Closed Bug 293307 Opened 15 years ago Closed 15 years ago

violation of c++ aliasing rules in imgCacheValidator::OnStartRequest() causing crash if compiled with gcc 4.0

Categories

(Core :: ImageLib, defect)

x86
Linux
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: belyshev, Assigned: timeless)

Details

Attachments

(1 file, 2 obsolete files)

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; ru-RU; rv:1.7.7) Gecko/20050507 Firefox/1.0.3 (Debian package 1.0.3-2-gcc40)
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; ru-RU; rv:1.7.7) Gecko/20050507 Firefox/1.0.3 (Debian package 1.0.3-2-gcc40)

If mozilla compiled with gcc version 4.0.0 and above it crashes in
imgRequest::NotifyProxyListener() every time hitting reload button.

The problem is in function imgCacheValidator::OnStartRequest() at
modules/libpr0n/src/imgLoader.cpp. Here is part of relevant code:

NS_IMETHODIMP imgCacheValidator::OnStartRequest(nsIRequest *aRequest,
nsISupports *ctxt)
{
...
      for (PRInt32 i = count-1; i>=0; i--) {
        imgRequestProxy *proxy;
        mProxies.GetElementAt(i, (nsISupports**)&proxy);
        mRequest->NotifyProxyListener(proxy);
        NS_RELEASE(proxy);
      }
...

This problem is essentially same as described in
https://bugzilla.mozilla.org/show_bug.cgi?id=212082#c7

(and note: this was previously reported as gcc problem
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=21450 but was rejected as invalid).

Reproducible: Always

Steps to Reproduce:
(these steps apply to amd64-linux platform).
1. get current snapshot of gcc 4.0
ftp://gcc.gnu.org/pub/gcc/snapshots/4.0-20050507/ , build it.
2. build mozilla with it
3. goto www.google.com and hit 'reload'
Assignee: darin → pavlov
Component: Networking: Cache → ImageLib
QA Contact: networking.cache
Attached patch use nsCOMArray (obsolete) — Splinter Review
Assignee: pavlov → timeless
Status: UNCONFIRMED → ASSIGNED
Attachment #184548 - Flags: superreview?(alecf)
Attachment #184548 - Flags: review?(pavlov)
Attachment #184548 - Flags: review?(pavlov) → review+
Comment on attachment 184548 [details] [diff] [review]
use nsCOMArray

sr=dveditz
Attachment #184548 - Flags: superreview?(alecf) → superreview+
Attachment #184548 - Flags: approval1.8b3?
Attached file backtrace
something wrong with this patch, here the backtrace of segfault when hitting
'reload' button. (mozilla was compiled with gcc 3.4.4 -O0 --enable-debug).
Attachment #184548 - Attachment is obsolete: true
Attachment #184548 - Flags: approval1.8b3?
Attachment #185003 - Flags: superreview?(roc) → superreview+
Attachment #185003 - Flags: approval1.8b3?
Comment on attachment 185003 [details] [diff] [review]
supportsarray addrefed on get, comarray doesn't, so the code shouldn't release a reference it doesn't own - oops

a=shaver
Attachment #185003 - Flags: approval1.8b3? → approval1.8b3+
Comment on attachment 185003 [details] [diff] [review]
supportsarray addrefed on get, comarray doesn't, so the code shouldn't release a reference it doesn't own - oops

mozilla/modules/libpr0n/src/imgLoader.cpp	1.88
mozilla/modules/libpr0n/src/imgLoader.h 	1.13
Attachment #185003 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
QA Contact: belyshev
I think the bug is a little bit more general.

Firefox crashes not only hitting F5 button (and not with CONTROL F5).
It crashes too in some particular pages and with the "GO BACK" button:

1.Go to www.nytimes.com
2.Click on Technology link (left menu)
3.Go back with top-menu arrow

At least in Ubuntu Breezy 64-bit
(In reply to comment #7)
> I think the bug is a little bit more general.
[snip]
> At least in Ubuntu Breezy 64-bit

IIUC, this parcticular bug is not yet fixed in latest breezy's firefox package
(1.0.6-1ubuntu3). Also, recently were found two evil aliasing bugs in gcc-4.0 
( http://gcc.gnu.org/bugzilla/show_bug.cgi?id=22591 and
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23192 ) and I think it is worth
waiting until fixes for those bugs propagated to debian&ubuntu's gcc packages
(which is not happened yet) before trying to use mozilla compiled with gcc-4.0 .
You need to log in before you can comment on or make changes to this bug.