Closed Bug 487888 Opened 15 years ago Closed 15 years ago

Possible crash in nsNativeAppSupportWin::Start()

Categories

(Toolkit :: Startup and Profile System, defect, P1)

Product:
Toolkit
Component:
Startup and Profile System
Platform:
x86_64
Windows Vista
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla1.9.2a1

People

(Reporter: m_kato, Assigned: m_kato)

References

Details

(Keywords: fixed1.9.1)

Attachments

(1 file)

patch v1 [Checkin: Comment 2 & 4]
711 bytes, patch
benjamin
: review+
Details | Diff | Splinter Review 
When I enable page heap to debug heap corruption issue on my private build, the following crash occurs.

0:000> g
(53c.f0c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
MSVCR90!vcwprintf_s+0x7c89:
00000000`6fe4bd99 66443910        cmp     word ptr [rax],r10w ds:00000000`04e1e0
00=????
0:000> k
Child-SP          RetAddr           Call Site
00000000`0014f230 00000000`6fe23341 MSVCR90!vcwprintf_s+0x7c89
00000000`0014f730 000007fe`f25edce0 MSVCR90!snwprintf+0x91
00000000`0014f7b0 000007fe`f25e8a68 xul!nsNativeAppSupportWin::Start+0xac
00000000`0014f820 00000001`3f50140f xul!XRE_main+0x774
00000000`0014fc00 00000001`3f50159a firefox!NS_internal_main+0x1db
00000000`0014fc50 00000001`3f5017a2 firefox!wmain+0x14e
00000000`0014fcc0 00000000`7706495d firefox!operator new[]+0x18a
00000000`0014fcf0 00000000`775c8791 kernel32!BaseThreadInitThunk+0xd
00000000`0014fd20 00000000`00000000 ntdll!RtlUserThreadStart+0x21


Although snwprintf() expects wide characters, this code seems to use ansi characters.  Because gAppData->name is char *.

http://mxr.mozilla.org/mozilla-central/source/toolkit/xre/nsNativeAppSupportWin.cpp#659

NS_IMETHODIMP
nsNativeAppSupportWin::Start( PRBool *aResult ) {
 :
 :
676     ::_snwprintf(mMutexName, sizeof mMutexName / sizeof(PRUnichar), L"%s%s%s", 
677                  MOZ_MUTEX_NAMESPACE, gAppData->name, MOZ_STARTUP_MUTEX_NAME );
Attachment #372168 - Flags: review?(benjamin)
Documentation says name must be ASCII so you could also just change the format string to L"%s%S%s".
Blocks: 476711
Attachment #372168 - Flags: review?(benjamin) → review+
Flags: blocking1.9.1+
Priority: -- → P1
pushed http://hg.mozilla.org/mozilla-central/rev/3b2b06db72af
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment on attachment 372168 [details] [diff] [review]
patch v1
[Checkin: Comment 2 & 4]

Does not apply cleanly to 1.9.1:
{
patching file toolkit/xre/nsNativeAppSupportWin.cpp
Hunk #1 FAILED at 668
1 out of 1 hunks FAILED
}
Keywords: checkin-needed
Whiteboard: [needs 1.9.1 landing]
Target Milestone: --- → mozilla1.9.2a1
Attachment #372168 - Attachment description: patch v1 → patch v1 [Checkin: Comment 2]
Attachment #372168 - Flags: approval1.9.1?
Attachment #372168 - Attachment description: patch v1 [Checkin: Comment 2] → patch v1 [Checkin: Comment 2 & 4]
Attachment #372168 - Flags: approval1.9.1?
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: