Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)

RESOLVED FIXED in Firefox 7

Status

()

Core
DOM
P1
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: marcia, Assigned: bz)

Tracking

({crash, regression})

Trunk
mozilla7
x86
Windows 7
crash, regression
Points:
---
Bug Flags:
in-testsuite -

Firefox Tracking Flags

(firefox7+ fixed)

Details

(Whiteboard: [qa-], crash signature)

Attachments

(2 attachments, 1 obsolete attachment)

(Reporter)

Description

6 years ago
Seen while looking at trunk crash stats. http://tinyurl.com/3dwbys9. Crashes started showing up on the trunk using the 2011062600 build. There is one lone crash in this stack in 4.0.1.

Possible pushlog regression: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=ce10fd5d82c6&tochange=fc7d76664c79

https://crash-stats.mozilla.com/report/index/a13ff338-a910-46c6-9e67-729162110627

Frame 	Module 	Signature [Expand] 	Source
0 	mozcrt19.dll 	strlen 	strlen.asm:69
1 	xul.dll 	AppendASCIItoUTF16 	xpcom/string/src/nsReadableUtils.cpp:189
2 	xul.dll 	NS_ConvertASCIItoUTF16::NS_ConvertASCIItoUTF16 	obj-firefox/dist/include/nsString.h:121
3 	xul.dll 	nsContentUtils::GetLocalizedString 	content/base/src/nsContentUtils.cpp:2712
4 	xul.dll 	nsContentUtils::ReportToConsole 	content/base/src/nsContentUtils.cpp:2760
5 	xul.dll 	nsContentUtils::ReportToConsole 	content/base/src/nsContentUtils.cpp:2807
6 	xul.dll 	nsIDocument::WarnOnceAbout 	content/base/src/nsDocument.cpp:8180
7 	xul.dll 	nsDOMAttribute::GetTextContent 	content/base/src/nsDOMAttribute.cpp:639
8 	xul.dll 	nsIDOMNode_GetTextContent 	obj-firefox/js/src/xpconnect/src/dom_quickstubs.cpp:7440
9 	mozjs.dll 	js::Shape::get 	js/src/jsscopeinlines.h:284
10 	mozjs.dll 	js_GetPropertyHelper 	js/src/jsobj.cpp:5350
11 	mozjs.dll 	js::Interpret 	js/src/jsinterp.cpp:4066
12 	mozjs.dll 	JSCompartment::wrap 	js/src/jscompartment.cpp:224
13 	mozjs.dll 	js::ExternalExecute 	js/src/jsinterp.cpp:944
14 	mozjs.dll 	EvaluateUCScriptForPrincipalsCommon 	js/src/jsapi.cpp:4984
15 	mozjs.dll 	JS_EvaluateUCScriptForPrincipalsVersion 	js/src/jsapi.cpp:5000
16 	xul.dll 	nsJSContext::EvaluateString 	dom/base/nsJSEnvironment.cpp:1453
17 	xul.dll 	nsScriptLoader::EvaluateScript 	content/base/src/nsScriptLoader.cpp:906
18 	xul.dll 	nsScriptLoader::ProcessRequest 	content/base/src/nsScriptLoader.cpp:799
19 	xul.dll 	nsScriptLoader::ProcessScriptElement 	
20 	xul.dll 	nsScriptElement::MaybeProcessScript 	content/base/src/nsScriptElement.cpp:182
21 	xul.dll 	nsHTMLScriptElement::MaybeProcessScript 	content/html/content/src/nsHTMLScriptElement.cpp:586
22 	xul.dll 	nsHTMLScriptElement::DoneAddingChildren 	content/html/content/src/nsHTMLScriptElement.cpp:513
23 	xul.dll 	nsHtml5TreeOpExecutor::RunScript 	parser/html/nsHtml5TreeOpExecutor.cpp:730
24 	xul.dll 	nsHtml5TreeOpExecutor::RunFlushLoop 	parser/html/nsHtml5TreeOpExecutor.cpp:525
25 	xul.dll 	nsHtml5ExecutorFlusher::Run 	parser/html/nsHtml5StreamParser.cpp:156
26 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:617
27 	xul.dll 	mozilla::ipc::MessagePump::Run 	ipc/glue/MessagePump.cpp:110
28 	xul.dll 	xul.dll@0xb76f87 	
29 	xul.dll 	MessageLoop::RunHandler 	ipc/chromium/src/base/message_loop.cc:202
30 	xul.dll 	xul.dll@0x3726cf 	
31 	xul.dll 	MessageLoop::Run 	ipc/chromium/src/base/message_loop.cc:176
32 	xul.dll 	mozilla::storage::AsyncExecuteStatements::AsyncExecuteStatements 	storage/src/mozStorageAsyncStatementExecution.cpp:242
33 	xul.dll 	nsBaseAppShell::Run 	widget/src/xpwidgets/nsBaseAppShell.cpp:189
34 		@0x761bffff 	
35 	xul.dll 	nsAppStartup::Run 	toolkit/components/startup/nsAppStartup.cpp:222
36 	xul.dll 	XRE_main 	toolkit/xre/nsAppRunner.cpp:3573
37 	firefox.exe 	wmain 	toolkit/xre/nsWindowsWMain.cpp:107
38 	firefox.exe 	firefox.exe@0x4043 	
39 	firefox.exe 	_RTC_Initialize 	
40 	mozcrt19.dll 	_initterm 	obj-firefox/memory/jemalloc/crtsrc/crt0dat.c:852
41 	firefox.exe 	firefox.exe@0x2087 	
42 	ntdll.dll 	WinSqmSetIfMaxDWORD 	
43 	ntdll.dll 	_RtlUserThreadStart 	
44 	firefox.exe 	firefox.exe@0x1cef 	
45 	firefox.exe 	firefox.exe@0x1cef
(Reporter)

Updated

6 years ago
Summary: Firefox Crash@ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&) → Firefox Crash @ strlen | AppendASCIItoUTF16(char const*, nsAString_internal&)
http://mxr.mozilla.org/mozilla-central/source/content/base/public/nsIDocument.h#1529 has 31 entries

http://mxr.mozilla.org/mozilla-central/source/content/base/src/nsDocument.cpp#8133 has 30 entries. This is a serious looking regression that should block
tracking-firefox7: --- → +
Component: XPCOM → DOM
QA Contact: xpcom → general
This was caused by bug 661327, and specifically eNormalize is in one array but not the other. We should be able to statically assert the correct length by adding a eLastDeprecatedWarning value, and then PR_STATIC_ASSERT(NS_ARRAY_LENGTH(kWarnings) == eLastDeprecatedWarning - 1).
Assignee: nobody → Ms2ger
Blocks: 661327
Keywords: regression
Or just generate both arrays from a single header included in two ways.  That would have the fringe benefit of ensuring not only matching length but matching order.
Stealing, since this is blocking some of my work.
Assignee: Ms2ger → bzbarsky
Priority: -- → P1
Created attachment 542590 [details] [diff] [review]
WIP
Created attachment 542594 [details] [diff] [review]
Prevent mismatches between our enum and our strings.
Attachment #542594 - Flags: review?(jonas)
Whiteboard: [need review]
Created attachment 542602 [details] [diff] [review]
Prevent mismatches between our enum and our strings.
Attachment #542602 - Flags: review?(jonas)
Attachment #542594 - Attachment is obsolete: true
Attachment #542594 - Flags: review?(jonas)
Attachment #542602 - Flags: review?(jonas) → review+
http://hg.mozilla.org/integration/mozilla-inbound/rev/59a6f5524476
Flags: in-testsuite-
Whiteboard: [need review]
Target Milestone: --- → mozilla7
And http://hg.mozilla.org/integration/mozilla-inbound/rev/072083211e32 to fix build bustage on maemo.
http://hg.mozilla.org/mozilla-central/rev/59a6f5524476
http://hg.mozilla.org/mozilla-central/rev/072083211e32
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED

Comment 11

6 years ago
No crashes on builds later than the 29th so far (people kept crashing yesterday with builds from previous days, though).

Comment 12

6 years ago
Kairo, how's this look on Aurora [7]?
(Reporter)

Comment 13

6 years ago
Crash stats look good on Aurora - last crash was with 20110629030813.

(In reply to comment #12)
> Kairo, how's this look on Aurora [7]?
status-firefox7: --- → fixed
Mozilla/5.0 (Windows NT 6.1; rv:7.0) Gecko/20100101 Firefox/7.0

Could you provide some testcases on how can i test if the issue was fixed?
Thanks.
qa- as no QA verification needed (check crashstats if you want to mark VERIFIED)
Whiteboard: [qa-]
You need to log in before you can comment on or make changes to this bug.