crash [@ int32_le_at] - libjar/nsZipArchive and [@ nsZipArchive::GetData(nsZipItem*)]

RESOLVED DUPLICATE of bug 574339

Status

()

--
critical
RESOLVED DUPLICATE of bug 574339
8 years ago
3 years ago

People

(Reporter: wsmwk, Unassigned)

Tracking

({crash, regression, testcase-wanted})

1.9.2 Branch
x86
All
crash, regression, testcase-wanted
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [tbird crash], crash signature)

(Reporter)

Description

8 years ago
crash [@ int32_le_at]

#14 crash for v3.1.3
#10 for v3.1.2


bp-5d16a6e8-ba80-495f-983b-8e4062100910 startup crash
0	thunderbird.exe	int32_le_at	 media/liboggz/src/liboggz/oggz_byteorder.h:131
1	thunderbird.exe	nsZipArchive::GetData	modules/libjar/nsZipArchive.cpp:680
2	thunderbird.exe	nsJARInputStream::InitFile	modules/libjar/nsJARInputStream.cpp:91
3	thunderbird.exe	nsJAR::GetInputStreamWithSpec	modules/libjar/nsJAR.cpp:342
4	thunderbird.exe	nsJAR::GetInputStream	modules/libjar/nsJAR.cpp:316
5	thunderbird.exe	nsJARInputThunk::EnsureJarStream	modules/libjar/nsJARChannel.cpp:166
6	thunderbird.exe	nsJARInputThunk::Read	modules/libjar/nsJARChannel.cpp:204
7	thunderbird.exe	nsInputStreamTransport::Read	netwerk/base/src/nsStreamTransportService.cpp:233
8	xpcom_core.dll	nsStreamCopierOB::FillOutputBuffer	xpcom/io/nsStreamUtils.cpp:523
9	xpcom_core.dll	nsPipeOutputStream::WriteSegments	xpcom/io/nsPipe3.cpp:1137
10	xpcom_core.dll	nsStreamCopierOB::DoCopy	xpcom/io/nsStreamUtils.cpp:583
11	xpcom_core.dll	nsAStreamCopier::Process	xpcom/io/nsStreamUtils.cpp:323
12	xpcom_core.dll	nsAStreamCopier::Run	xpcom/io/nsStreamUtils.cpp:439
13	xpcom_core.dll	nsThreadPool::Run	xpcom/threads/nsThreadPool.cpp:219
14	xpcom_core.dll	nsThread::ProcessNextEvent	xpcom/threads/nsThread.cpp:527 

bp-391db25a-b01b-4e80-93bb-4d3112100913 long running instance
Component: General → Video/Audio
Product: Thunderbird → Core
QA Contact: general → video.audio
Version: 3.1 → 1.9.2 Branch
Component: Video/Audio → Networking: JAR
QA Contact: video.audio → networking.jar

Comment 1

8 years ago
I'm guessing this is some sort of an overflow due to a corrupt zip. Can anyone reproduce this?
(Reporter)

Comment 2

8 years ago
Taras, I discovered the earliest crashes are v3.1, so this is a 1.9.2 regression. nsZipArchive::GetData(nsZipItem*), all OS. Crash doesn't appear in numbers until thunderbird version 3.1.2 20100802/1.9.2.8 but I'm guessing increased more because of pushing people from 3.0 to 3.1.2, and not any changes in 1.9.2.8

bpbp-0fe8e10d-f607-445c-83f1-f3ecf2100709 v3.1
0	thunderbird-bin	nsZipArchive::GetData	 modules/libjar/nsZipArchive.cpp:678
1	thunderbird-bin	nsJARInputStream::InitFile	modules/libjar/nsJARInputStream.cpp:91
2	thunderbird-bin	nsJAR::GetInputStreamWithSpec	modules/libjar/nsJAR.cpp:342
3	thunderbird-bin	nsJAR::GetInputStream	modules/libjar/nsJAR.cpp:316
4	thunderbird-bin	nsJARInputThunk::EnsureJarStream	modules/libjar/nsJARChannel.cpp:166
5	thunderbird-bin	nsJARChannel::Open	modules/libjar/nsJARChannel.cpp:676
6	thunderbird-bin	nsStringBundle::LoadProperties	intl/strres/src/nsStringBundle.cpp:135
7	thunderbird-bin	nsStringBundle::GetStringFromName	intl/strres/src/nsStringBundle.cpp:276
8	thunderbird-bin	nsPrefBranch::GetDefaultFromPropertiesFile	modules/libpref/src/nsPrefBranch.cpp:821
9	thunderbird-bin	nsPrefBranch::GetComplexValue	modules/libpref/src/nsPrefBranch.cpp:258 


(In reply to comment #1)
> I'm guessing this is some sort of an overflow due to a corrupt zip. Can anyone
> reproduce this?

sorry, no testcase.  no crash comments. and reporters yet, unless kinetik can repro
Keywords: regression, testcase-wanted
OS: Windows Vista → All
Summary: crash [@ int32_le_at] → crash [@ int32_le_at] - libjar/nsZipArchive and [@ nsZipArchive::GetData(nsZipItem*)]

Updated

8 years ago
Depends on: 598416
I don't know how calendar could be the culprit here. The only direct way we use libjar is in 1.9.2 where we attempt to read the timezones.properties from a jar: uri. This is done only in a catch-block and is only meant for unit tests, but possibly something else is causing an exception. This code has gone away in comm-central though.
(Assignee)

Updated

7 years ago
Crash Signature: [@ int32_le_at] [@ nsZipArchive::GetData(nsZipItem*)]
Crash Signature: [@ int32_le_at] [@ nsZipArchive::GetData(nsZipItem*)] → [@ int32_le_at] [@ nsZipArchive::GetData(nsZipItem*)]

Updated

7 years ago
Crash Signature: [@ int32_le_at] [@ nsZipArchive::GetData(nsZipItem*)] → [@ int32_le_at] [@ nsZipArchive::GetData(nsZipItem*)] [@ nsZipArchive::GetData]

Comment 5

7 years ago
Removing the top crash keyword since the volume is pretty low.
Keywords: topcrash
(Reporter)

Comment 6

6 years ago
I forget now why I kept both bug 574339 and this.

Updated

6 years ago
Whiteboard: [tbird topcrash] → [tbird crash]
(Reporter)

Updated

3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 574339
You need to log in before you can comment on or make changes to this bug.