1373970 - Crash in nsAtomicFileOutputStream::DoOpen

Status: RESOLVED FIXED

(Core :: Networking: File, defect)

Description

[Wayne Mery (:wsmwk)]

This happened just shortly after I clicked "add" on "Fresh Green Leaves" at https://addons.mozilla.org/en-US/thunderbird/themes/?src=thunderbird#

This bug was filed from the Socorro interface and is 
report bp-b5621557-f99f-442d-8f9c-452ae0170617.
0 	xul.dll	nsAtomicFileOutputStream::DoOpen()	netwerk/base/nsFileStreams.cpp:796
1 	xul.dll	nsFileStreamBase::Flush()	netwerk/base/nsFileStreams.cpp:239
2 	xul.dll	nsSafeFileOutputStream::Finish()	netwerk/base/nsFileStreams.cpp:922
3 	xul.dll	XPTC__InvokebyIndex	xpcom/reflect/xptcall/md/win32/xptcinvoke_asm_x86_64.asm:97
4 		@0xb6c7fff	
5 	xul.dll	XPCWrappedNative::CallMethod(XPCCallContext&, XPCWrappedNative::CallMode)	js/xpconnect/src/XPCWrappedNative.cpp:1282
6 	xul.dll	XPC_WN_CallMethod(JSContext*, unsigned int, JS::Value*)	js/xpconnect/src/XPCWrappedNativeJSOps.cpp:982
7 	xul.dll	js::InternalCallOrConstruct(JSContext*, JS::CallArgs const&, js::MaybeConstruct)	js/src/vm/Interpreter.cpp:470
8 	xul.dll	js::jit::DoCallFallback	js/src/jit/BaselineIC.cpp:2455
9 		@0x29d6066334	

It seems crash report submitted twice?
 nsAtomicFileOutputStream::DoOpen bp-25511454-b7e9-4b25-9b8e-4ff8b0170617

Comment 1

[:Gijs (he/him)]

This probably belongs elsewhere, though I'm not sure where off-hand.

Comment 2

[Valentin Gosu [:valentin] (he/him) {{ AFK in July }}]

Attachment: Avoid null pointer deref

MozReview-Commit-ID: BmcolZSrpIL

Comment 3

[Pulsebot]

Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/161c7a2d4b29
Avoid null pointer deref. r=bagder

Comment 4

[Wes Kocher (:KWierso) (Not reading bugmail; email directly if needed)]

https://hg.mozilla.org/mozilla-central/rev/161c7a2d4b29

Comment 5

[Ryan VanderMeulen [:RyanVM]]

Looks like this issue goes back a ways and has a safe fix. Worth backporting to Beta/ESR52?

Comment 6

[Valentin Gosu [:valentin] (he/him) {{ AFK in July }}]

The patch can be cleanly applied to esr52 - I'll request uplift immediately.

Comment 7

[Valentin Gosu [:valentin] (he/him) {{ AFK in July }}]

Comment on attachment 8878919 [details] [diff] [review]
Avoid null pointer deref

Approval Request Comment
[Feature/Bug causing the regression]: unknown. This code hasn't changed in a long time.
[User impact if declined]: possible crashes.
[Is this code covered by automated tests?]: no.
[Has the fix been verified in Nightly?]: crash-stats should show that the issue was fixed.
[Needs manual test from QE? If yes, steps to reproduce]: no.
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no.
[Why is the change risky/not risky?]: Just a simple null check.
[String changes made/needed]: none.

Comment 8

[Julien Cristau [:jcristau]]

Comment on attachment 8878919 [details] [diff] [review]
Avoid null pointer deref

null ptr check, beta55+

crash volume seems too low on nightly to verify

Comment 9

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-beta/rev/22799702ef9e

Comment 10

[Cornel Ionce [:noni] [Hubs QA]]

Based on comment 7, this does not manual coverage. 
Updating the qe‑verify flag to reflect this.

Comment 11

[Gerry Chang [:gchang]]

Comment on attachment 8878919 [details] [diff] [review]
Avoid null pointer deref

Fix a stability issue. Let's uplift to ESR52.3.

Comment 12

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/releases/mozilla-esr52/rev/8321ef71adb5