crash in mozilla::net::HttpBaseChannel::SetupReplacementChannel(nsIURI*, nsIChannel*, bool), Enhanced Steam add-on

VERIFIED FIXED in Firefox 35

Status

()

defect
--
critical
VERIFIED FIXED
4 years ago
4 years ago

People

(Reporter: mayhemer, Assigned: mayhemer)

Tracking

({crash})

35 Branch
mozilla38
Points:
---
Bug Flags:
qe-verify +

Firefox Tracking Flags

(firefox35 verified, firefox36 verified, firefox37 verified, firefox38 verified, relnote-firefox 35+)

Details

(crash signature)

Attachments

(1 attachment)

(Assignee)

Description

4 years ago
This bug was filed from the Socorro interface and is 
report bp-9d80d0be-f2ad-4e13-9060-3b7662150113.
=============================================================

Some DOM codepaths allow creation of requests having principals with null URLs.  The logging code doesn't check presence of the URL when listing redirects.  Redirects are combined from channel's principal URLs.
(Assignee)

Comment 1

4 years ago
Posted patch v1Splinter Review
Attachment #8551851 - Flags: review?(mcmanus)
Attachment #8551851 - Flags: review?(mcmanus) → review+
(Assignee)

Updated

4 years ago
Keywords: checkin-needed
Honza, thanks for the super fast answer in the other bug.
Could you fill the uplift request for aurora, beta & release? Thanks
Flags: needinfo?(honzab.moz)
https://hg.mozilla.org/mozilla-central/rev/07dd454814b9
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
(Assignee)

Comment 5

4 years ago
Comment on attachment 8551851 [details] [diff] [review]
v1

Approval Request Comment
[Feature/regressing bug #]: 974018
[User impact if declined]: null deref crash
[Describe test coverage new/current, TreeHerder]: landed on m-c a day ago
[Risks and why]: zero, just bypasses nsAutoCString assignment when an object to call a method to fill it is found null
[String/UUID change made/needed]: none
Flags: needinfo?(honzab.moz)
Attachment #8551851 - Flags: approval-mozilla-release?
Attachment #8551851 - Flags: approval-mozilla-beta?
Attachment #8551851 - Flags: approval-mozilla-aurora?
Attachment #8551851 - Flags: approval-mozilla-release?
Attachment #8551851 - Flags: approval-mozilla-release+
Attachment #8551851 - Flags: approval-mozilla-beta?
Attachment #8551851 - Flags: approval-mozilla-beta+
Attachment #8551851 - Flags: approval-mozilla-aurora?
Attachment #8551851 - Flags: approval-mozilla-aurora+
(Assignee)

Comment 6

4 years ago
(In reply to Honza Bambas (:mayhemer) from comment #5)
> [Risks and why]: zero, just bypasses nsAutoCString assignment when an object
> to call a method to fill it is found null

And it's just for NSPR logging purposes!
Flags: qe-verify+
The crash rate decreased a lot.
In the last week there were:
- 0 crashes for Firefox 35.0.1 (down from 361 crashes in Firefox 35.0)
- On the beta channel, there were 2 crashes on 36.0b2 and none for 36.0b4 and 36.0b5
- 2 crashes on 37.0a2.
- No crashes on Nightly 38.

Based on these results, I consider it's safe to mark this issue verified.
Please reopen if you disagree. Thanks!

Updated

4 years ago
Duplicate of this bug: 1117873
You need to log in before you can comment on or make changes to this bug.