Closed Bug 1110707 Opened 10 years ago Closed 10 years ago

Firefox routinely crashes while using the Janus plugin

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Version:
34 Branch
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla37
Tracking Flags:
Tracking Status
firefox36 --- fixed
firefox37 --- fixed
firefox38 --- fixed

People

(Reporter: bugzilla-mozilla-org.rivode, Assigned: mcmanus)

References

Details

(Keywords: crash)

Crash Data

Attachments

(3 files)

stdout from the debug build from Tinderbox
1.26 KB, text/plain
Details
Stack trace from gdb
2.93 KB, text/plain
Details
dont assume seekable stream on sending_to http events
1.64 KB, patch
valentin
: review+
Sylvestre
: approval-mozilla-beta+
Details | Diff | Splinter Review
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141127111021 Steps to reproduce: Install the Janus plugin, and use Firefox for a while (with Janus enabled). Crashes might be more frequent while there are many connections. Actual results: Firefox crashed. A debug build showed: Assertion failure: seekable (Request stream isn't seekable?!?), at /builds/slave/m-rel-l64-d-000000000000000000/build/netwerk/protocol/http/nsHttpTransaction.cpp:552 I've attached the standard output from Firefox, and the gdb stack trace (which doesn't look very useful). Also see these crash reports: bp-9ae00412-d73f-4aa3-8f79-277262141206 bp-bc0d2504-de15-4f87-9896-580572141206 bp-8884ad60-8c4a-486c-ad27-a46752141205 bp-953c7d98-b47f-449c-bff9-67ad52141211 Expected results: No crash.
Attached file Stack trace from gdb
Severity: normal → critical
Crash Signature: [@ mozilla::net::nsHttpTransaction::OnTransportStatus ]
Component: Untriaged → Networking: HTTP
Keywords: crash
Product: Firefox → Core
I have been experiencing similar crashes, with the same type of info in the crash report, with the Janus add-on enabled. Example: https://crash-stats.mozilla.com/report/index/c4cb3f2d-e3ea-4594-ac7f-c34992141213
you have a non-seekable input stream. the crash is easily worked around in the code - but I'm not sure why using a spdy proxy would make this happen. do you have any kind of steps to reproduce that might let a dev see what is happening?
Not really. The crash seems more likely if I'm opening a few web pages in different tabs, where those pages have a lot of images.
Might this be similar to Issue 69 from Github? https://github.com/mozilla/node-janus/issues/69 That is an issue about OSCP.
Maybe that is the problem. I set security.OCSP.enabled=0, and haven't had a crash in a few days.
Blocks: 378637
I don't think this bug is the only issue with ocsp, but assuming seekable stream at that place in the code is not a safe xpcom assumption anyhow. So let's fix that.
Assignee: nobody → mcmanus
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #8544058 - Flags: review?(valentin.gosu) → review+
https://hg.mozilla.org/mozilla-central/rev/90e632524106
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla37
I'm still getting the occasional crash in version 35.0.1 (like bp-27b380c2-0e4c-496d-a912-5a9592150206), but it looks like the fix won't come until version 37.
Comment on attachment 8544058 [details] [diff] [review] dont assume seekable stream on sending_to http events Approval Request Comment [Feature/regressing bug #]: unknown - long standing [User impact if declined]: users of janus proxy are seeing null deref crashes at lowish volumes on < ff 37 [Describe test coverage new/current, TreeHerder]: has been in tree since 37 was nightly, verified to fix problem [Risks and why]: low - null check [String/UUID change made/needed]: none
Attachment #8544058 - Flags: approval-mozilla-beta?
Attachment #8544058 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: