Closed Bug 1033090 Opened 10 years ago Closed 10 years ago

crash in OOM | large | NS_ABORT_OOM(unsigned int) | AppendUTF8toUTF16(nsACString_internal const&, nsAString_internal&)

Categories

(Core :: Graphics: ImageLib, defect)

Product:
Core
Component:
Graphics: ImageLib
Version:
32 Branch
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla41
Tracking Flags:
Tracking Status
firefox32 --- affected
firefox41 --- verified

People

(Reporter: MatsPalmgren_bugz, Assigned: milan)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file, 2 obsolete files)

Truncate large URIs before showing them to the user. Carry r=seth
2.55 KB, patch
milan
: review+
Details | Diff | Splinter Review
This bug was filed from the Socorro interface and is report bp-639cd958-5fa6-411b-97dd-85be22140625. ============================================================= OOM Allocation Size 33556895 147 nsAutoString msg(NS_LITERAL_STRING("Image corrupt or truncated: ") + 148 NS_ConvertUTF8toUTF16(mImage.GetURIString())); We should probably cap how much we copy from the URI here. Not just for OOM, but also b/c megabyte long URIs in the Console (and terminal window in debug builds) isn't useful.
My So's Firefox beta 32.0 crashed like this: bp-66320294-016b-4f56-ba93-c55d62140801 01/08/2014 12:35 p.m. Let me know if there's anything worth collecting from the crashing profile.
Version: unspecified → 32 Branch
bp-47a9bd46-e924-4035-8332-de4a52140731 31/07/2014 01:09 p.m.
(In reply to Mats Palmgren (:mats) from comment #0) > This bug was filed from the Socorro interface and is > report bp-639cd958-5fa6-411b-97dd-85be22140625. > ============================================================= > > OOM Allocation Size 33556895 > > 147 nsAutoString msg(NS_LITERAL_STRING("Image corrupt or truncated: ") + > 148 NS_ConvertUTF8toUTF16(mImage.GetURIString())); > > We should probably cap how much we copy from the URI here. > Not just for OOM, but also b/c megabyte long URIs in the > Console (and terminal window in debug builds) isn't useful. And it actually shows up twice, as we pass both this msg as well as another NS_ConvertUTF8toUTF16(mImage.GetURIString()) to the call below.
Does going in this direction make sense? If the URI is too large, show a portion of it, and let the user know that we're only showing a portion of it. If the direction does make sense, what's a reasonable size to use? 1k, 50k? Does anybody ever look at more than the first few bytes to see if the header is mangled?
Attachment #8594074 - Flags: feedback?(tnikkel)
Attachment #8594074 - Flags: feedback?(seth)
Comment on attachment 8594074 [details] [diff] [review] Limit the size of URI returned on error? 1k seems like enough to me.
Attachment #8594074 - Flags: feedback?(tnikkel) → feedback+
Attachment #8594074 - Flags: feedback?(seth) → review?(seth)
Assignee: nobody → milan
Comment on attachment 8594074 [details] [diff] [review] Limit the size of URI returned on error? Review of attachment 8594074 [details] [diff] [review]: ----------------------------------------------------------------- Thanks for tackling this, Milan! ::: image/src/Decoder.cpp @@ +306,2 @@ > if (consoleService && errorObject && !HasDecoderError()) { > + nsAutoString msg(NS_LITERAL_STRING("Image corrupt or truncated. ")); Nit: Move the space at the end of the string to the beginning of the optional second message. That way there's no extra space when it isn't needed. @@ +311,5 @@ > + const int32_t kOnlyShowThisMany = 1024; > + if (mImage->GetURIStringLength() <= kOnlyShowThisMany) { > + src = NS_ConvertUTF8toUTF16(mImage->GetURIString()); > + } else { > + msg += NS_LITERAL_STRING("Showing URI truncated to 1024 bytes. "); Just make this " (URI truncated due to length.)" or something similar. Then you don't need the comment on line 309. @@ +318,2 @@ > > if (NS_SUCCEEDED(errorObject->InitWithWindowID( We should probably also do this truncation in ProgressTracker::FireFailureNotification. ::: image/src/ImageURL.h @@ +37,5 @@ > } > > NS_INLINE_DECL_THREADSAFE_REFCOUNTING(ImageURL) > > + nsresult GetSpec(nsACString& result, int32_t aGetFirstNCharOnly=-1) I think we could make this a bit simpler if we added a new method instead of adding an optional parameter to GetSpec(). Just spitballin' here, but consider this alternative API: bool GetTruncatedSpec(nsACString& aResult); This would write the possibly truncated spec into aResult, and then return |true| if it fit or |false| if it had to truncate. (You could also use an nsresult for the return type if you like XPCOM for some reason, or an enum class for bonus points.) Then we don't need GetSpecLength() and we can encapsulate all the smarts in one place. Also, it'd be nice not to make our implementation of GetSpec() diverge too much from nsIURI's behavior, since the long-term goal is to make nsIURI's threadsafe and get rid of ImageURL. ::: image/src/RasterImage.h @@ +288,5 @@ > } > return spec; > } > > + int GetURIStringLength() { I'd suggest to just call Image::GetURI() in Decoder, which would give you an ImageURL object. Then you don't need to make any changes to this file.
Attachment #8594074 - Flags: review?(seth)
(In reply to Seth Fowler [:seth] from comment #7) > ... > > I think we could make this a bit simpler if we added a new method instead of > adding an optional parameter to GetSpec(). Just spitballin' here, but > consider this alternative API: > > bool GetTruncatedSpec(nsACString& aResult); > > This would write the possibly truncated spec into aResult, and then return > |true| if it fit or |false| if it had to truncate. (You could also use an > nsresult for the return type if you like XPCOM for some reason, or an enum > class for bonus points.) > ... I'll run with this idea; I was thinking we should pass in the maximum size into this method, but since we're only using it in one place, and we don't currently have another use, I will leave the magic encapsulated in that one function and worry about it if we need to in the future. May actually build the max size into the function name.
(In reply to Seth Fowler [:seth] from comment #7) > ... > > ::: image/src/Decoder.cpp > @@ +306,2 @@ > > if (consoleService && errorObject && !HasDecoderError()) { > > + nsAutoString msg(NS_LITERAL_STRING("Image corrupt or truncated. ")); > > Nit: Move the space at the end of the string to the beginning of the > optional second message. That way there's no extra space when it isn't > needed. Actually, with or without the second message, we append the URI to it, so that space always ends up getting used.
(In reply to Milan Sreckovic [:milan] from comment #9) > (In reply to Seth Fowler [:seth] from comment #7) > > ... > > > > ::: image/src/Decoder.cpp > > @@ +306,2 @@ > > > if (consoleService && errorObject && !HasDecoderError()) { > > > + nsAutoString msg(NS_LITERAL_STRING("Image corrupt or truncated. ")); > > > > Nit: Move the space at the end of the string to the beginning of the > > optional second message. That way there's no extra space when it isn't > > needed. > > Actually, with or without the second message, we append the URI to it, so > that space always ends up getting used. Though we should stop doing that (adding the URI in two places :)
May have gone overboard with the enum and the method name.
Attachment #8600411 - Flags: review?(seth)
Comment on attachment 8600411 [details] [diff] [review] Truncate large URIs before showing them to the user. r=seth Review of attachment 8600411 [details] [diff] [review]: ----------------------------------------------------------------- Looks good! BTW, I had mentioned in my previous comments that we should do this in ProgressTracker::FireFailureNotification as well, but actually that's a little bit trickier because the observers of net:failed-to-process-uri-content expect an nsIURI, not a string. We should probably just leave that one alone unless we get reported issues, because once we can get rid of ImageURL, no copy will occur in that method, and it'll get fixed for free. Which is all to say: this patch looks good as is.
Attachment #8600411 - Flags: review?(seth) → review+
(In reply to Seth Fowler [:seth] from comment #12) > ... Which is all to say: this patch looks good as is. That's lucky, 'cause I was going to look at the extra piece you mentioned, and then lost track of it :) Going for the paranoid try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=9a198d559128
Attachment #8594074 - Attachment is obsolete: true
Attachment #8600411 - Attachment is obsolete: true
https://hg.mozilla.org/mozilla-central/rev/b30c80ba44f3
Status: NEW → RESOLVED
Closed: 10 years ago
status-firefox41: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla41
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: