Closed Bug 988453 Opened 6 years ago Closed 6 years ago

application crashed [@ libSystem.B.dylib + 0x4f0b6] called from hnj_hyphen_free

Categories

(Core :: Internationalization, defect, critical)

x86_64
macOS
defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla31
Tracking Status
firefox29 --- fixed
firefox30 --- fixed
firefox31 --- fixed
firefox-esr24 --- wontfix

People

(Reporter: mats, Assigned: mats)

Details

(Keywords: crash, intermittent-failure)

Attachments

(2 files)

Spawned off from bug 976246 comment 5.

https://tbpl.mozilla.org/php/getParsedLog.php?id=36373384&tree=Mozilla-Central
Rev4 MacOSX Snow Leopard 10.6 mozilla-central debug test reftest on 2014-03-18 20:06:32
revision: 6a1da270aeaf
slave: talos-r4-snow-006

TEST-UNEXPECTED-FAIL | Shutdown | Exited with code 5 during test run
PROCESS-CRASH | Shutdown | application crashed [@ libSystem.B.dylib + 0x4f0b6]
Return code: 1

====================


firefox-bin(960,0x7fff70daccc0) malloc: *** error for object 0x1000000000: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
TEST-UNEXPECTED-FAIL | Shutdown | Exited with code 5 during test run
PROCESS-CRASH | Shutdown | application crashed [@ libSystem.B.dylib + 0x4f0b6]
Operating system: Mac OS X
                  10.6.8 10K549
CPU: amd64
     family 6 model 23 stepping 10
     2 CPUs
Crash reason:  EXC_SOFTWARE / SIGABRT
Crash address: 0x7fff87e6b0b6
Thread 0 (crashed)
 0  libSystem.B.dylib + 0x4f0b6
 1  libSystem.B.dylib + 0xef9f5
 2  libSystem.B.dylib + 0x7194
 3  XUL!hnj_hyphen_free [hyphen.c:6a1da270aeaf : 527 + 0x4]
 4  XUL!hnj_hyphen_free [hyphen.c:6a1da270aeaf : 533 + 0xd]
 5  XUL!nsHyphenator::Release() [nsHyphenator.cpp:6a1da270aeaf : 34 + 0x4]
 6  XUL!nsTHashtable<...>::s_ClearEntry(...)
 7  XUL!PL_DHashTableFinish(PLDHashTable*)
 8  XUL!nsHyphenationManager::Shutdown()
 9  XUL!nsLayoutStatics::Shutdown()
10  XUL!nsNodeInfoManager::~nsNodeInfoManager()
11  XUL!nsNodeInfoManager::cycleCollection::DeleteCycleCollectable...
12  XUL!SnowWhiteKiller::~SnowWhiteKiller()
13  XUL!nsCycleCollector::FreeSnowWhite(bool)
14  XUL!nsCycleCollector::BeginCollection...
15  XUL!nsCycleCollector::Collect...
16  XUL!nsCycleCollector::Shutdown()
17  XUL!nsCycleCollector_shutdown()
18  XUL!mozilla::ShutdownXPCOM(nsIServiceManager*)
...
Attached patch wallpaperSplinter Review
Looking at nsHyphenationManager::Shutdown():
http://mxr.mozilla.org/mozilla-central/source/intl/hyphenation/src/nsHyphenationManager.cpp#66
I think setting sInstance to null after the delete would wallpaper it.
I see that many other Shutdown() methods has that kind of protection against
being called twice.  I vaguely recall having seen this happening in a bug before.
Attachment #8398945 - Flags: review?(roc)
Comment on attachment 8398945 [details] [diff] [review]
wallpaper

Review of attachment 8398945 [details] [diff] [review]:
-----------------------------------------------------------------

Making Shutdown methods idempotent is definitely a good idea.
Attachment #8398945 - Flags: review?(roc) → review+
https://hg.mozilla.org/mozilla-central/rev/0f2e451d0f3f
Assignee: nobody → matspal
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
Can we get this on Aurora/Beta as well?
Flags: needinfo?(matspal)
Sure, this patch has zero risk.
Flags: needinfo?(matspal)
Comment on attachment 8398945 [details] [diff] [review]
wallpaper

[Approval Request Comment]
Bug caused by (feature/regressing bug #): don't know
User impact if declined: potential crash on shutdown
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): zero risk
String or IDL/UUID changes made by this patch: none
Attachment #8398945 - Flags: approval-mozilla-beta?
Attachment #8398945 - Flags: approval-mozilla-aurora?
Attachment #8398945 - Flags: approval-mozilla-beta?
Attachment #8398945 - Flags: approval-mozilla-beta+
Attachment #8398945 - Flags: approval-mozilla-aurora?
Attachment #8398945 - Flags: approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.