Closed Bug 48458 Opened 25 years ago Closed 25 years ago

SIGSEGV at 0x40082e0d in nsCStringKey::nsCStringKey () [@ nsCStringKey::nsCStringKey]

Categories

(SeaMonkey :: General, defect, P3)

Product:
SeaMonkey
Component:
General
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: simon.britnell, Assigned: serhunt)

References

(
URL
)

Details

(Keywords: crash, topcrash)

Crash Data

From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux 2.2.12-20 i686; en-US; m18) Gecko/20000810 BuildID: 2000081008 Browser crashes with a SIGSEGV Reproducible: Always Steps to Reproduce: 1.Start Mozilla 2.Browse to http://www.the-prisoner-6.freeserve.co.uk using the location box 3. Click on the covered penny-farthing in the lower left corner of the screen to "enter the site". Actual Results: Browser crashes at same place every time. Expected Results: No crash :) Voluminous gdb output: Document http://www.the-prisoner-6.freeserve.co.uk/ loaded successfully Possible DOM Error: .name, .nodeName or .tagName requested on a namespace elemen t/attribute with the qulaified name 'xul:spring', is this OK? Possible DOM Error: .name, .nodeName or .tagName requested on a namespace elemen t/attribute with the qulaified name 'xul:thumb', is this OK? Possible DOM Error: .name, .nodeName or .tagName requested on a namespace elemen t/attribute with the qulaified name 'xul:slider', is this OK? WEBSHELL+ = 8 WEBSHELL+ = 9 [Switching to Thread 30980 (initial thread)] Program received signal SIGSEGV, Segmentation fault. 0x40082e0d in nsCStringKey::nsCStringKey () from /home/peace/simonb/apps/Mozilla/package/./libxpcom.so (gdb) bt #0 0x40082e0d in nsCStringKey::nsCStringKey () from /home/peace/simonb/apps/Mozilla/package/./libxpcom.so #1 0x40507582 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgkplugin.so #2 0x4050ac6a in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgkplugin.so #3 0x41290a11 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #4 0x4129015b in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #5 0x4128c973 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #6 0x41289a0a in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #7 0x41289724 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #8 0x412895d6 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #9 0x4128c973 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #10 0x4126b36d in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #11 0x4126b1b7 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #12 0x4126b026 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #13 0x4126aeeb in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #14 0x41269c58 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #15 0x4126958a in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #16 0x41268185 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #17 0x4126efa4 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #18 0x4126ec50 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #19 0x4126a911 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #20 0x41269942 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #21 0x4126958a in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #22 0x41268185 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #23 0x4126efa4 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #24 0x4126ec50 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #25 0x4126a911 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #26 0x41269942 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #27 0x4126958a in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #28 0x41268185 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #29 0x41271bf7 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #30 0x4127f59c in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #31 0x41414284 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #32 0x41413c23 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #33 0x41411d38 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #34 0x41401dbc in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #35 0x41411d38 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #36 0x41415895 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #37 0x412aa8f6 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #38 0x412aab25 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #39 0x412aa937 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #40 0x41411d38 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #41 0x41420012 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #42 0x412aa011 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #43 0x41271bf7 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #44 0x412a886b in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #45 0x412807ad in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #46 0x41299fd5 in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #47 0x41299ceb in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libgklayout.so #48 0x400b650b in PL_HandleEvent () from /home/peace/simonb/apps/Mozilla/package/./libxpcom.so #49 0x400b6446 in PL_ProcessPendingEvents () from /home/peace/simonb/apps/Mozilla/package/./libxpcom.so #50 0x400b717d in nsEventQueueImpl::ProcessPendingEvents () from /home/peace/simonb/apps/Mozilla/package/./libxpcom.so #51 0x40fc63bf in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libwidget_gtk.so #52 0x40fc617d in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libwidget_gtk.so #53 0x40687afa in g_io_unix_dispatch (source_data=0x418c4498, current_time=0xbffff92c, user_data=0x418c4470) at giounix.c:135 #54 0x406891b6 in g_main_dispatch (dispatch_time=0xbffff92c) at gmain.c:656 #55 0x40689781 in g_main_iterate (block=1, dispatch=1) at gmain.c:877 #56 0x40689921 in g_main_run () at gmain.c:884 #57 0x405b1919 in gtk_main () at gtkmain.c:807 #58 0x40fc68ac in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libwidget_gtk.so #59 0x403941ba in NSGetModule () from /home/peace/simonb/apps/Mozilla/package/components/libnsappshell.so #60 0x804d437 in JS_PushArguments () #61 0x804d836 in JS_PushArguments () #62 0x4024c1eb in __libc_start_main (main=0x804d72c <JS_PushArguments+10924>, argc=1, argv=0xbffffb44, init=0x804a860 <_init>, fini=0x8052ef0 <_fini>, rtld_fini=0x4000a610 <_dl_fini>, stack_end=0xbffffb3c) at ../sysdeps/generic/libc-start.c:90 (gdb) info threads 7 Thread 30987 0x402c47f1 in __libc_nanosleep () from /lib/libc.so.6 6 Thread 30986 0x402c47f1 in __libc_nanosleep () from /lib/libc.so.6 5 Thread 30985 0x4025258b in __sigsuspend (set=0xbf3ffbd4) at ../sysdeps/unix/sysv/linux/sigsuspend.c:48 4 Thread 30984 0x4025258b in __sigsuspend (set=0xbf5ffbd4) at ../sysdeps/unix/sysv/linux/sigsuspend.c:48 3 Thread 30983 0x402de320 in __poll (fds=0x810e438, nfds=11, timeout=35000) at ../sysdeps/unix/sysv/linux/poll.c:45 * 2 Thread 30980 (initial thread) 0x40082e0d in nsCStringKey::nsCStringKey () from /home/peace/simonb/apps/Mozilla/package/./libxpcom.so 1 Thread 30982 (manager thread) 0x402de320 in __poll (fds=0x811fca0, nfds=1, timeout=2000) at ../sysdeps/unix/sysv/linux/poll.c:45
Confirmed on Linux 2000-08-10-08. warren@netscape.com changed that code last night. See also Bug 48373.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
I'll take a look...
Here's a diff that seems to fix the problem: Index: nsPluginHostImpl.cpp =================================================================== RCS file: /cvsroot/mozilla/modules/plugin/nglsrc/nsPluginHostImpl.cpp,v retrieving revision 1.146 diff -c -r1.146 nsPluginHostImpl.cpp *** nsPluginHostImpl.cpp 2000/08/10 06:19:15 1.146 --- nsPluginHostImpl.cpp 2000/08/10 21:58:47 *************** *** 171,177 **** if (nsnull == mimeTypesSeen) { mimeTypesSeen = new nsHashtable(NS_MIME_TYPES_HASH_NUM); } ! if (nsnull != mimeTypesSeen){ nsCStringKey key(mimeType); // if we've seen this mimetype before if (mimeTypesSeen->Get(&key)) { --- 171,177 ---- if (nsnull == mimeTypesSeen) { mimeTypesSeen = new nsHashtable(NS_MIME_TYPES_HASH_NUM); } ! if (nsnull != mimeTypesSeen && mimeType){ nsCStringKey key(mimeType); // if we've seen this mimetype before if (mimeTypesSeen->Get(&key)) { The problem is that this plugin's file extension is "swf" and nsPluginHostImpl::IsPluginEnabledForExtension returns null for the mimeType. This later gets passed to DisplayNoDefaultPluginDialog and a hashtable string key gets made from it. The new string key implementation can't deal with null key strings so we crash. Although my patch works around the problem, I really don't think IsPluginEnabledForExtension should be returning null. Handing bug off to Andrea for evaluation.
Assignee: asa → av
Keywords: patch
The latest issue could very much be connected to the problem with MimeTypeService when it cannot associate file extension with mime type. There is an nsbeta3+ bug on this owned by mscott. The patch needs to be checked in any way, I'll try to get nsbeta3+ status and do this.
