Using "Prefill Form" option crashes application.

VERIFIED FIXED

Status

()

Toolkit
Form Manager
--
critical
VERIFIED FIXED
17 years ago
9 years ago

People

(Reporter: Shanmugavelu Shanmuganathan (gone), Unassigned)

Tracking

({64bit, crash})

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [PDT-])

Attachments

(1 attachment)

(Reporter)

Description

17 years ago
While filling the data uing the "Prefill Form" menu option 
the application crashes. 
This again is a problem only on a  64 bit OS. 
Upon investigation, the problems seems to be in typecasting 
the pointer "wallet_list" while passing in buffer.AppendInt.

Here is the stack trace.


 (dbx) where
>  0 __nxm_thread_kill(0x11fffc010, 0x0, 0x3ff805c3e30, 0x11fff56d8,
0x11fff6130) [0x3ff805c13f8]
   1 pthread_kill(0x0, 0x1, 0x11fffc010, 0x0, 0x0) [0x3ff805b0c14]
   2 (unknown)() [0x3ff805c45b4]
   3 (unknown)() [0x3ff807f373c]
   4 exc_unwind(0x11fff5928, 0xabadabad00beed00, 0x11fff5bc0, 0x30045feaf28,
0x3ff807f3b30) [0x3ff807f383c]
   5 exc_raise_signal_exception(0xb0ffe0003, 0x86, 0x0, 0x300045d396c, 0x1)
[0x3ff807f3b2c]
   6 (unknown)() [0x3ff805b2580]
   7 WLLT_PrefillReturn() ["wallet.cpp":3205, 0x300045d3968]
   8 WALLET_PrefillReturn__18nsWalletlibServiceX12nsAutoString()
["nsWalletService.cpp":144, 0x300045c0100]
   9 SetValue__17WalletPreviewImplXPCUsP20nsIDOMWindowInternal()
["nsWalletPreview.cpp":123, 0x30004c21620]
  10 XPTC_InvokeByIndex() ["xptcinvoke_asm_osf1_alpha.s":73, 0x3ffbff309ac]
  11 CallMethod__16XPCWrappedNativeXR14XPCCallContext8CallMode()
["xpcwrappednative.cpp":1883, 0x3ffbfd7cc70]
  12 XPC_WN_CallMethod__XP9JSContextP8JSObjectUiPlPl()
["xpcwrappednativejsops.cpp":1252, 0x3ffbfd8c78c]
  13 js_Invoke(cx = 0x141196200, argc = 2, flags = 0) ["jsinterp.c":807,
0x3ffbffab4ac]
  14 js_Interpret(cx = 0x141196200, result = 0x11fff7418) ["jsinterp.c":2697,
0x3ffbffb6e70]
  15 js_Invoke(cx = 0x141196200, argc = 1, flags = 2) ["jsinterp.c":824,
0x3ffbffab52c]
  16 js_InternalInvoke(cx = 0x141196200, obj = 0x140fa2470, fval = 5389152432,
flags = 0, argc = 1, argv = 0x11fff7758, rval = 0x11fff7670) ["jsinterp.c":896,
0x3ffbffab818]
  17 JS_CallFunctionValue(cx = 0x141196200, obj = 0x11fff6580, fval = 1, argc =
536832716, argv = 0x1, rval = (nil)) ["jsapi.c":3349, 0x3ffbff819e8]
  18 CallEventHandler__11nsJSContextXPvPvUiPvPii() ["nsJSEnvironment.cpp":952,
0x3ffbf2e4138]
  19 HandleEvent__17nsJSEventListenerXP11nsIDOMEvent()
["nsJSEventListener.cpp":138, 0x3ffbf36d32c]
  20
HandleEventSubType__22nsEventListenerManagerXP16nsListenerStructP11nsIDOMEventP17nsIDOMEventTargetUiUi()
["nsEventListenerManager.cpp":1196, 0x30003a20b2c]
  21
HandleEvent__22nsEventListenerManagerXP14nsIPresContextP7nsEventPP11nsIDOMEventP17nsIDOMEventTargetUiP13nsEventStatus()
["nsEventListenerManager.cpp":2186, 0x30003a23078]
  22
HandleDOMEvent__12nsXULElementXP14nsIPresContextP7nsEventPP11nsIDOMEventUiP13nsEventStatus()
["nsXULElement.cpp":3706, 0x30003c94f08]
.........

