Closed Bug 322351 Opened 19 years ago Closed 19 years ago

mozISpellCheckingEngine.check crashes if word is misspelled [@ mozMySpell::Check]

Categories

(Core :: Spelling checker, defect)

Product:
Core
Component:
Spelling checker
Version:
1.8 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: poolfish666, Assigned: timeless)

Details

(4 keywords)

Crash Data

Attachments

(1 file, 1 obsolete file)

testcase
569 bytes, text/html
Details
User-Agent: Opera/8.51 (X11; Linux i686; U; en) Build Identifier: 1.5 RC2 var spellchecker = Components.classes['@mozilla.org/spellchecker/myspell;1'].createInstance(Components.interfaces.mozISpellCheckingEngine); spellchecker.dictionary = 'en-US'; spellchecker.check("test"); // works: gives "true" spellchecker.check("tast"); // crashes. should give "false" Reproducible: Always
Attached file testcase
Confirmed with a 2005-12-22 trunk SeaMonkey build (it doesn't crash Firefox, because it doesn't have the spellchecking library). This testcase needs to be downloaded locally to get the crash. Talkback ID: TB13570531X
strange, i remember having a problem like this and fixing it, although i can't remember if i fixed it in cvs. your stack btw is useless. try again w/ a newer build?
Component: Message Compose Window → Spelling checker
Product: Thunderbird → Core
QA Contact: spelling-checker
Version: unspecified → 1.8 Branch
Stacktrace for trunk (cut off, more frames really don't make sense here): myspell.dll!mozMySpell::Check(const unsigned short * aWord=0x0a0bd0d8, int * aResult=0x0012b8e4) Line 317 + 0x25 bytes C++ xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x06ab6f40, unsigned int methodIndex=13, unsigned int paramCount=2, nsXPTCVariant * params=0x0012b8d4) Line 102 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2152 + 0x2b bytes C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x07d7fcd8, JSObject * obj=0x073c9e90, unsigned int argc=1, long * argv=0x098d7f68, long * vp=0x0012bba8) Line 1444 + 0xe bytes C++ js3250.dll!js_Invoke(JSContext * cx=0x07d7fcd8, unsigned int argc=1, unsigned int flags=0) Line 1229 + 0x17 bytes C js3250.dll!js_Interpret(JSContext * cx=0x07d7fcd8, unsigned char * pc=0x07567dc7, long * result=0x0012c5a8) Line 3778 + 0xf bytes C js3250.dll!js_Execute(JSContext * cx=0x07d7fcd8, JSObject * chain=0x0941bc30, JSScript * script=0x07567d60, JSStackFrame * down=0x00000000, unsigned int flags=0, long * result=0x0012c6b0) Line 1479 + 0x13 bytes C js3250.dll!JS_EvaluateUCScriptForPrincipals(JSContext * cx=0x07d7fcd8, JSObject * obj=0x0941bc30, JSPrincipals * principals=0x010aba3c, const unsigned short * chars=0x09b16030, unsigned int length=203, const char * filename=0x06e0d328, unsigned int lineno=1, long * rval=0x0012c6b0) Line 4102 + 0x19 bytes C gklayout.dll!nsJSContext::EvaluateString(const nsAString_internal & aScript={...}, void * aScopeObject=0x0941bc30, nsIPrincipal * aPrincipal=0x010aba38, const char * aURL=0x06e0d328, unsigned int aLineNo=1, const char * aVersion=0x00000000, nsAString_internal * aRetValue=0x0012c994, int * aIsUndefined=0x0012c930) Line 1074 + 0x43 bytes C++ gklayout.dll!nsJSThunk::EvaluateScript(nsIChannel * aChannel=0x09c297b0) Line 285 + 0x5a bytes C++ gklayout.dll!nsJSChannel::InternalOpen(int aIsAsync=1, nsIStreamListener * aListener=0x09d89090, nsISupports * aContext=0x00000000, nsIInputStream * * aResult=0x00000000) Line 538 + 0x1e bytes C++ gklayout.dll!nsJSChannel::AsyncOpen(nsIStreamListener * aListener=0x09d89090, nsISupports * aContext=0x00000000) Line 510 C++ docshell.dll!nsURILoader::OpenURI(nsIChannel * channel=0x07b66768, int aIsContentPreferred=0, nsIInterfaceRequestor * aWindowContext=0x07d7f268) Line 881 + 0x17 bytes C++ docshell.dll!nsDocShell::DoChannelLoad(nsIChannel * aChannel=0x07b66768, nsIURILoader * aURILoader=0x0259d7a0) Line 7011 + 0x3f bytes C++ docshell.dll!nsDocShell::DoURILoad(nsIURI * aURI=0x0765bec8, nsIURI * aReferrerURI=0x00000000, int aSendReferrer=1, nsISupports * aOwner=0x010aba38, const char * aTypeHint=0x00000000, nsIInputStream * aPostData=0x00000000, nsIInputStream * aHeadersData=0x00000000, int aFirstParty=0, nsIDocShell * * aDocShell=0x00000000, nsIRequest * * aRequest=0x0012cdfc) Line 6863 + 0x23 bytes C++ docshell.dll!nsDocShell::InternalLoad(nsIURI * aURI=0x0765bec8, nsIURI * aReferrer=0x00000000, nsISupports * aOwner=0x010aba38, unsigned int aFlags=0, const unsigned short * aWindowTarget=0x06eaee50, const char * aTypeHint=0x00000000, nsIInputStream * aPostData=0x00000000, nsIInputStream * aHeadersData=0x00000000, unsigned int aLoadType=1, nsISHEntry * aSHEntry=0x00000000, int aFirstParty=0, nsIDocShell * * aDocShell=0x00000000, nsIRequest * * aRequest=0x00000000) Line 6636 + 0x61 bytes C++ docshell.dll!nsDocShell::LoadURI(nsIURI * aURI=0x0765bec8, nsIDocShellLoadInfo * aLoadInfo=0x09d78d48, unsigned int aLoadFlags=0, int aFirstParty=0) Line 798 + 0x54 bytes C++ gklayout.dll!nsFrameLoader::LoadURI(nsIURI * aURI=0x0765bec8) Line 183 + 0x2b bytes C++ gklayout.dll!nsFrameLoader::LoadFrame() Line 116 + 0x15 bytes C++ gklayout.dll!nsSubDocumentFrame::ReloadURL() Line 764 C++ gklayout.dll!nsSubDocumentFrame::AttributeChanged(int aNameSpaceID=0, nsIAtom * aAttribute=0x00fe4b38, int aModType=1) Line 461 C++ gklayout.dll!nsCSSFrameConstructor::AttributeChanged(nsIContent * aContent=0x095dc8f0, int aNameSpaceID=0, nsIAtom * aAttribute=0x00fe4b38, int aModType=1) Line 10568 + 0x1b bytes C++ gklayout.dll!PresShell::AttributeChanged(nsIDocument * aDocument=0x0940b198, nsIContent * aContent=0x095dc8f0, int aNameSpaceID=0, nsIAtom * aAttribute=0x00fe4b38, int aModType=1) Line 5112 C++ gklayout.dll!nsXULDocument::AttributeChanged(nsIContent * aElement=0x095dc8f0, int aNameSpaceID=0, nsIAtom * aAttribute=0x00fe4b38, int aModType=1) Line 1066 C++ gklayout.dll!nsGenericElement::SetAttrAndNotify(int aNamespaceID=0, nsIAtom * aName=0x00fe4b38, nsIAtom * aPrefix=0x00000000, const nsAString_internal & aOldValue={...}, nsAttrValue & aParsedValue={...}, int aModification=1, int aFireMutation=0, int aNotify=1) Line 4137 C++ gklayout.dll!nsGenericElement::SetAttr(int aNamespaceID=0, nsIAtom * aName=0x00fe4b38, nsIAtom * aPrefix=0x00000000, const nsAString_internal & aValue={...}, int aNotify=1) Line 4053 + 0x37 bytes C++ gklayout.dll!nsGenericElement::SetAttribute(const nsAString_internal & aName={...}, const nsAString_internal & aValue={...}) Line 1485 C++ gklayout.dll!nsXULElement::SetAttribute(const nsAString_internal & name={...}, const nsAString_internal & value={...}) Line 541 + 0x14 bytes C++ xpcom_core.dll!XPTC_InvokeByIndex(nsISupports * that=0x095dc90c, unsigned int methodIndex=30, unsigned int paramCount=2, nsXPTCVariant * params=0x0012d928) Line 102 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2152 + 0x2b bytes C++ xpc3250.dll!XPC_WN_CallMethod(JSContext * cx=0x0963bfc8, JSObject * obj=0x07a94fa8, unsigned int argc=2, long * argv=0x09767118, long * vp=0x0012dbfc) Line 1444 + 0xe bytes C++ js3250.dll!js_Invoke(JSContext * cx=0x0963bfc8, unsigned int argc=2, unsigned int flags=0) Line 1229 + 0x17 bytes C js3250.dll!js_Interpret(JSContext * cx=0x0963bfc8, unsigned char * pc=0x05e6eade, long * result=0x0012e6bc) Line 3778 + 0xf bytes C js3250.dll!js_Invoke(JSContext * cx=0x0963bfc8, unsigned int argc=1, unsigned int flags=2) Line 1253 + 0x13 bytes C js3250.dll!js_InternalInvoke(JSContext * cx=0x0963bfc8, JSObject * obj=0x07a94870, long fval=121413656, unsigned int flags=0, unsigned int argc=1, long * argv=0x0012e8b8, long * rval=0x0012e8b4) Line 1330 + 0x14 bytes C js3250.dll!JS_CallFunctionValue(JSContext * cx=0x0963bfc8, JSObject * obj=0x07a94870, long fval=121413656, unsigned int argc=1, long * argv=0x0012e8b8, long * rval=0x0012e8b4) Line 4157 + 0x1f bytes C gklayout.dll!nsJSContext::CallEventHandler(JSObject * aTarget=0x07a94870, JSObject * aHandler=0x073ca018, unsigned int argc=1, long * argv=0x0012e8b8, long * rval=0x0012e8b4) Line 1424 + 0x21 bytes C++ gklayout.dll!nsJSEventListener::HandleEvent(nsIDOMEvent * aEvent=0x06df1f48) Line 186 + 0x36 bytes C++ gklayout.dll!nsEventListenerManager::HandleEventSubType(nsListenerStruct * aListenerStruct=0x095dbf60, nsIDOMEventListener * aListener=0x095dbeb0, nsIDOMEvent * aDOMEvent=0x06df1f48, nsIDOMEventTarget * aCurrentTarget=0x079b6420, unsigned int aSubType=4, unsigned int aPhaseFlags=2) Line 1684 + 0x10 bytes C++ gklayout.dll!nsEventListenerManager::HandleEvent(nsPresContext * aPresContext=0x078bd138, nsEvent * aEvent=0x0012f788, nsIDOMEvent * * aDOMEvent=0x0012efb0, nsIDOMEventTarget * aCurrentTarget=0x079b6420, unsigned int aFlags=2, nsEventStatus * aEventStatus=0x0012f55c) Line 1791 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext * aPresContext=0x078bd138, nsEvent * aEvent=0x0012f788, nsIDOMEvent * * aDOMEvent=0x0012efb0, unsigned int aFlags=2, nsEventStatus * aEventStatus=0x0012f55c) Line 1865 C++ gklayout.dll!nsXULElement::HandleDOMEvent(nsPresContext * aPresContext=0x078bd138, nsEvent * aEvent=0x0012f788, nsIDOMEvent * * aDOMEvent=0x0012efb0, unsigned int aFlags=2, nsEventStatus * aEventStatus=0x0012f55c) Line 1884 + 0x39 bytes C++ gklayout.dll!nsGenericElement::HandleDOMEvent(nsPresContext * aPresContext=0x078bd138, nsEvent * aEvent=0x0012f788, nsIDOMEvent * * aDOMEvent=0x0012efb0, unsigned int aFlags=7, nsEventStatus * aEventStatus=0x0012f55c) Line 2222 + 0x39 