Closed Bug 1294097 Opened 3 years ago Closed 3 years ago
Crash in mozilla::Transport
Flow::Check Thread Int
This bug was filed from the Socorro interface and is report bp-85bd0299-8e95-4856-ad71-e371a2160810. ============================================================= Crashing Thread (6) Frame Module Signature Source 0 xul.dll mozilla::TransportFlow::CheckThreadInt() media/mtransport/transportflow.h:116 1 xul.dll mozilla::TransportFlow::CheckThread() media/mtransport/transportflow.h:109 2 xul.dll mozilla::TransportFlow::SendPacket(unsigned char const*, unsigned __int64) media/mtransport/transportflow.cpp:196 3 xul.dll mozilla::DataChannelConnection::SendPacket(unsigned char* const, unsigned __int64, bool) netwerk/sctp/datachannel/DataChannel.cpp:652 4 xul.dll mozilla::runnable_args_memfn<RefPtr<mozilla::DataChannelConnection>, int ( mozilla::DataChannelConnection::*)(unsigned char* const, unsigned __int64, bool), unsigned char*, unsigned __int64, bool>::Run() obj-firefox/dist/include/mtransport/runnable_utils.h:169 5 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1067 6 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp:290 7 xul.dll mozilla::net::nsSocketTransportService::Run() netwerk/base/nsSocketTransportService2.cpp:911 8 xul.dll nsThread::ProcessNextEvent(bool, bool*) xpcom/threads/nsThread.cpp:1067 9 xul.dll NS_ProcessNextEvent(nsIThread*, bool) xpcom/glue/nsThreadUtils.cpp:290 10 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) ipc/glue/MessagePump.cpp:354 11 xul.dll MessageLoop::RunHandler() ipc/chromium/src/base/message_loop.cc:228 12 xul.dll MessageLoop::Run() ipc/chromium/src/base/message_loop.cc:208 13 xul.dll nsThread::ThreadFunc(void*) xpcom/threads/nsThread.cpp:467 14 nss3.dll PR_NativeRunThread nsprpub/pr/src/threads/combined/pruthr.c:397 15 nss3.dll pr_root nsprpub/pr/src/md/windows/w95thred.c:95 16 ucrtbase.dll crt_at_quick_exit 17 kernel32.dll BaseThreadInitThunk 18 ntdll.dll RtlUserThreadStart crashes with this signature are regressing in number since the 49 nightly cycle. it's a rather low volume crash, currently making up 0.07% of browser crashes in 49.0b1.
Note: e5e5 crash, and only showing up in 49 and 50. None in 48 or earlier in a quick search. Perhaps due to an uplifted patch? be interesting to see when they started. Nothing I can think of changed recently in this area in DataChannels
Byron -- Since this is a UAF that appears to start in Fx49, this needs to trump other work.
Assignee: nobody → docfaraday
is this similar to bug 1294095 then perhaps?
(In reply to Randell Jesup [:jesup] from comment #1) > Note: e5e5 crash, and only showing up in 49 and 50. None in 48 or earlier > in a quick search. Perhaps due to an uplifted patch? be interesting to see > when they started. > > Nothing I can think of changed recently in this area in DataChannels I'm not seeing e5e5 anywhere in that report. Am I missing something?
Ah, there are other reports that do. I see. Looking...
(In reply to [:philipp] from comment #3) > is this similar to bug 1294095 then perhaps? They both started to show up around 2016-08-03 and 04.
So what changed around then?
I suspect this is a dup of bug 1294095, especially since they started at the same time, roughly. Recheck after we land bug 1294095 to see if this goes away as well.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1294095
the signature has disappeared after the fix from bug 1294095 landed in beta.
You need to log in before you can comment on or make changes to this bug.