Last Comment Bug 667618 - Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
: Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
Status: RESOLVED FIXED
[qa-]
: crash, regression
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: x86 Windows 7
: P1 critical (vote)
: mozilla7
Assigned To: Boris Zbarsky [:bz]
:
Mentors:
Depends on:
Blocks: 661327
  Show dependency treegraph
 
Reported: 2011-06-27 14:22 PDT by Marcia Knous [:marcia - use ni]
Modified: 2011-09-22 15:36 PDT (History)
12 users (show)
bzbarsky: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
fixed


Attachments
WIP (6.82 KB, patch)
2011-06-28 14:10 PDT, :Ms2ger (⌚ UTC+1/+2)
no flags Details | Diff | Splinter Review
Prevent mismatches between our enum and our strings. (8.05 KB, patch)
2011-06-28 14:14 PDT, Boris Zbarsky [:bz]
no flags Details | Diff | Splinter Review
Prevent mismatches between our enum and our strings. (8.11 KB, patch)
2011-06-28 14:24 PDT, Boris Zbarsky [:bz]
jonas: review+
Details | Diff | Splinter Review

Description Marcia Knous [:marcia - use ni] 2011-06-27 14:22:19 PDT
Seen while looking at trunk crash stats. http://tinyurl.com/3dwbys9. Crashes started showing up on the trunk using the 2011062600 build. There is one lone crash in this stack in 4.0.1.

Possible pushlog regression: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ce10fd5d82c6&tochange=fc7d76664c79

https://crash-stats.mozilla.com/report/index/a13ff338-a910-46c6-9e67-729162110627

Frame 	Module 	Signature [Expand] 	Source
0 	mozcrt19.dll 	strlen 	strlen.asm:69
1 	xul.dll 	AppendASCIItoUTF16 	xpcom/string/src/nsReadableUtils.cpp:189
2 	xul.dll 	NS_ConvertASCIItoUTF16::NS_ConvertASCIItoUTF16 	obj-firefox/dist/include/nsString.h:121
3 	xul.dll 	nsContentUtils::GetLocalizedString 	content/base/src/nsContentUtils.cpp:2712
4 	xul.dll 	nsContentUtils::ReportToConsole 	content/base/src/nsContentUtils.cpp:2760
5 	xul.dll 	nsContentUtils::ReportToConsole 	content/base/src/nsContentUtils.cpp:2807
6 	xul.dll 	nsIDocument::WarnOnceAbout 	content/base/src/nsDocument.cpp:8180
7 	xul.dll 	nsDOMAttribute::GetTextContent 	content/base/src/nsDOMAttribute.cpp:639
8 	xul.dll 	nsIDOMNode_GetTextContent 	obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:7440
9 	mozjs.dll 	js::Shape::get 	js/src/jsscopeinlines.h:284
10 	mozjs.dll 	js_GetPropertyHelper 	js/src/jsobj.cpp:5350
11 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:4066
12 	mozjs.dll 	JSCompartment::wrap 	js/src/jscompartment.cpp:224
13 	mozjs.dll 	js::ExternalExecute 	js/src/jsinterp.cpp:944
14 	mozjs.dll 	EvaluateUCScriptForPrincipalsCommon 	js/src/jsapi.cpp:4984
15 	mozjs.dll 	JS_EvaluateUCScriptForPrincipalsVersion 	js/src/jsapi.cpp:5000
16 	xul.dll 	nsJSContext::EvaluateString 	dom/base/nsJSEnvironment.cpp:1453
17 	xul.dll 	nsScriptLoader::EvaluateScript 	content/base/src/nsScriptLoader.cpp:906
18 	xul.dll 	nsScriptLoader::ProcessRequest 	content/base/src/nsScriptLoader.cpp:799
19 	xul.dll 	nsScriptLoader::ProcessScriptElement 	
20 	xul.dll 	nsScriptElement::MaybeProcessScript 	content/base/src/nsScriptElement.cpp:182
21 	xul.dll 	nsHTMLScriptElement::MaybeProcessScript 	content/html/content/src/nsHTMLScriptElement.cpp:586
22 	xul.dll 	nsHTMLScriptElement::DoneAddingChildren 	content/html/content/src/nsHTMLScriptElement.cpp:513
23 	xul.dll 	nsHtml5TreeOpExecutor::RunScript 	parser/html/nsHtml5TreeOpExecutor.cpp:730
24 	xul.dll 	nsHtml5TreeOpExecutor::RunFlushLoop 	parser/html/nsHtml5TreeOpExecutor.cpp:525
25 	xul.dll 	nsHtml5ExecutorFlusher::Run 	parser/html/nsHtml5StreamParser.cpp:156
26 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:617
27 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
28 	xul.dll 	xul.dll@0xb76f87 	
29 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:202
30 	xul.dll 	xul.dll@0x3726cf 	
31 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:176
32 	xul.dll 	mozilla::storage::AsyncExecuteStatements::AsyncExecuteStatements 	storage/src/mozStorageAsyncStatementExecution.cpp:242
33 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:189
34 		@0x761bffff 	
35 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:222
36 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3573
37 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:107
38 	firefox.exe 	firefox.exe@0x4043 	
39 	firefox.exe 	_RTC_Initialize 	
40 	mozcrt19.dll 	_initterm 	obj-firefox/memory/jemalloc/crtsrc/crt0dat.c:852
41 	firefox.exe 	firefox.exe@0x2087 	
42 	ntdll.dll 	WinSqmSetIfMaxDWORD 	
43 	ntdll.dll 	_RtlUserThreadStart 	
44 	firefox.exe 	firefox.exe@0x1cef 	
45 	firefox.exe 	firefox.exe@0x1cef
Comment 1 Benjamin Smedberg [:bsmedberg] 2011-06-28 07:40:47 PDT
http://mxr.mozilla.org/mozilla-central/source/content/base/public/nsIDocument.h#1529 has 31 entries

http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsDocument.cpp#8133 has 30 entries. This is a serious looking regression that should block
Comment 2 Benjamin Smedberg [:bsmedberg] 2011-06-28 07:45:49 PDT
This was caused by bug 661327, and specifically eNormalize is in one array but not the other. We should be able to statically assert the correct length by adding a eLastDeprecatedWarning value, and then PR_STATIC_ASSERT(NS_ARRAY_LENGTH(kWarnings) == eLastDeprecatedWarning - 1).
Comment 3 Boris Zbarsky [:bz] 2011-06-28 08:00:43 PDT
Or just generate both arrays from a single header included in two ways.  That would have the fringe benefit of ensuring not only matching length but matching order.
Comment 4 Boris Zbarsky [:bz] 2011-06-28 13:21:40 PDT
Stealing, since this is blocking some of my work.
Comment 5 :Ms2ger (⌚ UTC+1/+2) 2011-06-28 14:10:16 PDT
Created attachment 542590 [details] [diff] [review]
WIP
Comment 6 Boris Zbarsky [:bz] 2011-06-28 14:14:21 PDT
Created attachment 542594 [details] [diff] [review]
Prevent mismatches between our enum and our strings.
Comment 7 Boris Zbarsky [:bz] 2011-06-28 14:24:07 PDT
Created attachment 542602 [details] [diff] [review]
Prevent mismatches between our enum and our strings.
Comment 9 Boris Zbarsky [:bz] 2011-06-28 19:46:01 PDT
And http://hg.mozilla.org/integration/mozilla-inbound/rev/072083211e32 to fix build bustage on maemo.
Comment 11 Robert Kaiser 2011-07-01 08:21:16 PDT
No crashes on builds later than the 29th so far (people kept crashing yesterday with builds from previous days, though).
Comment 12 Asa Dotzler [:asa] 2011-07-13 12:00:18 PDT
Kairo, how's this look on Aurora [7]?
Comment 13 Marcia Knous [:marcia - use ni] 2011-07-13 12:05:13 PDT
Crash stats look good on Aurora - last crash was with 20110629030813.

(In reply to comment #12)
> Kairo, how's this look on Aurora [7]?
Comment 14 Trif Andrei-Alin[:AlinT] 2011-08-22 04:52:30 PDT
Mozilla/5.0 (Windows NT 6.1; rv:7.0) Gecko/20100101 Firefox/7.0

Could you provide some testcases on how can i test if the issue was fixed?
Thanks.
Comment 15 Anthony Hughes (:ashughes) [GFX][QA][Mentor] 2011-09-22 15:36:12 PDT
qa- as no QA verification needed (check crashstats if you want to mark VERIFIED)

Note You need to log in before you can comment on or make changes to this bug.