Crash when using dynamic logging and restarting

RESOLVED FIXED in Firefox 46

Status

()

Product:
Core
Component:
XPCOM
Type:
defect
Status:
RESOLVED FIXED
Opened:
4 years ago
Updated:
4 years ago

People

(Reporter: valentin.gosu, Assigned: erahm)

Tracking

Version:
unspecified
Target:
mozilla46
Platform:
x86_64
Linux
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox46 fixed)

Details

Attachments

(2 attachments)

pref_crash.txt
8.72 KB, text/plain
Details
Copy va_list before using it in LogModuleManager::Print
1.19 KB, patch
froydnj
: review+
Details | Diff | Splinter Review
Posted file pref_crash.txt 
I set the following prefs and restarted the browser:
logging.nsHttp = 5
logging.nsHostResolver = 5
logging.nsSocketTransport = 5
logging.nsStreamPump = 5

no env variables are set - logging is done at stderr
When opening a new tab, to say google.com, it crashes.
I can reproduce it almost immediately.
Confirmed, I was able to repro on linux w/ the specified prefs and navigating to youtube.com. It appears that the va_list is getting trashed when going into the long logline path.
Assignee: nobody → erahm
Status: NEW → ASSIGNED
Comment on attachment 8708223 [details] [diff] [review]
Copy va_list before using it in LogModuleManager::Print

Review of attachment 8708223 [details] [diff] [review]:
-----------------------------------------------------------------

Ah, whoops!
Attachment #8708223 - Flags: review?(nfroyd) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/1e81d89a1c98c233989d675ce85b07c2b4887d3a
Bug 1239941 - Copy va_list before using it in LogModuleManager::Print. r=froydnj
Does that mean we need va_copy whenever passing a va_list to another function like:

void foo(va_list va) {
  va_list va1;
  va_copy(va1, va);
  bar1(va1);
  va_end(va1);
}

void bar1(va_list va1) {
  va_list va2;
  va_copy(va2, va1);
  bar2(va2);
  va_end(va2);
}

void bar2(va_list va2) {
  va_list va3;
  va_copy(va3, va2);
  bar3(va3);
  va_end(va3);
}
(In reply to JW Wang [:jwwang] from comment #6)
> Does that mean we need va_copy whenever passing a va_list to another
> function like:
> 
> void foo(va_list va) {
>   va_list va1;
>   va_copy(va1, va);
>   bar1(va1);
>   va_end(va1);
> }
> 
> void bar1(va_list va1) {
>   va_list va2;
>   va_copy(va2, va1);
>   bar2(va2);
>   va_end(va2);
> }
> 
> void bar2(va_list va2) {
>   va_list va3;
>   va_copy(va3, va2);
>   bar3(va3);
>   va_end(va3);
> }

Only if it's used more than once. I don't think that would necessarily hurt anything though. In this case we sometimes used it twice, ie:

> void foo(va_list va) {
>  if (!bar(va))
>    bar2(va);
> }

And the fix was to copy it for the first case:
> void foo(va_list va) {
>  va_list va1; va_copy(va1, va);
>  if (!bar(va))
>    bar2(va);
>  va_end(va1);
> }
https://hg.mozilla.org/mozilla-central/rev/1e81d89a1c98
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox46: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla46
You need to log in before you can comment on or make changes to this bug.