Closed Bug 342533 Opened 19 years ago Closed 18 years ago

crash loading any MathML page [@ nsSubstring::AssignASCII]

Categories

(Core :: MathML, defect)

Product:
Core
Component:
MathML
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: steve.swanson, Assigned: rbs)

References

(
URL
)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files)

use a different nsFont constructor in InitGlobals()
1.05 KB, patch
Details | Diff | Splinter Review
Alternative fix
602 bytes, patch
Biesinger
: review-
Details | Diff | Splinter Review 
This was caused by the checkin for bug 341954.

Try to open a MathML document.  If you're running a debug build, you'll get an ASSERT.  The next step will be a crash.

	msvcr71d.dll!strlen()  Line 78	Asm
 	xpcom_core.dll!nsSubstring::AssignASCII(const char * data=0x00000000)  Line 343 + 0x9	C++
 	gkgfx.dll!nsFont::nsFont(const char * aName=0x00000000, unsigned char aStyle=0, unsigned char aVariant=0, unsigned short aWeight=0, unsigned char aDecoration=0, int aSize=0, float aSizeAdjust=0.00000000)  Line 50	C++
 	gklayout.dll!InitGlobals(nsPresContext * aPresContext=0x03f48fe8)  Line 1195	C++
 	gklayout.dll!nsMathMLChar::SetData(nsPresContext * aPresContext=0x03f48fe8, nsString & aData={...})  Line 1307 + 0x9	C++
 	gklayout.dll!nsMathMLmoFrame::ProcessTextData(nsPresContext * aPresContext=0x03f48fe8)  Line 234	C++
 	gklayout.dll!nsMathMLTokenFrame::SetInitialChildList(nsIAtom * aListName=0x00000000, nsIFrame * aChildList=0x0411d83c)  Line 124	C++
 	gklayout.dll!nsCSSFrameConstructor::ConstructMathMLFrame(nsFrameConstructorState & aState={...}, nsIContent * aContent=0x040e49b0, nsIFrame * aParentFrame=0x0411d414, nsIAtom * aTag=0x01dd59a0, int aNameSpaceID=7, nsStyleContext * aStyleContext=0x0411d490, nsFrameItems & aFrameItems={...}, int aHasPseudoParent=0)  Line 7323	C++
 	gklayout.dll!nsCSSFrameConstructor::ConstructFrameInternal(nsFrameConstructorState & aState={...}, nsIContent * aContent=0x040e49b0, nsIFrame * aParentFrame=0x0411d414, nsIAtom * aTag=0x01dd59a0, int aNameSpaceID=7, nsStyleContext * aStyleContext=0x0411d490, nsFrameItems & aFrameItems={...}, int aXBLBaseTag=0)  Line 8093 + 0x30	C++
    etc.

Although you could wallpaper the call to AssignASCII(), it might be better to just fix the code in InitGlobals().
One line change to nsMathMLChar.cpp
Product: Mozilla Application Suite → Core
Component: General → MathML
Assignee: general → rbs
QA Contact: general → ian
Summary: crash loading any MathML page → crash loading any MathML page [@ nsSubstring::AssignASCII]
Attachment #226797 - Flags: review?(rbs)
*** Bug 343782 has been marked as a duplicate of this bug. ***
Attached patch Alternative fixSplinter Review 
FWIW, this is how I fixed this, when I came across this bug.
Comment on attachment 228470 [details] [diff] [review]
Alternative fix

if you want such a fix then you need to fix the assertion
Attachment #228470 - Flags: review-
Happens on Mac too, with a clean profile.
Severity: normal → blocker
Flags: blocking1.9a1?
Keywords: crash
OS: Windows XP → All
Hardware: PC → All
-  nsFont font(nsnull, 0, 0, 0, 0, 0);
+  nsFont font;


Simply change nsnull to "" -- which will keep things identical as before.
Comment on attachment 226797 [details] [diff] [review]
use a different nsFont constructor in InitGlobals()

Updated patch (with "") checked in.
Attachment #226797 - Flags: review?(rbs)
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED
Verified FIXED; no crash with build 2006-07-21-08 of SeaMonkey trunk under Windows XP on http://www.mozilla.org/projects/mathml/start.xhtml
Status: RESOLVED → VERIFIED
*** Bug 343209 has been marked as a duplicate of this bug. ***
Flags: blocking1.9a1?
Crash Signature: [@ nsSubstring::AssignASCII]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: