Closed
Bug 1301757
Opened 8 years ago
Closed 8 years ago
Null deref crash in mozilla::net::WebSocketChannelParent::RecvAsyncOpen
Categories
(Core :: Networking, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1301091
| Tracking | Status | |
|---|---|---|
| firefox51 | --- | fixed |
People
(Reporter: mccr8, Unassigned)
References
Details
(Keywords: crash, regression)
This bug was filed from the Socorro interface and is
report bp-4fb33c7e-082e-40a5-b7f4-ca49d2160907.
=============================================================
There are 11 of these crashes in the Sept 7 Nightly, making it tied for the top Linux crash. The crashes are almost all from a single installation, but looking at the code there is a real problem here.
The crash is a null deref on the last line:
rv = LoadInfoArgsToLoadInfo(aLoadInfoArgs, getter_AddRefs(loadInfo));
if (NS_FAILED(rv)) {
goto fail;
}
rv = loadInfo->GetOriginAttributes(&attrs);
However, if you look at the definition of LoadInfoArgsToLoadInfo in ipc/glue/BackgroundUtils.cpp, if |aOptionalLoadInfoArgs.type() == OptionalLoadInfoArgs::Tvoid_t| then it can return null on success.
This appears to be a regression from bug 1291652. Other places that call this method do the same thing, but maybe they are assured to not hit that case?
|
Reporter | |
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Updated•8 years ago
|
Crash Signature: [@ mozilla::net::WebSocketChannelParent::RecvAsyncOpen]
|
||
Comment 2•8 years ago
|
||
Mark 51 fixed as bug 1301091 is fixed.
You need to log in
before you can comment on or make changes to this bug.
Description
•