Comment 1

17 years ago
*** Bug 96263 has been marked as a duplicate of this bug. ***
(Reporter)

Comment 2

17 years ago
It looks like (in line # 2665 of wallet.cpp)

buffer.AppendInt(NS_PTR_TO_INT32(wallet_list));

treats the pointer as a 32 bit integer.  Our machine needs all the 64 bits.
But since this is a 32 bit integer we lose the rest of the bits and the
application crashes. 
Summary: Using "Prefill Form" option crashes application. → Using "Prefill Form" option crashes application.
(Reporter)

Comment 3

17 years ago
Reassigning it to cls.
Assignee: shanmu → cls
Severity: major → critical

Comment 4

17 years ago
Reassigning to Morse as the underlying logic of that function assumes that
pointers are 32bits.  All the NS_PTR_TO_INT32 macro did was make the assumption
explicit.

Assignee: cls → morse
Status: UNCONFIRMED → NEW
Ever confirmed: true

Updated

17 years ago
Keywords: 64bit

Updated

17 years ago
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.5
(Reporter)

Comment 5

16 years ago
Can we get some priority set to this bug, so that its not slipped off.

Comment 6

16 years ago
I sure wish someone with a 64-bit OS would take ownership of this because I have 
no way of testing out any changes that I make.
(Reporter)

Comment 7

16 years ago
I will be glad to test the changes. And I have no idea of how to fix it.

Comment 8

16 years ago
Created attachment 52035 [details] [diff] [review]
no longer pass the 32-bit pointer from c++ to js and back

Comment 9

16 years ago
Above attachment still works fine on a 32-bit OS.  Reporter, please verify that 
this no longer crashes on a 64-bit OS.

cc'ing matt and alecf for reviews

Updated

16 years ago
Target Milestone: mozilla0.9.5 → mozilla0.9.6
(Reporter)

Comment 10

16 years ago
This works fine on a 64 bit (Tru64 UNIX) OS  too.
Is this possible to submit this to 0_9_4_BRANCH?
Our release is based on MOZILLA_0_9_4_BRANCH.

Comment 11

16 years ago
That's up to drivers and/or pdt.  Nominate it as such if you want to see that 
happen.

Comment 12

16 years ago
Marking as nsbranch to nominate for the 094 branch.
Keywords: crash, nsbranch

Comment 13

16 years ago
nsbranch+
Keywords: nsbranch → nsbranch+

Comment 14

16 years ago
Comment on attachment 52035 [details] [diff] [review]
no longer pass the 32-bit pointer from c++ to js and back

oh my lord.
Let's never ever do this again.
sr=alecf

Updated

16 years ago
Attachment #52035 - Flags: superreview+

Comment 15

16 years ago
Comment on attachment 52035 [details] [diff] [review]
no longer pass the 32-bit pointer from c++ to js and back

r=matt
Attachment #52035 - Flags: review+

Comment 16

16 years ago
checked in on trunk

Comment 17

16 years ago
PDT- per Rob Jaworski comments in PDT.
Whiteboard: [PDT-]

Comment 18

16 years ago
OK, this won't go on the branch.  Since I previously checked it in on the trunk, 
I can now mark it fixed.
Status: ASSIGNED → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED

Comment 19

16 years ago
Verified fix checked into lxr.mozilla.org
Status: RESOLVED → VERIFIED
Assignee: morse → nobody
Component: Form Manager → Form Manager
Product: Core → Toolkit
QA Contact: tpreston → form.manager
Target Milestone: mozilla0.9.6 → ---
Version: Trunk → unspecified
You need to log in before you can comment on or make changes to this bug.