Closed
Bug 1356580
Opened 7 years ago
Closed 7 years ago
Crash in mozilla::ipc::PMemoryStreamChild::SendAddChunk
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla55
| Tracking | Status | |
|---|---|---|
| firefox-esr45 | --- | unaffected |
| firefox52 | --- | unaffected |
| firefox-esr52 | --- | unaffected |
| firefox53 | --- | unaffected |
| firefox54 | --- | fixed |
| firefox55 | --- | fixed |
People
(Reporter: philipp, Assigned: baku)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
|
1.27 KB,
patch
|
qdot
:
review+
gchang
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-53ec7f04-294b-4236-880b-f11ab0170414. ============================================================= Crashing Thread (0) Frame Module Signature Source 0 xul.dll mozilla::ipc::PMemoryStreamChild::SendAddChunk(nsTArray<unsigned char> const&) obj-firefox/ipc/ipdl/PMemoryStreamChild.cpp:38 1 xul.dll mozilla::dom::`anonymous namespace'::SerializeInputStreamInChunks<mozilla::dom::nsIContentChild> dom/file/ipc/Blob.cpp:661 2 xul.dll mozilla::dom::BlobDataFromBlobImpl<mozilla::dom::nsIContentChild>(mozilla::dom::nsIContentChild*, mozilla::dom::BlobImpl*, mozilla::dom::BlobData&) dom/file/ipc/Blob.cpp:995 3 xul.dll nsTArray_Impl<mozilla::dom::BlobData, nsTArrayInfallibleAllocator>::InsertElementsAt<nsTArrayInfallibleAllocator>(unsigned int, unsigned int) obj-firefox/dist/include/nsTArray.h:1903 4 xul.dll mozilla::dom::BlobDataFromBlobImpl<mozilla::dom::nsIContentChild>(mozilla::dom::nsIContentChild*, mozilla::dom::BlobImpl*, mozilla::dom::BlobData&) dom/file/ipc/Blob.cpp:968 5 xul.dll mozilla::dom::BlobDataFromBlobImpl<mozilla::dom::nsIContentChild>(mozilla::dom::nsIContentChild*, mozilla::dom::BlobImpl*, mozilla::dom::BlobData&) dom/file/ipc/Blob.cpp:968 6 xul.dll mozilla::dom::MultipartBlobImpl::QueryInterface(nsID const&, void**) dom/file/MultipartBlobImpl.cpp:25 7 xul.dll mozilla::dom::BlobChild::GetOrCreateFromImpl<mozilla::dom::nsIContentChild>(mozilla::dom::nsIContentChild*, mozilla::dom::BlobImpl*) dom/file/ipc/Blob.cpp:3603 8 xul.dll mozilla::BroadcastBlobURLRegistration(nsACString const&, mozilla::dom::BlobImpl*, nsIPrincipal*) dom/file/nsHostObjectProtocolHandler.cpp:147 9 xul.dll nsHostObjectProtocolHandler::AddDataEntry(mozilla::dom::BlobImpl*, nsIPrincipal*, nsACString&) dom/file/nsHostObjectProtocolHandler.cpp:524 10 xul.dll mozilla::dom::`anonymous namespace'::CreateObjectURLInternal<mozilla::dom::BlobImpl*> dom/url/URL.cpp:52 11 xul.dll mozilla::dom::URL::CreateObjectURL(mozilla::dom::GlobalObject const&, mozilla::dom::Blob&, nsAString&, mozilla::ErrorResult&) dom/url/URL.cpp:1716 ... cross platform crahses with this signature started showing up in 55.0a1 & 54.0a2 in this cycle. this seems to coincide with the patch of bug 1340921 landing.
|
||
Comment 1•7 years ago
|
||
hi :baku, could you please take a look at this?
Flags: needinfo?(amarchesini)
|
Assignee | |
Comment 2•7 years ago
|
||
Assignee: nobody → amarchesini
Flags: needinfo?(amarchesini)
Attachment #8859148 -
Flags: review?(kyle)
|
||
Updated•7 years ago
|
Attachment #8859148 -
Flags: review?(kyle) → review+
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/603563fad0fe Better check of PMemoryStream actor creation in Blob code, r=qdot
|
|
Assignee | |
Comment 4•7 years ago
|
||
Comment on attachment 8859148 [details] [diff] [review] crash_memoryStream.patch Approval Request Comment [Feature/Bug causing the regression]: multi-e10s and PBlob [User impact if declined]: a crash can occur [Is this code covered by automated tests?]: none. very hard to reproduce. [Has the fix been verified in Nightly?]: I don't think it's possible to verify. [Needs manual test from QE? If yes, steps to reproduce]: none [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: I added a null check. [String changes made/needed]: none
Attachment #8859148 -
Flags: approval-mozilla-beta?
Attachment #8859148 -
Flags: approval-mozilla-aurora?
|
||
Comment 5•7 years ago
|
||
Comment on attachment 8859148 [details] [diff] [review] crash_memoryStream.patch 54 went to Beta today and Aurora's gone.
Attachment #8859148 -
Flags: approval-mozilla-aurora?
|
||
Comment 6•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/603563fad0fe
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla55
|
||
Comment 7•7 years ago
|
||
Comment on attachment 8859148 [details] [diff] [review] crash_memoryStream.patch Fix a crash. Beta54+. Should be in 54 beta 1.
Attachment #8859148 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
||
Comment 8•7 years ago
|
||
Pushed: https://hg.mozilla.org/releases/mozilla-beta/rev/c8a873cdb79a - Andrea Marchesini - Bug 1356580 - Better check of PMemoryStream actor creation in Blob code, r=qdot. a=gchang
You need to log in
before you can comment on or make changes to this bug.
Description
•