutex had the side-effect of removing the extra pair of AddRef and Release calls necessary to avoid crashing.
Attachment #166055 - Flags: review?(cbiesinger)
Comment on attachment 166055 [details] [diff] [review] v1 patch sr=bzbarsky for when biesi reviews.
Attachment #166055 - Flags: superreview+
Attachment #166055 - Flags: review?(cbiesinger) → review+
fixed-on-trunk
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Summary: crash @[nsFtpState::StopProcessing()] → crash [@ nsFtpState::StopProcessing]
Crash Signature: [@ nsFtpState::StopProcessing]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: