Last Comment Bug 667618 - Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
: Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
: crash, regression
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: x86 Windows 7
: P1 critical (vote)
: mozilla7
Assigned To: Boris Zbarsky [:bz] (still a bit busy)
: Andrew Overholt [:overholt]
Depends on:
Blocks: 661327
  Show dependency treegraph
Reported: 2011-06-27 14:22 PDT by Marcia Knous [:marcia - use ni]
Modified: 2011-09-22 15:36 PDT (History)
12 users (show)
bzbarsky: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

WIP (6.82 KB, patch)
2011-06-28 14:10 PDT, :Ms2ger (⌚ UTC+1/+2)
no flags Details | Diff | Splinter Review
Prevent mismatches between our enum and our strings. (8.05 KB, patch)
2011-06-28 14:14 PDT, Boris Zbarsky [:bz] (still a bit busy)
no flags Details | Diff | Splinter Review
Prevent mismatches between our enum and our strings. (8.11 KB, patch)
2011-06-28 14:24 PDT, Boris Zbarsky [:bz] (still a bit busy)
jonas: review+
Details | Diff | Splinter Review

Description Marcia Knous [:marcia - use ni] 2011-06-27 14:22:19 PDT
Seen while looking at trunk crash stats. Crashes started showing up on the trunk using the 2011062600 build. There is one lone crash in this stack in 4.0.1.

Possible pushlog regression:

Frame 	Module 	Signature [Expand] 	Source
0 	mozcrt19.dll 	strlen 	strlen.asm:69
1 	xul.dll 	AppendASCIItoUTF16 	xpcom/string/src/nsReadableUtils.cpp:189
2 	xul.dll 	NS_ConvertASCIItoUTF16::NS_ConvertASCIItoUTF16 	obj-firefox/dist/include/nsString.h:121
3 	xul.dll 	nsContentUtils::GetLocalizedString 	content/base/src/nsContentUtils.cpp:2712
4 	xul.dll 	nsContentUtils::ReportToConsole 	content/base/src/nsContentUtils.cpp:2760
5 	xul.dll 	nsContentUtils::ReportToConsole 	content/base/src/nsContentUtils.cpp:2807
6 	xul.dll 	nsIDocument::WarnOnceAbout 	content/base/src/nsDocument.cpp:8180
7 	xul.dll 	nsDOMAttribute::GetTextContent 	content/base/src/nsDOMAttribute.cpp:639
8 	xul.dll 	nsIDOMNode_GetTextContent 	obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:7440
9 	mozjs.dll 	js::Shape::get 	js/src/jsscopeinlines.h:284
10 	mozjs.dll 	js_GetPropertyHelper 	js/src/jsobj.cpp:5350
11 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:4066
12 	mozjs.dll 	JSCompartment::wrap 	js/src/jscompartment.cpp:224
13 	mozjs.dll 	js::ExternalExecute 	js/src/jsinterp.cpp:944
14 	mozjs.dll 	EvaluateUCScriptForPrincipalsCommon 	js/src/jsapi.cpp:4984
15 	mozjs.dll 	JS_EvaluateUCScriptForPrincipalsVersion 	js/src/jsapi.cpp:5000
16 	xul.dll 	nsJSContext::EvaluateString 	dom/base/nsJSEnvironment.cpp:1453
17 	xul.dll 	nsScriptLoader::EvaluateScript 	content/base/src/nsScriptLoader.cpp:906
18 	xul.dll 	nsScriptLoader::ProcessRequest 	content/base/src/nsScriptLoader.cpp:799
19 	xul.dll 	nsScriptLoader::ProcessScriptElement 	
20 	xul.dll 	nsScriptElement::MaybeProcessScript 	content/base/src/nsScriptElement.cpp:182
21 	xul.dll 	nsHTMLScriptElement::MaybeProcessScript 	content/html/content/src/nsHTMLScriptElement.cpp:586
22 	xul.dll 	nsHTMLScriptElement::DoneAddingChildren 	content/html/content/src/nsHTMLScriptElement.cpp:513
23 	xul.dll 	nsHtml5TreeOpExecutor::RunScript 	parser/html/nsHtml5TreeOpExecutor.cpp:730
24 	xul.dll 	nsHtml5TreeOpExecutor::RunFlushLoop 	parser/html/nsHtml5TreeOpExecutor.cpp:525
25 	xul.dll 	nsHtml5ExecutorFlusher::Run 	parser/html/nsHtml5StreamParser.cpp:156
26 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:617
27 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
28 	xul.dll 	xul.dll@0xb76f87 	
29 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/
30 	xul.dll 	xul.dll@0x3726cf 	
31 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/
32 	xul.dll 	mozilla::storage::AsyncExecuteStatements::AsyncExecuteStatements 	storage/src/mozStorageAsyncStatementExecution.cpp:242
33 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:189
34 		@0x761bffff 	
35 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:222
36 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3573
37 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:107
38 	firefox.exe 	firefox.exe@0x4043 	
39 	firefox.exe 	_RTC_Initialize 	
40 	mozcrt19.dll 	_initterm 	obj-firefox/memory/jemalloc/crtsrc/crt0dat.c:852
41 	firefox.exe 	firefox.exe@0x2087 	
42 	ntdll.dll 	WinSqmSetIfMaxDWORD 	
43 	ntdll.dll 	_RtlUserThreadStart 	
44 	firefox.exe 	firefox.exe@0x1cef 	
45 	firefox.exe 	firefox.exe@0x1cef
Comment 1 Benjamin Smedberg [:bsmedberg] 2011-06-28 07:40:47 PDT has 31 entries has 30 entries. This is a serious looking regression that should block
Comment 2 Benjamin Smedberg [:bsmedberg] 2011-06-28 07:45:49 PDT
This was caused by bug 661327, and specifically eNormalize is in one array but not the other. We should be able to statically assert the correct length by adding a eLastDeprecatedWarning value, and then PR_STATIC_ASSERT(NS_ARRAY_LENGTH(kWarnings) == eLastDeprecatedWarning - 1).
Comment 3 Boris Zbarsky [:bz] (still a bit busy) 2011-06-28 08:00:43 PDT
Or just generate both arrays from a single header included in two ways.  That would have the fringe benefit of ensuring not only matching length but matching order.
Comment 4 Boris Zbarsky [:bz] (still a bit busy) 2011-06-28 13:21:40 PDT
Stealing, since this is blocking some of my work.
Comment 5 :Ms2ger (⌚ UTC+1/+2) 2011-06-28 14:10:16 PDT
Created attachment 542590 [details] [diff] [review]
Comment 6 Boris Zbarsky [:bz] (still a bit busy) 2011-06-28 14:14:21 PDT
Created attachment 542594 [details] [diff] [review]
Prevent mismatches between our enum and our strings.
Comment 7 Boris Zbarsky [:bz] (still a bit busy) 2011-06-28 14:24:07 PDT
Created attachment 542602 [details] [diff] [review]
Prevent mismatches between our enum and our strings.
Comment 8 Boris Zbarsky [:bz] (still a bit busy) 2011-06-28 18:08:14 PDT
Comment 9 Boris Zbarsky [:bz] (still a bit busy) 2011-06-28 19:46:01 PDT
And to fix build bustage on maemo.
Comment 11 Robert Kaiser 2011-07-01 08:21:16 PDT
No crashes on builds later than the 29th so far (people kept crashing yesterday with builds from previous days, though).
Comment 12 Asa Dotzler [:asa] 2011-07-13 12:00:18 PDT
Kairo, how's this look on Aurora [7]?
Comment 13 Marcia Knous [:marcia - use ni] 2011-07-13 12:05:13 PDT
Crash stats look good on Aurora - last crash was with 20110629030813.

(In reply to comment #12)
> Kairo, how's this look on Aurora [7]?
Comment 14 Trif Andrei-Alin[:AlinT] 2011-08-22 04:52:30 PDT
Mozilla/5.0 (Windows NT 6.1; rv:7.0) Gecko/20100101 Firefox/7.0

Could you provide some testcases on how can i test if the issue was fixed?
Comment 15 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-22 15:36:12 PDT
qa- as no QA verification needed (check crashstats if you want to mark VERIFIED)

Note You need to log in before you can comment on or make changes to this bug.