Closed Bug 624227 Opened 14 years ago Closed 13 years ago

Fennec crash in nsAString_internal::Assign [@ libc.so@0xf204 ][@ libc.so@0xf1e4 ][@ libc.so@0xf474 ][@ libc.so@0xf2d4 ][@ libc.so@0xf484 ][@ libc.so@0xf2b4 ][@ libc.so@0xf518 ]

Categories

(Core Graveyard :: Widget: Android, defect)

Product:
Core Graveyard
Component:
Widget: Android
Platform:
ARM
Android
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(fennec2.0+)

Status:
RESOLVED FIXED
Tracking Flags:
Tracking Status
fennec 2.0+ ---

People

(Reporter: scoobidiver, Assigned: blassey)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

patch
917 bytes, patch
dougt
: review+
Details | Diff | Splinter Review 
It is #25 top crasher in Fennec 4.0b3 for the last week.

Signature	libc.so@0xf204
UUID	9ecb6b98-d4bb-4711-b037-0203b2110108
Time 	2011-01-08 10:26:57.838981
Uptime	3014
Last Crash	16584 seconds (4.6 hours) before submission
Install Age	22853 seconds (6.3 hours) since version was first installed.
Product	Fennec
Version	4.0b3
Build ID	20101221205132
Branch	1.9
OS	Linux
OS Version	0.0.0 Linux 2.6.32.17-gee557fd #15 PREEMPT Fri Nov 26 23:12:08 CST 2010 armv7l
CPU	arm
Crash Reason	SIGSEGV
Crash Address	0x83170cb8
App Notes 	HTC PC36100
sprint/htc_supersonic/supersonic/supersonic:2.2/FRF91/294884:user/release-keys

Frame 	Module 	Signature [Expand] 	Source
0 	libc.so 	libc.so@0xf204 	
1 	libxul.so 	nsAString_internal::Assign 	nsCharTraits.h:224
2 	libxul.so 	mozilla::nsJNIString::nsJNIString 	jni.h:837
3 	libxul.so 	getHandlersFromStringArray 	jni.h:860
4 	libxul.so 	mozilla::AndroidBridge::GetHandlersForMimeType 	nsTSubstring.h:113
5 	libxul.so 	nsMIMEInfoAndroid::GetMimeInfoForMimeType 	nsTSubstring.h:113
6 	libxul.so 	nsMIMEInfoAndroid::GetMimeInfoForFileExt 	uriloader/exthandler/android/nsMIMEInfoAndroid.cpp:106
7 	libxul.so 	nsOSHelperAppService::GetMIMEInfoFromOS 	uriloader/exthandler/android/nsOSHelperAppService.cpp:64
8 	libxul.so 	nsExternalHelperAppService::GetTypeFromExtension 	nsCOMPtr.h:443
9 	libxul.so 	nsExternalHelperAppService::GetTypeFromFile 	uriloader/exthandler/nsExternalHelperAppService.cpp:2880
10 	libxul.so 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/unix/xptcinvoke_arm.cpp:199
11 	libxul.so 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:3064
12 	libxul.so 	XPC_WN_CallMethod 	js/src/xpconnect/src/xpcwrappednativejsops.cpp:1588
13 	libxul.so 	js::Interpret 	js/src/jsinterp.cpp:4750
14 	libxul.so 	js::Invoke 	js/src/jsinterp.cpp:657
15 	libxul.so 	js::ExternalInvoke 	js/src/jsinterp.cpp:858
16 	libxul.so 	JS_CallFunctionValue 	js/src/jsinterp.h:962
17 	libxul.so 	nsXBLProtoImplAnonymousMethod::Execute 	content/xbl/src/nsXBLProtoImplMethod.cpp:340
18 	libxul.so 	nsXBLPrototypeBinding::BindingAttached 	content/xbl/src/nsXBLPrototypeBinding.cpp:486
19 	libxul.so 	nsXBLBinding::ExecuteAttachedHandler 	content/xbl/src/nsXBLBinding.cpp:980
20 	libxul.so 	nsBindingManager::ProcessAttachedQueue 	content/xbl/src/nsBindingManager.cpp:1014
21 	libxul.so 	PresShell::FlushPendingNotifications 	layout/base/nsPresShell.cpp:4869
22 	libxul.so 	nsRefreshDriver::Notify 	nsCOMPtr.h:492
23 	libxul.so 	nsTimerImpl::Fire 	xpcom/threads/nsTimerImpl.cpp:429
24 	libxul.so 	nsTimerEvent::Run 	nsAutoPtr.h:969
25 	libxul.so 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:626
26 	libxul.so 	NS_ProcessNextEvent_P 	nsThreadUtils.cpp:250
27 	libxul.so 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:134
28 	libxul.so 	MessageLoop::RunInternal 	ipc/chromium/src/base/message_loop.cc:220
29 	libxul.so 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:512
30 	libxul.so 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:198
31 	libxul.so 	nsAppStartup::Run 	toolkit/components/startup/src/nsAppStartup.cpp:192
32 	libxul.so 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3693
33 	libxul.so 	GeckoStart 	toolkit/xre/nsAndroidStartup.cpp:131
34 	libc.so 	libc.so@0x10f47 	
35 	libc.so 	libc.so@0x10a33 	

More reports at:
http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=libc.so%400xf204
http://crash-stats.mozilla.com/report/list?range_value=4&range_unit=weeks&signature=libc.so%400xf474
Component: General → Widget: Android
Product: Fennec → Core
QA Contact: general → android
With combined signatures, it is #11 top crasher in Fennec 4.0b3.
tracking-fennec: --- → ?
Summary: Fennec crash [@ libc.so@0xf204 ][@ libc.so@0xf474 ] → Fennec crash [@ libc.so@0xf204 ][@ libc.so@0xf1e4 ][@ libc.so@0xf474 ]
tracking-fennec: ? → 2.0+
Assignee: nobody → blassey.bugs
Other reports at:
http://crash-stats.mozilla.com/query/query?product=Fennec&version=Fennec%3A4.0b3&range_value=1&range_unit=weeks&date=01%2F19%2F2011+03%3A57%3A28&query_search=signature&query_type=startswith&query=libc.so%400xf&build_id=&process_type=any&hang_type=any&do_query=1
Summary: Fennec crash [@ libc.so@0xf204 ][@ libc.so@0xf1e4 ][@ libc.so@0xf474 ] → Fennec crash in nsAString_internal::Assign [@ libc.so@0xf204 ][@ libc.so@0xf1e4 ][@ libc.so@0xf474 ][@ libc.so@0xf2d4 ][@ libc.so@0xf484 ][@ libc.so@0xf2b4 ][@ libc.so@0xf518 ]
Attached patch patchSplinter Review 
I haven't actually seen this crash, but it is possible for GetStringChars to return null and it doesn't look like Assign handles that, so let's just be defensive here. 
Also, GetStringChars expects a pointer to a boolean, not a boolean so this fixes that.
Attachment #506762 - Flags: review?(doug.turner)
Comment on attachment 506762 [details] [diff] [review]
patch

do we need to Assign(null, 0)?
Attachment #506762 - Flags: review?(doug.turner) → review+
(In reply to comment #4)
> Comment on attachment 506762 [details] [diff] [review]
> patch
> 
> do we need to Assign(null, 0)?

I believe SetIsVoid is the right thing to do here
pushed http://hg.mozilla.org/mozilla-central/rev/a3c8dbfe99b9
resolving this as fixed, please verify if the crash reports go away or reopen if they don't
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Crash Signature: [@ libc.so@0xf204 ] [@ libc.so@0xf1e4 ] [@ libc.so@0xf474 ] [@ libc.so@0xf2d4 ] [@ libc.so@0xf484 ] [@ libc.so@0xf2b4 ] [@ libc.so@0xf518 ]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: