Closed Bug 1297314 Opened 3 years ago Closed 3 years ago

Crash in mozilla::ipc::FatalError | mozilla::dom::PContentParent::Write from ContentParent::RecvKeywordToURI()

Categories

(Core :: IPC, defect, critical)

Product:
Core
Component:
IPC
Platform:
Unspecified
Windows 8
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla51
Tracking Flags:
Tracking Status
firefox49 --- wontfix
firefox50 --- fixed
firefox51 --- fixed
firefox52 --- unaffected

People

(Reporter: ting, Assigned: ting)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1297314 - Initialize IPC union parameters to void_t for the case when RecvKeywordToURI() returns early.
58 bytes, text/x-review-board-request
kanru
: review+
evilpie
: feedback+
ritu
: approval-mozilla-aurora+
Details 
This bug was filed from the Socorro interface and is 
report bp-ba5afd84-0a3d-49b4-ba23-61b8d2160822.
=============================================================

#14 of 0821 Nightly on Windows, 8 crashes from 4 installations.

IPCFatalErrorMsg: unknown union type
IPCFatalErrorProtocol: PContentParent

The OptionalInputStreamParams has mType 0x0 (T_None).
I guess we need to find where OptionalInputStreamParams is being created without at least being set to void_t().
Summary: Crash in mozilla::ipc::FatalError | mozilla::dom::PContentParent::Write → Crash in mozilla::ipc::FatalError | mozilla::dom::PContentParent::Write from ContentParent::RecvKeywordToURI()
Comment on attachment 8784227 [details]
Bug 1297314 - Initialize IPC union parameters to void_t for the case when RecvKeywordToURI() returns early.

Sorry, I am not a peer for this. Does look good to me though. providerName doesn't need to be set explicitly?
Attachment #8784227 - Flags: review?(evilpies) → feedback+
Attachment #8784227 - Flags: review?(bugs)
providerName is initialized to an empty string, so it doesn't need to be set explicitly.
Comment on attachment 8784227 [details]
Bug 1297314 - Initialize IPC union parameters to void_t for the case when RecvKeywordToURI() returns early.

https://reviewboard.mozilla.org/r/73758/#review71904

smaug transfered the review to me.

LGTM to me. I think we should make a true Option type in ipdl in order to prevent error like this.
Attachment #8784227 - Flags: review+
Attachment #8784227 - Flags: review?(bugs)
Assignee: nobody → janus926
Keywords: checkin-needed
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/88a167d7e7fd
Initialize IPC union parameters to void_t for the case when RecvKeywordToURI() returns early. r=kanru
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/88a167d7e7fd
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox51: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla51
Crash volume for signature 'mozilla::ipc::FatalError | mozilla::dom::PContentParent::Write':
 - nightly (version 51): 60 crashes from 2016-08-01.
 - aurora  (version 50): 42 crashes from 2016-08-01.
 - beta    (version 49): 1 crash from 2016-08-02.
 - release (version 48): 0 crashes from 2016-07-25.
 - esr     (version 45): 0 crashes from 2016-05-02.

Crash volume on the last weeks (Week N is from 08-22 to 08-28):
            W. N-1  W. N-2  W. N-3
 - nightly      33       8       6
 - aurora       18       1       0
 - beta          1       0       0
 - release       0       0       0
 - esr           0       0       0

Affected platforms: Windows, Mac OS X

Crash rank on the last 7 days:
           Browser     Content   Plugin
 - nightly #19
 - aurora  #27
 - beta
 - release
 - esr
status-firefox49: --- → affected
status-firefox50: --- → affected
Startup crash fixed in 51, and showing up in 50. 
Can you request uplift to aurora? Thanks!
Flags: needinfo?(janus926)
Comment on attachment 8784227 [details]
Bug 1297314 - Initialize IPC union parameters to void_t for the case when RecvKeywordToURI() returns early.

Approval Request Comment
[Feature/regressing bug #]: 905761
[User impact if declined]: crash if ContentParent::RecvKeywordToURI returns early
[Describe test coverage new/current, TreeHerder]: current tests
[Risks and why]: low, simply initialize uninitialized variables
[String/UUID change made/needed]: n/a
Flags: needinfo?(janus926)
Attachment #8784227 - Flags: approval-mozilla-aurora?
Comment on attachment 8784227 [details]
Bug 1297314 - Initialize IPC union parameters to void_t for the case when RecvKeywordToURI() returns early.

Crash fix that seems simple enough, Aurora50+
Attachment #8784227 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Wontfix for 49 as we are heading into the RC build next week.
status-firefox49: affectedwontfix
This is still reproducible on Fx50 in low volume, (~) based on crash data from the last 20 days.

  SIGNATURE   | mozilla::ipc::FatalError | mozilla::dom::PContentParent::Write
  ----------------------------------------------------------------------------
  CRASH STATS | http://tinyurl.com/ja2n9pj
  ----------------------------------------------------------------------------
  OVERVIEW    | 0 crashes on nightly 52
	      | 0 crashes on nightly 51
	      | 0 crashes on aurora 51
	      | 0 crashes on nightly 50
	      | 8 crashes on aurora 50
	      | 0 crashes on beta 50
  ----------------------------------------------------------------------------
  LAST CRASH  | 2016-09-09 (on 50.0a2)
status-firefox52: --- → unaffected
The signature is pretty general so although the top signature is same, I believe the new crashes on 50 is different issue.
¡Hola Ting-Yu!

This signature is still top 35 crash for Nightly (53) as of today.

More crashes at https://crash-stats.mozilla.com/signature/?product=Firefox&signature=mozilla%3A%3Aipc%3A%3AFatalError%20%7C%20mozilla%3A%3Adom%3A%3APContentParent%3A%3AWrite

Shall this be reopened or a new bug filed?

¡Gracias!
Alex
Flags: needinfo?(janus926)
The crashes (reason EXCEPTION_BREAKPOINT) you see now is bug 1323220.
Flags: needinfo?(janus926)
You need to log in before you can comment on or make changes to this bug.