Closed
Bug 536911
Opened 15 years ago
Closed 15 years ago
crash [@ memcpy | nsJARInputStream::Read(char*, unsigned int, unsigned int*) ]
Categories
(Core :: Networking: JAR, defect)
Tracking
()
RESOLVED
FIXED
Tracking | Status | |
---|---|---|
status1.9.2 | --- | .4-fixed |
People
(Reporter: david.maza.AU, Assigned: taras.mozilla)
References
Details
(Keywords: crash, verified1.9.2, Whiteboard: [crashkill])
Crash Data
Attachments
(1 file, 3 obsolete files)
5.60 KB,
patch
|
taras.mozilla
:
review+
dveditz
:
approval1.9.2.4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b6pre) Gecko/20091226 Firefox/3.1b3pre GTB5 (.NET CLR 3.5.30729) Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2b6pre) Gecko/20091226 Firefox/3.1b3pre GTB5 (.NET CLR 3.5.30729) Firefox crashes on startup as of build 20091226 with the error signature: memcpy | nsJARInputStream::Read(char*, unsigned int, unsigned int*) Reproducible: Always
Reporter | ||
Updated•15 years ago
|
Comment 1•15 years ago
|
||
Signature memcpy | nsJARInputStream::Read(char*, unsigned int, unsigned int*) UUID 52f66f82-395a-4ed0-8f01-019fe2091227 Time 2009-12-27 16:54:39.160117 Uptime 0 Last Crash 6 seconds before submission Product Firefox Version 3.7a1pre Build ID 20091226043635 Branch 1.9.3 OS Windows NT OS Version 6.1.7600 CPU x86 CPU Info GenuineIntel family 6 model 15 stepping 13 Crash Reason EXCEPTION_ACCESS_VIOLATION Crash Address 0x0 User Comments Processor Notes Crashing Thread Frame Module Signature Source 0 mozcrt19.dll memcpy memcpy.asm:188 1 xul.dll nsJARInputStream::Read(char*,unsigned int,unsigned int*) modules/libjar/nsJARInputStream.cpp:239 2 xul.dll nsJARInputThunk::Read(char*,unsigned int,unsigned int*) modules/libjar/nsJARChannel.cpp:207 3 xul.dll nsInputStreamTransport::Read(char*,unsigned int,unsigned int*) netwerk/base/src/nsStreamTransportService.cpp:233 4 xul.dll nsStreamCopierOB::FillOutputBuffer(nsIOutputStream*,void*,char*,unsigned int,unsigned int,unsigned int*) xpcom/io/nsStreamUtils.cpp:566 5 xul.dll nsPipeOutputStream::WriteSegments(unsigned int (*)(nsIOutputStream*,void*,char*,unsigned int,unsigned int,unsigned int*),void*,unsigned int,unsigned int*) xpcom/io/nsPipe3.cpp:1137
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: P1 → --
Summary: TOPCRASH: memcpy | nsJARInputStream::Read(char*, unsigned int, unsigned int*) → crash [@ memcpy | nsJARInputStream::Read(char*, unsigned int, unsigned int*) ]
Assignee | ||
Comment 2•15 years ago
|
||
Judging from the unusual startup stack I'm guessing that this is a race condition caused by one of the extensions.
Assignee | ||
Comment 3•15 years ago
|
||
Reread the code a few times and found that this is likely caused by a missing null check
Assignee: nobody → tglek
Attachment #419476 -
Flags: review?(alfredkayser)
Updated•15 years ago
|
Flags: wanted1.9.2+
Assignee | ||
Comment 4•15 years ago
|
||
Attachment #419476 -
Attachment is obsolete: true
Attachment #419490 -
Flags: review?(alfredkayser)
Attachment #419476 -
Flags: review?(alfredkayser)
Reporter | ||
Comment 5•15 years ago
|
||
This also occurs in Safe Mode before I can get to the Safe Mode Options screen.
Assignee | ||
Comment 6•15 years ago
|
||
(In reply to comment #5) > This also occurs in Safe Mode before I can get to the Safe Mode Options screen. As a workaround you could try moving your extension jars out of the way to find the corrupt one.
Reporter | ||
Comment 7•15 years ago
|
||
Well I doubt it's an extension since I still receive crashes on a clean profile with no extensions installed. Also I compared the reports from 3 different users and neither of them have the same extensions between them installed. http://crash-stats.mozilla.com/report/index/1ca6fd5e-ddc4-4ac6-804d-ae74d2091230 http://crash-stats.mozilla.com/report/index/d037f8c6-ba0c-427e-a250-d7cd72091229 http://crash-stats.mozilla.com/report/index/b4581c09-0759-4821-8a56-487c12091226
Comment 8•15 years ago
|
||
Comment on attachment 419490 [details] [diff] [review] now with a testcase Confirmed. GetData is documented to return null on corrupted file and should be checked therefor.
Attachment #419490 -
Flags: review?(alfredkayser) → review+
Assignee | ||
Comment 9•15 years ago
|
||
(In reply to comment #7) > Well I doubt it's an extension since I still receive crashes on a clean profile > with no extensions installed. Also I compared the reports from 3 different > users and neither of them have the same extensions between them installed.
Keywords: checkin-needed
Whiteboard: checkin
Assignee | ||
Comment 10•15 years ago
|
||
Oops my reply got submitted prematurely. Sounds like one of the system jars got corrupted. David, please try the following build to see if it fixes your crash(it has the above patch in it). Also please backup your firefox profile + data, among other things it's very valuable that you can reproduce this crash reliably. https://build.mozilla.org/tryserver-builds/tglek@mozilla.com-try-adf298d323b0/try-adf298d323b0-win32.zip
Assignee | ||
Updated•15 years ago
|
Keywords: checkin-needed
Whiteboard: checkin
Assignee | ||
Comment 11•15 years ago
|
||
Carrying over review. Previous patch corrupted an existing testcase.
Attachment #419490 -
Attachment is obsolete: true
Attachment #419625 -
Flags: review+
Assignee | ||
Updated•15 years ago
|
Keywords: checkin-needed
Comment 12•15 years ago
|
||
Comment on attachment 419625 [details] [diff] [review] 419490: now with a testcase(fixed testcase) >+ * The Initial Developer of the Original Code is >+ * Taras Glek <tglek@mozilla.com> You are not the initial developer, as you are employed by MoCo, which means the initial developer is "Mozilla Foundation" (yes, MoFo instead of MoCo). If you've done this for other files, they will need to be corrected as well.
Comment 13•15 years ago
|
||
Indeed, I see two other files with you listed as the initial developer. Both these two and the patch in this bug should be changed to have "Mozilla Foundation" as the initial developer and to list you instead as a contributor. modules/libjar/test/unit/test_dirjar_bug525755.js modules/libjar/test/unit/test_jarinput_stream_zipreader_reference.js
Status: NEW → ASSIGNED
Keywords: checkin-needed
Reporter | ||
Comment 14•15 years ago
|
||
Well I'm not receiving any error messages or crashes using the supplied Try Server build yet the 12/26/2009 Nightly Build is still crashing.
Assignee | ||
Comment 15•15 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/89cf6d3f66f1
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 16•15 years ago
|
||
This is a trival startup crashkill with a testcase, I'd like to land this on 192 asap.
Assignee | ||
Updated•14 years ago
|
Attachment #419625 -
Flags: approval1.9.2.2?
Assignee | ||
Updated•14 years ago
|
Keywords: checkin-needed
Updated•14 years ago
|
Keywords: checkin-needed
Assignee | ||
Updated•14 years ago
|
Whiteboard: [crashkill][needs 1.9.2 landing]
Updated•14 years ago
|
Comment 17•14 years ago
|
||
Comment on attachment 419625 [details] [diff] [review] 419490: now with a testcase(fixed testcase) Can we get this patch rolled together with the license header changes from bug 537398
Attachment #419625 -
Flags: approval1.9.2.2? → approval1.9.2.2-
Assignee | ||
Comment 18•14 years ago
|
||
Please approve this asap
Attachment #419625 -
Attachment is obsolete: true
Attachment #433156 -
Flags: review+
Attachment #433156 -
Flags: approval1.9.2.2?
Comment 19•14 years ago
|
||
Comment on attachment 433156 [details] [diff] [review] now with copyright stuff Approved for 1.9.2.3, a=dveditz for release-drivers
Attachment #433156 -
Flags: approval1.9.2.2? → approval1.9.2.3+
Assignee | ||
Comment 20•14 years ago
|
||
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/ca346193ac90
Comment 21•14 years ago
|
||
hm, looks like this has already landed on 1.9.2 but status has not been updated. Please, revert if i'm wrong.
status1.9.2:
--- → .3-fixed
Whiteboard: [crashkill][needs 1.9.2 landing] → [crashkill]
Comment 22•14 years ago
|
||
Marking as verified for 1.9.2 based on passing crashtests on tinderbox.
Keywords: verified1.9.2
Updated•13 years ago
|
Crash Signature: [@ memcpy | nsJARInputStream::Read(char*, unsigned int, unsigned int*) ]
You need to log in
before you can comment on or make changes to this bug.
Description
•