Closed Bug 39703 Opened 25 years ago Closed 25 years ago

Crashing releasing a null pointer

Categories

(Core Graveyard :: RDF, defect, P4)

Product:
Core Graveyard
Component:
RDF
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: slogan, Assigned: harishd)

Details

(Keywords: crash, Whiteboard: [NEED INFO])

Maybe the NS_RELEASE should be an NS_RELEASE_IF ?? XULContentSinkImpl::DidBuildModel(XULContentSinkImpl * const 0x04596f20, int 0x00000001) line 556 + 12 bytes CWellFormedDTD::DidBuildModel(CWellFormedDTD * const 0x046e5600, unsigned int 0x00000000, int 0x00000001, nsIParser * 0x04798f20, nsIContentSink * 0x04596f20) line 290 + 20 bytes nsParser::DidBuildModel(unsigned int 0x00000000) line 986 + 60 bytes nsParser::ResumeParse(int 0x00000001, int 0x00000001) line 1466 nsParser::OnStopRequest(nsParser * const 0x04798f28, nsIChannel * 0x044e06e0, nsISupports * 0x00000000, unsigned int 0x804b0002, const unsigned short * 0x00000000) line 1920 + 19 bytes nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x044e5900, nsIChannel * 0x044e06e0, nsISupports * 0x00000000, unsigned int 0x804b0002, const unsigned short * 0x00000000) line 204 nsFileChannel::OnStopRequest(nsFileChannel * const 0x044e06e4, nsIChannel * 0x044e3630, nsISupports * 0x00000000, unsigned int 0x804b0002, const unsigned short * 0x00000000) line 625 + 45 bytes nsOnStopRequestEvent::HandleEvent(nsOnStopRequestEvent * const 0x046e5350) line 307 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x046e50e0) line 97 + 12 bytes PL_HandleEvent(PLEvent * 0x046e50e0) line 575 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x0430db30) line 520 + 9 bytes _md_EventReceiverProc(HWND__ * 0x04dc0322, unsigned int 0x0000c10b, unsigned int 0x00000000, long 0x0430db30) line 1030 + 9 bytes USER32! 77e71268() 0430db30()
This happened when I dismissed an IM pref panel.
Severity: normal → critical
Keywords: nsbeta2
Priority: P3 → P1
Sounds like something a bit weirder is going on...I'll take a look.
Status: NEW → ASSIGNED
Target Milestone: --- → M16
Checking with tester to see if this is still happening with latest builds.
QA Contact: tever → scalkins
Whiteboard: [NEED INFO]
Any news on this one? I'm getting a crash at startup time on OpenVMS, and the footprint is similar. This is with code pulled around last Friday (5/19). Starting mozilla-bin... Profile Manager : Profile Wizard and Manager activites : Begin Profile Manager : Command Line Options : Begin Profile Manager : Command Line Options : End ProfileManager : GetProfileDir ProfileManager : GetProfileDir Profile Manager : Profile Wizard and Manager activites : End WEBSHELL+ = 1 WEBSHELL+ = 2 %SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=000000000000 0000, PC=0000000000C3F458, PS=0000001B %TRACE-F-TRACEBACK, symbolic stack dump follows image module routine LIBRDF NSXULCONTENTSINK DidBuildModel LIBRAPTORHTMLPARS NSWELLFORMEDDTD DidBuildModel LIBRAPTORHTMLPARS NSPARSER ResumeParse LIBRAPTORHTMLPARS NSPARSER OnDataAvailable LIBNECKO NSFILECHANNEL OnDataAvailable LIBNECKO NSASYNCSTREAMLISTENER HandleEvent LIBNECKO NSASYNCSTREAMLISTENER HandlePLEvent LIBXPCOM PLEVENT PL_HandleEvent LIBXPCOM PLEVENT PL_ProcessPendingEvents LIBXPCOM NSEVENTQUEUE ProcessPendingEvents LIBWIDGET_GTK NSAPPSHELL our_gdk_io_invoke LIBGLIB GIOUNIX g_io_unix_dispatch LIBGLIB GMAIN g_main_dispatch LIBGLIB GMAIN g_main_iterate LIBGLIB GMAIN g_main_run LIBGTK GTKMAIN gtk_main LIBWIDGET_GTK NSAPPSHELL Run MOZILLA-BIN NSAPPRUNNER main1 MOZILLA-BIN NSAPPRUNNER main MOZILLA-BIN NSAPPRUNNER __MAIN MOZILLA-BIN PTHREAD$RTL PTHREAD$RTL XML Error in file 'chrome://navigator/content/navigator.xul', Line Number: 38, Col Number: 0, Description: error in processing external entity reference Source Line: %navigatorDTD; The accvio message says that we are trying to access address 0 for read access.
I am not seeing this crash, but here is what appears in navigator.xul around those lines: <!DOCTYPE window [ <!ENTITY % brandDTD SYSTEM "chrome://global/locale/brand.dtd" > %brandDTD; <!ENTITY % navigatorDTD SYSTEM "chrome://navigator/locale/navigator.dtd" > %navigatorDTD; ]> I'm not familiar enough with XML to know what this means, or what an error *about* this means. With respect to the original stack trace, I might as well change http://lxr.mozilla.org/mozilla/source/rdf/content/src/nsXULContentSink.cpp#556 to do NS_IF_RELEASE() just to be defensive. That said, I'm not sure how we'd ever *get* here if the content sink didn't have a parser. harishd, rickg: has the parser changed recently such that the content sink might get a "SetParser(nsnull)" call before getting a "DidBuildModel()" call?
Forget the crash on OpenVMS, that was my fault. I had some "merge conflict" text left in my navigator.dtd file that I let slip through. Sorry!! Mozilla comes up now.
Adding crash keyword
Keywords: crash
This could be mine.
Assignee: waterson → harishd
Status: ASSIGNED → NEW
colin: We should *never* crash, whatever nonsense we have in our data files. Could you file a new bug on that issue?
I filed bug #40452 for the crash the occurs when the dtd file contains badness.
FYI, I changed the NS_RELEASE() to NS_IF_RELEASE() in nsXULContentSink::DidBuildModel().
Thanx, Chris. I'll investigate the problem. Could be due to the new path through which XML/XUL errors are propagated to the sink.
Status: NEW → ASSIGNED
After waterson's fix we shouldn't crash anymore. Removing crash & nsbeta2. Syd, let me know what you think about it.
Keywords: crash, nsbeta2
Adding crash keyword
Keywords: crash
Moving to M17.
Target Milestone: M16 → M17
Does this problem still exist?
Not since I made DidBuildModel() do an NS_IF_RELEASE()....
Lowering the priority..becase it shouldn't crash anymore ( after waterson's fix ).
Priority: P1 → P4
I presume that this is not a problme bug anymore. Marking FIXED.
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Verifying branch (Used case of dismissal of IM prefs panel to verify) Win32 2000-10-25-09MN6 setting vtrunk
Keywords: vtrunk
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.