Closed Bug 771 Opened 26 years ago Closed 26 years ago

Improper free of memory causes an Assert on quitting app

Categories

(MozillaClassic Graveyard :: Macintosh FE, defect, P2)

1998-09-04
PowerPC
Other
defect

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: tclement, Assigned: sdagley)

References

Details

Pretty simple - this was actually caught by your own memory manager, here's the MacsBug stdlog. Note it was with System 8.1, which was not an option in the popup list. MacsBug 6.5.4a4, Copyright Apple Computer, Inc. 1981-98 User break at 09AA0684 free+000A4 fastmem: attempt to dispose illegal block 9-Sep-1998 8:58:37 AM (since boot = 4 hours, 39 minutes) Current application is “NavigatorDebug” Machine = 510 (PowerMacG3), System $0810, sysu = $01008000 ROM version $077D, $40F2, $0001 (ROMBase $FFC00000) VM is on; paging is currently safe NIL^ = $FFC10000 Stack space used = +112349186 Address 09AA0684 is in VM file-mapped logical memory space The address is in a CFM fragment “MemoryAllocator” [non-write exec] It is 00001684 bytes from the start of the fragment PowerPC 740/750 Registers CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7 PC = 09AA0684 CR 1000 1100 0000 0000 0000 1000 1000 0000 LR = 09AA0684 <>=O XEVO CTR = FFD69AA8 MSR = 00000000 SOC Compare Count Int = 0 XER 001 00 00 R0 = FFD69AA8 R8 = 55534544 R16 = 07B8E520 R24 = 00000000 SP = 06733810 R9 = 3A006564 R17 = 079F5AFC R25 = 099FE359 TOC = 0002F1B8 R10 = 75736564 R18 = 00000000 R26 = 00000000 R3 = 09AA20A2 R11 = 09AA2057 R19 = 061321B8 R27 = 0640E118 R4 = 55534544 R12 = 09AA0684 R20 = 099F8147 R28 = 00000000 R5 = 46524545 R13 = 00000000 R21 = 0785ADC4 R29 = 0640E12C R6 = 00000000 R14 = 00000000 R22 = 07A053BC R30 = 0640E12C R7 = 55534544 R15 = 000000D0 R23 = 00000000 R31 = 0640E118 Disassembling PowerPC code from 09AA065C free +0007C 09AA065C cmplw r7,r8 | 7C074040 +00080 09AA0660 bne free+00098 ; 0x09AA0678 | 40820018 +00084 09AA0664 lwz r9,0x0000(r29) | 813D0000 +00088 09AA0668 lis r10,0x7573 | 3D407573 +0008C 09AA066C addi r10,r10,0x6564 | 394A6564 +00090 09AA0670 cmplw r9,r10 | 7C095040 +00094 09AA0674 beq free+000AC ; 0x09AA068C | 41820018 +00098 09AA0678 lwz r11,0x00FC(RTOC) | 816200FC +0009C 09AA067C addi r3,r11,0x004B | 386B004B +000A0 09AA0680 bl DebugStr ; 0x09AA1E80 | 48001801 +000A4 09AA0684 *lwz RTOC,0x0014(SP) | 80410014 +000A8 09AA0688 b free+00160 ; 0x09AA0740 | 480000B8 +000AC 09AA068C lwz r12,0x000C(r31) | 819F000C +000B0 09AA0690 cmplwi r12,0x0000 | 280C0000 +000B4 09AA0694 beq free+000C8 ; 0x09AA06A8 | 41820014 +000B8 09AA0698 lwz r3,0x0010(r31) | 807F0010 +000BC 09AA069C lwz r4,0x000C(r31) | 809F000C +000C0 09AA06A0 stw r3,0x0010(r4) | 90640010 +000C4 09AA06A4 b free+000D4 ; 0x09AA06B4 | 48000010 +000C8 09AA06A8 lwz r5,0x0010(r31) | 80BF0010 Heap zones #1 Mod 10725K 00002800 to 00A7BC1F SysZone^ #2 Mod 6K 000145C0 to 000160DF ROM read-only zone #3 Mod 48K 0003DAD0 to 00049ACF #4 Mod 187K 0073AC60 to 00769AFF #5 Mod 256K 00769B20 to 007A9B1F #6 Mod 115786K 00A7BC20 to 07B8E7CF Process Manager zone #7 Mod 6979K 060540F0 to 06724FEF “NavigatorDebug” ApplZone^ TheZone^ Target Zone #8 Mod 4679K 06735100 to 06BC6FFF “Acrobat™ Reader 3.01” #9 Mod 12153K 06BD7110 to 077B58DF “Netscape 4.0” #10 Mod 519K 077C5A00 to 078478FF “Telnet 2.7b4” #11 Mod 713K 07867E50 to 0791A54F “NetPresenz” #12 Mod 187K 0792AC80 to 079599BF “NotifyMail” #13 Mod 183K 079BE030 to 079EBC9F “File Sharing Extension” #14 Mod 896K 07A09FA0 to 07AEA29F “Finder” #15 Mod 66K 07B1A2A0 to 07B2AE8F “EPSON Launcher” #16 Mod 23K 07B53A20 to 07B596CF “DT Timer” Checking all heaps The System heap at 00002800 is ok The ROM read-only heap at 000145C0 is ok The heap at 0003DAD0 is ok The heap at 0073AC60 is ok The heap at 00769B20 is ok The Process Manager heap at 00A7BC20 is ok The “NavigatorDebug” heap at 060540F0 is ok Totaling the “NavigatorDebug” heap at 060540F0 Total Blocks Total of Block Sizes Free 0040 #64 000E96F0 #956144 Nonrelocatable 0097 #151 005AE70C #5957388 Relocatable 0132 #306 000390C0 #233664 Locked 0004 #4 00000300 #768 Purgeable and not locked 0039 #57 00003490 #13456 Heap size 0209 #521 006D0EBC #7147196 The target heap is the System heap at 00002800 Totaling the System heap at 00002800 Total Blocks Total of Block Sizes Free 0030 #48 00019810 #104464 Nonrelocatable 093C #2364 004C7F9C #5013404 Relocatable 0893 #2195 00597C30 #5864496 Locked 01B0 #432 003DA920 #4040992 Purgeable and not locked 0118 #280 000E6E90 #945808 Heap size 11FF #4607 00A793DC #10982364 The target heap is the “NavigatorDebug” heap at 060540F0 Displaying File Control Blocks fRef File Vol Type Fl Fork LEof 0002 System Macintosh … zsys dW rsrc #5958092 0060 **** EXTENTS B-TREE Macintosh … •••• dw data #4194304 00BE **** CATALOG B-TREE Macintosh … •••• dw data #8478720 011C **** VOLUME BITMAP Macintosh … •••• dw data #976896 017A VM Storage Macintosh … ZSYS dW data #135266304 1CA6 System Macintosh … zsys dw data #966352 1D04 Open Tpt AppleTalk Li… Macintosh … libr dw rsrc #541758 1D62 Open Transport Library Macintosh … libr dw rsrc #587356 1DC0 OpenTransportLib Macintosh … shlb dw data #563840 1E1E Shared Library Manage… Macintosh … INIT dw rsrc #211694 1E7C Open Transport Library Macintosh … libr dw rsrc #587356 1EDA Open Tpt AppleTalk Li… Macintosh … libr dw rsrc #541758 1F38 Open Tpt Internet Lib… Macintosh … libr dw rsrc #485159 1F96 OpenTpt Remote Access Macintosh … libr dw rsrc #541432 1FF4 OpenTpt Modem Macintosh … libr dw rsrc #85766 2052 OpenTpt Remote Access Macintosh … libr dw rsrc #541432 20B0 Remote Access Log Macintosh … lzlg dW data #245760 210E Serial (Built-in) Macintosh … libr dw rsrc #63254 216C Open Transport Library Macintosh … libr dw rsrc #587356 21CA OpenTptAppleTalkLib Macintosh … shlb dw data #54706 2228 OpenTpt Serial Arbitr… Macintosh … libr dw rsrc #7638 2286 OpenTpt Serial Arbitr… Macintosh … libr dw rsrc #7638 22E4 ATI Video Memory Mana… Macintosh … shlb dw data #18010 2342 Appearance Extension Macintosh … INIT dw rsrc #633281 23A0 Norton AntiVirus Libr… Macintosh … shlb dw data #416419 23FE Users & Groups Data F… Macintosh … BTFL dW data #245760 245C Appearance Extension Macintosh … INIT dw data #121624 24BA Norton AntiVirus Macr… Macintosh … shlb dw data #410856 2518 Appearance Extension Macintosh … INIT dw rsrc #633281 2576 Contextual Menu Exten… Macintosh … INIT dw data #66103 25D4 SOMobjects™ for Mac OS Macintosh … shlb dw data #128944 2632 OT AutoPush Support Macintosh … INIT dw data #7392 2690 QuickTime™ Macintosh … INIT dw data #298076 26EE Mac OS Easy Open Macintosh … cdev dw rsrc #132666 274C Speech Manager Macintosh … INIT dw data #4000 27AA ~ATM™ Macintosh … cdev dw data #881790 2866 DT Timer Macintosh … appe dW rsrc #15803 28C4 EPSON Launcher Macintosh … appe dW rsrc #7631 2922 Program Switcher CMM Macintosh … cmpi dw data #6481 2980 Finder Macintosh … FNDR dW rsrc #502012 29DE Finder Macintosh … FNDR dw data #3631000 2A3C Apple Guide Macintosh … INIT dw data #351914 2A9A Color Picker Macintosh … INIT dw data #6400 2AF8 File Sharing Library Macintosh … shlb dw data #91214 2B56 Mac OS Easy Open Macintosh … cdev dw data #8320 2BB4 PrintingLib Macintosh … shlb dw data #908576 2C12 File Sharing Library Macintosh … shlb dw rsrc #3483 2C70 Finder Preferences Macintosh … pref dW rsrc #1186 2CCE Desktop DB Macintosh … BTFL dW data #491520 2D2C Desktop DF Macintosh … DTFL dW data #3454242 2D8A OpenTptInternetLib Macintosh … shlb dw data #275054 2DE8 Open Tpt Internet Lib… Macintosh … libr dw rsrc #485159 2E46 DT Timer Macintosh … appe dw data #10354 2EA4 File Sharing Extension Macintosh … INIT dW rsrc #194076 2F02 Timbuktu Extension Macintosh … appe dw rsrc #788215 2F60 Timbuktu Resources Macintosh … eTB2 dw rsrc #527 2FBE Telnet 2.7b4 Macintosh … APPL dW rsrc #308391 301C Timbuktu Pro Preferen… Macintosh … pref dW rsrc #4364 307A AppleTalk Transport D… Macintosh … dTB2 dw rsrc #415119 30D8 Chat DropIn Macintosh … dTB2 dw rsrc #244694 3136 Dial Direct DropIn Macintosh … dTB2 dw rsrc #538963 3194 Exchange Host DropIn Macintosh … dTB2 dw rsrc #117675 31F2 FlashNotes DropIn Macintosh … dTB2 dw rsrc #517432 3250 Intercom DropIn Macintosh … dTB2 dw rsrc #678507 32AE Notify DropIn Macintosh … dTB2 dw rsrc #147967 330C ScreenShare Host Drop… Macintosh … dTB2 dw rsrc #377199 336A TCP/IP Transport Drop… Macintosh … dTB2 dw rsrc #181520 33C8 Timbuktu Log Macintosh … TEXT dW data #31135 3426 Telnet 2.7b4 Macintosh … APPL dw data #251521 3484 NotifyMail Macintosh … APPL dW rsrc #164664 34E2 NetPresenz Macintosh … APPL dW rsrc #250968 3540 EPSON Launcher Macintosh … appe dw data #6529 359E EPSON Printer Library Macintosh … shlb dw data #1202624 35FC EPSON Printer Utility Macintosh … shlb dw data #83394 365A Stylus COLOR 800 Libr… Macintosh … shlb dw data #34739 36B8 NetPresenz Macintosh … APPL dw data #311905 3716 NetPresenz Log Macintosh … TEXT dW data #2565815 3774 NotifyMail Macintosh … APPL dw data #158393 37D2 AppleScriptLib Macintosh … shlb dw data #22636 3830 Users & Groups Data F… Macintosh … BTFL dW data #245760 388E AppleShare PDS Macintosh … BTFL dW data #983040 38EC NCSA Telnet Preferenc… Macintosh … pref dW rsrc #3594 394A Netscape 4.0 Macintosh … APPL dW rsrc #769979 39A8 Netscape 4.0 Macintosh … APPL dw data #5453612 3A06 QuickTime™ PowerPlug Macintosh … INIT dw data #170185 3A64 TrueDocDisplayer.dlm Macintosh … shlb dw data #366152 3AC2 Netscape Resources Macintosh … NSPL dW rsrc #631671 3B20 Global History Macintosh … DBMG dW data #684032 3B7E CCache log Macintosh … DBMC dW data #102400 3BDC Certificates7 Macintosh … CERT dW data #98304 3C3A Key Database3 Macintosh … TEXT dW data #16384 3C98 Security Macintosh … TEXT dW data #16384 3CF6 JavaScript Debug Supp… Macintosh … shlb dw data #24737 3D54 NavigatorDebug Macintosh … APPL dW rsrc #916759 3DB2 NavigatorDebug Macintosh … APPL dw data #4622745 3E10 Acrobat™ Reader 3.01 Macintosh … APPL dW rsrc #838740 3E6E Acrobat™ Reader 3.01 Macintosh … APPL dw data #2055473 3ECC Acrobat™ Reader Prefs Macintosh … PREF dW rsrc #4042 3F2A Acrobat Temp00000 Macintosh … TEMP dW rsrc #486 3F88 Acrobat™ WebLink Macintosh … XTND dw rsrc #101654 3FE6 AcroForm Macintosh … XTND dw rsrc #327317 4044 EWH Macintosh … XTND dw rsrc #56547 40A2 HLS Macintosh … XTND dw rsrc #20728 4100 Movie Macintosh … XTND dw rsrc #150639 415E Acrobat™ WebLink Macintosh … XTND dw data #89966 41BC AcroForm Macintosh … XTND dw data #366885 421A EWH Macintosh … XTND dw data #78366 4278 HLS Macintosh … XTND dw data #26251 42D6 Movie Macintosh … XTND dw data #150664 4334 Acrobat™ Weblink Prefs Macintosh … PREF dW data #0 4392 DBMDebug.shlb Macintosh … shlb dw data #24651 43F0 MemAllocatorDebug.shlb Macintosh … shlb dw data #14137 444E NSRuntimeDebug.shlb Macintosh … shlb dw data #30490 44AC NSPR20Debug.shlb Macintosh … shlb dw data #249914 450A NSStdLibDebug.shlb Macintosh … shlb dw data #307182 4568 LaserWriter 8 Macintosh … PRER dw data #732592 45C6 MoreFilesDebug.shlb Macintosh … shlb dw data #58342 4624 JavaRuntimeDebug.shlb Macintosh … shlb dw data #1574 4682 JavaScriptDebug.shlb Macintosh … shlb dw data #410256 46E0 JPEGDebug.shlb Macintosh … shlb dw data #64897 473E NavJavaDebug.shlb Macintosh … shlb dw data #5780 479C RDFDebug.shlb Macintosh … shlb dw data #244079 47FA StringsDebug.shlb Macintosh … shlb dw data #117531 4858 XMLDebug.shlb Macintosh … shlb dw data #117700 48B6 zlibDebug.shlb Macintosh … shlb dw data #41910 4914 xpcomDebug.shlb Macintosh … shlb dw data #22000 4972 PowerPlantDebug.shlb Macintosh … shlb dw data #1226277 49D0 LiveConnectDebug.shlb Macintosh … shlb dw data #86161 4A2E Log.txt Macintosh … •••• dW data #34750 4A8C Mozilla Resources Macintosh … NSPL dW rsrc #512564 4AEA names.db Macintosh … BINA dW data #896 4B48 child.db Macintosh … BINA dW data #16384 4BA6 lstr.db Macintosh … BINA dW data #4096 4C04 ilstr.db Macintosh … BINA dW data #65536 4C62 CCache log Macintosh … DBMC dW data #16384 4CC0 StdLog Macintosh … TEXT dW data #14422 #254 FCBs, #210 in use (including #74 fonts not listed), #44 free Displaying resource information: > Map $06054278, flags $0000, file $3D54 = NavigatorDebug Map $06137D58, flags $0000, file $4A8C = Mozilla Resources + Map $0000341C, flags $001A, file $2342 = Appearance Extension + Map $000032AC, flags $801E, file $0003 = •ROM resources that override System• S Map $00003330, flags $000D, file $0002 = System Map $005496F8, flags $0000, file $26EE = Mac OS Easy Open [Skipped $004A maps belonging to font files] Calling chain using A6/R1 links Back chain ISA Caller 00000000 PPC 0987AB2C XP_GetNavCenterContext+18858 06734E30 PPC 096A3E7C main+00154 06734DE0 PPC 0969E3E0 CFrontApp::~CFrontApp()+0022C 06734D60 PPC 09892080 NET_CleanupCacheDirectory+000DC 06733B40 PPC 09891DA0 net_cache_recursive_file_finder+000CC 06733AC0 PPC 09AC3F98 PR_OpenDir+00038 06733A80 PPC 09AD941C _MD_OpenDir+000D0 067338A0 PPC 09ACBF8C PR_Free+00014 Return addresses on the stack Stack Addr Frame Addr ISA Caller 06733BD8 PPC FFDB8914 NQDSetCCursor+03870 06733BA8 PPC FFDDBD74 NQDStretch+006F4 06733B48 PPC 09892080 NET_CleanupCacheDirectory+000DC 06733B18 68K 07A053BA 06733B0C 68K 061321B6 06733AF8 68K 098091B6 XP_HashListNew+000A6 06733AC8 06733AC0 PPC 09891DA0 net_cache_recursive_file_finder+000CC 06733A88 06733A80 PPC 09AC3F98 PR_OpenDir+00038 06733A48 06733A40 PPC 09ACBEA0 PR_Malloc+00014 067339D4 067339D0 68K 07A053BA 067339A8 PPC FFDDBD74 NQDStretch+006F4 0673396C 68K 0673398E 06733910 0673390C 68K 0047C628 06733908 06733900 PPC 098B2470 _MK_TraceMsg+00050 067338C8 067338C0 PPC 002125C8 EmToNatEndMoveParams+00014 067338A8 067338A0 PPC 09AD941C _MD_OpenDir+000D0 06733878 68K 07A053BA 0673386C 68K 061321B6 06733868 06733860 PPC 09ACBF8C PR_Free+00014 06733838 06733830 PPC 00426E68 main+015C8 0673382C 68K 0040CAAA 06733818 06733810 PPC FFDC80C0 NQDMapRgn+07384 Displaying memory from 0 00000000 FFC1 0000 6F72 5379 6E63 4C66 006C 5268 •¡••orSyncLf•lRh 00000010 006C 526A 006C 526C 0068 9080 0068 9080 •lRj•lRl•hêÄ•hêÄ Closing log
*** Bug 774 has been marked as a duplicate of this bug. ***
Status: NEW → ASSIGNED
Summary: Improper free of memory causes an Assert on quitting app
Putting in a summary for bug - very important in reducing duplicate bug entries
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Problem was doing a malloc of 0 bytes which resulted in a bogus ptr which on a dubug build always pointed to a block tag. Writing over the tag is a bad thing. Fix checked in to mozilla/nsprpub/pr/src/md/mac/macio.c by wtc@netscape.com
Status: RESOLVED → VERIFIED
marking verified against old code base
You need to log in before you can comment on or make changes to this bug.