Closed
Bug 771
Opened 26 years ago
Closed 26 years ago
Improper free of memory causes an Assert on quitting app
Categories
(MozillaClassic Graveyard :: Macintosh FE, defect, P2)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: tclement, Assigned: sdagley)
References
Details
Pretty simple - this was actually caught by your own memory manager,
here's the MacsBug stdlog. Note it was with System 8.1, which was not
an option in the popup list.
MacsBug 6.5.4a4, Copyright Apple Computer, Inc. 1981-98
User break at 09AA0684 free+000A4
fastmem: attempt to dispose illegal block
9-Sep-1998 8:58:37 AM (since boot = 4 hours, 39 minutes)
Current application is “NavigatorDebug”
Machine = 510 (PowerMacG3), System $0810, sysu = $01008000
ROM version $077D, $40F2, $0001 (ROMBase $FFC00000)
VM is on; paging is currently safe
NIL^ = $FFC10000
Stack space used = +112349186
Address 09AA0684 is in VM file-mapped logical memory space
The address is in a CFM fragment “MemoryAllocator” [non-write exec]
It is 00001684 bytes from the start of the fragment
PowerPC 740/750 Registers
CR0 CR1 CR2 CR3 CR4 CR5 CR6 CR7
PC = 09AA0684 CR 1000 1100 0000 0000 0000 1000 1000 0000
LR = 09AA0684 <>=O XEVO
CTR = FFD69AA8
MSR = 00000000 SOC Compare Count
Int = 0 XER 001 00 00
R0 = FFD69AA8 R8 = 55534544 R16 = 07B8E520 R24 = 00000000
SP = 06733810 R9 = 3A006564 R17 = 079F5AFC R25 = 099FE359
TOC = 0002F1B8 R10 = 75736564 R18 = 00000000 R26 = 00000000
R3 = 09AA20A2 R11 = 09AA2057 R19 = 061321B8 R27 = 0640E118
R4 = 55534544 R12 = 09AA0684 R20 = 099F8147 R28 = 00000000
R5 = 46524545 R13 = 00000000 R21 = 0785ADC4 R29 = 0640E12C
R6 = 00000000 R14 = 00000000 R22 = 07A053BC R30 = 0640E12C
R7 = 55534544 R15 = 000000D0 R23 = 00000000 R31 = 0640E118
Disassembling PowerPC code from 09AA065C
free
+0007C 09AA065C cmplw r7,r8 |
7C074040
+00080 09AA0660 bne free+00098 ; 0x09AA0678 |
40820018
+00084 09AA0664 lwz r9,0x0000(r29) |
813D0000
+00088 09AA0668 lis r10,0x7573 |
3D407573
+0008C 09AA066C addi r10,r10,0x6564 |
394A6564
+00090 09AA0670 cmplw r9,r10 |
7C095040
+00094 09AA0674 beq free+000AC ; 0x09AA068C |
41820018
+00098 09AA0678 lwz r11,0x00FC(RTOC) |
816200FC
+0009C 09AA067C addi r3,r11,0x004B |
386B004B
+000A0 09AA0680 bl DebugStr ; 0x09AA1E80 |
48001801
+000A4 09AA0684 *lwz RTOC,0x0014(SP) |
80410014
+000A8 09AA0688 b free+00160 ; 0x09AA0740 |
480000B8
+000AC 09AA068C lwz r12,0x000C(r31) |
819F000C
+000B0 09AA0690 cmplwi r12,0x0000 |
280C0000
+000B4 09AA0694 beq free+000C8 ; 0x09AA06A8 |
41820014
+000B8 09AA0698 lwz r3,0x0010(r31) |
807F0010
+000BC 09AA069C lwz r4,0x000C(r31) |
809F000C
+000C0 09AA06A0 stw r3,0x0010(r4) |
90640010
+000C4 09AA06A4 b free+000D4 ; 0x09AA06B4 |
48000010
+000C8 09AA06A8 lwz r5,0x0010(r31) |
80BF0010
Heap zones
#1 Mod 10725K 00002800 to 00A7BC1F SysZone^
#2 Mod 6K 000145C0 to 000160DF ROM read-only zone
#3 Mod 48K 0003DAD0 to 00049ACF
#4 Mod 187K 0073AC60 to 00769AFF
#5 Mod 256K 00769B20 to 007A9B1F
#6 Mod 115786K 00A7BC20 to 07B8E7CF Process Manager zone
#7 Mod 6979K 060540F0 to 06724FEF “NavigatorDebug” ApplZone^
TheZone^ Target
Zone
#8 Mod 4679K 06735100 to 06BC6FFF “Acrobat™ Reader 3.01”
#9 Mod 12153K 06BD7110 to 077B58DF “Netscape 4.0”
#10 Mod 519K 077C5A00 to 078478FF “Telnet 2.7b4”
#11 Mod 713K 07867E50 to 0791A54F “NetPresenz”
#12 Mod 187K 0792AC80 to 079599BF “NotifyMail”
#13 Mod 183K 079BE030 to 079EBC9F “File Sharing Extension”
#14 Mod 896K 07A09FA0 to 07AEA29F “Finder”
#15 Mod 66K 07B1A2A0 to 07B2AE8F “EPSON Launcher”
#16 Mod 23K 07B53A20 to 07B596CF “DT Timer”
Checking all heaps
The System heap at 00002800 is ok
The ROM read-only heap at 000145C0 is ok
The heap at 0003DAD0 is ok
The heap at 0073AC60 is ok
The heap at 00769B20 is ok
The Process Manager heap at 00A7BC20 is ok
The “NavigatorDebug” heap at 060540F0 is ok
Totaling the “NavigatorDebug” heap at 060540F0
Total Blocks Total of Block Sizes
Free 0040 #64 000E96F0 #956144
Nonrelocatable 0097 #151 005AE70C #5957388
Relocatable 0132 #306 000390C0 #233664
Locked 0004 #4 00000300 #768
Purgeable and not locked 0039 #57 00003490 #13456
Heap size 0209 #521 006D0EBC #7147196
The target heap is the System heap at 00002800
Totaling the System heap at 00002800
Total Blocks Total of Block Sizes
Free 0030 #48 00019810 #104464
Nonrelocatable 093C #2364 004C7F9C #5013404
Relocatable 0893 #2195 00597C30 #5864496
Locked 01B0 #432 003DA920 #4040992
Purgeable and not locked 0118 #280 000E6E90 #945808
Heap size 11FF #4607 00A793DC #10982364
The target heap is the “NavigatorDebug” heap at 060540F0
Displaying File Control Blocks
fRef File Vol Type Fl Fork LEof
0002 System Macintosh … zsys dW rsrc #5958092
0060 **** EXTENTS B-TREE Macintosh … •••• dw data #4194304
00BE **** CATALOG B-TREE Macintosh … •••• dw data #8478720
011C **** VOLUME BITMAP Macintosh … •••• dw data #976896
017A VM Storage Macintosh … ZSYS dW data #135266304
1CA6 System Macintosh … zsys dw data #966352
1D04 Open Tpt AppleTalk Li… Macintosh … libr dw rsrc #541758
1D62 Open Transport Library Macintosh … libr dw rsrc #587356
1DC0 OpenTransportLib Macintosh … shlb dw data #563840
1E1E Shared Library Manage… Macintosh … INIT dw rsrc #211694
1E7C Open Transport Library Macintosh … libr dw rsrc #587356
1EDA Open Tpt AppleTalk Li… Macintosh … libr dw rsrc #541758
1F38 Open Tpt Internet Lib… Macintosh … libr dw rsrc #485159
1F96 OpenTpt Remote Access Macintosh … libr dw rsrc #541432
1FF4 OpenTpt Modem Macintosh … libr dw rsrc #85766
2052 OpenTpt Remote Access Macintosh … libr dw rsrc #541432
20B0 Remote Access Log Macintosh … lzlg dW data #245760
210E Serial (Built-in) Macintosh … libr dw rsrc #63254
216C Open Transport Library Macintosh … libr dw rsrc #587356
21CA OpenTptAppleTalkLib Macintosh … shlb dw data #54706
2228 OpenTpt Serial Arbitr… Macintosh … libr dw rsrc #7638
2286 OpenTpt Serial Arbitr… Macintosh … libr dw rsrc #7638
22E4 ATI Video Memory Mana… Macintosh … shlb dw data #18010
2342 Appearance Extension Macintosh … INIT dw rsrc #633281
23A0 Norton AntiVirus Libr… Macintosh … shlb dw data #416419
23FE Users & Groups Data F… Macintosh … BTFL dW data #245760
245C Appearance Extension Macintosh … INIT dw data #121624
24BA Norton AntiVirus Macr… Macintosh … shlb dw data #410856
2518 Appearance Extension Macintosh … INIT dw rsrc #633281
2576 Contextual Menu Exten… Macintosh … INIT dw data #66103
25D4 SOMobjects™ for Mac OS Macintosh … shlb dw data #128944
2632 OT AutoPush Support Macintosh … INIT dw data #7392
2690 QuickTime™ Macintosh … INIT dw data #298076
26EE Mac OS Easy Open Macintosh … cdev dw rsrc #132666
274C Speech Manager Macintosh … INIT dw data #4000
27AA ~ATM™ Macintosh … cdev dw data #881790
2866 DT Timer Macintosh … appe dW rsrc #15803
28C4 EPSON Launcher Macintosh … appe dW rsrc #7631
2922 Program Switcher CMM Macintosh … cmpi dw data #6481
2980 Finder Macintosh … FNDR dW rsrc #502012
29DE Finder Macintosh … FNDR dw data #3631000
2A3C Apple Guide Macintosh … INIT dw data #351914
2A9A Color Picker Macintosh … INIT dw data #6400
2AF8 File Sharing Library Macintosh … shlb dw data #91214
2B56 Mac OS Easy Open Macintosh … cdev dw data #8320
2BB4 PrintingLib Macintosh … shlb dw data #908576
2C12 File Sharing Library Macintosh … shlb dw rsrc #3483
2C70 Finder Preferences Macintosh … pref dW rsrc #1186
2CCE Desktop DB Macintosh … BTFL dW data #491520
2D2C Desktop DF Macintosh … DTFL dW data #3454242
2D8A OpenTptInternetLib Macintosh … shlb dw data #275054
2DE8 Open Tpt Internet Lib… Macintosh … libr dw rsrc #485159
2E46 DT Timer Macintosh … appe dw data #10354
2EA4 File Sharing Extension Macintosh … INIT dW rsrc #194076
2F02 Timbuktu Extension Macintosh … appe dw rsrc #788215
2F60 Timbuktu Resources Macintosh … eTB2 dw rsrc #527
2FBE Telnet 2.7b4 Macintosh … APPL dW rsrc #308391
301C Timbuktu Pro Preferen… Macintosh … pref dW rsrc #4364
307A AppleTalk Transport D… Macintosh … dTB2 dw rsrc #415119
30D8 Chat DropIn Macintosh … dTB2 dw rsrc #244694
3136 Dial Direct DropIn Macintosh … dTB2 dw rsrc #538963
3194 Exchange Host DropIn Macintosh … dTB2 dw rsrc #117675
31F2 FlashNotes DropIn Macintosh … dTB2 dw rsrc #517432
3250 Intercom DropIn Macintosh … dTB2 dw rsrc #678507
32AE Notify DropIn Macintosh … dTB2 dw rsrc #147967
330C ScreenShare Host Drop… Macintosh … dTB2 dw rsrc #377199
336A TCP/IP Transport Drop… Macintosh … dTB2 dw rsrc #181520
33C8 Timbuktu Log Macintosh … TEXT dW data #31135
3426 Telnet 2.7b4 Macintosh … APPL dw data #251521
3484 NotifyMail Macintosh … APPL dW rsrc #164664
34E2 NetPresenz Macintosh … APPL dW rsrc #250968
3540 EPSON Launcher Macintosh … appe dw data #6529
359E EPSON Printer Library Macintosh … shlb dw data #1202624
35FC EPSON Printer Utility Macintosh … shlb dw data #83394
365A Stylus COLOR 800 Libr… Macintosh … shlb dw data #34739
36B8 NetPresenz Macintosh … APPL dw data #311905
3716 NetPresenz Log Macintosh … TEXT dW data #2565815
3774 NotifyMail Macintosh … APPL dw data #158393
37D2 AppleScriptLib Macintosh … shlb dw data #22636
3830 Users & Groups Data F… Macintosh … BTFL dW data #245760
388E AppleShare PDS Macintosh … BTFL dW data #983040
38EC NCSA Telnet Preferenc… Macintosh … pref dW rsrc #3594
394A Netscape 4.0 Macintosh … APPL dW rsrc #769979
39A8 Netscape 4.0 Macintosh … APPL dw data #5453612
3A06 QuickTime™ PowerPlug Macintosh … INIT dw data #170185
3A64 TrueDocDisplayer.dlm Macintosh … shlb dw data #366152
3AC2 Netscape Resources Macintosh … NSPL dW rsrc #631671
3B20 Global History Macintosh … DBMG dW data #684032
3B7E CCache log Macintosh … DBMC dW data #102400
3BDC Certificates7 Macintosh … CERT dW data #98304
3C3A Key Database3 Macintosh … TEXT dW data #16384
3C98 Security Macintosh … TEXT dW data #16384
3CF6 JavaScript Debug Supp… Macintosh … shlb dw data #24737
3D54 NavigatorDebug Macintosh … APPL dW rsrc #916759
3DB2 NavigatorDebug Macintosh … APPL dw data #4622745
3E10 Acrobat™ Reader 3.01 Macintosh … APPL dW rsrc #838740
3E6E Acrobat™ Reader 3.01 Macintosh … APPL dw data #2055473
3ECC Acrobat™ Reader Prefs Macintosh … PREF dW rsrc #4042
3F2A Acrobat Temp00000 Macintosh … TEMP dW rsrc #486
3F88 Acrobat™ WebLink Macintosh … XTND dw rsrc #101654
3FE6 AcroForm Macintosh … XTND dw rsrc #327317
4044 EWH Macintosh … XTND dw rsrc #56547
40A2 HLS Macintosh … XTND dw rsrc #20728
4100 Movie Macintosh … XTND dw rsrc #150639
415E Acrobat™ WebLink Macintosh … XTND dw data #89966
41BC AcroForm Macintosh … XTND dw data #366885
421A EWH Macintosh … XTND dw data #78366
4278 HLS Macintosh … XTND dw data #26251
42D6 Movie Macintosh … XTND dw data #150664
4334 Acrobat™ Weblink Prefs Macintosh … PREF dW data #0
4392 DBMDebug.shlb Macintosh … shlb dw data #24651
43F0 MemAllocatorDebug.shlb Macintosh … shlb dw data #14137
444E NSRuntimeDebug.shlb Macintosh … shlb dw data #30490
44AC NSPR20Debug.shlb Macintosh … shlb dw data #249914
450A NSStdLibDebug.shlb Macintosh … shlb dw data #307182
4568 LaserWriter 8 Macintosh … PRER dw data #732592
45C6 MoreFilesDebug.shlb Macintosh … shlb dw data #58342
4624 JavaRuntimeDebug.shlb Macintosh … shlb dw data #1574
4682 JavaScriptDebug.shlb Macintosh … shlb dw data #410256
46E0 JPEGDebug.shlb Macintosh … shlb dw data #64897
473E NavJavaDebug.shlb Macintosh … shlb dw data #5780
479C RDFDebug.shlb Macintosh … shlb dw data #244079
47FA StringsDebug.shlb Macintosh … shlb dw data #117531
4858 XMLDebug.shlb Macintosh … shlb dw data #117700
48B6 zlibDebug.shlb Macintosh … shlb dw data #41910
4914 xpcomDebug.shlb Macintosh … shlb dw data #22000
4972 PowerPlantDebug.shlb Macintosh … shlb dw data #1226277
49D0 LiveConnectDebug.shlb Macintosh … shlb dw data #86161
4A2E Log.txt Macintosh … •••• dW data #34750
4A8C Mozilla Resources Macintosh … NSPL dW rsrc #512564
4AEA names.db Macintosh … BINA dW data #896
4B48 child.db Macintosh … BINA dW data #16384
4BA6 lstr.db Macintosh … BINA dW data #4096
4C04 ilstr.db Macintosh … BINA dW data #65536
4C62 CCache log Macintosh … DBMC dW data #16384
4CC0 StdLog Macintosh … TEXT dW data #14422
#254 FCBs, #210 in use (including #74 fonts not listed), #44 free
Displaying resource information:
> Map $06054278, flags $0000, file $3D54 = NavigatorDebug
Map $06137D58, flags $0000, file $4A8C = Mozilla Resources
+ Map $0000341C, flags $001A, file $2342 = Appearance Extension
+ Map $000032AC, flags $801E, file $0003 = •ROM resources that override
System•
S Map $00003330, flags $000D, file $0002 = System
Map $005496F8, flags $0000, file $26EE = Mac OS Easy Open
[Skipped $004A maps belonging to font files]
Calling chain using A6/R1 links
Back chain ISA Caller
00000000 PPC 0987AB2C XP_GetNavCenterContext+18858
06734E30 PPC 096A3E7C main+00154
06734DE0 PPC 0969E3E0 CFrontApp::~CFrontApp()+0022C
06734D60 PPC 09892080 NET_CleanupCacheDirectory+000DC
06733B40 PPC 09891DA0 net_cache_recursive_file_finder+000CC
06733AC0 PPC 09AC3F98 PR_OpenDir+00038
06733A80 PPC 09AD941C _MD_OpenDir+000D0
067338A0 PPC 09ACBF8C PR_Free+00014
Return addresses on the stack
Stack Addr Frame Addr ISA Caller
06733BD8 PPC FFDB8914 NQDSetCCursor+03870
06733BA8 PPC FFDDBD74 NQDStretch+006F4
06733B48 PPC 09892080 NET_CleanupCacheDirectory+000DC
06733B18 68K 07A053BA
06733B0C 68K 061321B6
06733AF8 68K 098091B6 XP_HashListNew+000A6
06733AC8 06733AC0 PPC 09891DA0 net_cache_recursive_file_finder+000CC
06733A88 06733A80 PPC 09AC3F98 PR_OpenDir+00038
06733A48 06733A40 PPC 09ACBEA0 PR_Malloc+00014
067339D4 067339D0 68K 07A053BA
067339A8 PPC FFDDBD74 NQDStretch+006F4
0673396C 68K 0673398E
06733910 0673390C 68K 0047C628
06733908 06733900 PPC 098B2470 _MK_TraceMsg+00050
067338C8 067338C0 PPC 002125C8 EmToNatEndMoveParams+00014
067338A8 067338A0 PPC 09AD941C _MD_OpenDir+000D0
06733878 68K 07A053BA
0673386C 68K 061321B6
06733868 06733860 PPC 09ACBF8C PR_Free+00014
06733838 06733830 PPC 00426E68 main+015C8
0673382C 68K 0040CAAA
06733818 06733810 PPC FFDC80C0 NQDMapRgn+07384
Displaying memory from 0
00000000 FFC1 0000 6F72 5379 6E63 4C66 006C 5268 •¡••orSyncLf•lRh
00000010 006C 526A 006C 526C 0068 9080 0068 9080 •lRj•lRl•hêÄ•hêÄ
Closing log
Assignee | ||
Updated•26 years ago
|
Status: NEW → ASSIGNED
Summary: Improper free of memory causes an Assert on quitting app
Assignee | ||
Comment 2•26 years ago
|
||
Putting in a summary for bug - very important in reducing duplicate bug entries
Assignee | ||
Updated•26 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 26 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 3•26 years ago
|
||
Problem was doing a malloc of 0 bytes which resulted in a bogus ptr which on a
dubug build always pointed to a block tag. Writing over the tag is a bad thing.
Fix checked in to mozilla/nsprpub/pr/src/md/mac/macio.c by wtc@netscape.com
You need to log in
before you can comment on or make changes to this bug.
Description
•