332140 - When I type "j�" SeaMonkey crashes (munmap_chunk(): invalid pointer: 0x01ed26aa)

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, defect)

Description

[Dawid Gajownik]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060315 SeaMonkey/1.5a
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060329 SeaMonkey/1.5a

When I try to type "jêzyki" in address field, SeaMonkey crashes on "ê" character:

[rpm-build@X ~]$ /usr/local/seamonkey/seamonkey
*** glibc detected *** /usr/local/seamonkey/seamonkey-bin: munmap_chunk(): invalid pointer: 0x01ed26aa ***
======= Backtrace: =========
/lib/libc.so.6(__libc_free+0x17b)[0xe3351f]
/usr/local/seamonkey/libnspr4.so(PR_Free+0x38)[0x4cdfd8]
/usr/local/seamonkey/libxpcom_core.so(NS_Free_P+0x1f)[0xca78af]
/usr/local/seamonkey/components/libgklayout.so[0x1c61aa2]
/usr/local/seamonkey/components/libgklayout.so[0x1c3aea1]
/usr/local/seamonkey/components/libgklayout.so[0x1c3b2a0]
/usr/local/seamonkey/components/libgklayout.so[0x1c3b0b3]
/usr/local/seamonkey/components/libgklayout.so[0x1c6305d]
/usr/local/seamonkey/components/libeditor.so[0x795f7ec]
/usr/local/seamonkey/components/libtxmgr.so[0x2aaf5ee]
/usr/local/seamonkey/components/libtxmgr.so[0x2ab1dfd]
/usr/local/seamonkey/components/libtxmgr.so[0x2ab0992]
/usr/local/seamonkey/components/libeditor.so[0x7949dfa]
/usr/local/seamonkey/components/libeditor.so[0x794e0b2]
/usr/local/seamonkey/components/libeditor.so[0x794de57]
/usr/local/seamonkey/components/libeditor.so[0x7941ee5]
/usr/local/seamonkey/components/libeditor.so[0x794102b]
/usr/local/seamonkey/components/libeditor.so[0x793cfff]
/usr/local/seamonkey/components/libeditor.so[0x793bd73]
/usr/local/seamonkey/components/libeditor.so[0x793bc33]
/usr/local/seamonkey/components/libeditor.so[0x794430f]
/usr/local/seamonkey/components/libgklayout.so[0x1c6847b]
/usr/local/seamonkey/components/libgklayout.so[0x1c6b5bc]
/usr/local/seamonkey/components/libgklayout.so[0x1c869b5]
/usr/local/seamonkey/components/libgklayout.so[0x1c86c89]
/usr/local/seamonkey/components/libgklayout.so[0x1c86d99]
/usr/local/seamonkey/components/libgklayout.so[0x1c86b67]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c86af8]
/usr/local/seamonkey/components/libgklayout.so[0x1c8703a]
/usr/local/seamonkey/components/libgklayout.so[0x1aaaf93]
/usr/local/seamonkey/components/libgklayout.so[0x1aaa8a1]
/usr/local/seamonkey/components/libgklayout.so[0x1da214d]
/usr/local/seamonkey/components/libgklayout.so[0x1da1ac4]
/usr/local/seamonkey/components/libgklayout.so[0x1d9a5f6]
/usr/local/seamonkey/components/libwidget_gtk2.so[0x1ef3e4c]
/usr/local/seamonkey/components/libwidget_gtk2.so[0x1eea93b]
/usr/local/seamonkey/components/libwidget_gtk2.so[0x1eef4f3]
/usr/lib/libgtk-x11-2.0.so.0[0x2384de]
/usr/lib/libgobject-2.0.so.0(g_closure_invoke+0x11d)[0x581f6d]
/usr/lib/libgobject-2.0.so.0[0x592a3d]
/usr/lib/libgobject-2.0.so.0(g_signal_emit_valist+0x68f)[0x593d0f]
/usr/lib/libgobject-2.0.so.0(g_signal_emit+0x29)[0x594109]
/usr/lib/libgtk-x11-2.0.so.0[0x323028]
/usr/lib/libgtk-x11-2.0.so.0(gtk_propagate_event+0x19a)[0x231eda]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main_do_event+0x317)[0x233117]
/usr/lib/libgdk-x11-2.0.so.0[0x52f93a]
/usr/lib/libglib-2.0.so.0(g_main_context_dispatch+0x16d)[0x5dd09d]
/usr/lib/libglib-2.0.so.0[0x5e032f]
/usr/lib/libglib-2.0.so.0(g_main_loop_run+0x1a9)[0x5e06d9]
/usr/lib/libgtk-x11-2.0.so.0(gtk_main+0xb4)[0x233594]
/usr/local/seamonkey/components/libwidget_gtk2.so[0x1ef1e26]
/usr/local/seamonkey/components/libappcomps.so[0x66c8104]
======= Memory map: ========
00111000-00113000 r-xp 00000000 03:05 1718741    /lib/libdl-2.4.so
00113000-00114000 r-xp 00001000 03:05 1718741    /lib/libdl-2.4.so
00114000-00115000 rwxp 00002000 03:05 1718741    /lib/libdl-2.4.so
00115000-00432000 r-xp 00000000 03:05 80944      /usr/lib/libgtk-x11-2.0.so.0.800.15
00432000-/usr/local/seamonkey/run-mozilla.sh: line 131:  8235 Przerwane               "$prog" ${1+"$@"}
[rpm-build@X ~]$

Reproducible: Always

Steps to Reproduce:
1. Get this build → "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060329 SeaMonkey/1.5a"
2. Type "jê" in address field.



"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a1) Gecko/20060315 SeaMonkey/1.5a" works fine.

Comment 1

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

I just fixed this with a checkin to nsTextFragment.cpp.

Comment 2

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

*** Bug 332184 has been marked as a duplicate of this bug. ***

Comment 3

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Attachment: patch

Here's the patch: I got verbal review from sicking and bzbarsky.

The ! removal fixes the crash; the mInHeap initializations fix leaks in the same code.

Comment 4

[Dawid Gajownik]

Thanks!