Shutdown Crash in nsDataObj::GetFileContentsInternetShortcut

VERIFIED FIXED in Firefox 50

Status

()

P1
critical
VERIFIED FIXED
2 years ago
2 years ago

People

(Reporter: alice0775, Assigned: m_kato)

Tracking

({crash, regression})

47 Branch
mozilla52
x86
Windows 10
crash, regression
Points:
---

Firefox Tracking Flags

(firefox49 fix-optional, firefox-esr45 unaffected, firefox50+ verified, firefox51+ verified, firefox52+ verified)

Details

(Whiteboard: [DUPEME], crash signature)

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

[Tracking Requested - why for this release]:

This bug was filed from the Socorro interface and is 
report bp-9b0f9f5f-9dc0-412e-9f1e-f53eb2161015.
=============================================================

Shutdown Crash,

The crash is reproducible since 47 bp-50f6fac8-0282-4e64-b2af-dc4b52161015.


Reproducible: always, Also crashed in the new profile

Steps To Reproduce:
1. Open Library (Ctrl+Shift+B)
2. Select "All Bookmarks" in the left side pane
3. Select multiple folders in the right side pane
   E.g, (Bookmarks Toolbar, Bookmarks Menu and Unsorted Bookmarks)
        (note: The crash will not be limited to these special folder)
4. Copy (Ctrl+C or right click and chose Copy)
5. Close Library and Quit Browser

Actual Results:
Crash reporter pops up

Expected Results:
No crash

Regression window:
https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=c8be68703225291c63a409516f7a36cdeb6aa314&tochange=122337f76ded825b04a05aa7cc46b2bcd77ea695

Regressed by:
122337f76ded	Makoto Kato — Bug 122337f76ded	Makoto Kato — Bug 1240282 - Don't use NS_LossyConvertUTF16toASCII for URI. r=jimm - Don't use NS_LossyConvertUTF16toASCII for URI. r=jimm
Flags: needinfo?(m_kato)
(Reporter)

Updated

2 years ago
Keywords: regression

Updated

2 years ago
Duplicate of this bug: 1310430
See also bug 1310430 where this crashes when copying bookmark folders.
Priority: -- → P1
makoto-san, the change seems to introduce a dereference on aUri->GetAsciiSpec(asciiUrl); without checking aURI validity.
LossyCopyUTF16toASCII didn't have this problem cause it was not validating the uri.
Assignee: nobody → m_kato
Flags: needinfo?(m_kato)
Comment hidden (mozreview-request)
Tracking 52+ for this shutdown crash which also crashes with a copy operation according to comment 2.
tracking-firefox52: ? → +

Comment 6

2 years ago
mozreview-review
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

https://reviewboard.mozilla.org/r/86284/#review85258
Attachment #8801614 - Flags: review?(jmathies) → review+

Comment 7

2 years ago
Pushed by m_kato@ga2.so-net.ne.jp:
https://hg.mozilla.org/integration/autoland/rev/3f0590c71a0a
Check whether aUri isn't created. r=jimm

Comment 8

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/3f0590c71a0a
Status: NEW → RESOLVED
Last Resolved: 2 years ago
status-firefox52: affected → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

Approval Request Comment
[Feature/regressing bug #]:
Bug 1240282

[User impact if declined]:
When quitting Firefox, Firefox crash.

[Describe test coverage new/current, TreeHerder]:
Landed in m-c

[Risks and why]:
Low.  Add error check only.

[String/UUID change made/needed]:
No
Attachment #8801614 - Flags: approval-mozilla-aurora?
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

Approval Request Comment
[Feature/regressing bug #]:
Bug 1240282

[User impact if declined]:
When quitting Firefox, Firefox crash.

[Describe test coverage new/current, TreeHerder]:
Landed in m-c

[Risks and why]:
Low.  Add error check only.

[String/UUID change made/needed]:
No
Attachment #8801614 - Flags: approval-mozilla-beta?
Comment on attachment 8801614 [details]
Bug 1310453 - Check whether aUri isn't created.

Crash fix, Aurora51+, Beta50+
Attachment #8801614 - Flags: approval-mozilla-beta?
Attachment #8801614 - Flags: approval-mozilla-beta+
Attachment #8801614 - Flags: approval-mozilla-aurora?
Attachment #8801614 - Flags: approval-mozilla-aurora+

Updated

2 years ago
tracking-firefox50: ? → +
tracking-firefox51: ? → +

Comment 12

2 years ago
TEST: it should fail.
tracking-firefox49: --- → ?

Comment 13

2 years ago
Revert tracking for firefox49.
tracking-firefox49: ? → ---

Comment 14

2 years ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-aurora/rev/bcca478fadc0
status-firefox51: affected → fixed

Comment 15

2 years ago
bugherderuplift
https://hg.mozilla.org/releases/mozilla-beta/rev/f6ee39199d93
status-firefox50: affected → fixed
Flags: qe-verify+
I've managed to reproduce the crash using one of the the affected builds (Nightly 52.0a1 from 2016-10-15).

This issue is verified fixed on 50.0b9 (2016-10-20), latest Aurora 51.0a2 (2016-10-21) and latest Nightly (2016-10-21) under the following OSes:
- Windows 10 x64
- Ubuntu 16.04 x64 LTS
- Mac OS X 10.11.6
Status: RESOLVED → VERIFIED
status-firefox50: fixed → verified
status-firefox51: fixed → verified
status-firefox52: fixed → verified
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.