Closed
Bug 1377369
Opened 8 years ago
Closed 8 years ago
Crash in memcpy | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges
Categories
(Core :: Networking: Cache, defect)
Tracking
()
VERIFIED
FIXED
mozilla56
| Tracking | Status | |
|---|---|---|
| firefox-esr52 | --- | unaffected |
| firefox54 | --- | unaffected |
| firefox55 | --- | disabled |
| firefox56 | --- | verified |
People
(Reporter: ananuti, Assigned: michal)
References
Details
(Keywords: crash, csectype-bounds, sec-critical, Whiteboard: [necko-active])
Crash Data
Attachments
(3 files)
This bug was filed from the Socorro interface and is
report bp-331dd3d0-9018-4f07-8088-bc9b80170630.
=============================================================
Frequent crashes with JSBC eager and most of them are from facebook.com.
Attached log modules: timestamp,rotate:50,nsHttp:5,nsSocketTransport:5,nsStreamPump:5,nsHostResolver:5,cache2:5,sync
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → michal.novotny
Whiteboard: [necko-active]
|
Reporter | |
Comment 3•8 years ago
|
||
Attached the log for bp-a84d3182-2580-423e-8bb7-2ba510170702 while opening inoreader.com.
|
||
Comment 4•8 years ago
|
||
Ekanan, thanks for the reports.
One thing I noticed, and which is also verified from crash stats reports is that when this crash appear the first time, it will likely appear on the same website repeatedly after.
|
|
||
Updated•8 years ago
|
Crash Signature: [@ memcpy | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges] → [@ memcpy | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges]
[@ vcruntime140.dll@0xc387 | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges]
|
||
Updated•8 years ago
|
Crash Signature: [@ memcpy | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges]
[@ vcruntime140.dll@0xc387 | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges] → [@ memcpy | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges]
[@ vcruntime140.dll@0xc387 | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges]
[@ vcruntime140.dll@0xc588 | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges]
[@ vcruntime140.d…
|
|
Assignee | |
Comment 5•8 years ago
|
||
CacheFileChunkBuffer::FillInvalidRanges uses aOther->mBufSize instead of aOther->mDataSize. mBufSize is size of the buffer (allocated as 2^n) and we want to access only mDataSize bytes. This bug never occurred before storing alt-data stuff because the new data was always bigger than the data read from the disk. This is no longer true.
Attachment #8883060 -
Flags: review?(honzab.moz)
|
||
Comment 6•8 years ago
|
||
Comment on attachment 8883060 [details] [diff] [review]
fix
Review of attachment 8883060 [details] [diff] [review]:
-----------------------------------------------------------------
Michal says Honza might not be available on short notice. Patch looks simple enough. r+
Attachment #8883060 -
Flags: review?(honzab.moz) → review+
Pushed by mnovotny@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/216b686cdbaa
Crash in memcpy | mozilla::net::CacheFileChunkBuffer::FillInvalidRanges, r=valentin
|
||
Comment 8•8 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox56:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla56
|
||
Updated•8 years ago
|
status-firefox54:
--- → unaffected
status-firefox55:
--- → unaffected
status-firefox-esr52:
--- → unaffected
|
|
Reporter | |
Updated•8 years ago
|
|
||
Updated•8 years ago
|
Keywords: csectype-bounds,
sec-critical
|
|
Reporter | |
Updated•8 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•