Closed Bug 548545 Opened 15 years ago Closed 15 years ago

Crash in Tools->Options->Content [@ strlen | NS_NewAtom(char const*) ]

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: jmjjeffery, Assigned: jfkthame)

References

Details

(Keywords: crash, regression)

Crash Data

Attachments

(2 files, 1 obsolete file)

patch v2: don't leave char* uninitialized in debug code; ensure atom is lowercased
(deleted), patch
roc
: review+
Details | Diff | Splinter Review
test
(deleted), patch
Details | Diff | Splinter Review
Using a build with cset: http://hg.mozilla.org/mozilla-central/rev/4c60c40075e9 Opening Tools->Options->Content tab caused the browser to crash. Works in cset: http://hg.mozilla.org/mozilla-central/rev/639b98ae11a8 Crash in cset: http://hg.mozilla.org/mozilla-central/rev/4c60c40075e9 This bug https://bugzilla.mozilla.org/show_bug.cgi?id=524107 has broken the Option Panel -> Content tab
Blocks: 524107
Keywords: regression
Now that nightly is out for today here is a crash-report: http://crash-stats.mozilla.com/report/pending/318aae17-80f2-44ae-97db-bac2a2100225 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a2pre) Gecko/20100225 Minefield/3.7a2pre Firefox/3.6 ID:20100225062635
Summary: Crash in Tools->Options->Content → Crash in Tools->Options->Content [@ strlen | NS_NewAtom(char const*) ]
The crash occurs when nsThebesFontEnumerator::EnumerateFonts is called with aLangGroup == nsnull, and we try to turn the langGroup into an atom. Fix is to check for null here. In addition, we need to check the resulting language atom for null in the platform implementations of GetFontList(), otherwise we'll just crash a moment later.
Assignee: nobody → jfkthame
Attachment #428919 - Flags: review?(roc)
The OS/2 change should initialize the char* to null, right? Otherwise it's printing random memory.
(In reply to comment #3) > The OS/2 change should initialize the char* to null, right? Otherwise it's > printing random memory. Oops. Should initialize it to "", actually, or maybe "null". (It's just someone's old debug code, so it's not critical exactly what we print, but random memory is definitely not good!)
Attachment #428919 - Attachment is obsolete: true
Attachment #428927 - Flags: review?(roc)
Attachment #428919 - Flags: review?(roc)
Also occurring on WinXP.
Yes, it's platform-independent.
OS: Windows 7 → All
Hardware: x86 → All
Yes Sir. It is platform-independent. Just crashed my Linux build.
Comment on attachment 428927 [details] [diff] [review] patch v2: don't leave char* uninitialized in debug code; ensure atom is lowercased I wonder if we can have a test for this?
Keywords: crash
Attached patch test (deleted) — Splinter Review
Testcase that gets the font list - fails unless this bug is fixed.
Pushed fix: http://hg.mozilla.org/mozilla-central/rev/e0b27f479229 Testcase: http://hg.mozilla.org/mozilla-central/rev/dd4ac841e90b
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Verified fixed using latest hourly build: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.3a2pre) Gecko/20100225 Minefield/3.7a2pre Firefox/3.6 ID:20100225155722 cset: http://hg.mozilla.org/mozilla-central/rev/9ac0aab7c9d5
Flags: in-testsuite?
AFAICT-Verified fixed in Linux: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.3a2pre) Gecko/20100226 Minefield/3.7a2pre - Build ID: 20100226032052 cset: http://hg.mozilla.org/mozilla-central/rev/475768f37b1a
marking verified based on comments #14 and #15
Status: RESOLVED → VERIFIED
Crash Signature: [@ strlen | NS_NewAtom(char const*) ]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: