Firefox routinely crashes while using the Janus plugin

RESOLVED FIXED in Firefox 36

Status

()

Core
Networking: HTTP
--
critical
RESOLVED FIXED
3 years ago
2 years ago

People

(Reporter: Damien, Assigned: mcmanus)

Tracking

({crash})

34 Branch
mozilla37
x86_64
Linux
crash
Points:
---

Firefox Tracking Flags

(firefox36 fixed, firefox37 fixed, firefox38 fixed)

Details

(crash signature)

Attachments

(3 attachments)

(Reporter)

Description

3 years ago
Created attachment 8535572 [details]
stdout from the debug build from Tinderbox

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0
Build ID: 20141127111021

Steps to reproduce:

Install the Janus plugin, and use Firefox for a while (with Janus enabled).  Crashes might be more frequent while there are many connections.


Actual results:

Firefox crashed.  A debug build showed:

Assertion failure: seekable (Request stream isn't seekable?!?), at /builds/slave/m-rel-l64-d-000000000000000000/build/netwerk/protocol/http/nsHttpTransaction.cpp:552

I've attached the standard output from Firefox, and the gdb stack trace (which doesn't look very useful).

Also see these crash reports:

bp-9ae00412-d73f-4aa3-8f79-277262141206
bp-bc0d2504-de15-4f87-9896-580572141206
bp-8884ad60-8c4a-486c-ad27-a46752141205
bp-953c7d98-b47f-449c-bff9-67ad52141211


Expected results:

No crash.
(Reporter)

Comment 1

3 years ago
Created attachment 8535574 [details]
Stack trace from gdb
Severity: normal → critical
Crash Signature: [@ mozilla::net::nsHttpTransaction::OnTransportStatus ]
Component: Untriaged → Networking: HTTP
Keywords: crash
Product: Firefox → Core

Comment 2

3 years ago
I have been experiencing similar crashes, with the same type of info in the crash report, with the Janus add-on enabled.

Example:

https://crash-stats.mozilla.com/report/index/c4cb3f2d-e3ea-4594-ac7f-c34992141213
(Assignee)

Comment 3

3 years ago
you have a non-seekable input stream.

the crash is easily worked around in the code - but I'm not sure why using a spdy proxy would make this happen. do you have any kind of steps to reproduce that might let a dev see what is happening?
(Reporter)

Comment 4

3 years ago
Not really.  The crash seems more likely if I'm opening a few web pages in different tabs, where those pages have a lot of images.

Comment 5

3 years ago
Might this be similar to Issue 69 from Github? https://github.com/mozilla/node-janus/issues/69
That is an issue about OSCP.
(Reporter)

Comment 6

3 years ago
Maybe that is the problem.  I set security.OCSP.enabled=0, and haven't had a crash in a few days.
(Assignee)

Updated

3 years ago
Blocks: 378637
(Assignee)

Comment 7

3 years ago
I don't think this bug is the only issue with ocsp, but assuming seekable stream at that place in the code is not a safe xpcom assumption anyhow. So let's fix that.
(Assignee)

Comment 8

3 years ago
Created attachment 8544058 [details] [diff] [review]
dont assume seekable stream on sending_to http events
Attachment #8544058 - Flags: review?(valentin.gosu)
(Assignee)

Updated

3 years ago
Assignee: nobody → mcmanus
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #8544058 - Flags: review?(valentin.gosu) → review+
(Assignee)

Comment 9

3 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/90e632524106
https://hg.mozilla.org/mozilla-central/rev/90e632524106
Status: ASSIGNED → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
(Reporter)

Comment 11

2 years ago
I'm still getting the occasional crash in version 35.0.1 (like bp-27b380c2-0e4c-496d-a912-5a9592150206), but it looks like the fix won't come until version 37.
(Assignee)

Comment 12

2 years ago
Comment on attachment 8544058 [details] [diff] [review]
dont assume seekable stream on sending_to http events

Approval Request Comment
[Feature/regressing bug #]: unknown - long standing
[User impact if declined]: users of janus proxy are seeing null deref crashes at lowish volumes on < ff 37
[Describe test coverage new/current, TreeHerder]: has been in tree since 37 was nightly, verified to fix problem
[Risks and why]: low - null check
[String/UUID change made/needed]: none
Attachment #8544058 - Flags: approval-mozilla-beta?
status-firefox36: --- → affected
status-firefox37: --- → fixed
status-firefox38: --- → fixed
Attachment #8544058 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
(Assignee)

Comment 13

2 years ago
  https://hg.mozilla.org/releases/mozilla-beta/rev/222d4a9f7ed3
status-firefox36: affected → fixed
You need to log in before you can comment on or make changes to this bug.