Closed Bug 1262359 Opened 8 years ago Closed 8 years ago

crash in OOM | large | NS_ABORT_OOM | nsACString_internal::Assign | nsDataHandler::NewURI

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Platform:
x86
Windows NT
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla48
Tracking Flags:
Tracking Status
firefox48 --- fixed

People

(Reporter: n.nethercote, Assigned: n.nethercote)

References

Details

(Keywords: crash, Whiteboard: [necko-active])

Crash Data

Attachments

(5 files, 3 obsolete files)

(part 3) - Add a missing fallible nsTSubstring_CharT::Assign variant
2.21 KB, patch
erahm
: review+
Details | Diff | Splinter Review
(part 5) - Add a missing rv check for call to nsDataHandler::ParseURI()
1.16 KB, patch
jduell.mcbugs
: review+
Details | Diff | Splinter Review
(part 1) - Remove unused |hashRef| parameter from nsDataHandler::ParseURI()
4.83 KB, patch
jduell.mcbugs
: review+
Details | Diff | Splinter Review
(part 2) - Make the filling in of two parameters optional in nsDataHandler::ParseURI()
6.31 KB, patch
jduell.mcbugs
: review+
Details | Diff | Splinter Review
(part 4) - Make data URL payload assignment fallible in nsDataHandler::ParseURI()
1.16 KB, patch
jduell.mcbugs
: review+
Details | Diff | Splinter Review 
This bug was filed from the Socorro interface and is 
report bp-cd7d10be-a12e-4ad3-a18e-cefb92160405.
=============================================================

nsDataHandler::NewURI() does an allocation (via nsDataHandler::ParseURI()) that is the size of the payload of a data URL. This can be arbitrarily long, so it should be made fallible. (The occurrence in this crash report was 1.4 MB.)

Also, nsDataHandler::ParseURI() can be optimized a bit to avoid the allocation entirely in some cases.
Assignee: nobody → n.nethercote
Status: NEW → ASSIGNED
Attachment #8738411 - Attachment is obsolete: true
Attachment #8738411 - Flags: review?(jduell.mcbugs)
Attachment #8738413 - Attachment is obsolete: true
Attachment #8738413 - Flags: review?(jduell.mcbugs)
Attachment #8738415 - Attachment is obsolete: true
Attachment #8738415 - Flags: review?(jduell.mcbugs)
Whiteboard: [necko-active]
Attachment #8738414 - Flags: review?(erahm) → review+
Attachment #8738417 - Flags: review?(jduell.mcbugs) → review+
Attachment #8738420 - Flags: review?(jduell.mcbugs) → review+
Comment on attachment 8738421 [details] [diff] [review]
(part 4) - Make data URL payload assignment fallible in nsDataHandler::ParseURI()

Review of attachment 8738421 [details] [diff] [review]:
-----------------------------------------------------------------

bonus points for snazzy use of ternary operator! :)
Attachment #8738421 - Flags: review?(jduell.mcbugs) → review+
Attachment #8738416 - Flags: review?(jduell.mcbugs) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/b2581d348367fcad75830e693d8086bff16de572
Bug 1262359 (part 1) - Remove unused |hashRef| parameter from nsDataHandler::ParseURI(). r=jduell.

https://hg.mozilla.org/integration/mozilla-inbound/rev/ee3b6b151cf5a72ab0a121c0f3da475129ba7c29
Bug 1262359 (part 2) - Make the filling in of two parameters optional in nsDataHandler::ParseURI(). r=jduell.

https://hg.mozilla.org/integration/mozilla-inbound/rev/6474dc4bf7856b5583ffea9307a7bdc249bf8bc8
Bug 1262359 (part 3) - Add a missing fallible nsTSubstring_CharT::Assign() variant. r=erahm.

https://hg.mozilla.org/integration/mozilla-inbound/rev/fb3e2cc58cfa53b11e7e89d418abd2db1845a7d6
Bug 1262359 (part 4) - Make data URL payload assignment fallible in nsDataHandler::ParseURI(). r=jduell.

https://hg.mozilla.org/integration/mozilla-inbound/rev/e8dad24cfffa9f5d8406df8c59839902cd446e65
Bug 1262359 (part 5) - Add a missing rv check for call to nsDataHandler::ParseURI(). r=jduell.
Looks like these changes fixed the crash in bug 1258111.
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: