If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

textToSubURI.UnEscapeAndConvert("UTF-8", null) causes crash in NS_strdup [@strlen | NS_strdup(char const*) ]

RESOLVED FIXED

Status

()

Core
Internationalization
--
major
RESOLVED FIXED
8 years ago
6 years ago

People

(Reporter: m_kato, Assigned: m_kato)

Tracking

({crash, topcrash})

Trunk
crash, topcrash
Points:
---
Bug Flags:
blocking1.9.2 +

Firefox Tracking Flags

(status1.9.2 beta2-fixed)

Details

(Whiteboard: [#7 trunk (3.7a1) topcrash][#2 3.6b2pre topcrash][#10 3.6b1 topcrash], crash signature)

Attachments

(2 attachments, 1 obsolete attachment)

(Assignee)

Description

8 years ago
- Step
run
var textToSubURI = Components.classes["@mozilla.org/intl/texttosuburi;1"].getService(Components.interfaces.nsITextToSubURI); textToSubURI.UnEscapeAndConvert("UTF-8",null);

- Result
Crash in NS_strdup.

#3  0x00007ff4f5722fa5 in nsProfileLock::FatalSignalHandler (signo=11)
    at nsProfileLock.cpp:216
#4  <signal handler called>
#5  NS_strdup (aString=0x0) at nsCRTGlue.cpp:145
#6  0x00007ff4e2984093 in nsTextToSubURI::UnEscapeAndConvert (
    this=<value optimized out>, charset=0x17c0460 "UTF-8", text=0x0, 
    _retval=0xffffffffffffffff)
    at /home/makoto/Development/mozilla-hg/mozilla-central/intl/uconv/src/nsTextToSubURI.cpp:126
#7  0x00007ff4f47d015e in NS_InvokeByIndex_P (that=0x2aca8a0, methodIndex=4, 
    paramCount=<value optimized out>, params=0x7fffc3a8cc00)
    at /home/makoto/Development/mozilla-hg/mozilla-central/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_x86_64_unix.cpp:208
#8  0x00007ff4dd2b7d0f in XPCWrappedNative::CallMethod (ccx=..., 
    mode=<value optimized out>)

This crash seems to be sbumitted as long as I check crash-stats.

http://crash-stats.mozilla.com/report/list?product=Firefox&version=Firefox%3A3.7a1pre&platform=windows&query_search=signature&query_type=exact&query=&date=&range_value=1&range_unit=weeks&do_query=1&signature=strlen%20|%20NS_strdup%28char%20const*%29
(Assignee)

Comment 1

8 years ago
Created attachment 406900 [details] [diff] [review]
patch v1
Attachment #406900 - Flags: review?(smontagu)
Attachment #406900 - Flags: review?(smontagu) → review+
(Assignee)

Comment 2

8 years ago
also, this can repro on 3.6b2pre

http://crash-stats.mozilla.com/report/index/bp-cae0b0de-8029-44aa-9fc9-8e5672091018
Severity: normal → major
OS: Linux → All

Comment 3

8 years ago
do you really want to throw an exception?
(Assignee)

Comment 4

8 years ago
(In reply to comment #3)
> do you really want to throw an exception?

Parameter is invalid, so I think it should throw it.  Should we return null instead?
(Assignee)

Comment 5

8 years ago
Humm, until 1.9.1, UnEscapeAndConvert(charset, null) returns empty string instead of error or null.  I wil attach new patch...
(Assignee)

Comment 6

8 years ago
Created attachment 407234 [details] [diff] [review]
patch v2
(Assignee)

Comment 7

8 years ago
Created attachment 407235 [details] [diff] [review]
patch v2.1
Attachment #407234 - Attachment is obsolete: true
(Assignee)

Comment 8

8 years ago
Comment on attachment 407235 [details] [diff] [review]
patch v2.1

modify patch after timeless comment.
Attachment #407235 - Flags: review?(smontagu)
Keywords: crash, topcrash
Summary: textToSubURI.UnEscapeAndConvert("UTF-8", null) causes crash in NS_strdup → textToSubURI.UnEscapeAndConvert("UTF-8", null) causes crash in NS_strdup [@strlen | NS_strdup(char const*) ]
Whiteboard: [#7 trunk (3.7a1) topcrash]
Attachment #407235 - Flags: review?(smontagu) → review+
(Assignee)

Comment 9

8 years ago
landed
http://hg.mozilla.org/mozilla-central/rev/89692081b401
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
(Assignee)

Updated

8 years ago
Attachment #407235 - Flags: approval1.9.2?
Comment on attachment 407235 [details] [diff] [review]
patch v2.1

a1.9.2=dbaron
Attachment #407235 - Flags: approval1.9.2? → approval1.9.2+
Flags: blocking1.9.2+
Whiteboard: [#7 trunk (3.7a1) topcrash] → [#7 trunk (3.7a1) topcrash][#2 3.6b2pre topcrash][#10 3.6b1 topcrash]
(Assignee)

Comment 11

8 years ago
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/02c55001a64a
status1.9.2: --- → final-fixed
Crash Signature: [@strlen | NS_strdup(char const*) ]
You need to log in before you can comment on or make changes to this bug.