Adding topcrash keyword. This crash [@ nsCStringKey::nsCStringKey] shows up in the latest talkback data. Here is a stack trace (that probably isn't too helpful) and some entries in talkback: nsCStringKey::nsCStringKey() DisplayNoDefaultPluginDialog() nsPluginHostImpl::InstantiateEmbededPlugin() nsObjectFrame::InstantiatePlugin() nsObjectFrame::Reflow() nsLineLayout::ReflowFrame() nsInlineFrame::ReflowInlineFrame() nsInlineFrame::ReflowFrames() nsInlineFrame::Reflow() nsLineLayout::ReflowFrame() nsBlockFrame::ReflowInlineFrame() nsBlockFrame::DoReflowInlineFrames() nsBlockFrame::DoReflowInlineFramesAuto() nsBlockFrame::ReflowInlineFrames() nsBlockFrame::ReflowLine() nsBlockFrame::ReflowDirtyLines() nsBlockFrame::Reflow() nsBlockReflowContext::DoReflowBlock() nsBlockReflowContext::ReflowBlock() nsBlockFrame::ReflowBlockFrame() nsBlockFrame::ReflowLine() nsBlockFrame::ReflowDirtyLines() nsBlockFrame::Reflow() nsContainerFrame::ReflowChild() nsTableCellFrame::Reflow() nsContainerFrame::ReflowChild() nsTableRowFrame::IR_TargetIsChild() nsTableRowFrame::IncrementalReflow() nsTableRowFrame::Reflow() nsContainerFrame::ReflowChild() nsTableRowGroupFrame::IR_TargetIsChild() nsTableRowGroupFrame::IncrementalReflow() nsTableRowGroupFrame::Reflow() nsContainerFrame::ReflowChild() nsTableFrame::IR_TargetIsChild() nsTableFrame::IncrementalReflow() nsTableFrame::Reflow() nsContainerFrame::ReflowChild() nsTableOuterFrame::OuterReflowChild() nsTableOuterFrame::IR_InnerTableReflow() nsTableOuterFrame::IR_TargetIsInnerTableFrame() nsTableOuterFrame::IR_TargetIsChild() nsTableOuterFrame::IncrementalReflow() nsTableOuterFrame::Reflow() nsBlockReflowContext::DoReflowBlock() nsBlockReflowContext::ReflowBlock() nsBlockFrame::ReflowBlockFrame() nsBlockFrame::ReflowLine() nsBlockFrame::ReflowDirtyLines() nsBlockFrame::Reflow() nsBlockReflowContext::DoReflowBlock() nsBlockReflowContext::ReflowBlock() nsBlockFrame::ReflowBlockFrame() nsBlockFrame::ReflowLine() nsBlockFrame::ReflowDirtyLines() nsBlockFrame::Reflow() nsContainerFrame::ReflowChild() CanvasFrame::Reflow() nsBoxToBlockAdaptor::Reflow() nsBoxToBlockAdaptor::DoLayout() nsBox::Layout() nsScrollBoxFrame::DoLayout() nsBox::Layout() nsContainerBox::LayoutChildAt() nsGfxScrollFrameInner::LayoutBox() nsGfxScrollFrameInner::Layout() nsGfxScrollFrame::DoLayout() nsBox::Layout() nsBoxFrame::Reflow() nsGfxScrollFrame::Reflow() nsContainerFrame::ReflowChild() ViewportFrame::Reflow() nsHTMLReflowCommand::Dispatch() PresShell::ProcessReflowCommands() HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() event_processor_callback() our_gdk_io_invoke() libglib-1.2.so.0 + 0xeafa (0x4076aafa) libglib-1.2.so.0 + 0x101b6 (0x4076c1b6) libglib-1.2.so.0 + 0x10781 (0x4076c781) libglib-1.2.so.0 + 0x10921 (0x4076c921) libgtk-1.2.so.0 + 0x8c919 (0x40691919) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x181eb (0x4024c1eb) nsCStringKey::nsCStringKey() fb7fdfaf line Build: 2000081509 CrashDate: 2000-08-16 UptimeMinutes: 0 Total: 66 OS: Linux 2.2.17pre16 URL: www.little-idiot.de crashes the browser Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15833528 nsCStringKey::nsCStringKey() 1d0777a8 line Build: 2000081509 CrashDate: 2000-08-16 UptimeMinutes: 866 Total: 866 OS: Linux 2.4.0-test5 URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15840724 nsCStringKey::nsCStringKey() 1d0777a8 line Build: 2000081509 CrashDate: 2000-08-16 UptimeMinutes: 0 Total: 867 OS: Linux 2.4.0-test5 URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15840831 nsCStringKey::nsCStringKey() fd635675 line Build: 2000081509 CrashDate: 2000-08-16 UptimeMinutes: 297 Total: 363 OS: Linux 2.2.17pre16 URL: macromedias flash-plugin causes trouble Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15855599 nsCStringKey::nsCStringKey() c1c91090 line Build: 2000081509 CrashDate: 2000-08-16 UptimeMinutes: 77 Total: 580 OS: Linux 2.2.12-20 URL: www.techpages.com Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15859375 nsCStringKey::nsCStringKey() c1c91090 line Build: 2000081509 CrashDate: 2000-08-16 UptimeMinutes: 2 Total: 582 OS: Linux 2.2.12-20 URL: www.techpages.com Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15859535 nsCStringKey::nsCStringKey() 029f4260 line Build: 2000081609 CrashDate: 2000-08-17 UptimeMinutes: 161 Total: 173 OS: Linux 2.2.5-15 URL: Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15894867 nsCStringKey::nsCStringKey() 958f0835 line Build: 2000081713 CrashDate: 2000-08-17 UptimeMinutes: 14 Total: 14 OS: Linux 2.2.16 URL: Comment: Loaded gecko test page Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15921184 nsCStringKey::nsCStringKey() 418041b1 line Build: 2000081709 CrashDate: 2000-08-18 UptimeMinutes: 1146 Total: 1146 OS: Linux 2.2.12-20smp URL: http://www.sobao.com/ Comment: popped up when opening a mail message... (forgot to disable js in mail Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=15950389 nsCStringKey::nsCStringKey() d288475c line Build: 2000081509 CrashDate: 2000-08-20 UptimeMinutes: 666 Total: 1249 OS: Linux 2.2.12-20 URL: www.campchaos.com Comment: Stacktrace: http://cyclone/reports/stackcommentemail.cfm?dynamicBBID=16039751
Keywords: topcrash
Summary: SIGSEGV at 0x40082e0d in nsCStringKey::nsCStringKey () → SIGSEGV at 0x40082e0d in nsCStringKey::nsCStringKey () [@ nsCStringKey::nsCStringKey]
The fix is in.
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Product: Browser → Seamonkey
Crash Signature: [@ nsCStringKey::nsCStringKey]
You need to log in before you can comment on or make changes to this bug.