Closed
Bug 1373064
Opened 7 years ago
Closed 7 years ago
Crash in nsTHashtable<T>::GetEntry | nsClassHashtable<T>::Get | mozilla::net::nsHttpTransaction::ShouldStopReading
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
mozilla56
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | fixed |
| firefox56 | --- | fixed |
People
(Reporter: MatsPalmgren_bugz, Assigned: mayhemer)
References
Details
(Keywords: crash, Whiteboard: [necko-active])
Crash Data
Attachments
(1 file)
|
1.10 KB,
patch
|
mcmanus
:
review+
jcristau
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-55094a05-4bf5-4ef1-b7ba-a386d0170614. ============================================================= Looks like a recent regression, first reported crash is for 20170611030208. Possibly a regression from bug 1369496? nsTHashtable<mozilla::dom::WebIDLNameTableEntry>::GetEntry(mozilla::dom::WebIDLNameTableKey const&) nsClassHashtable<nsUint64HashKey, nsTArray<RefPtr<mozilla::net::nsHttpConnectionMgr::PendingTransactionInfo> > >::Get(unsigned __int64 const&) mozilla::net::nsHttpTransaction::ShouldStopReading() mozilla::net::nsHttpTransaction::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) mozilla::net::nsHttpConnection::OnSocketReadable() mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*) mozilla::net::nsSocketInputStream::OnSocketReady(nsresult) mozilla::net::nsSocketTransport::OnSocketDetached(PRFileDesc*) mozilla::net::nsSocketTransportService::DetachSocket(mozilla::net::nsSocketTransportService::SocketContext*, mozilla::net::nsSocketTransportService::SocketContext*) mozilla::net::nsSocketTransportService::DoPollIteration(mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) mozilla::net::nsSocketTransportService::Run() [...]
Flags: needinfo?(honzab.moz)
|
Reporter | |
Updated•7 years ago
|
Crash Signature: [@ nsTHashtable<T>::GetEntry | nsClassHashtable<T>::Get | mozilla::net::nsHttpTransaction::ShouldStopReading] → [@ nsTHashtable<T>::GetEntry | nsClassHashtable<T>::Get | mozilla::net::nsHttpTransaction::ShouldStopReading]
[@ PLDHashTable::Search | mozilla::net::nsHttpTransaction::ShouldStopReading ]
[@ PLDHashTable::Search | nsClassHashtable<T>::Get | mozilla::ne…
|
Assignee | |
Comment 1•7 years ago
|
||
Looks like we are missing some null checks.
Flags: needinfo?(honzab.moz)
QA Contact: honzab.moz
Whiteboard: [necko-active]
|
|
Assignee | |
Comment 2•7 years ago
|
||
When can this happen? Can there be no entry when there is a transaction with the key? Is it something with coalescing?
|
|
Assignee | |
Updated•7 years ago
|
QA Contact: honzab.moz
|
||
Comment 3•7 years ago
|
||
Comment on attachment 8878044 [details] [diff] [review] v1 (add a nullcheck) Review of attachment 8878044 [details] [diff] [review]: ----------------------------------------------------------------- if this is before the getorcreateentry() call this could happen.. also entries can be removed from ct if they go idle.
Attachment #8878044 -
Flags: review?(mcmanus) → review+
|
|
Assignee | |
Updated•7 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 4•7 years ago
|
||
Comment on attachment 8878044 [details] [diff] [review] v1 (add a nullcheck) Approval Request Comment [Feature/Bug causing the regression]: bug 1369496 [User impact if declined]: crash (null crash) [Is this code covered by automated tests?]: yes, but not for the crashing case apparently... [Has the fix been verified in Nightly?]: not even landed [Needs manual test from QE? If yes, steps to reproduce]: no [List of other uplifts needed for the feature/fix]: none [Is the change risky?]: no [Why is the change risky/not risky?]: instead of null-deref we early return false, the caller is safe with it [String changes made/needed]: none
Attachment #8878044 -
Flags: approval-mozilla-beta?
|
|
Assignee | |
Updated•7 years ago
|
status-firefox54:
--- → unaffected
status-firefox55:
--- → affected
status-firefox56:
--- → affected
|
||
Updated•7 years ago
|
status-firefox-esr52:
--- → unaffected
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/bf586f9f5eeb Add null-check for a connection entry to nsHttpConnectionMgr::IsConnEntryUnderPressure. r=mcmanus
Keywords: checkin-needed
|
||
Comment 6•7 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/bf586f9f5eeb
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
|
||
Comment 7•7 years ago
|
||
Comment on attachment 8878044 [details] [diff] [review] v1 (add a nullcheck) add null check to fix crash, beta55+
Attachment #8878044 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
|
|
||
Comment 8•7 years ago
|
||
| bugherder uplift | ||
https://hg.mozilla.org/releases/mozilla-beta/rev/e2638104f016
|
||
Updated•7 years ago
|
Flags: qe-verify-
You need to log in
before you can comment on or make changes to this bug.
Description
•