Closed
Bug 1067351
Opened 10 years ago
Closed 10 years ago
[e10s] file upload crashed tab
Categories
(Core :: DOM: Content Processes, defect)
Core
DOM: Content Processes
Tracking
()
RESOLVED
FIXED
mozilla35
Tracking | Status | |
---|---|---|
e10s | m3+ | --- |
People
(Reporter: alberts, Assigned: billm)
References
Details
(Keywords: crash, regression)
Attachments
(1 file, 1 obsolete file)
833 bytes,
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:35.0) Gecko/20100101 Firefox/35.0 Build ID: 20140915030204 Steps to reproduce: enter bug in bugzilla and tried to upload an attachment Actual results: right after I chose a file and clicked on 'select' all tabs crashed and showed an error "Well this is embarrassing [...]". FF tried to but couldn't reload the tabs. Expected results: tabs shouldn't crash
Comment 1•10 years ago
|
||
I can repro on Nightly35.0a1(e10s) Windows7. I cannot repro on Aurora34.0a2(e10s) Windows7.
Status: UNCONFIRMED → NEW
tracking-e10s:
--- → ?
Ever confirmed: true
Keywords: regression
OS: Mac OS X → All
Comment 2•10 years ago
|
||
Regression window(m-i) Good: https://hg.mozilla.org/integration/mozilla-inbound/rev/23ee92252bf7 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20140913061908 Bad: https://hg.mozilla.org/integration/mozilla-inbound/rev/14a2fe92d07b Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 ID:20140913091409 Pushlog http://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=23ee92252bf7&tochange=14a2fe92d07b Regressed by 14a2fe92d07b Ben Turner — Bug 994190 - 'Modify main-thread IndexedDB to use PBackground', r=khuey.
Updated•10 years ago
|
Component: Untriaged → DOM: IndexedDB
Hardware: x86 → All
Comment 3•10 years ago
|
||
This is not limited to bugzilla! the same thing will happen in facebook (https://bugzilla.mozilla.org/show_bug.cgi?id=1067516) didn't happen yesterday, just with today's build.
Comment 4•10 years ago
|
||
Also happens in Yahoo and my CMS at http://sequoia.internetbrands.com/sequoia_v2/
Same on this imagehoster: https://mediacru.sh/ The tab crashes silently without generating a crash report! Is it normal that the crashreporter isn't called?
Comment 6•10 years ago
|
||
Well, it's crashing in the crash reporting code, so...
Comment 13•10 years ago
|
||
blassey says file upload crashes do not block M2 milestone because the user can workaround the crash by opening a non-e10s window (from the File menu).
Assignee | ||
Comment 14•10 years ago
|
||
Everything seems to work if I make this change. It's hard to know why we're asserting here, but the code seems to work fine without the assertion. Also, the reason we don't get a crash report is that the parent is intentionally crashing the child by returning false in a message handler. I filed bug 1068349 for that.
Assignee: nobody → wmccloskey
Status: NEW → ASSIGNED
Attachment #8490412 -
Flags: review?(bent.mozilla)
Comment 15•10 years ago
|
||
Getting crashes when adding attachments to gmail as well.
Comment 16•10 years ago
|
||
(In reply to Julian Viereck from comment #15) > Getting crashes when adding attachments to gmail as well. The same with Google+
Hrm, we need to figure out how to secure this... That message could be spoofed by a child process. Are we guaranteed to only make this call in the parent process to a PBackground blob?
Component: DOM: IndexedDB → DOM: Content Processes
Updated•10 years ago
|
Version: 35 Branch → Trunk
Comment 18•10 years ago
|
||
Reproducible on Facebook!
Assignee | ||
Comment 19•10 years ago
|
||
(In reply to ben turner [:bent] (use the needinfo? flag!) from comment #17) > Hrm, we need to figure out how to secure this... That message could be > spoofed by a child process. Is it really so bad for the content process to get the path for a blob that we've given it access to? It already has access to the file's data as well as other metadata for it. In any case, I'd like to at least fix this temporarily. A good chunk of our nightly users are now testing e10s, and they can't upload files. > Are we guaranteed to only make this call in the parent process to a > PBackground blob? I'm not really sure what causes something to be a PBackground blob. But I don't think so.
Comment 20•10 years ago
|
||
Also happening trying to attach a file in gmail. Assuming it's also this bug.
Assignee | ||
Comment 22•10 years ago
|
||
Attachment #8490412 -
Attachment is obsolete: true
Attachment #8490412 -
Flags: review?(bent.mozilla)
Attachment #8490925 -
Flags: review?(bent.mozilla)
Comment on attachment 8490925 [details] [diff] [review] fix-file-picker Review of attachment 8490925 [details] [diff] [review]: ----------------------------------------------------------------- Please file a followup on the filepicker here.
Attachment #8490925 -
Flags: review?(bent.mozilla) → review+
Assignee | ||
Comment 24•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/57b5abc0d381 Filed bug 1068838.
Comment 27•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/57b5abc0d381
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
FWIW bug 994190 was backed out, but when it re-lands it will include this fix.
You need to log in
before you can comment on or make changes to this bug.
Description
•