Closed Bug 1067351 Opened 5 years ago Closed 5 years ago
[e10s] file upload crashed tab
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20140915030204 Steps to reproduce: enter bug in bugzilla and tried to upload an attachment Actual results: right after I chose a file and clicked on 'select' all tabs crashed and showed an error "Well this is embarrassing [...]". FF tried to but couldn't reload the tabs. Expected results: tabs shouldn't crash
I can repro on Nightly35.0a1(e10s) Windows7. I cannot repro on Aurora34.0a2(e10s) Windows7.
Regression window(m-i) Good: https://hg.mozilla.org/integration/mozilla-inbound/rev/23ee92252bf7 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20140913061908 Bad: https://hg.mozilla.org/integration/mozilla-inbound/rev/14a2fe92d07b Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20140913091409 Pushlog http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=23ee92252bf7&tochange=14a2fe92d07b Regressed by 14a2fe92d07b Ben Turner — Bug 994190 - 'Modify main-thread IndexedDB to use PBackground', r=khuey.
Component: Untriaged → DOM: IndexedDB
Hardware: x86 → All
This is not limited to bugzilla! the same thing will happen in facebook (https://bugzilla.mozilla.org/show_bug.cgi?id=1067516) didn't happen yesterday, just with today's build.
Also happens in Yahoo and my CMS at http://sequoia.internetbrands.com/sequoia_v2/
Same on this imagehoster: https://mediacru.sh/ The tab crashes silently without generating a crash report! Is it normal that the crashreporter isn't called?
Well, it's crashing in the crash reporting code, so...
blassey says file upload crashes do not block M2 milestone because the user can workaround the crash by opening a non-e10s window (from the File menu).
Everything seems to work if I make this change. It's hard to know why we're asserting here, but the code seems to work fine without the assertion. Also, the reason we don't get a crash report is that the parent is intentionally crashing the child by returning false in a message handler. I filed bug 1068349 for that.
Assignee: nobody → wmccloskey
Status: NEW → ASSIGNED
Attachment #8490412 - Flags: review?(bent.mozilla)
Getting crashes when adding attachments to gmail as well.
(In reply to Julian Viereck from comment #15) > Getting crashes when adding attachments to gmail as well. The same with Google+
Hrm, we need to figure out how to secure this... That message could be spoofed by a child process. Are we guaranteed to only make this call in the parent process to a PBackground blob?
Component: DOM: IndexedDB → DOM: Content Processes
Reproducible on Facebook!
(In reply to ben turner [:bent] (use the needinfo? flag!) from comment #17) > Hrm, we need to figure out how to secure this... That message could be > spoofed by a child process. Is it really so bad for the content process to get the path for a blob that we've given it access to? It already has access to the file's data as well as other metadata for it. In any case, I'd like to at least fix this temporarily. A good chunk of our nightly users are now testing e10s, and they can't upload files. > Are we guaranteed to only make this call in the parent process to a > PBackground blob? I'm not really sure what causes something to be a PBackground blob. But I don't think so.
Also happening trying to attach a file in gmail. Assuming it's also this bug.
Comment on attachment 8490925 [details] [diff] [review] fix-file-picker Review of attachment 8490925 [details] [diff] [review]: ----------------------------------------------------------------- Please file a followup on the filepicker here.
Attachment #8490925 - Flags: review?(bent.mozilla) → review+
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
FWIW bug 994190 was backed out, but when it re-lands it will include this fix.
5 years ago
Duplicate of this bug: 1067750
5 years ago
Duplicate of this bug: 1069332
You need to log in before you can comment on or make changes to this bug.