Last Comment Bug 334464 - Firefox abort when entering chars in form field on HP-UX
: Firefox abort when entering chars in form field on HP-UX
Status: RESOLVED FIXED
: crash, fixed1.8.1, regression, verified1.8.0.4
Product: Toolkit
Classification: Components
Component: Form Manager (show other bugs)
: unspecified
: HP HP-UX
: -- critical (vote)
: ---
Assigned To: Mark Mentovai
:
:
Mentors:
: 334844 (view as bug list)
Depends on:
Blocks: 328982
  Show dependency treegraph
 
Reported: 2006-04-18 02:34 PDT by Stefan Blobner
Modified: 2008-07-31 04:30 PDT (History)
6 users (show)
darin.moz: blocking1.8.0.4+
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Backtrace (2.45 KB, text/plain)
2006-04-20 03:25 PDT, Jens Hatlak (:InvisibleSmiley)
no flags Details
Patch (1.26 KB, patch)
2006-04-24 11:57 PDT, Mark Mentovai
darin.moz: review+
Details | Diff | Splinter Review
Patch, with nsAutoString& (1.43 KB, patch)
2006-04-24 16:29 PDT, Mark Mentovai
bryner: approval‑branch‑1.8.1+
dveditz: approval1.8.0.4+
Details | Diff | Splinter Review

Description Stefan Blobner 2006-04-18 02:34:04 PDT
User-Agent:       Mozilla/5.0 (X11; U; HP-UX 9000/785; en-US; rv:1.8) Gecko/20051201 Firefox/1.5
Build Identifier: Mozilla/5.0 (X11; U; HP-UX 9000/785; en-US; rv:1.8.0.2) Gecko/20060418 Firefox/1.5.0.2

I just compiled and started Firefox 1.5.0.2 on HP-UX. as soon as I enter the first character into a field on a form or into the search box, the browser aborts. the URL address line seems to work ok.

this behaviour is clearly reproducable on my environment. I can easily do any extra tests if you need this for troubleshooting.

Reproducible: Always

Steps to Reproduce:
1. start firefox
2. enter one character into the search box
3. firefox disappears
Comment 1 Jens Hatlak (:InvisibleSmiley) 2006-04-18 13:11:22 PDT
I also see this on Sparc/Solaris, self-compiled Firefox 1.5.0.2 using GTK2 and XFT. Happens with fresh profile and safe mode. This bug was not present with Firefox 1.5 (same settings).
Comment 2 Jens Hatlak (:InvisibleSmiley) 2006-04-18 15:07:29 PDT
Trying to open Edit > Preferences results in a Bus Error, too. Again, this does not happen with Firefox 1.5.
Comment 3 Jens Hatlak (:InvisibleSmiley) 2006-04-19 00:23:18 PDT
Further investigation shows that Edit > Preferences > Privacy is the culprit, which happened to be selected the last time I used Firefox 1.5 (Preference tab selection is remembered).

Reporter, can you confirm that Firefox 1.5.0.2 also crashes on your platform in that case?
Comment 4 Stefan Blobner 2006-04-19 02:04:04 PDT
Also on HP-UX Firefox aborts when trying to open the Edit > Preferences > Privacy tab.
Comment 5 Nick Thomas [:nthomas] 2006-04-19 02:59:44 PDT
Can you work out which of the privacy tabs is the culprit ? Does it matter ?
This could be a 64-bit platform problem ?

There is nothing obvious to cause this in the unofficial changelog
 http://www.squarefree.com/burningedge/releases/1.5.0.2.html
but some of the security bugs are still closed.
Comment 6 Jens Hatlak (:InvisibleSmiley) 2006-04-19 03:19:19 PDT
(In reply to comment #5)
> Can you work out which of the privacy tabs is the culprit ? Does it matter ?

At least it doesn't seem to matter which is selected. But since this bug is also about crashing when typing into a form input field, maybe it's Saved Forms.

> This could be a 64-bit platform problem ?

Don't know, I'm not even sure I'm building 64-bit.

I'm currently building a debug build but it will take some hours.
Comment 7 Jens Hatlak (:InvisibleSmiley) 2006-04-20 03:25:32 PDT
Created attachment 219135 [details]
Backtrace

As it seems, the problem is located in form history code.
Comment 8 Mark Mentovai 2006-04-24 08:21:32 PDT
*** Bug 334844 has been marked as a duplicate of this bug. ***
Comment 9 Mark Mentovai 2006-04-24 08:27:57 PDT
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/toolkit/components/satchel/src/nsFormHistory.cpp&rev=1.30&mark=941-942#935

Needs 2-byte terminating NULs when initializing strings this way.  Probably better to init with an explicit length.
Comment 10 Mark Mentovai 2006-04-24 11:57:25 PDT
Created attachment 219631 [details] [diff] [review]
Patch

Can you guys experiencing the crash give this patch a try?
Comment 11 Darin Fisher 2006-04-24 13:33:38 PDT
Comment on attachment 219631 [details] [diff] [review]
Patch

>Index: mozilla/toolkit/components/satchel/src/nsFormHistory.cpp
...
>+  nsAutoString bigEndianByteOrder((PRUnichar*)"BBBB", 2);
>+  nsAutoString littleEndianByteOrder((PRUnichar*)"llll", 2);
> #ifdef IS_BIG_ENDIAN
>   nsAutoString nativeByteOrder(bigEndianByteOrder);
> #else
>   nsAutoString nativeByteOrder(littleEndianByteOrder);
> #endif

Can you change nativeByteOrder to be a reference type instead?

    nsAutoString &nativeByteOrder(bigEndianByteOrder);

That way you avoid an additional string copy.  r=darin
Comment 12 Mark Mentovai 2006-04-24 16:29:23 PDT
Created attachment 219681 [details] [diff] [review]
Patch, with nsAutoString&
Comment 13 Mark Mentovai 2006-04-24 16:31:33 PDT
Fixed on trunk.
Comment 14 Daniel Veditz [:dveditz] 2006-04-24 16:50:46 PDT
Comment on attachment 219681 [details] [diff] [review]
Patch, with nsAutoString&

approved for 1.8.0 branch, a=dveditz for drivers.
Comment 15 Stefan Blobner 2006-04-24 23:38:27 PDT
the patch fixed the issue on HP-UX.
Comment 16 Jens Hatlak (:InvisibleSmiley) 2006-04-25 01:53:29 PDT
Also confirming fixed for Sparc/Solaris (with the first patch, but I guess that's OK).
Comment 17 Mark Mentovai 2006-04-25 11:28:16 PDT
Fixed on MOZILLA_1_8_BRANCH   for 1.8.0.3
     and MOZILLA_1_8_0_BRANCH for 1.8.1[a2]
Comment 18 Mark Mentovai 2006-04-25 14:21:29 PDT
Comment on attachment 219681 [details] [diff] [review]
Patch, with nsAutoString&

I made nativeByteOrder a non-reference on the 1.8.0 branch because it turned the 1.8.0 tinderbox red.  VC98?
Comment 19 Dave Liebreich [:davel] 2006-05-22 10:36:57 PDT
verified on 180 branch - patch was checked in on the branch, and win/linux/mac builds work.
Comment 20 Matthew (lilmatt) Willis 2006-06-13 14:11:18 PDT
The reference piece of this is causing Sunbird's Windows tinderbox to burn.

#build hasn't gotten that compiler upgraded, so we're backing out the reference on trunk (like was done on 1.8.0 and 1.8)

r=mento in irc

Note You need to log in before you can comment on or make changes to this bug.