Closed
Bug 1329669
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::dom::cache::CacheOpChild::Recv__delete__
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla53
People
(Reporter: bkelly, Assigned: bkelly)
References
Details
(Keywords: crash)
Crash Data
Attachments
(1 file, 1 obsolete file)
3.76 KB,
patch
|
bkelly
:
review+
gchang
:
approval-mozilla-aurora+
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-e4251650-8df6-472e-8ec3-7c7492170106. ============================================================= When the parent side fails to open the storage we return a nullptr actor back to the child. The child, however, tries to use the actor without checking for nullptr. I think that is causing this low frequency crash.
Assignee | ||
Comment 1•7 years ago
|
||
Well, in theory we should be sending an error code in this case, but it seems we sometimes still have a nullptr actor.
Assignee | ||
Updated•7 years ago
|
Assignee: nobody → bkelly
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•7 years ago
|
||
This patch tries to verify the actor pointer provided in the OpenStorageResult is valid before using it. In theory this should not happen when we have a successful result code, so the patch also does a MOZ_DIAGNOSTIC_ASSERT(). For release builds, though, we reject with a generic TypeError message.
Attachment #8825079 -
Flags: review?(bugmail)
Assignee | ||
Updated•7 years ago
|
status-firefox50:
--- → wontfix
status-firefox51:
--- → affected
status-firefox52:
--- → affected
status-firefox53:
--- → affected
status-firefox-esr45:
--- → wontfix
Comment 3•7 years ago
|
||
Comment on attachment 8825079 [details] [diff] [review] Gracefully handle nullptr Cache actor in CacheStorage::Open() result. r=asuth Review of attachment 8825079 [details] [diff] [review]: ----------------------------------------------------------------- Wow, this is a weird error! Anyways, I think it probably also makes sense to add: - MOZ_DIAGNOSTIC_ASSERT(mCacheId != INVALID_CACHE_ID) just before both of the success "return rv" paths in Manager::StorageOpenAction::RunSyncWithDBOnTarget to ensure nothing insane is happening in those methods. These seem unlikely to screw up, but make the next assertion more useful... - Add MOZ_DIAGNOSTIC_ASSERT(aRv.Failed() || mCacheId != INVALID_CACHE_ID) before the aListener->OnOpComplete call. This should ideally help verify that no code screwed up and invoked Resolve(NS_OK) somehow, somewhere. (And because this is literally the only call-site to construct a StorageOpenResult() and CacheOpChild is switching on the discriminated union type, it should guarantee this assertion gets a chance to do its thing and cause an early explosion closer to the point of failure than the diagnostic in the child.)
Attachment #8825079 -
Flags: review?(bugmail) → review+
Assignee | ||
Comment 4•7 years ago
|
||
Attachment #8825079 -
Attachment is obsolete: true
Attachment #8825423 -
Flags: review+
Pushed by bkelly@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ba05b37f1dd9 Gracefully handle nullptr Cache actor in CacheStorage::Open() result. r=asuth
Assignee | ||
Comment 6•7 years ago
|
||
Comment on attachment 8825423 [details] [diff] [review] bug1329669_openfailed.patch Approval Request Comment [Feature/Bug causing the regression]: Service workers [User impact if declined]: About 10 crashes per week in release and beta channels. [Is this code covered by automated tests?]: Yes, but it did not catch this rare corner case. [Has the fix been verified in Nightly?]: We don't have exact steps to reproduce so it cannot be manually verified. [Needs manual test from QE? If yes, steps to reproduce]: None [List of other uplifts needed for the feature/fix]: None [Is the change risky?]: No [Why is the change risky/not risky?]: The patch only adds a nullptr check and some diagnostic assertions. [String changes made/needed]: None
Attachment #8825423 -
Flags: approval-mozilla-beta?
Attachment #8825423 -
Flags: approval-mozilla-aurora?
Comment 7•7 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ba05b37f1dd9
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla53
Comment 8•7 years ago
|
||
Comment on attachment 8825423 [details] [diff] [review] bug1329669_openfailed.patch Fix a crash. Beta51+ & Aurora52+. Should be in 51 beta 14.
Attachment #8825423 -
Flags: approval-mozilla-beta?
Attachment #8825423 -
Flags: approval-mozilla-beta+
Attachment #8825423 -
Flags: approval-mozilla-aurora?
Attachment #8825423 -
Flags: approval-mozilla-aurora+
Assignee | ||
Comment 9•7 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/0ce0e61bac824bdfab2c73726c856bf9f9b764e0
Assignee | ||
Comment 10•7 years ago
|
||
https://hg.mozilla.org/releases/mozilla-beta/rev/614acf4f43e8783b028fd8f95ce31f86cbfed22e
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•