Closed Bug 1123732 Opened 9 years ago Closed 9 years ago

crash in mozilla::net::HttpBaseChannel::SetupReplacementChannel(nsIURI*, nsIChannel*, bool), Enhanced Steam add-on

Categories

(Core :: Networking: HTTP, defect)

35 Branch
defect
Not set
critical

Tracking

()

VERIFIED FIXED
mozilla38
Tracking Status
firefox35 --- verified
firefox36 --- verified
firefox37 --- verified
firefox38 --- verified
relnote-firefox --- 35+

People

(Reporter: mayhemer, Assigned: mayhemer)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

This bug was filed from the Socorro interface and is 
report bp-9d80d0be-f2ad-4e13-9060-3b7662150113.
=============================================================

Some DOM codepaths allow creation of requests having principals with null URLs.  The logging code doesn't check presence of the URL when listing redirects.  Redirects are combined from channel's principal URLs.
Attached patch v1Splinter Review
Attachment #8551851 - Flags: review?(mcmanus)
Attachment #8551851 - Flags: review?(mcmanus) → review+
Keywords: checkin-needed
Honza, thanks for the super fast answer in the other bug.
Could you fill the uplift request for aurora, beta & release? Thanks
Flags: needinfo?(honzab.moz)
https://hg.mozilla.org/mozilla-central/rev/07dd454814b9
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
Comment on attachment 8551851 [details] [diff] [review]
v1

Approval Request Comment
[Feature/regressing bug #]: 974018
[User impact if declined]: null deref crash
[Describe test coverage new/current, TreeHerder]: landed on m-c a day ago
[Risks and why]: zero, just bypasses nsAutoCString assignment when an object to call a method to fill it is found null
[String/UUID change made/needed]: none
Flags: needinfo?(honzab.moz)
Attachment #8551851 - Flags: approval-mozilla-release?
Attachment #8551851 - Flags: approval-mozilla-beta?
Attachment #8551851 - Flags: approval-mozilla-aurora?
Attachment #8551851 - Flags: approval-mozilla-release?
Attachment #8551851 - Flags: approval-mozilla-release+
Attachment #8551851 - Flags: approval-mozilla-beta?
Attachment #8551851 - Flags: approval-mozilla-beta+
Attachment #8551851 - Flags: approval-mozilla-aurora?
Attachment #8551851 - Flags: approval-mozilla-aurora+
(In reply to Honza Bambas (:mayhemer) from comment #5)
> [Risks and why]: zero, just bypasses nsAutoCString assignment when an object
> to call a method to fill it is found null

And it's just for NSPR logging purposes!
Flags: qe-verify+
The crash rate decreased a lot.
In the last week there were:
- 0 crashes for Firefox 35.0.1 (down from 361 crashes in Firefox 35.0)
- On the beta channel, there were 2 crashes on 36.0b2 and none for 36.0b4 and 36.0b5
- 2 crashes on 37.0a2.
- No crashes on Nightly 38.

Based on these results, I consider it's safe to mark this issue verified.
Please reopen if you disagree. Thanks!
You need to log in before you can comment on or make changes to this bug.