Closed Bug 1067351 Opened 10 years ago Closed 10 years ago

[e10s] file upload crashed tab

Categories

(Core :: DOM: Content Processes, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla35
Tracking Status
e10s m3+ ---

People

(Reporter: alberts, Assigned: billm)

References

Details

(Keywords: crash, regression)

Attachments

(1 file, 1 obsolete file)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:35.0) Gecko/20100101 Firefox/35.0
Build ID: 20140915030204

Steps to reproduce:

enter bug in bugzilla and tried to upload an attachment


Actual results:

right after I chose a file and clicked on 'select' all tabs crashed and showed an error "Well this is embarrassing [...]". FF tried to but couldn't reload the tabs.


Expected results:

tabs shouldn't crash
I can repro on Nightly35.0a1(e10s) Windows7.
I cannot repro on Aurora34.0a2(e10s) Windows7.
Status: UNCONFIRMED → NEW
tracking-e10s: --- → ?
Ever confirmed: true
Keywords: regression
OS: Mac OS X → All
Regression window(m-i)
Good:
https://hg.mozilla.org/integration/mozilla-inbound/rev/23ee92252bf7
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20140913061908
Bad:
https://hg.mozilla.org/integration/mozilla-inbound/rev/14a2fe92d07b
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20140913091409
Pushlog
http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=23ee92252bf7&tochange=14a2fe92d07b
Regressed by
14a2fe92d07b	Ben Turner — Bug 994190 - 'Modify main-thread IndexedDB to use PBackground', r=khuey.
Severity: normal → critical
Keywords: crash
Component: Untriaged → DOM: IndexedDB
Hardware: x86 → All
This is not limited to bugzilla! the same thing will happen in facebook (https://bugzilla.mozilla.org/show_bug.cgi?id=1067516) didn't happen yesterday, just with today's build.
See Also: → 1067516
Also happens in Yahoo and my CMS at http://sequoia.internetbrands.com/sequoia_v2/
Same on this imagehoster: https://mediacru.sh/
The tab crashes silently without generating a crash report! Is it normal that the crashreporter isn't called?
Well, it's crashing in the crash reporting code, so...
blassey says file upload crashes do not block M2 milestone because the user can workaround the crash by opening a non-e10s window (from the File menu).
Attached patch fix-file-picker (obsolete) — Splinter Review
Everything seems to work if I make this change. It's hard to know why we're asserting here, but the code seems to work fine without the assertion.

Also, the reason we don't get a crash report is that the parent is intentionally crashing the child by returning false in a message handler. I filed bug 1068349 for that.
Assignee: nobody → wmccloskey
Status: NEW → ASSIGNED
Attachment #8490412 - Flags: review?(bent.mozilla)
Getting crashes when adding attachments to gmail as well.
(In reply to Julian Viereck from comment #15)
> Getting crashes when adding attachments to gmail as well.

The same with Google+
Hrm, we need to figure out how to secure this... That message could be spoofed by a child process.

Are we guaranteed to only make this call in the parent process to a PBackground blob?
Component: DOM: IndexedDB → DOM: Content Processes
Version: 35 Branch → Trunk
Reproducible on Facebook!
(In reply to ben turner [:bent] (use the needinfo? flag!) from comment #17)
> Hrm, we need to figure out how to secure this... That message could be
> spoofed by a child process.

Is it really so bad for the content process to get the path for a blob that we've given it access to? It already has access to the file's data as well as other metadata for it.

In any case, I'd like to at least fix this temporarily. A good chunk of our nightly users are now testing e10s, and they can't upload files.

> Are we guaranteed to only make this call in the parent process to a
> PBackground blob?

I'm not really sure what causes something to be a PBackground blob. But I don't think so.
Also happening trying to attach a file in gmail. Assuming it's also this bug.
Attached patch fix-file-pickerSplinter Review
Attachment #8490412 - Attachment is obsolete: true
Attachment #8490412 - Flags: review?(bent.mozilla)
Attachment #8490925 - Flags: review?(bent.mozilla)
Comment on attachment 8490925 [details] [diff] [review]
fix-file-picker

Review of attachment 8490925 [details] [diff] [review]:
-----------------------------------------------------------------

Please file a followup on the filepicker here.
Attachment #8490925 - Flags: review?(bent.mozilla) → review+
https://hg.mozilla.org/mozilla-central/rev/57b5abc0d381
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
FWIW bug 994190 was backed out, but when it re-lands it will include this fix.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: