Closed Bug 1191823 Opened 9 years ago Closed 9 years ago

Minimize memory usage in about:memory makes some website crash

Categories

(Core :: Storage: IndexedDB, defect)

Product:
Core
Component:
Storage: IndexedDB
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1152026
Tracking Flags:
Tracking Status
firefox42 --- affected
firefox43 --- fixed

People

(Reporter: autra, Unassigned)

References

Details

(Keywords: sec-high, Whiteboard: [adv-main43-])

# In firefox desktop [Steps] - Visit https://autra.github.io/bug_test_case/aboutmemory_worker_asyncstorage/views/main/index.html) - click on the forward button (once is enough) - go to about:memory in another tab - click on "minimize memory usage" [Expected] It does not crash and you can measure memory :-) [Actual] All the tabs crashes. Stacktrace: https://pastebin.mozilla.org/8841853 # In firefox OS: [Steps] - Download https://github.com/autra/bug_test_case/archive/gh-pages.zip and install the app in aboutmemory_worker_asyncstorage/ with the WebIDE. - start the app - put it in the background - execute > python ./tools/get_about_memory.py -m --no-gc-cc-log --no-kgsl-logs from inside the cloned b2g folder [Expected] The app does not crash and you can measure memory [Actual] The app crashes stacktrace https://pastebin.mozilla.org/8841856 Apparently, it has to do with a combination of workers and indexed DB after we terminate the worker. (putting the tab/app into background terminate the worker in the website linked above). It does not crash if we put the indexedDB code into the main thread. It does not crash if we measure while the app/tab is in foreground (so when the worker is alive). Sorry for the big test case, I'll try to minimize it if I have time.
This sounds like some kind of use-after-free, so I'm going to mark it sec-high.
Keywords: sec-high
What versions have you tested on? This is probably the promises + IDB on workers bug.
Flags: needinfo?(augustin.trancart)
Tested on nightly. Shame on me, I didn't get the exact build number, sorry for that
Flags: needinfo?(augustin.trancart)
But I can't reproduce on today's nightly for desktop :-) So it seems to have been fixed between 2015-08-06 and today (2015-08-20)
Fixed in 43 by bug 1179909. 42 is still affected.
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox43: --- → fixed
Depends on: 1179909
Resolution: --- → WORKSFORME
Resolution: WORKSFORME → DUPLICATE
Group: core-security → core-security-release
Whiteboard: [adv-main43-]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.