bytes C++ gklayout.dll!nsHTMLInputElement::HandleDOMEvent(nsPresContext * aPresContext=0x078bd138, nsEvent * aEvent=0x0012f788, nsIDOMEvent * * aDOMEvent=0x00000000, unsigned int aFlags=1, nsEventStatus * aEventStatus=0x0012f55c) Line 1359 + 0x1f bytes C++ gklayout.dll!PresShell::HandleEventInternal(nsEvent * aEvent=0x0012f788, nsIView * aView=0x078be520, unsigned int aFlags=1, nsEventStatus * aStatus=0x0012f55c) Line 6027 + 0x31 bytes C++ gklayout.dll!PresShell::HandleEvent(nsIView * aView=0x078be520, nsGUIEvent * aEvent=0x0012f788, nsEventStatus * aEventStatus=0x0012f55c, int aForceHandle=1, int & aHandled=1) Line 5863 + 0x19 bytes C++ gklayout.dll!nsViewManager::HandleEvent(nsView * aView=0x078be520, nsPoint aPoint={...}, nsGUIEvent * aEvent=0x0012f788, int aCaptured=0) Line 2504 C++ gklayout.dll!nsViewManager::DispatchEvent(nsGUIEvent * aEvent=0x0012f788, nsEventStatus * aStatus=0x0012f6d8) Line 2237 + 0x25 bytes C++ gklayout.dll!HandleEvent(nsGUIEvent * aEvent=0x0012f788) Line 176 C++
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash, testcase
Summary: mozISpellCheckingEngine.check crashes if word is misspelled → mozISpellCheckingEngine.check crashes if word is misspelled [@ mozMySpell::Check]
Attached patch doh (obsolete) — Splinter Review
thanks. i really do think i've had this fixed before, oh well.
Assignee: mscott → timeless
Status: NEW → ASSIGNED
Attachment #207588 - Flags: superreview?(bzbarsky)
Attachment #207588 - Flags: review?(bzbarsky)
Comment on attachment 207588 [details] [diff] [review] doh sr=bzbarsky, but I'm not a peer for this module.
Attachment #207588 - Flags: superreview?(bzbarsky)
Attachment #207588 - Flags: superreview+
Attachment #207588 - Flags: review?(mscott)
Attachment #207588 - Flags: review?(bzbarsky)
Attachment #207588 - Flags: review?(mscott) → review+
(In reply to comment #4) > thanks. i really do think i've had this fixed before, oh well. > I believe that was bug 252681
Comment on attachment 207588 [details] [diff] [review] doh mozilla/extensions/spellcheck/myspell/src/mozMySpell.cpp 1.12
Attachment #207588 - Attachment is obsolete: true
thanks rob... grumble...
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment on attachment 207588 [details] [diff] [review] doh simply null check crash fix
Attachment #207588 - Flags: approval1.8.1?
Attachment #207588 - Flags: approval1.8.0.1?
Attachment #207588 - Flags: approval1.8.0.1? → approval1.8.0.1-
Comment on attachment 207588 [details] [diff] [review] doh I believe I landed this null check with my fix to Bug 307052 on the branch already. But you can double check that.
Attachment #207588 - Flags: approval1.8.1? → approval1.8.1+
verified fixed for 1.8.1.3 using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.3) Gecko/20070326 Thunderbird/2.0.0.0 ID:2007032620 (Thunderbird 2 RC1) after some tests with the spell checker. Also testcase don`t crash on Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9a4pre) Gecko/2007032904 Minefield/3.0a4pre
Keywords: verified1.8.1.3
Crash Signature: [@ mozMySpell::Check]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: