Closed
Bug 336593
Opened 18 years ago
Closed 18 years ago
Firefox crashes when it starts [@ PL_FinishArenaPool | nsZipArchive::CloseArchive]
Categories
(Core :: Networking, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: JasnaPaka, Assigned: alfredkayser)
References
Details
(Keywords: crash, regression, topcrash)
Crash Data
Attachments
(2 files)
37.22 KB,
text/plain
|
Details | |
1.09 KB,
patch
|
darin.moz
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060503 Minefield/3.0a1 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a1) Gecko/20060503 Minefield/3.0a1 Firefox Trunk, clean profile Reproducible: Sometimes Steps to Reproduce: 1. Start Firefox with blank homepage (about:blank). Actual Results: Firefox sometimes crashes. Looks like that default search engine isn't selected before crash. Talkback's ids: TB18287258E, TB18287246Q, TB18287237M, TB18287235Y, TB18286978M
Updated•18 years ago
|
Summary: Firefox crashes when it starts → Firefox crashes when it starts [@ PL_FinishArenaPool]
Comment 1•18 years ago
|
||
I got startup crashes with ntt 1.0 installed and enabled, here's a stack going through gc and PL_FinishArenaPool. see also http://forums.mozillazine.org/viewtopic.php?t=412336&start=60
FreeArenaList PL_FinishArenaPool nsZipArchive::CloseArchive nsJAR::Close nsJAR::~nsJAR My guess is that nsJAR::Close is being called (it's an nsimethod, so it's possible) earlier. unfortunately, the mArena doesn't seem to be put into some "i'm dead" state to avoid being double freed.
Group: security
Component: General → Networking
Product: Firefox → Core
QA Contact: general → networking
Version: unspecified → Trunk
Comment 3•18 years ago
|
||
-> alfred... probably fallout from his libjar changes
Assignee: nobody → alfredkayser
Assignee | ||
Comment 4•18 years ago
|
||
Simple patch to prevent doing PL_FinishArenaPool(&mArena); when mArena is not initalised...
Attachment #220893 -
Flags: review?(darin)
Assignee | ||
Comment 5•18 years ago
|
||
Note, bug 334616 allready reported on this issue from 2006-04-19, so this bug is not caused by my bug 214672 patch (it may have become more clear/obvious/sensitive...).
Comment 6•18 years ago
|
||
Comment on attachment 220893 [details] [diff] [review] Patch to fix mArena crash in CloseArchive r=darin
Attachment #220893 -
Flags: review?(darin) → review+
Comment 7•18 years ago
|
||
fixed-on-trunk
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Comment 8•18 years ago
|
||
Does this bug need to be kept security-sensitive?
Comment 9•18 years ago
|
||
Assuming this bug only existed in trunk nightlies, I don't think it needs to be security-sensitive.
Keywords: regression,
topcrash
Comment 10•18 years ago
|
||
i wasn't sure when it was introduced, and since i've generally been calling out double frees and such and people complain when i don't tag them, especially for things like jar: which is something that should be pokable from the web. i felt it was better safe than sorry. i don't personally care if someone removes the flag, but that someone should be sure there's no harm in removing it :) -- given that it's 2am, that someone won't be me.
Comment 11•18 years ago
|
||
*** Bug 336654 has been marked as a duplicate of this bug. ***
No longer blocks: 336654
Comment 12•18 years ago
|
||
*** Bug 334616 has been marked as a duplicate of this bug. ***
Comment 13•18 years ago
|
||
So this is trunk only, and now fixed for almost a week? And only a potential problem to start? I don't think it needs the security group flag any more. Thanks for the caution while it was a live bug.
Group: security
Comment 14•18 years ago
|
||
*** Bug 336367 has been marked as a duplicate of this bug. ***
Assignee | ||
Updated•15 years ago
|
Status: RESOLVED → VERIFIED
Comment 15•14 years ago
|
||
just came across this crash signature PL_FinishArenaPool the other day. it was with some firefox 4beta on windows. dont have the exact information any more, but when i search for the stacksignature its obvious that this bug, that reads verfied-fixed is far from it. there are plenty of crashes over the recent years all with different firefox versions up til the recent ffx 4beta4 http://crash-stats.mozilla.com/query/query?product=Firefox&version=ALL%3AALL&range_value=1&range_unit=weeks&date=08%2F18%2F2010+17%3A46%3A03&query_search=signature&query_type=exact&query=PL_FinishArenaPool&build_id=&process_type=any&hang_type=any&do_query=1 http://crash-stats.mozilla.com/report/list?product=Firefox&query_search=signature&query_type=exact&query=PL_FinishArenaPool&date=08%2F18%2F2010%2017%3A46%3A03&range_value=1&range_unit=weeks&hang_type=any&process_type=any&plugin_field=&plugin_query_type=&plugin_query=&do_query=1&admin=&signature=PL_FinishArenaPool this bug cannot be fixed if my reasoning is correct, and/or the reason for this bug must be still in the code maybe in other places and/or combinations. thanks and regards.
Summary: Firefox crashes when it starts [@ PL_FinishArenaPool] → Firefox crashes when it starts [@ PL_FinishArenaPool | nsZipArchive::CloseArchive]
Comment 16•14 years ago
|
||
abittner: PL_FinishArenaPool is like free(), the caller matters.
Updated•13 years ago
|
Crash Signature: [@ PL_FinishArenaPool | nsZipArchive::CloseArchive]
You need to log in
before you can comment on or make changes to this bug.
Description
•