Closed Bug 1373970 Opened 5 years ago Closed 5 years ago

Crash in nsAtomicFileOutputStream::DoOpen

Categories

(Core :: Networking: File, defect)

Product:
Core
Component:
Networking: File
Platform:
Unspecified
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla56
Tracking Flags:
Tracking Status
firefox-esr52 --- fixed
firefox54 --- wontfix
firefox55 --- fixed
firefox56 --- fixed

People

(Reporter: wsmwk, Assigned: valentin)

Details

(Keywords: crash, Whiteboard: [necko-active])

Crash Data

Attachments

(1 file)

Avoid null pointer deref
1.15 KB, patch
bagder
: review+
jcristau
: approval-mozilla-beta+
gchang
: approval-mozilla-esr52+
Details | Diff | Splinter Review 
This happened just shortly after I clicked "add" on "Fresh Green Leaves" at https://addons.mozilla.org/en-US/thunderbird/themes/?src=thunderbird#

This bug was filed from the Socorro interface and is 
report bp-b5621557-f99f-442d-8f9c-452ae0170617.
0 	xul.dll	nsAtomicFileOutputStream::DoOpen()	netwerk/base/nsFileStreams.cpp:796
1 	xul.dll	nsFileStreamBase::Flush()	netwerk/base/nsFileStreams.cpp:239
2 	xul.dll	nsSafeFileOutputStream::Finish()	netwerk/base/nsFileStreams.cpp:922
3 	xul.dll	XPTC__InvokebyIndex	xpcom/reflect/xptcall/md/win32/xptcinvoke_asm_x86_64.asm:97
4 		@0xb6c7fff	
5 	xul.dll	XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)	js/xpconnect/src/XPCWrappedNative.cpp:1282
6 	xul.dll	XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:982
7 	xul.dll	js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)	js/src/vm/Interpreter.cpp:470
8 	xul.dll	js::jit::DoCallFallback	js/src/jit/BaselineIC.cpp:2455
9 		@0x29d6066334	

It seems crash report submitted twice?
 nsAtomicFileOutputStream::DoOpen bp-25511454-b7e9-4b25-9b8e-4ff8b0170617
This probably belongs elsewhere, though I'm not sure where off-hand.
Component: General → Untriaged
Component: Untriaged → Networking: File
Product: Firefox → Core
Assignee: nobody → valentin.gosu
Whiteboard: [necko-active]
MozReview-Commit-ID: BmcolZSrpIL
Attachment #8878919 - Flags: review?(daniel)
Attachment #8878919 - Flags: review?(daniel) → review+
https://hg.mozilla.org/mozilla-central/rev/161c7a2d4b29
Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox56: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
Looks like this issue goes back a ways and has a safe fix. Worth backporting to Beta/ESR52?
status-firefox54: --- → wontfix
status-firefox55: --- → affected
status-firefox-esr52: --- → affected
Flags: needinfo?(valentin.gosu)
The patch can be cleanly applied to esr52 - I'll request uplift immediately.
Flags: needinfo?(valentin.gosu)
Comment on attachment 8878919 [details] [diff] [review]
Avoid null pointer deref

Approval Request Comment
[Feature/Bug causing the regression]: unknown. This code hasn't changed in a long time.
[User impact if declined]: possible crashes.
[Is this code covered by automated tests?]: no.
[Has the fix been verified in Nightly?]: crash-stats should show that the issue was fixed.
[Needs manual test from QE? If yes, steps to reproduce]: no.
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no.
[Why is the change risky/not risky?]: Just a simple null check.
[String changes made/needed]: none.
Attachment #8878919 - Flags: approval-mozilla-esr52?
Attachment #8878919 - Flags: approval-mozilla-beta?
Comment on attachment 8878919 [details] [diff] [review]
Avoid null pointer deref

null ptr check, beta55+

crash volume seems too low on nightly to verify
Attachment #8878919 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Based on comment 7, this does not manual coverage. 
Updating the qe‑verify flag to reflect this.
Flags: qe-verify-
Comment on attachment 8878919 [details] [diff] [review]
Avoid null pointer deref

Fix a stability issue. Let's uplift to ESR52.3.
Attachment #8878919 - Flags: approval-mozilla-esr52? → approval-mozilla-esr52+
You need to log in before you can comment on or make changes to this bug.