Closed
Bug 1223512
Opened 9 years ago
Closed 9 years ago
Need to validate that every edge referent is in the heap snapshot
Categories
(DevTools :: Memory, defect)
DevTools
Memory
Tracking
(firefox44 fixed, firefox45 fixed, b2g-v2.5 fixed)
RESOLVED
FIXED
Firefox 45
People
(Reporter: fitzgen, Assigned: fitzgen)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
5.62 KB,
patch
|
shu
:
review+
ritu
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
Big woopsie that we aren't already doing this...
When doing this checking, we can take the opportunity to change edge referents from node ids to pointers since the nodes hash set is frozen after being read.
|
Assignee | |
Comment 1•9 years ago
|
||
Attachment #8686784 -
Flags: review?(shu)
|
|
Assignee | |
Comment 2•9 years ago
|
||
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8686784 [details] [diff] [review]
Validate that every edge referent is in the heap snapshot
Review of attachment 8686784 [details] [diff] [review]:
-----------------------------------------------------------------
This looks fine to me -- it is validating the integrity of the loaded heap graph, that all edges are known, otherwise the snapshot is corrupt. Correct?
Attachment #8686784 -
Flags: review?(shu) → review+
|
|
Assignee | |
Comment 4•9 years ago
|
||
(In reply to Shu-yu Guo [:shu] from comment #3)
> This looks fine to me -- it is validating the integrity of the loaded heap
> graph, that all edges are known, otherwise the snapshot is corrupt. Correct?
Correct.
|
|
Assignee | |
Comment 5•9 years ago
|
||
New try push because task cluster was on the fritz: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f9ab21b33900
|
|
Assignee | |
Comment 7•9 years ago
|
||
[Tracking Requested - why for this release]:
status-firefox44:
--- → affected
|
|
Assignee | |
Comment 8•9 years ago
|
||
(In reply to Nick Fitzgerald [:fitzgen][:nf] from comment #7)
> [Tracking Requested - why for this release]:
Will lead to null pointer dereferencing / undefined behavior / crashes when reading corrupted heap snapshots rather than simply rejecting them.
|
|
Assignee | |
Comment 9•9 years ago
|
||
ni myself to remember to request uplift after this sits in m-c for a day or so.
Flags: needinfo?(nfitzgerald)
|
||
Comment 10•9 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox45:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 45
|
|
Assignee | |
Comment 11•9 years ago
|
||
Comment on attachment 8686784 [details] [diff] [review]
Validate that every edge referent is in the heap snapshot
Approval Request Comment
[Feature/regressing bug #]: bug 1024774
[User impact if declined]: Reading a corrupted heap snapshot will crash the browser rather than simply fail and show a warning
[Describe test coverage new/current, TreeHerder]: Fair amount of heap snapshots test, been green on m-c for a few days.
[Risks and why]: Minimal.
[String/UUID change made/needed]: None
Flags: needinfo?(nfitzgerald)
Attachment #8686784 -
Flags: approval-mozilla-aurora?
Comment on attachment 8686784 [details] [diff] [review]
Validate that every edge referent is in the heap snapshot
Fixes a potential crash, let's take it in Aurora44.
Attachment #8686784 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 13•9 years ago
|
||
| bugherder uplift | ||
|
|
||
Comment 14•9 years ago
|
||
| bugherder uplift | ||
status-b2g-v2.5:
--- → fixed
|
||
Updated•7 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•