The default bug view has changed. See this FAQ.

Firefox crashes at [@ JapaneseContextAnalysis::GetConfidence(int)]

RESOLVED FIXED

Status

()

Core
Internationalization
--
critical
RESOLVED FIXED
7 years ago
6 years ago

People

(Reporter: John Ma, Assigned: smontagu)

Tracking

({crash, verified1.9.2})

1.9.2 Branch
x86
Windows XP
crash, verified1.9.2
Points:
---
Bug Flags:
in-testsuite +

Firefox Tracking Flags

(status1.9.2 .2-fixed, status1.9.1 .9-fixed)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Reporter)

Description

7 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)

After I installed Flash 10.0r45, I always have crashes on some more complicated pages, like adobe.com and even some Chinese-language site-- using news.sina.com.cn and udn.com for examples across the strait. This happened even after I disabled the Shockwave Flash plugin in FF and updated my Java (now at 6r18).

Reproducible: Always

Steps to Reproduce:
1. Open the page.
Actual Results:  
FF 3.6 crashes and the normal crash reporter window comes out.


The crash log for adobe.com is at here: http://crash-stats.mozilla.com/report/index/e488192b-8c0e-4109-a3b8-e8afa2100220

Other sites are similar and I would not repeat.

Summary of the crash report: EXCEPTION_FLT_INVALID_OPERATION @ 0x1043e949 for JapaneseContextAnalysis::GetConfidence(int) at extensions/universalchardet/src/base/JpCntx.cpp:188
(Reporter)

Updated

7 years ago
Version: unspecified → 3.6 Branch

Comment 1

7 years ago
Signature	JapaneseContextAnalysis::GetConfidence(int)
UUID	e488192b-8c0e-4109-a3b8-e8afa2100220
Time 	2010-02-20 16:18:23.956587
Uptime	75
Last Crash	79 seconds before submission
Product	Firefox
Version	3.6
Build ID	20100115144158
Branch	1.9.2
OS	Windows NT
OS Version	5.1.2600 Service Pack 3
CPU	x86
CPU Info	GenuineIntel family 6 model 14 stepping 8
Crash Reason	EXCEPTION_FLT_INVALID_OPERATION
Crash Address	0x1043e949
User Comments	
Processor Notes 	
Crashing Thread
Frame 	Module 	Signature [Expand] 	Source
0 	xul.dll 	JapaneseContextAnalysis::GetConfidence 	extensions/universalchardet/src/base/JpCntx.cpp:188
1 	xul.dll 	nsEUCJPProber::GetConfidence 	extensions/universalchardet/src/base/nsEUCJPProber.cpp:94
2 	xul.dll 	nsMBCSGroupProber::GetConfidence 	extensions/universalchardet/src/base/nsMBCSGroupProber.cpp:189
3 	xul.dll 	nsUniversalDetector::DataEnd 	extensions/universalchardet/src/base/nsUniversalDetector.cpp:276
4 	xul.dll 	nsXPCOMDetector::Done 	extensions/universalchardet/src/xpcom/nsUdetXPCOMWrapper.cpp:117
5 	xul.dll 	nsDetectionAdaptor::Finish 	intl/chardet/src/nsDetectionAdaptor.cpp:168
6 	xul.dll 	nsParser::OnStopRequest
Assignee: nobody → smontagu
Component: General → Internationalization
Keywords: crash
Product: Firefox → Core
QA Contact: general → i18n
Summary: Firefox crashes at JapaneseContextAnalysis::GetConfidence(int) → Firefox crashes at [@ JapaneseContextAnalysis::GetConfidence(int)]
Version: 3.6 Branch → 1.9.2 Branch
(Assignee)

Comment 2

7 years ago
Which option is selected under View | Character Encoding | Auto-Detect?
(Reporter)

Comment 3

7 years ago
Japanese.
(Assignee)

Comment 4

7 years ago
I can't reproduce the crash, but I do see by code inspection that a divide by zero is possible at JpCntx.cpp:188

Taking.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
(Assignee)

Comment 5

7 years ago
Created attachment 428240 [details] [diff] [review]
Patch

This is in effect a rewrite of my patch to bug 4313054, to prevent the possibility of a divide by zero when there are no hi-bytes in the input.
Attachment #428240 - Flags: review?(VYV03354)
Attachment #428240 - Flags: review?(VYV03354) → review+
(Assignee)

Comment 6

7 years ago
http://hg.mozilla.org/mozilla-central/rev/e12168b7484b
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
(Assignee)

Comment 7

7 years ago
Comment on attachment 428240 [details] [diff] [review]
Patch

Asking branch approval after trunk baking. This is a very safe fix for a crash with divide by zero. It is a regression from bug 431054, so only 1.9.1 and 1.9.2 are affected
Attachment #428240 - Flags: approval1.9.2.2?
Attachment #428240 - Flags: approval1.9.1.9?
Comment on attachment 428240 [details] [diff] [review]
Patch

Approved for 1.9.2.2 and 1.9.1.9, a=dveditz for release-drivers
Attachment #428240 - Flags: approval1.9.2.2?
Attachment #428240 - Flags: approval1.9.2.2+
Attachment #428240 - Flags: approval1.9.1.9?
Attachment #428240 - Flags: approval1.9.1.9+
(Assignee)

Comment 9

7 years ago
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/883f5519949b
http://hg.mozilla.org/releases/mozilla-1.9.2/rev/3faa5eaead0a
status1.9.1: --- → .9-fixed
status1.9.2: --- → .2-fixed
verified with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.2) Gecko/20100319 Firefox/3.6.2  and the steps to reproduce from this bug !
Keywords: verified1.9.2
Crash Signature: [@ JapaneseContextAnalysis::GetConfidence(int)]
You need to log in before you can comment on or make changes to this bug.