Closed Bug 71976 Opened 23 years ago Closed 23 years ago

'title' referenced after it's freed in layout/html/base/src/nsPageFrame.cpp, leading to data corruption

Categories

(Core :: Printing: Output, defect)

Product:
Core
Component:
Printing: Output
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: johann.petrak, Assigned: dcone)

References

(
URL
)

Details

Attachments

(1 file)

Patch to fix problem
760 bytes, patch
Details | Diff | Splinter Review 
From Bugzilla Helper:
User-Agent: Mozilla/4.5 [en] (X11; I; SunOS 5.6 sun4u)
BuildID:    2001031321

When printing the given page, the printout does not
contain the URL in the upper right header, and turns it
off for subsequent printouts too.

Reproducible: Always
Steps to Reproduce:
1. print e.g. www.ai.univie.ac.at -> printout shows URL
2. print http://www.mozilla.org/mozilla-faq.html -> printout doesnt show URL
3. print e.g. www.ai.univie.ac.at again -> printout doesnt show URL
reporter, the url you list returns a 404 not found error.  Is that the right URL?
URL: http://http://www.mozilla.org/mozilla...http://www.mozilla.org/mozilla-faq.html
Sorry, the correct URL is http://www.mozilla.org/docs/mozilla-faq.html

Also, I found that this bug is more complicated (have now build 2001031408)
Somehow I now only can reproduce this sometimes, not always.
But this seems to be reproducable:
  I go to the page http://www.mozilla.org/docs/mozilla-faq.html
  click File -> Print ... and then PRESS ENTER.
When clicking the print button, the URL seems to print most of the times.
I also got printouts for other pages without the URL and sometimes for
the same page with the URL. Also, it is not the case that pressing enter
or clicking print determines wheter the URL is included. Very strange.

BTW: instead of printing, I usually enter "ghostview -" into the
print command line. Mozilla doesnt seem to remember this till the next
session (I guess there is probably a bug for this, but wanted to mention it)
URL: http://www.mozilla.org/mozilla-faq.htmlhttp://www.mozilla.org/doc/mozilla-fa...
Still there in 2001043321 (Linux): 
  1) print page 1 of http://www.mozilla.org/docs/mozilla-faq.html
  2) print page 1 of http://www.mozilla.org/wishlist-faq.html
The first page printed for  http://www.mozilla.org/docs/mozilla-faq.html
shows the headers OK, a completely black bar at the top
(obviously the mozilla.org banner, incorrectly rendered to postscript),
 and nothing else (the rest of the page is white, the heading and 
everything else of the page
only appears on page 2 of the printout).

However, printing e.g. http://www.mozilla.org/wishlist-faq.html
works fine (the header appears immediately after the banner).
URL: http://www.mozilla.org/doc/mozilla-fa...http://www.mozilla.org/docs/mozilla-f...
Broken for me with build 2001-04-23-08.  but worksforme with builds from the
morning of 2001-04-24 (and the image prints correctly too).
Just tried with 2001042408.
It seems to depend on paper size: when I select letter,
only the banner/headers/footers get printed (now correctly),
rest of page is empty. 
When I select A4, everything works fine with
http://www.mozilla.org/docs/mozilla-faq.html

However, http://www.mozilla.org/wishlist-faq.html works fine
with both letter and a4.

Mozilla/5.0 (X11; U; Linux 2.4.2 i586; en-US; rv:0.9+) Gecko/2001050808

Well it seems to me pretty random.

I just tried this: 1) run mozilla, 2) display this bug's page, 3) print to file
(Legal;page #1;color), 4) repeat again and again.

Result as usual - after printing enough times, the url text at the right corner
of the page disappears.

Comparing the correct vs. incorrect PS files, the only difference is the
presence or absence of a complete PS section that prints the URL.

Which suggets that the PS creation code is ok, and that the problem is with the
higher level, that doesn't send the url text to print.

mozilla/layout/html/base/src/nsPageFrame.cpp:

// print document title
PRUnichar * title;
mPrintOptions->GetTitle(&title); // creates memory
if (title != nsnull && (printOptBits & nsIPrintOptions::kOptPrintDocTitle)) {
  ... print title ...
  nsMemory::Free(title);
}

// print document URL
PRUnichar * url;
mPrintOptions->GetDocURL(&url);
if (title != url && (printOptBits & nsIPrintOptions::kOptPrintDocLoc)) {
  ... print url ...
  nsMemory::Free(url);
}

'title' is referenced after it has been freed.


Owner / reporter: can you please confirm this bug?
Tried with Mozilla 2001051521 (Linux): same status as described in my
entry from 2001-04-24 10:09: Header line (with URL) is there, footer
is there.
But printing http://www.mozilla.org/docs/mozilla-faq.html on letter
will still put just the banner on page one and the rest only on
page two. Printing same URL on A4 works as it should.
Can anybody else confirm this? 
Also tried entry limval@yahoo.com 2001-05-09 11:32: with legal, I never
get the header, neither the banner image. With A4  I get the banner image
and the header barely makes it on the topmost portion of the page. 
The Laserprinter wont print it, but its visible with ghostview.

The summary doesnt seem apropriate for this bug anymore, should it
be changed? 
setting status to new.  This is definitely a coding error that should be fixed
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Printing this page causes URL to disappear from this and subsequent printouts → 'title' referenced after it's freed in layout/html/base/src/nsPageFrame.cpp, leading to data corruption
Blocks: 80799
This is a problem, but will only be a problem if ( title == url), in which case 
a leak would occur because the url would not be cleaned up. It is perfectly 
legal to refer to a pointer that has been deleted.   This code should be fixed.. 
probably just compare the url to null, instead of title.  I dont think this is 
causing the symptoms described in this bug, that may be due to a pagnation 
problem tables are having and have been having for a while.  I will attach a 
patch and check it in after reviews..
Here is how I think this is causing the simptoms of what was described:

After printing the title, we have:
    nsMemory::Free(title) 
which frees the title string. Then comes
    mPrintOptions->GetDocURL(&url)
which allocates a new string for the url. Since 'title' has been freed, its
memory is available and can be used for 'url'. That's how we get
    title == url
and so the url is not printed. 

I too think that there's no deep meaning in "title != url", and original
intention was probably:
    url != nsnull

which indeed fixed the problem for me.


*** Bug 80799 has been marked as a duplicate of this bug. ***

    
  
Status: NEW → ASSIGNED

    
    

    
  
r=rods

    
    

    
  
limval, good explanation!

sr=attinasi for the patch 34953

    
    

    
  
fixed.

Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED

    
    

    
  
*** Bug 81848 has been marked as a duplicate of this bug. ***

    
    

    
  
Johann, is this working for you now? please verify...thanks.


    
    

    
  
Tried with 2001052213:
Same symptoms as reported 05-16 
for http://www.mozilla.org/docs/mozilla-faq.html when
printing on legal (no text, just header/footer and banner image) and
A4 (works). 
But now it also crashes when switching papersize from legal to A4
or from A4 to legal.
In detail:
1) start mozilla, go to URL
2) File-print, print command="ghostview -", all else default 
   (first page first, color, letter, all pages)
3) print: Title/Url shown in header, then the mozilla banner,
   then empty page, then footer "1 of 12" and date
4) exit ghostview 
5) file-print, leave "ghostview -", change size to a4
6) print: either it crashes, or works fine (text shown correctly on
   first page)

So crashing occurs only sometimes, (but frequently, when changing the
papersize and printing again (segmentation fault)

Text for this URL will always be missing on first page for legal and never
for A4.

Also tried to print this bug's page: on legal, it looks fine.
On A4, header line is directly below the uper edge of the paper
(i.e. there seems to be no top margin above the header line), which 
is wrong, since the default top margin is 0.5
When setting top margin to zero, part of the printout is outside 
the paper.

Also interesting: I couldnt cause a crash by switching paper sizes
on other URLs, only on the mozilla-faq url given above! 

    
    

    
  
Just realized that obviously the original bug (header disappearing)
already wasnt there for me when I reported 05-16.
But what about all the other stuff? It doesnt seem to be connected
to what is fixed by the patch. Should this be a different bug?
Can other confirm that odd behaviour?


    
    

    
  
Johann, please reopen this bug if you think it is not fixed. thanks.

    
    

    
  
Johann, please file a bug for the new issues you discovered and
REOPEN this bug if you feel the orginal problem still persists.

thanks.

    
    

    
  
Johann,

you report that:

  3) print: Title/Url shown in header, then the mozilla banner,
     then empty page, then footer "1 of 12" and date

Can you please attach the "bad" postscript file so we can take a look at it?
this can help find where the problem is.


    
    

    
  
OK, disappearing title bug is fixed.
Opened bug http://bugzilla.mozilla.org/show_bug.cgi?id=82690 for the
wrong top margin problem and bug
http://bugzilla.mozilla.org/show_bug.cgi?id=82691 for the
problem of missing text on page one.


    
    

    
  
thanks Johann....marking this bug verified.
Status: RESOLVED → VERIFIED

    
    

    
  
*** Bug 82342 has been marked as a duplicate of this bug. ***

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: