Closed Bug 90981 Opened 24 years ago Closed 24 years ago

Crash in GetReadableFragment [@ nsAFlatCString::GetReadableFragment ]

Categories

(Core :: XPCOM, defect, P2)

x86
Windows 2000
defect

Tracking

()

RESOLVED FIXED
mozilla0.9.3

People

(Reporter: mscott, Assigned: mscott)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(2 files)

scc and I fixed one of our top crashers on the trunk today. If you had an nsXPIDLString which hadn't been initialized with a value and you then assigned it into a string which inherits from nsFlatString then we crash. i.e. nsXPIDLCString foo; nsCAutoString bar; bar = foo; boom. We have a patch which I'll post next.
keyword mumbo jumbo
Severity: normal → major
Status: NEW → ASSIGNED
Keywords: topcrash
Priority: -- → P2
Target Milestone: --- → mozilla0.9.3
the fix comes from scc. sr=mscott we just need an r= now.
as I discussed with mscott, this patch is appropriate for the trunk, but is not needed on the branch
sr=mscott
rs=waterson, and now it is checked in; revision 1.6 of "string/src/nsAString.cpp"
...and marking fixed
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Oh come on! -------------------------------------------------------------------------------- @@ -245,11 +245,14 @@ { SetLength(0); - SetLength(aReadable.Length()); - // first setting the length to |0| avoids copying characters only to be overwritten later - // in the case where the implementation decides to re-allocate - - const_iterator fromBegin, fromEnd; - iterator toBegin; - copy_string(aReadable.BeginReading(fromBegin), aReadable.EndReading(fromEnd), BeginWriting(toBegin)); + if ( !aReadable.IsEmpty() ) + { + SetLength(aReadable.Length()); + // first setting the length to |0| avoids copying characters only to be overwritten later + // in the case where the implementation decides to re-allocate + + const_iterator fromBegin, fromEnd; + iterator toBegin; + copy_string(aReadable.BeginReading(fromBegin), aReadable.EndReading(fromEnd), BeginWriting(toBegin)); + } } -------------------------------------------------------------------------------- At least put the comments someplace where they make sense: -------------------------------------------------------------------------------- + SetLength(aReadable.Length()); + // first setting the length to |0| avoids copying characters only to be overwritten later + // in the case where the implementation decides to re-allocate -------------------------------------------------------------------------------- ... like with the SetLength(0) call at the top. Ditto for the mirror image changes in the second half of the patch. Who puts comments for a block of code *after* the block instead of before it? Is the call to SetLength(0) even needed? It seems a little odd in the original code as to why it was necessary to do two SetLength's in a row. -- Ed
Severity: major → critical
Keywords: crash
Summary: Crash in GetReadableFragment [ @ nsAFlatCString::GetReadableFragment ] → Crash in GetReadableFragment [@ nsAFlatCString::GetReadableFragment ]
Crash Signature: [@ nsAFlatCString::GetReadableFragment ]
Component: String → XPCOM
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: