crash in mozilla::net::nsHTTPCompressConv::OnStopRequest

RESOLVED FIXED in Firefox 46



3 years ago
3 years ago


(Reporter: philipp, Assigned: mcmanus)


({crash, regression})

45 Branch
Windows NT
crash, regression

Firefox Tracking Flags

(firefox45 affected, firefox46 fixed, firefox47 fixed, firefox48 fixed)


(Whiteboard: [necko-active], crash signature)


(1 attachment)



3 years ago
This bug was filed from the Socorro interface and is 
report bp-61c234c5-ffc4-47c1-bc90-260fd2160220.
Crashing Thread (0)
Frame 	Module 	Signature 	Source
0 	xul.dll 	mozilla::net::nsHTTPCompressConv::OnStopRequest(nsIRequest*, nsISupports*, nsresult) 	netwerk/streamconv/converters/nsHTTPCompressConv.cpp
1 	browsercomps.dll 	nsFeedSniffer::ConvertEncodedData(nsIRequest*, unsigned char const*, unsigned int) 	browser/components/feeds/nsFeedSniffer.cpp
2 	xul.dll 	js::SavedFrame::finishSavedFrameInit(JSContext*, JS::Handle<JSObject*>, JS::Handle<JSObject*>) 	js/src/vm/SavedStacks.cpp
3 	xul.dll 	nsRange::AutoInvalidateSelection::~AutoInvalidateSelection() 	dom/base/nsRange.cpp
4 	browsercomps.dll 	nsFeedSniffer::GetMIMETypeFromContent(nsIRequest*, unsigned char const*, unsigned int, nsACString&) 	browser/components/feeds/nsFeedSniffer.cpp
5 	xul.dll 	NS_SniffContent(char const*, nsIRequest*, unsigned char const*, unsigned int, nsACString_internal&) 	netwerk/base/nsNetUtil.cpp
6 	xul.dll 	mozilla::net::CallTypeSniffers 	netwerk/protocol/http/nsHttpChannel.cpp
7 	xul.dll 	CallPeekFunc 	netwerk/base/nsInputStreamPump.cpp
8 	xul.dll 	mozilla::net::CacheFileInputStream::ReadSegments(nsresult (*)(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) 	netwerk/cache2/CacheFileInputStream.cpp
9 	xul.dll 	nsInputStreamPump::PeekStream(void (*)(void*, unsigned char const*, unsigned int), void*) 	netwerk/base/nsInputStreamPump.cpp
10 	xul.dll 	CallPeekFunc 	netwerk/base/nsInputStreamPump.cpp
11 	xul.dll 	mozilla::net::nsHttpChannel::ContinueOnStartRequest2(nsresult) 	netwerk/protocol/http/nsHttpChannel.cpp

this signature is first regressing in 44 and seems to be related to brotli compression that landed with bug 366559.


3 years ago
Assignee: nobody → mcmanus
Whiteboard: [necko-active]

Comment 1

3 years ago
a fairly big brotli change landed in 46 and this signature changed:

the source of that is pretty clear - mBrotli is lazily created in the first ondataavailable.. so we just need to null check it.

Its not clear to me if this is just covering up the original signature or not - the change in 46 is too big to really ascertain.
Attachment #8737310 - Flags: review?(daniel) → review+

Comment 5

3 years ago
Last Resolved: 3 years ago
status-firefox48: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla48

Comment 6

3 years ago
Comment on attachment 8737310 [details] [diff] [review]
make sure brotli context is created in onstoprequest

crash fix

Approval Request Comment
[Feature/regressing bug #]: brotli support in 44
[User impact if declined]: corner case null deref (when connection is lost after declaring brotli but before sending any encoded data)
[Describe test coverage new/current, TreeHerder]: regression coverage is ok - nothing new
[Risks and why]: very low - literally a null check
[String/UUID change made/needed]:
Attachment #8737310 - Flags: approval-mozilla-beta?
Attachment #8737310 - Flags: approval-mozilla-aurora?
Comment on attachment 8737310 [details] [diff] [review]
make sure brotli context is created in onstoprequest

Crash fix, affects beta, ok to uplift to aurora and beta.
Attachment #8737310 - Flags: approval-mozilla-beta?
Attachment #8737310 - Flags: approval-mozilla-beta+
Attachment #8737310 - Flags: approval-mozilla-aurora?
Attachment #8737310 - Flags: approval-mozilla-aurora+

Comment 8

3 years ago
status-firefox47: affected → fixed

Comment 9

3 years ago
status-firefox46: affected → fixed
You need to log in before you can comment on or make changes to this bug.