Created attachment 418513 [details] [diff] [review] patch This bug was reported on Debian, but also was reported independently on opensolaris ( http://defect.opensolaris.org/bz/show_bug.cgi?id=12968 ) When SwitchProxy is installed, a crash occurs with the following stack trace: #6 0x00007f073b2e5dd1 in PL_DHashTableOperate (table=0x7f073baf6510, key=0x7f073b3901aa, op=PL_DHASH_LOOKUP) at pldhash.c:599 #7 0x00007f073ac3d851 in pref_HashTableLookup (key=0x7f073b3901aa) at prefapi.cpp:681 #8 0x00007f073ac3d871 in PREF_PrefIsLocked (pref_name=0x7f073baf6510 "") at prefapi.cpp:799 #9 0x00007f073ac3b24e in nsPrefBranch::GetComplexValue (this=0x7f072b658100, aPrefName=0x7f073b3901aa "intl.charset.default", aType=..., _retval=0x7fffe680a850) at nsPrefBranch.cpp:249 #10 0x00007f073addbb2f in nsContentUtils::GetLocalizedStringPref (aPref=0x7f073b3901aa "intl.charset.default") at nsContentUtils.cpp:2568 #11 0x00007f073acb3b4a in DocumentViewerImpl::GetDefaultCharacterSet (this=0x7f072304d220, aDefaultCharacterSet=...) at nsDocumentViewer.cpp:2890 #12 0x00007f073b0d87df in nsDocShell::SetupNewViewer (this=0x7f07206a3800, aNewViewer=0x7f071607b040) at nsDocShell.cpp:6608 #13 0x00007f073b0df308 in nsDocShell::Embed (this=0x7f07206a3800, aContentViewer=0x7f071607b040, aCommand=<value optimized out>, aExtraInfo=<value optimized out>) at nsDocShell.cpp:5123 #14 0x00007f073b0e545b in nsDocShell::CreateContentViewer (this=0x7f07206a3800, aContentType=<value optimized out>, request=0x7f0717021448, aContentHandler=<value optimized out>) at nsDocShell.cpp:6456 #15 0x00007f073b0eb7f9 in nsDSURIContentListener::DoContent (this=0x7f07206df040, aContentType=0x7f071fc9bc08 "text/html", aIsContentPreferred=0, request=0x7f0717021448, aContentHandler=0x7f0716484d48, aAbortProcess=<value optimized out>) at nsDSURIContentListener.cpp:138 #16 0x00007f073b0ef21b in nsDocumentOpenInfo::TryContentListener (this=0x7f0716484d30, aListener=0x7f07206df040, aChannel=0x7f0717021448) at nsURILoader.cpp:736 #17 0x00007f073b0ef79c in nsDocumentOpenInfo::DispatchContent (this=0x7f0716484d30, request=0x7f0717021448, aCtxt=<value optimized out>) at nsURILoader.cpp:434 #18 0x00007f073b0efed4 in nsDocumentOpenInfo::OnStartRequest (this=0x7f0716484d30, request=0x7f0717021448, aCtxt=0x0) at nsURILoader.cpp:280 #19 0x00007f073b31f956 in NS_InvokeByIndex_P (that=0x7f073baf6510, methodIndex=993591722, paramCount=0, params=0x7f0722f2f2a0) at xptcinvoke_x86_64_linux.cpp:208 #20 0x00007f073ab65ff4 in XPCWrappedNative::CallMethod (ccx=..., mode=<value optimized out>) at xpcwrappednative.cpp:2456 In frame #6, table->ops is NULL, and the line that crashes says: keyHash = table->ops->hashKey(table, key); So, this is a NULL dereference. The attached patch should be enough to fix the problem. (It seems PREF_PrefIsLocked is the only function that doesn't check for ops)
Comment on attachment 418513 [details] [diff] [review] patch Worth taking on the stable branches?
Comment on attachment 418513 [details] [diff] [review] patch a=beltzner for 1.9.2 and 1.9.1
I'll check this in myself later this week, but anyone wants to get to it first :-)
Using Ubuntu and SwitchProxy 1.4.1 with Firefox 3.5.8 or 3.6, I cannot reproduce a crash here before the fix so this is a bit hard to verify without some actual repro steps.
(In reply to comment #6) > Using Ubuntu and SwitchProxy 1.4.1 with Firefox 3.5.8 or 3.6, I cannot > reproduce a crash here before the fix so this is a bit hard to verify without > some actual repro steps. I think it only happens on 64-bits builds.
64-bit builds of what? We don't have a 64-bit Firefox.
(In reply to comment #8) > 64-bit builds of what? We don't have a 64-bit Firefox. ... yet. http://armenzg.blogspot.com/2010/03/linux-64-packaged-tests-now-available.html Also, all linux distributions have had 64-bit Firefox builds for years.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:184.108.40.206) Gecko/20100319 Firefox/3.6.2 SwitchProxy Tool 1.4.1 Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic) Using the above, I've been unable to recreate the crash. However, when the add-on installs, there is no indication of usage in chrome or the tools menu. I can't configure any proxies. When I go to the Add-ons Manager, there is a SwitchProxy Tool entry but clicking on the Preferences button does nothing. I'd like to request more defined steps to reproduce this...or is it simply installing the add-on and Firefox crashes on startup? At any rate, a clearer indication of what user actions cause the crash is needed.
Re-reading the original bug report I got, it appears switchproxy triggers crashes at random times. In other words, instability. The produced crashes were always with the NULL dereference that is fixed here. They were apparently also reproducible on x86.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:220.127.116.11) Gecko/20100319 Firefox/3.6.2 SwitchProxy Tool 1.4.1 Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic) So I've just been using Firefox as I normally do to reproduce this crash. According to comment 11, this is all that is required to crash with SwitchProxy installed (no clear indication of SwitchProxy usage is given). Assuming I am correct that one only needs to have SwitchProxy installed/enabled, experiencing no crashes at all in the last 24 hours should be indicative of this bug being fixed. Were reports of this crash ever submitted to crashstats.mozilla.org? If so, a decrease or elimination of new instances of this crash would be added indication that this was fixed. At any rate, if I do not experience this crash today, I'll mark it VERIFIED based on nothing more than I have already stated.
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:18.104.22.168) Gecko/20100319 Firefox/3.6.2 SwitchProxy Tool 1.4.1 Ubuntu 9.10 64-bit (Kernel 2.6.31-20-generic) I've still not been able to reproduce this crash, marking VERIFIED.