Closed Bug 1310453 Opened 3 years ago Closed 3 years ago

Shutdown Crash in nsDataObj::GetFileContentsInternetShortcut

Categories

(Core :: Widget: Win32, defect, P1, critical)

47 Branch
x86
Windows 10
defect

Tracking

()

VERIFIED FIXED
mozilla52
Tracking Status
firefox49 --- fix-optional
firefox-esr45 --- unaffected
firefox50 + verified
firefox51 + verified
firefox52 + verified

People

(Reporter: alice0775, Assigned: m_kato)

References

Details

(Keywords: crash, regression, Whiteboard: [DUPEME])

Crash Data

Attachments

(1 file)

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

This bug was filed from the Socorro interface and is 
report bp-9b0f9f5f-9dc0-412e-9f1e-f53eb2161015.
=============================================================

Shutdown Crash,

The crash is reproducible since 47 bp-50f6fac8-0282-4e64-b2af-dc4b52161015.


Reproducible: always, Also crashed in the new profile

Steps To Reproduce:
1. Open Library (Ctrl+Shift+B)
2. Select "All Bookmarks" in the left side pane
3. Select multiple folders in the right side pane
   E.g, (Bookmarks Toolbar, Bookmarks Menu and Unsorted Bookmarks)
        (note: The crash will not be limited to these special folder)
4. Copy (Ctrl+C or right click and chose Copy)
5. Close Library and Quit Browser

Actual Results:
Crash reporter pops up

Expected Results:
No crash

Regression window:
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=c8be68703225291c63a409516f7a36cdeb6aa314&tochange=122337f76ded825b04a05aa7cc46b2bcd77ea695

Regressed by:
122337f76ded	Makoto Kato — Bug 122337f76ded	Makoto Kato — Bug 1240282 - Don't use NS_LossyConvertUTF16toASCII for URI. r=jimm - Don't use NS_LossyConvertUTF16toASCII for URI. r=jimm
Flags: needinfo?(m_kato)
Keywords: regression
Duplicate of this bug: 1310430
See also bug 1310430 where this crashes when copying bookmark folders.
Priority: -- → P1
makoto-san, the change seems to introduce a dereference on aUri->GetAsciiSpec(asciiUrl); without checking aURI validity.
LossyCopyUTF16toASCII didn't have this problem cause it was not validating the uri.
Assignee: nobody → m_kato
Flags: needinfo?(m_kato)
Tracking 52+ for this shutdown crash which also crashes with a copy operation according to comment 2.
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

https://reviewboard.mozilla.org/r/86284/#review85258
Attachment #8801614 - Flags: review?(jmathies) → review+
Pushed by m_kato@ga2.so-net.ne.jp:
https://hg.mozilla.org/integration/autoland/rev/3f0590c71a0a
Check whether aUri isn't created. r=jimm
https://hg.mozilla.org/mozilla-central/rev/3f0590c71a0a
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

Approval Request Comment
[Feature/regressing bug #]:
Bug 1240282

[User impact if declined]:
When quitting Firefox, Firefox crash.

[Describe test coverage new/current, TreeHerder]:
Landed in m-c

[Risks and why]:
Low.  Add error check only.

[String/UUID change made/needed]:
No
Attachment #8801614 - Flags: approval-mozilla-aurora?
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

Approval Request Comment
[Feature/regressing bug #]:
Bug 1240282

[User impact if declined]:
When quitting Firefox, Firefox crash.

[Describe test coverage new/current, TreeHerder]:
Landed in m-c

[Risks and why]:
Low.  Add error check only.

[String/UUID change made/needed]:
No
Attachment #8801614 - Flags: approval-mozilla-beta?
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

Crash fix, Aurora51+, Beta50+
Attachment #8801614 - Flags: approval-mozilla-beta?
Attachment #8801614 - Flags: approval-mozilla-beta+
Attachment #8801614 - Flags: approval-mozilla-aurora?
Attachment #8801614 - Flags: approval-mozilla-aurora+
TEST: it should fail.
Revert tracking for firefox49.
I've managed to reproduce the crash using one of the the affected builds (Nightly 52.0a1 from 2016-10-15).

This issue is verified fixed on 50.0b9 (2016-10-20), latest Aurora 51.0a2 (2016-10-21) and latest Nightly (2016-10-21) under the following OSes:
- Windows 10 x64
- Ubuntu 16.04 x64 LTS
- Mac OS X 10.11.6
Status: RESOLVED → VERIFIED
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.