Closed
Bug 90981
Opened 24 years ago
Closed 24 years ago
Crash in GetReadableFragment [@ nsAFlatCString::GetReadableFragment ]
Categories
(Core :: XPCOM, defect, P2)
Tracking
()
RESOLVED
FIXED
mozilla0.9.3
People
(Reporter: mscott, Assigned: mscott)
Details
(Keywords: crash, topcrash)
Crash Data
Attachments
(2 files)
scc and I fixed one of our top crashers on the trunk today. If you had an
nsXPIDLString which hadn't been initialized with a value and you then assigned
it into a string which inherits from nsFlatString then we crash.
i.e.
nsXPIDLCString foo;
nsCAutoString bar;
bar = foo;
boom.
We have a patch which I'll post next.
Assignee | ||
Comment 1•24 years ago
|
||
keyword mumbo jumbo
Severity: normal → major
Status: NEW → ASSIGNED
Keywords: topcrash
Priority: -- → P2
Target Milestone: --- → mozilla0.9.3
Assignee | ||
Comment 2•24 years ago
|
||
Assignee | ||
Comment 3•24 years ago
|
||
the fix comes from scc.
sr=mscott
we just need an r= now.
Comment 4•24 years ago
|
||
Comment 5•24 years ago
|
||
as I discussed with mscott, this patch is appropriate for the trunk, but is not
needed on the branch
Assignee | ||
Comment 6•24 years ago
|
||
sr=mscott
Comment 7•24 years ago
|
||
rs=waterson, and now it is checked in; revision 1.6 of "string/src/nsAString.cpp"
Comment 8•24 years ago
|
||
...and marking fixed
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Oh come on!
--------------------------------------------------------------------------------
@@ -245,11 +245,14 @@
{
SetLength(0);
- SetLength(aReadable.Length());
- // first setting the length to |0| avoids copying characters only to be
overwritten later
- // in the case where the implementation decides to re-allocate
-
- const_iterator fromBegin, fromEnd;
- iterator toBegin;
- copy_string(aReadable.BeginReading(fromBegin),
aReadable.EndReading(fromEnd), BeginWriting(toBegin));
+ if ( !aReadable.IsEmpty() )
+ {
+ SetLength(aReadable.Length());
+ // first setting the length to |0| avoids copying characters only to
be overwritten later
+ // in the case where the implementation decides to re-allocate
+
+ const_iterator fromBegin, fromEnd;
+ iterator toBegin;
+ copy_string(aReadable.BeginReading(fromBegin),
aReadable.EndReading(fromEnd), BeginWriting(toBegin));
+ }
}
--------------------------------------------------------------------------------
At least put the comments someplace where they make sense:
--------------------------------------------------------------------------------
+ SetLength(aReadable.Length());
+ // first setting the length to |0| avoids copying characters only to
be overwritten later
+ // in the case where the implementation decides to re-allocate
--------------------------------------------------------------------------------
... like with the SetLength(0) call at the top.
Ditto for the mirror image changes in the second half of the patch.
Who puts comments for a block of code *after* the block instead of before it?
Is the call to SetLength(0) even needed? It seems a little odd in the original
code as to why it was necessary to do two SetLength's in a row.
-- Ed
Severity: major → critical
Keywords: crash
Summary: Crash in GetReadableFragment [ @ nsAFlatCString::GetReadableFragment ] → Crash in GetReadableFragment [@ nsAFlatCString::GetReadableFragment ]
Updated•14 years ago
|
Crash Signature: [@ nsAFlatCString::GetReadableFragment ]
Updated•4 years ago
|
Component: String → XPCOM
You need to log in
before you can comment on or make changes to this bug.
Description
•