Closed
Bug 551746
Opened 14 years ago
Closed 12 years ago
Crash running browser_privatebrowsing_placestitle.js [@ CalculateUTF8Size::write] [@ AppendUTF16toUTF8]
Categories
(Toolkit :: Places, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: benjamin, Assigned: sicking)
References
Details
(Keywords: crash, intermittent-failure)
Crash Data
Crash while running/after running browser_privatebrowser_placestitle.js: http://tinderbox.mozilla.org/showlog.cgi?tree=Firefox&errorparser=unittest&logfile=1268332433.1268335163.14015.gz&buildtime=1268332433&buildname=WINNT%205.2%20mozilla-central%20debug%20test%20mochitest-other&fulltext=1 Running chrome://mochikit/content/browser/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_placestitle.js... Chrome file doesn't exist: e:\builds\moz2_slave\mozilla-central-win32-debug-unittest-mochitest-other\build\mochitest\browser\browser\components\privatebrowsing\test\browser\head.js pldhash: for the table at address 096B13C8, the given entrySize of 48 probably favors chaining over double hashing. ++DOCSHELL 096B1360 == 14 ++DOMWINDOW == 93 (092ED050) [serial = 874] [outer = 00000000] ++DOMWINDOW == 94 (0949B050) [serial = 875] [outer = 092ED020] ++DOMWINDOW == 95 (04872CA0) [serial = 876] [outer = 092ED020] WARNING: Attempting to register as a history observer twice!: file e:/builds/moz2_slave/mozilla-central-win32-debug/build/toolkit/components/places/src/nsNavHistoryResult.cpp, line 4173 TEST-PASS | chrome://mochikit/content/browser/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_placestitle.js | The page should be loaded without any cookie for the first time pldhash: for the table at address 09852D10, the given entrySize of 48 probably favors chaining over double hashing. ... WARNING: Attempting to register as a history observer twice!: file e:/builds/moz2_slave/mozilla-central-win32-debug/build/toolkit/components/places/src/nsNavHistoryResult.cpp, line 4173 TEST-PASS | chrome://mochikit/content/browser/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_placestitle.js | The page should be loaded with a cookie for the second time WARNING: Attempting to register as a history observer twice!: file e:/builds/moz2_slave/mozilla-central-win32-debug/build/toolkit/components/places/src/nsNavHistoryResult.cpp, line 4173 WARNING: Attempting to register as a history observer twice!: file e:/builds/moz2_slave/mozilla-central-win32-debug/build/toolkit/components/places/src/nsNavHistoryResult.cpp, line 4173 ... NEXT ERROR PROCESS-CRASH | automation.py | application crashed (minidump found) Operating system: Windows NT 5.2.3790 Service Pack 2 CPU: x86 GenuineIntel family 6 model 15 stepping 8 1 CPU Crash reason: EXCEPTION_ACCESS_VIOLATION Crash address: 0x5 NEXT ERROR Thread 0 (crashed) 0 xul.dll!CalculateUTF8Size::write(unsigned short const *,unsigned int) [nsUTF8Utils.h:85fe77e1b558 : 604 + 0x3] eip = 0x11007b65 esp = 0x0012d480 ebp = 0x0012d490 ebx = 0x00000000 esi = 0x019a34d8 edi = 0x00000000 eax = 0x00000005 ecx = 0x09a7ee20 edx = 0x00000005 efl = 0x00210287 Found by: given as instruction pointer in context 1 xul.dll!nsCharSinkTraits<CalculateUTF8Size>::write(CalculateUTF8Size &,unsigned short const *,unsigned int) [nsCharTraits.h:85fe77e1b558 : 812 + 0xf] eip = 0x11007b23 esp = 0x0012d498 ebp = 0x0012d4a0 Found by: call frame info 2 xul.dll!copy_string<nsReadingIterator<unsigned short>,CalculateUTF8Size>(nsReadingIterator<unsigned short> const &,nsReadingIterator<unsigned short> const &,CalculateUTF8Size &) [nsAlgorithm.h:85fe77e1b558 : 93 + 0x26] eip = 0x110070ca esp = 0x0012d4a8 ebp = 0x0012d4b4 Found by: call frame info 3 xul.dll!AppendUTF16toUTF8(nsAString_internal const &,nsACString_internal &) [nsReadableUtils.cpp:85fe77e1b558 : 200 + 0x22] eip = 0x110058f1 esp = 0x0012d4bc ebp = 0x0012d4f4 Found by: call frame info 4 xul.dll!NS_ConvertUTF16toUTF8::NS_ConvertUTF16toUTF8(nsAString_internal const &) [nsString.h:85fe77e1b558 : 158 + 0xc] eip = 0x10011acc esp = 0x0012d4fc ebp = 0x0012d508 Found by: call frame info 5 xul.dll!nsNavHistoryQueryResultNode::OnTitleChanged(nsIURI *,nsAString_internal const &) [nsNavHistoryResult.cpp:85fe77e1b558 : 2941 + 0xb] eip = 0x10e242a2 esp = 0x0012d510 ebp = 0x0012d57c Found by: call frame info 6 xul.dll!nsNavHistoryResult::OnTitleChanged(nsIURI *,nsAString_internal const &) [nsNavHistoryResult.cpp:85fe77e1b558 : 4644 + 0x91] eip = 0x10e29ca8 esp = 0x0012d584 ebp = 0x0012d59c Found by: call frame info 7 xul.dll!nsNavHistory::SetPageTitleInternal(nsIURI *,nsAString_internal const &) [nsNavHistory.cpp:85fe77e1b558 : 7165 + 0x131] eip = 0x10dddab1 esp = 0x0012d5a4 ebp = 0x0012d6f4 Found by: call frame info 8 xul.dll!nsNavHistory::CommitLazyMessages(int) [nsNavHistory.cpp:85fe77e1b558 : 6014 + 0x1a] eip = 0x10dd97a4 esp = 0x0012d6fc ebp = 0x0012d728 Found by: call frame info 9 xul.dll!nsNavHistory::LazyTimerCallback(nsITimer *,void *) [nsNavHistory.cpp:85fe77e1b558 : 5997 + 0x9] eip = 0x10dd96be esp = 0x0012d730 ebp = 0x0012d738 Found by: call frame info 10 xul.dll!nsTimerImpl::Fire() [nsTimerImpl.cpp:85fe77e1b558 : 427 + 0xd] eip = 0x1105170e esp = 0x0012d740 ebp = 0x0012d78c Found by: call frame info 11 xul.dll!nsTimerEvent::Run() [nsTimerImpl.cpp:85fe77e1b558 : 519 + 0xe] eip = 0x110518f1 esp = 0x0012d794 ebp = 0x0012d7a4 Found by: call frame info 12 xul.dll!nsThread::ProcessNextEvent(int,int *) [nsThread.cpp:85fe77e1b558 : 527 + 0x18] eip = 0x1103e4ba esp = 0x0012d7ac ebp = 0x0012d7e0 Found by: call frame info
Comment 1•14 years ago
|
||
sicking has been touching the Unicode conversion code recently...
Summary: Crash running browser_privatebrowsing_placestitle.js → Crash running browser_privatebrowsing_placestitle.js [@ CalculateUTF8Size::write]
Comment 2•14 years ago
|
||
Happened on try server as well. http://tinderbox.mozilla.org/showlog.cgi?log=MozillaTry/1268890603.1268900454.30118.gz
Assignee | ||
Updated•14 years ago
|
Assignee: nobody → jonas
blocking2.0: --- → beta1+
Updated•14 years ago
|
Whiteboard: [orange]
Updated•14 years ago
|
blocking2.0: beta1+ → beta2+
Comment 3•14 years ago
|
||
WINNT 5.2 mozilla-central opt test mochitest-other on 2010/06/25 17:39:52 Opt crash [@ AppendUTF16toUTF8] http://tinderbox.mozilla.org/showlog.cgi?log=Firefox/1277512792.1277514649.29535.gz&fulltext=1#err8
Summary: Crash running browser_privatebrowsing_placestitle.js [@ CalculateUTF8Size::write] → Crash running browser_privatebrowsing_placestitle.js [@ CalculateUTF8Size::write] [@ AppendUTF16toUTF8]
Comment hidden (Legacy TBPL/Treeherder Robot) |
Comment 5•14 years ago
|
||
Moving to final+ --> ehsan, should this be in Firefox::Private Browsing?
blocking2.0: beta2+ → betaN+
Comment 6•14 years ago
|
||
(In reply to comment #5) ehsan, should this be in Firefox::Private Browsing? Not really. This is probably places code doing something weird, which happens to be triggered by this test.
Comment 7•14 years ago
|
||
the changes in http://hg.mozilla.org/mozilla-central/rev/c5520407a4ad regarding AppendUTF16ToUTF8 could be related. indeed a lot of stuff changed around february/march in these files, and some unchecked iterator could cause this kind of crash.
Assignee | ||
Comment 8•14 years ago
|
||
Does anyone have steps to reproduce this?
Assignee | ||
Comment 9•14 years ago
|
||
My concern here is that the UTF code is handed invalid an invalid string reference. Could the aPageTitle be a dangling reference or point to invalid data?
Comment 10•14 years ago
|
||
(In reply to comment #9) > My concern here is that the UTF code is handed invalid an invalid string > reference. Could the aPageTitle be a dangling reference or point to invalid > data? The title is coming from <http://mxr.mozilla.org/mozilla-central/source/browser/components/privatebrowsing/test/browser/title.sjs#53>. So unless there's a bug in places which corrupts the value, it shouldn't happen.
Assignee | ||
Comment 11•14 years ago
|
||
Ok, still need steps to reproduce then.
Assignee | ||
Comment 12•14 years ago
|
||
For what it's worth, I'm not finding any reports on crash-stats for CalculateUTF8Size::write for the last week for FF4.x and only 3 for the past week on all releases. There are quite a few more for AppendUTF16toUTF8, but none that matches the stack in comment 0. I don't see that we can block on this, please renominate if you disagree.
blocking2.0: betaN+ → ---
Comment 13•13 years ago
|
||
There is some (13) crash at this signature in the last 2 weeks on 4.0 and 3.6, but none of them shares the stack with this bug: http://tinyurl.com/66vfwsk Specifically I can't find any crash originating from Places. Sicking, is it still worth to keep this open?
Updated•13 years ago
|
Crash Signature: [@ CalculateUTF8Size::write]
[@ AppendUTF16toUTF8]
Assignee | ||
Comment 14•12 years ago
|
||
Unless there are more crashes, I'm not convinced that it's worth keeping this open any more.
Crash Signature: [@ CalculateUTF8Size::write]
[@ AppendUTF16toUTF8] → [@ CalculateUTF8Size::write]
[@ AppendUTF16toUTF8]
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WORKSFORME
Updated•12 years ago
|
Keywords: intermittent-failure
Updated•12 years ago
|
Whiteboard: [orange]
You need to log in
before you can comment on or make changes to this bug.
Description
•