Closed Bug 14308 Opened 25 years ago Closed 25 years ago

nsStr values corrupted

Categories

(Core :: XPCOM, defect, P3)

x86
Windows NT
defect

Tracking

()

VERIFIED DUPLICATE of bug 14265

People

(Reporter: waterson, Assigned: rickg)

Details

Attachments

(1 file)

While starting apprunner, I saw the stack trace below. Investigating a bit further, I see that the nsStr had the following values: mLength: 901 mCapacity: 1024 mCharSize: eTwoByte mOwnsBuffer: 1 mUStr: 0x01f014e8 Looking at the raw memory, it looks like the string's length is incorrect: it runs well past the terminating zero at 0x1f017cc (mUStr + 740); presumably, the length should be 740/sizeof(PRUnichar) == 370. memmove(unsigned char * 0x01f014e8, unsigned char * 0x01f0190e, unsigned long 1802) line 171 ShiftDoubleCharsLeft(char * 0x01f014e8, unsigned int 901, unsigned int 0, unsigned int 531) line 101 + 23 bytes nsStr::Delete(nsStr & {...}, unsigned int 0, unsigned int 531, nsIMemoryAgent * 0x00000000) line 276 + 34 bytes nsString::Cut(unsigned int 0, int 531) line 1320 + 48 bytes nsScanner::Mark(int -1) line 219 nsParser::Tokenize(int 0) line 1407 nsParser::ResumeParse(nsIDTD * 0x00000000, int 0) line 899 + 12 bytes nsParser::OnDataAvailable(nsParser * const 0x02b06da4, nsIChannel * 0x026fef50, nsISupports * 0x00000000, nsIInputStream * 0x02761868, unsigned int 0, unsigned int 901) line 1301 + 19 bytes nsDocumentBindInfo::OnDataAvailable(nsDocumentBindInfo * const 0x026fd040, nsIChannel * 0x026fef50, nsISupports * 0x00000000, nsIInputStream * 0x02761868, unsigned int 0, unsigned int 901) line 1347 + 32 bytes nsChannelListener::OnDataAvailable(nsChannelListener * const 0x026fd260, nsIChannel * 0x026fef50, nsISupports * 0x00000000, nsIInputStream * 0x02761868, unsigned int 0, unsigned int 901) line 1588 nsHTTPResponseListener::OnDataAvailable(nsHTTPResponseListener * const 0x027619f0, nsIChannel * 0x026fe9a0, nsISupports * 0x026fef50, nsIInputStream * 0x02761868, unsigned int 0, unsigned int 901) line 186 + 47 bytes nsOnDataAvailableEvent::HandleEvent(nsOnDataAvailableEvent * const 0x0277c410) line 345 nsStreamListenerEvent::HandlePLEvent(PLEvent * 0x0277c414) line 144 + 12 bytes PL_HandleEvent(PLEvent * 0x0277c414) line 509 + 10 bytes PL_ProcessPendingEvents(PLEventQueue * 0x00a99af0) line 470 + 9 bytes _md_EventReceiverProc(HWND__ * 0x067107c2, unsigned int 49343, unsigned int 0, long 11115248) line 938 + 9 bytes USER32! 77e71268() 00a99af0()
See also this post, which is how I "got lucky" and caught this (apparent) corruption... news://news.mozilla.org/37E58984.D405B9E9%40netscape.com
Status: NEW → RESOLVED
Closed: 25 years ago
Resolution: --- → DUPLICATE
*** This bug has been marked as a duplicate of 14265 ***
VERIFY dupe
Status: RESOLVED → VERIFIED
Component: XP Miscellany → String
Component: String → XPCOM
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: