Closed Bug 1057855 Opened 10 years ago Closed 10 years ago

responseType 'arraybuffer' crashes Firefox OS 2.0 simulator

Categories

(Firefox OS Graveyard :: Simulator, defect)

Product:
Firefox OS Graveyard
Component:
Simulator
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(firefox33 wontfix, firefox34 fixed, firefox35 fixed, b2g-v2.1 fixed, b2g-v2.2 fixed)

Status:
RESOLVED FIXED
Milestone:
2.1 S6 (10oct)
Tracking Flags:
Tracking Status
firefox33 --- wontfix
firefox34 --- fixed
firefox35 --- fixed
b2g-v2.1 --- fixed
b2g-v2.2 --- fixed

People

(Reporter: nazar, Assigned: swu)

References

Details

Attachments

(1 file)

Patch: Fix error checking when calling nsZipArchive::GetItem().
1.04 KB, patch
smaug
: review+
bajaj
: approval-mozilla-aurora+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 (Beta/Release)
Build ID: 20140804060850

Steps to reproduce:

XMLHttpRequest like this:

var url = "/audio/file.ogg";
var request = new XMLHttpRequest();
request.open('GET', url, true);
request.responseType = 'arraybuffer';
request.onload = function() {};
request.send();


Temporary workaround is:

var url = "/audio/file.ogg";
var request = new XMLHttpRequest();
request.open('GET', url, true);
request.responseType = 'blob';
request.onload = function() {
	var file_reader = new FileReader();
	file_reader.onload = function() {
		// Do job here
	};
	file_reader.readAsArrayBuffer(request.response);
};
request.send();

But it makes code unnecessarily difficult to read and requires more computations I guess, which is important on mobile device.

Not sure whether it happens on real device.


Actual results:

Simulator crashed


Expected results:

Simulator should not crash (obviuosly)
Are you on Windows?

What exact build of the simulator do you have according to the Add-on Manager (2.0.<DATE>)?

Is there an update available for the add-on?
Flags: needinfo?(nazar)
I'm on Ubuntu Linux (you can actually see that from the first message fro user agent), and have the latest available build 2.0.201408014.
Flags: needinfo?(nazar)
I am not able to duplicate the issue you're seeing when testing on Linux with that simulator build.

It could be something specific to your app.  Can you attach the app you are working on? Even better would be a reduced test case that only includes what's needed to demonstrate the issue.
Flags: needinfo?(nazar)
Source code is available on GitHub, so I took working version with workaround and changed it to reflect current case:
https://github.com/nazar-pc/CleverStyle-Music/commit/450f0e01fc4e7b615e0637f7045915169c335847
I've removed body of "onload" because it crashes not because of body.

How to get that line executed:
1) Open app
2) Scan library for music
3) Start playing something
4) Go to menu > Sound environment
5) Click somehting other than Reset
6) It crashes immediately

Also you can try master branch with workaround - it works fine
Flags: needinfo?(nazar)
Okay, thanks for the code and steps, I was able to reproduce the crash!

The crash appears with the 2.0.20140814 simulator, but with 1.4.20140506 it works.

Alex, can you take look at this in more depth?
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(poirot.alex)
It's not really clear what is going on, but here is the stack for this crash:
#0  0x00007f9f322cb08d in nanosleep () at ../sysdeps/unix/syscall-template.S:82
#1  0x00007f9f322caf2c in __sleep (seconds=0) at ../sysdeps/unix/sysv/linux/sleep.c:138
#2  0x00007f9f2f43d606 in ah_crap_handler (signum=11) at /mnt/desktop/gecko/toolkit/xre/nsSigHandlers.cpp:88
#3  0x00007f9f2f42fe38 in nsProfileLock::FatalSignalHandler (signo=11, info=0x7fffeccbba70, context=<optimized out>)
    at /mnt/desktop/gecko/profile/dirserviceprovider/nsProfileLock.cpp:190
#4  0x00007f9f2f975e3f in AsmJSFaultHandler (signum=11, info=0x7fffeccbba70, context=0x7fffeccbb940) at /mnt/desktop/gecko/js/src/asmjs/AsmJSSignalHandlers.cpp:978
#5  <signal handler called>
#6  0x00007f9f2deb3dcc in nsZipItem::Compression (this=0x0) at /mnt/desktop/gecko/modules/libjar/nsZipArchive.cpp:1008
#7  0x00007f9f2ebd6b9a in mozilla::ArrayBufferBuilder::mapToFileInPackage (this=0x7f9f00f95a00, aFile=..., aJarFile=0x7f9f09352240)
    at /mnt/desktop/gecko/content/base/src/nsXMLHttpRequest.cpp:4088
#8  0x00007f9f2ebe0f58 in nsXMLHttpRequest::OnStartRequest (this=0x7f9f00f95800, request=0x7f9f09b39690, ctxt=0x0)
    at /mnt/desktop/gecko/content/base/src/nsXMLHttpRequest.cpp:2039
#9  0x00007f9f2eb7c7c1 in nsCORSListenerProxy::OnStartRequest (this=0x7f9f058da350, aRequest=0x7f9f09b39690, aContext=0x0)
    at /mnt/desktop/gecko/content/base/src/nsCrossSiteListenerProxy.cpp:504
#10 0x00007f9f2deafdb1 in nsJARChannel::OnStartRequest (this=0x7f9f09b39690, req=0x7f9f09352300, ctx=<optimized out>)
    at /mnt/desktop/gecko/modules/libjar/nsJARChannel.cpp:1098
#11 0x00007f9f2d99cdad in nsInputStreamPump::OnStateStart (this=0x7f9f09352300) at /mnt/desktop/gecko/netwerk/base/src/nsInputStreamPump.cpp:531
#12 0x00007f9f2d9a3efe in nsInputStreamPump::OnInputStreamReady (this=0x7f9f09352300, stream=<optimized out>) at /mnt/desktop/gecko/netwerk/base/src/nsInputStreamPump.cpp:433
#13 0x00007f9f2d9060e3 in nsInputStreamReadyEvent::Run (this=0x7f9f05ac6500) at /mnt/desktop/gecko/xpcom/io/nsStreamUtils.cpp:88
#14 0x00007f9f2d9181ec in nsThread::ProcessNextEvent (this=0x7f9f31e5cc70, aMayWait=false, aResult=0x7fffeccbc3bf) at /mnt/desktop/gecko/xpcom/threads/nsThread.cpp:823
#15 0x00007f9f2d93a7b0 in NS_ProcessNextEvent (aThread=<optimized out>, aMayWait=false) at /mnt/desktop/gecko/xpcom/glue/nsThreadUtils.cpp:265
#16 0x00007f9f2dbc52aa in mozilla::ipc::MessagePump::Run (this=0x7f9f24580bc0, aDelegate=0x7f9f24530840) at /mnt/desktop/gecko/ipc/glue/MessagePump.cpp:99
#17 0x00007f9f2dba7f34 in MessageLoop::RunInternal (this=0x7f9f24530840) at /mnt/desktop/gecko/ipc/chromium/src/base/message_loop.cc:229
#18 0x00007f9f2dba7fa8 in RunHandler (this=0x7f9f24530840) at /mnt/desktop/gecko/ipc/chromium/src/base/message_loop.cc:222
#19 MessageLoop::Run (this=0x7f9f24530840) at /mnt/desktop/gecko/ipc/chromium/src/base/message_loop.cc:196
#20 0x00007f9f2ea94ac9 in nsBaseAppShell::Run (this=0x7f9f1e1272b0) at /mnt/desktop/gecko/widget/xpwidgets/nsBaseAppShell.cpp:164
#21 0x00007f9f2f40d8cc in nsAppStartup::Run (this=0x7f9f1e125060) at /mnt/desktop/gecko/toolkit/components/startup/nsAppStartup.cpp:280
#22 0x00007f9f2f439c14 in XREMain::XRE_mainRun (this=0x7fffeccbc820) at /mnt/desktop/gecko/toolkit/xre/nsAppRunner.cpp:4101
#23 0x00007f9f2f439ec0 in XREMain::XRE_main (this=0x7fffeccbc820, argc=<optimized out>, argv=0x7f9f31e77490, aAppData=0x432a10)
    at /mnt/desktop/gecko/toolkit/xre/nsAppRunner.cpp:4172
#24 0x00007f9f2f43a139 in XRE_main (argc=5, argv=0x7f9f31e77490, aAppData=0x432a10, aFlags=<optimized out>) at /mnt/desktop/gecko/toolkit/xre/nsAppRunner.cpp:4386
#25 0x0000000000404502 in do_main (argv=0x7f9f31e77490, argc=5) at /mnt/desktop/gecko/b2g/app/nsBrowserApp.cpp:165
#26 main (argc=5, argv=<optimized out>) at /mnt/desktop/gecko/b2g/app/nsBrowserApp.cpp:291


It isn't simulator specific as I'm reproducing it with lastest b2g desktop build.
I'm tempted to say, something is wrong in ArrayBufferBuilder::mapToFileInPackage.

:swu, any guess for this crash? If you have some ideas I can try patches locally if you don't want to play with b2g desktop, gaia and all...
Flags: needinfo?(poirot.alex) → needinfo?(swu)
:ochameau, thanks for the stack trace info.  This patch should fix the crash issue, could you help to confirm it?
Assignee: nobody → swu
Status: NEW → ASSIGNED
Flags: needinfo?(swu)
Somehow I am not able to run the CleverStyle-Music app on my B2G desktop or Flame device with my Gecko/Gaia code within two weeks.  After launching the app, I can see the background picture with music symbols only, but not seen any buttons to click.
Attachment #8484729 - Flags: review?(bugs)
(In reply to Shian-Yow Wu [:swu] from comment #8)
> Somehow I am not able to run the CleverStyle-Music app on my B2G desktop or
> Flame device with my Gecko/Gaia code within two weeks.  After launching the
> app, I can see the background picture with music symbols only, but not seen
> any buttons to click.

I saw the same thing after updating my 2.1 simulator to a more recent build.  Perhaps something else changed to cause a (different?) regression, but I did not debug further at the time.
Attachment #8484729 - Flags: review?(bugs) → review+
If anyone have anything concerning working on Flame I'll be happy to know, because I do not own it (just like any other device), so, I'm unable to solve it without additional info. For example there is one bug here: https://github.com/nazar-pc/CleverStyle-Music but since this is off topic, welcome to GitHub repository.
(In reply to Shian-Yow Wu [:swu] from comment #7)
> Created attachment 8484729 [details] [diff] [review]
> Patch: Fix error checking when calling nsZipArchive::GetItem().
> 
> :ochameau, thanks for the stack trace info.  This patch should fix the crash
> issue, could you help to confirm it?

Thanks for the patch, it does fix the crash I've seen!
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/78a7b3161bb3
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
FYI, Simulator builds available here should contain the fix for your crash:
https://ftp.mozilla.org/pub/mozilla.org/labs/fxos-simulator/2.2/
Any chances to backport this at least to Simulator 2.0/2.1 (1.4 would be awesome)?
Comment on attachment 8484729 [details] [diff] [review]
Patch: Fix error checking when calling nsZipArchive::GetItem().

Approval Request Comment
[Feature/regressing bug #]: bug 945152
[User impact if declined]: Chance to crash if app sends an XHR request with arraybuffer type.
[Describe test coverage new/current, TBPL]: Manual test on m-c.
[Risks and why]: Low.  The fix is simple and obvious.
[String/UUID change made/needed]: n/a
Attachment #8484729 - Flags: approval-mozilla-aurora?
status-b2g-v2.1: --- → affected
Blocks: 1073582
(In reply to Nazar Mokrynskyi from comment #15)
> Any chances to backport this at least to Simulator 2.0/2.1 (1.4 would be
> awesome)?

:ochameau, after uplifting to b2g-v2.1, does it automatically uplift to Simulator 2.1 as well?
Flags: needinfo?(poirot.alex)
(In reply to Shian-Yow Wu [:swu] from comment #17)
> :ochameau, after uplifting to b2g-v2.1, does it automatically uplift to
> Simulator 2.1 as well?

Yes
Flags: needinfo?(poirot.alex)
Attachment #8484729 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
See Also: → 1073582
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: