Closed Bug 548545 Opened 10 years ago Closed 10 years ago

Crash in Tools->Options->Content [@ strlen | NS_NewAtom(char const*) ]

Categories

(Core :: Layout: Text and Fonts, defect, critical)

defect
Not set
critical

Tracking

()

VERIFIED FIXED

People

(Reporter: jmjjeffery, Assigned: jfkthame)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files, 1 obsolete file)

Using a build with cset:
http://hg.mozilla.org/mozilla-central/rev/4c60c40075e9

Opening Tools->Options->Content tab caused the browser to crash. 

Works in cset:
http://hg.mozilla.org/mozilla-central/rev/639b98ae11a8

Crash in cset:
http://hg.mozilla.org/mozilla-central/rev/4c60c40075e9

This bug https://bugzilla.mozilla.org/show_bug.cgi?id=524107 
has broken the Option Panel -> Content tab
Blocks: 524107
Keywords: regression
Now that nightly is out for today here is a crash-report:

http://crash-stats.mozilla.com/report/pending/318aae17-80f2-44ae-97db-bac2a2100225

Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a2pre) Gecko/20100225 Minefield/3.7a2pre Firefox/3.6 ID:20100225062635
Summary: Crash in Tools->Options->Content → Crash in Tools->Options->Content [@ strlen | NS_NewAtom(char const*) ]
The crash occurs when nsThebesFontEnumerator::EnumerateFonts is called with aLangGroup == nsnull, and we try to turn the langGroup into an atom. Fix is to check for null here.

In addition, we need to check the resulting language atom for null in the platform implementations of GetFontList(), otherwise we'll just crash a moment later.
Assignee: nobody → jfkthame
Attachment #428919 - Flags: review?(roc)
The OS/2 change should initialize the char* to null, right?  Otherwise it's printing random memory.
(In reply to comment #3)
> The OS/2 change should initialize the char* to null, right?  Otherwise it's
> printing random memory.

Oops. Should initialize it to "", actually, or maybe "null". (It's just someone's old debug code, so it's not critical exactly what we print, but random memory is definitely not good!)
Attachment #428919 - Attachment is obsolete: true
Attachment #428927 - Flags: review?(roc)
Attachment #428919 - Flags: review?(roc)
Duplicate of this bug: 548535
Also occurring on WinXP.
Yes, it's platform-independent.
OS: Windows 7 → All
Hardware: x86 → All
Yes Sir. It is platform-independent. Just crashed my Linux build.
Comment on attachment 428927 [details] [diff] [review]
patch v2: don't leave char* uninitialized in debug code; ensure atom is lowercased

I wonder if we can have a test for this?
Keywords: crash
Duplicate of this bug: 548641
Attached patch testSplinter Review
Testcase that gets the font list - fails unless this bug is fixed.
Pushed fix: http://hg.mozilla.org/mozilla-central/rev/e0b27f479229
Testcase:   http://hg.mozilla.org/mozilla-central/rev/dd4ac841e90b
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Verified fixed using latest hourly build:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a2pre) Gecko/20100225 Minefield/3.7a2pre Firefox/3.6 ID:20100225155722

cset: http://hg.mozilla.org/mozilla-central/rev/9ac0aab7c9d5
AFAICT-Verified fixed in Linux: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a2pre) Gecko/20100226 Minefield/3.7a2pre - Build ID: 20100226032052

cset: http://hg.mozilla.org/mozilla-central/rev/475768f37b1a
marking verified based on comments #14 and #15
Status: RESOLVED → VERIFIED
Crash Signature: [@ strlen | NS_NewAtom(char const*) ]
You need to log in before you can comment on or make changes to this bug.