The default bug view has changed. See this FAQ.

SwitchProxy triggers a Firefox crash in [@ PL_DHashTableOperate] PREF_PrefIsLocked

VERIFIED FIXED in mozilla1.9.3a2

Status

()

Core
Preferences: Backend
--
critical
VERIFIED FIXED
7 years ago
6 years ago

People

(Reporter: glandium, Assigned: glandium)

Tracking

({crash, verified1.9.2})

1.9.1 Branch
mozilla1.9.3a2
x86_64
Linux
crash, verified1.9.2
Points:
---

Firefox Tracking Flags

(status1.9.2 .2-fixed, status1.9.1 .9-fixed)

Details

(crash signature)

Attachments

(1 attachment)

(Assignee)

Description

7 years ago
Created attachment 418513 [details] [diff] [review]
patch

This bug was reported on Debian, but also was reported independently on opensolaris ( http://defect.opensolaris.org/bz/show_bug.cgi?id=12968 )

When SwitchProxy is installed, a crash occurs with the following stack trace:
#6  0x00007f073b2e5dd1 in PL_DHashTableOperate (table=0x7f073baf6510, key=0x7f073b3901aa, op=PL_DHASH_LOOKUP) at pldhash.c:599
#7  0x00007f073ac3d851 in pref_HashTableLookup (key=0x7f073b3901aa) at prefapi.cpp:681
#8  0x00007f073ac3d871 in PREF_PrefIsLocked (pref_name=0x7f073baf6510 "") at prefapi.cpp:799
#9  0x00007f073ac3b24e in nsPrefBranch::GetComplexValue (this=0x7f072b658100, aPrefName=0x7f073b3901aa "intl.charset.default", aType=..., _retval=0x7fffe680a850) at nsPrefBranch.cpp:249
#10 0x00007f073addbb2f in nsContentUtils::GetLocalizedStringPref (aPref=0x7f073b3901aa "intl.charset.default") at nsContentUtils.cpp:2568
#11 0x00007f073acb3b4a in DocumentViewerImpl::GetDefaultCharacterSet (this=0x7f072304d220, aDefaultCharacterSet=...) at nsDocumentViewer.cpp:2890
#12 0x00007f073b0d87df in nsDocShell::SetupNewViewer (this=0x7f07206a3800, aNewViewer=0x7f071607b040) at nsDocShell.cpp:6608
#13 0x00007f073b0df308 in nsDocShell::Embed (this=0x7f07206a3800, aContentViewer=0x7f071607b040, aCommand=<value optimized out>, aExtraInfo=<value optimized out>) at nsDocShell.cpp:5123
#14 0x00007f073b0e545b in nsDocShell::CreateContentViewer (this=0x7f07206a3800, aContentType=<value optimized out>, request=0x7f0717021448, aContentHandler=<value optimized out>) at nsDocShell.cpp:6456
#15 0x00007f073b0eb7f9 in nsDSURIContentListener::DoContent (this=0x7f07206df040, aContentType=0x7f071fc9bc08 "text/html", aIsContentPreferred=0, request=0x7f0717021448, aContentHandler=0x7f0716484d48, 
    aAbortProcess=<value optimized out>) at nsDSURIContentListener.cpp:138
#16 0x00007f073b0ef21b in nsDocumentOpenInfo::TryContentListener (this=0x7f0716484d30, aListener=0x7f07206df040, aChannel=0x7f0717021448) at nsURILoader.cpp:736
#17 0x00007f073b0ef79c in nsDocumentOpenInfo::DispatchContent (this=0x7f0716484d30, request=0x7f0717021448, aCtxt=<value optimized out>) at nsURILoader.cpp:434
#18 0x00007f073b0efed4 in nsDocumentOpenInfo::OnStartRequest (this=0x7f0716484d30, request=0x7f0717021448, aCtxt=0x0) at nsURILoader.cpp:280
#19 0x00007f073b31f956 in NS_InvokeByIndex_P (that=0x7f073baf6510, methodIndex=993591722, paramCount=0, params=0x7f0722f2f2a0) at xptcinvoke_x86_64_linux.cpp:208
#20 0x00007f073ab65ff4 in XPCWrappedNative::CallMethod (ccx=..., mode=<value optimized out>) at xpcwrappednative.cpp:2456

In frame #6, table->ops is NULL, and the line that crashes says:
    keyHash = table->ops->hashKey(table, key);

So, this is a NULL dereference.

The attached patch should be enough to fix the problem. (It seems PREF_PrefIsLocked is the only function that doesn't check for ops)
(Assignee)

Updated

7 years ago
Attachment #418513 - Attachment is patch: true
Attachment #418513 - Attachment mime type: application/octet-stream → text/plain
Attachment #418513 - Flags: review?(benjamin)

Updated

7 years ago
Assignee: nobody → mh+mozilla
Keywords: crash
Summary: SwitchProxy triggers a Firefox crash in PREF_PrefIsLocked → SwitchProxy triggers a Firefox crash in [@ PL_DHashTableOperate] PREF_PrefIsLocked
Attachment #418513 - Flags: review?(benjamin) → review+
Status: NEW → ASSIGNED
Keywords: checkin-needed
http://hg.mozilla.org/mozilla-central/rev/96d301b39c91
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a2
Comment on attachment 418513 [details] [diff] [review]
patch

Worth taking on the stable branches?
Attachment #418513 - Flags: approval1.9.2.2?
Attachment #418513 - Flags: approval1.9.1.9?
Comment on attachment 418513 [details] [diff] [review]
patch

a=beltzner for 1.9.2 and 1.9.1
Attachment #418513 - Flags: approval1.9.2.2?
Attachment #418513 - Flags: approval1.9.2.2+
Attachment #418513 - Flags: approval1.9.1.9?
Attachment #418513 - Flags: approval1.9.1.9+
I'll check this in myself later this week, but anyone wants to get to it first :-)
Keywords: checkin-needed
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/52d264a4d2f8
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/f1d44af82641
status1.9.1: --- → .9-fixed
status1.9.2: --- → .2-fixed
Keywords: checkin-needed
Using Ubuntu and SwitchProxy 1.4.1 with Firefox 3.5.8 or 3.6, I cannot reproduce a crash here before the fix so this is a bit hard to verify without some actual repro steps.
(Assignee)

Comment 7

7 years ago
(In reply to comment #6)
> Using Ubuntu and SwitchProxy 1.4.1 with Firefox 3.5.8 or 3.6, I cannot
> reproduce a crash here before the fix so this is a bit hard to verify without
> some actual repro steps.

I think it only happens on 64-bits builds.
64-bit builds of what? We don't have a 64-bit Firefox.
(Assignee)

Comment 9

7 years ago
(In reply to comment #8)
> 64-bit builds of what? We don't have a 64-bit Firefox.

... yet. http://armenzg.blogspot.com/2010/03/linux-64-packaged-tests-now-available.html

Also, all linux distributions have had 64-bit Firefox builds for years.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100319 Firefox/3.6.2
SwitchProxy Tool 1.4.1
Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic)

Using the above, I've been unable to recreate the crash.  However, when the add-on installs, there is no indication of usage in chrome or the tools menu.  I can't configure any proxies.  When I go to the Add-ons Manager, there is a SwitchProxy Tool entry but clicking on the Preferences button does nothing.

I'd like to request more defined steps to reproduce this...or is it simply installing the add-on and Firefox crashes on startup?  At any rate, a clearer indication of what user actions cause the crash is needed.
(Assignee)

Comment 11

7 years ago
Re-reading the original bug report I got, it appears switchproxy triggers crashes at random times. In other words, instability. The produced crashes were always with the NULL dereference that is fixed here. They were apparently also reproducible on x86.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100319
Firefox/3.6.2
SwitchProxy Tool 1.4.1
Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic)

So I've just been using Firefox as I normally do to reproduce this crash.  According to comment 11, this is all that is required to crash with SwitchProxy installed (no clear indication of SwitchProxy usage is given).  Assuming I am correct that one only needs to have SwitchProxy installed/enabled, experiencing no crashes at all in the last 24 hours should be indicative of this bug being fixed.

Were reports of this crash ever submitted to crashstats.mozilla.org?  If so, a decrease or elimination of new instances of this crash would be added indication that this was fixed.

At any rate, if I do not experience this crash today, I'll mark it VERIFIED based on nothing more than I have already stated.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.2) Gecko/20100319
Firefox/3.6.2
SwitchProxy Tool 1.4.1
Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic)


I've still not been able to reproduce this crash, marking VERIFIED.
Status: RESOLVED → VERIFIED
Keywords: verified1.9.2
Crash Signature: [@ PL_DHashTableOperate]
You need to log in before you can comment on or make changes to this bug.