Closed
Bug 1262359
Opened 8 years ago
Closed 8 years ago
crash in OOM | large | NS_ABORT_OOM | nsACString_internal::Assign | nsDataHandler::NewURI
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
FIXED
mozilla48
Tracking | Status | |
---|---|---|
firefox48 | --- | fixed |
People
(Reporter: n.nethercote, Assigned: n.nethercote)
References
Details
(Keywords: crash, Whiteboard: [necko-active])
Crash Data
Attachments
(5 files, 3 obsolete files)
2.21 KB,
patch
|
erahm
:
review+
|
Details | Diff | Splinter Review |
1.16 KB,
patch
|
jduell.mcbugs
:
review+
|
Details | Diff | Splinter Review |
4.83 KB,
patch
|
jduell.mcbugs
:
review+
|
Details | Diff | Splinter Review |
6.31 KB,
patch
|
jduell.mcbugs
:
review+
|
Details | Diff | Splinter Review |
1.16 KB,
patch
|
jduell.mcbugs
:
review+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-cd7d10be-a12e-4ad3-a18e-cefb92160405. ============================================================= nsDataHandler::NewURI() does an allocation (via nsDataHandler::ParseURI()) that is the size of the payload of a data URL. This can be arbitrarily long, so it should be made fallible. (The occurrence in this crash report was 1.4 MB.) Also, nsDataHandler::ParseURI() can be optimized a bit to avoid the allocation entirely in some cases.
Assignee | ||
Comment 1•8 years ago
|
||
Attachment #8738411 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → n.nethercote
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•8 years ago
|
||
Attachment #8738413 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Comment 3•8 years ago
|
||
Attachment #8738414 -
Flags: review?(erahm)
Assignee | ||
Comment 4•8 years ago
|
||
Attachment #8738415 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Comment 5•8 years ago
|
||
Attachment #8738416 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Comment 6•8 years ago
|
||
Attachment #8738417 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Updated•8 years ago
|
Attachment #8738411 -
Attachment is obsolete: true
Attachment #8738411 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Comment 7•8 years ago
|
||
Attachment #8738420 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Updated•8 years ago
|
Attachment #8738413 -
Attachment is obsolete: true
Attachment #8738413 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Comment 8•8 years ago
|
||
Attachment #8738421 -
Flags: review?(jduell.mcbugs)
Assignee | ||
Updated•8 years ago
|
Attachment #8738415 -
Attachment is obsolete: true
Attachment #8738415 -
Flags: review?(jduell.mcbugs)
Updated•8 years ago
|
Whiteboard: [necko-active]
Updated•8 years ago
|
Attachment #8738414 -
Flags: review?(erahm) → review+
Updated•8 years ago
|
Attachment #8738417 -
Flags: review?(jduell.mcbugs) → review+
Updated•8 years ago
|
Attachment #8738420 -
Flags: review?(jduell.mcbugs) → review+
Comment 9•8 years ago
|
||
Comment on attachment 8738421 [details] [diff] [review] (part 4) - Make data URL payload assignment fallible in nsDataHandler::ParseURI() Review of attachment 8738421 [details] [diff] [review]: ----------------------------------------------------------------- bonus points for snazzy use of ternary operator! :)
Attachment #8738421 -
Flags: review?(jduell.mcbugs) → review+
Updated•8 years ago
|
Attachment #8738416 -
Flags: review?(jduell.mcbugs) → review+
Assignee | ||
Comment 10•8 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b2581d348367fcad75830e693d8086bff16de572 Bug 1262359 (part 1) - Remove unused |hashRef| parameter from nsDataHandler::ParseURI(). r=jduell. https://hg.mozilla.org/integration/mozilla-inbound/rev/ee3b6b151cf5a72ab0a121c0f3da475129ba7c29 Bug 1262359 (part 2) - Make the filling in of two parameters optional in nsDataHandler::ParseURI(). r=jduell. https://hg.mozilla.org/integration/mozilla-inbound/rev/6474dc4bf7856b5583ffea9307a7bdc249bf8bc8 Bug 1262359 (part 3) - Add a missing fallible nsTSubstring_CharT::Assign() variant. r=erahm. https://hg.mozilla.org/integration/mozilla-inbound/rev/fb3e2cc58cfa53b11e7e89d418abd2db1845a7d6 Bug 1262359 (part 4) - Make data URL payload assignment fallible in nsDataHandler::ParseURI(). r=jduell. https://hg.mozilla.org/integration/mozilla-inbound/rev/e8dad24cfffa9f5d8406df8c59839902cd446e65 Bug 1262359 (part 5) - Add a missing rv check for call to nsDataHandler::ParseURI(). r=jduell.
Comment 11•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/b2581d348367 https://hg.mozilla.org/mozilla-central/rev/ee3b6b151cf5 https://hg.mozilla.org/mozilla-central/rev/6474dc4bf785 https://hg.mozilla.org/mozilla-central/rev/fb3e2cc58cfa https://hg.mozilla.org/mozilla-central/rev/e8dad24cfffa
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla48
Comment 12•8 years ago
|
||
Looks like these changes fixed the crash in bug 1258111.
You need to log in
before you can comment on or make changes to this bug.
Description
•