Closed Bug 1413622 Opened 7 years ago Closed 7 years ago

UBSan: netwerk/cache/nsCacheService.cpp:3067:63: division by zero [@ nsCacheService::LogCacheStatistics]

Categories

(Core :: Networking: Cache, defect, P3)

Product:
Core
Component:
Networking: Cache
Version:
58 Branch
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla58
Tracking Flags:
Tracking Status
firefox58 --- fixed
firefox59 --- fixed

People

(Reporter: tsmith, Assigned: dragana)

Details

(Keywords: csectype-undefined, Whiteboard: [necko-triaged])

Attachments

(2 files)

bug_1413622.patch
1.30 KB, patch
mayhemer
: review+
Details | Diff | Splinter Review
bug_1413622_v2.patch
1.27 KB, patch
mayhemer
: review+
Details | Diff | Splinter Review 
This error is triggered on shutdown when Firefox is built with: -fsanitize=float-divide-by-zero,integer-divide-by-zero

This could lead to crashes when using different build tools and/or compiler optimization combinations.

/mozilla-central/netwerk/cache/nsCacheService.cpp:3067:63: runtime error: division by zero
    #0 0x7fd6b2744ff4 in nsCacheService::LogCacheStatistics() /mozilla-central/netwerk/cache/nsCacheService.cpp:3067:63
    #1 0x7fd6b273af3c in nsCacheService::Shutdown() /mozilla-central/netwerk/cache/nsCacheService.cpp:1262:9
    #2 0x7fd6b2738299 in nsCacheProfilePrefObserver::Observe(nsISupports*, char const*, char16_t const*) /mozilla-central/netwerk/cache/nsCacheService.cpp
    #3 0x7fd6b1bbc831 in nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) /mozilla-central/xpcom/ds/nsObserverList.cpp:112:19
    #4 0x7fd6b1bc0cb1 in nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) /mozilla-central/xpcom/ds/nsObserverService.cpp:296:19
    #5 0x7fd6b1d4e5a3 in mozilla::ShutdownXPCOM(nsIServiceManager*) /mozilla-central/xpcom/build/XPCOMInit.cpp:865:26
    #6 0x7fd6bf3ba3ba in ScopedXPCOMStartup::~ScopedXPCOMStartup() /mozilla-central/toolkit/xre/nsAppRunner.cpp:1516:5
    #7 0x7fd6bf3cf8d4 in operator() /mozilla-central/objdir-ff-ubsan/dist/include/mozilla/UniquePtr.h:528:5
    #8 0x7fd6bf3cf8d4 in reset /mozilla-central/objdir-ff-ubsan/dist/include/mozilla/UniquePtr.h:343
    #9 0x7fd6bf3cf8d4 in operator= /mozilla-central/objdir-ff-ubsan/dist/include/mozilla/UniquePtr.h:313
    #10 0x7fd6bf3cf8d4 in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4865
    #11 0x7fd6bf3d1585 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4932:21
    #12 0x517014 in do_main /mozilla-central/browser/app/nsBrowserApp.cpp:231:22
    #13 0x517014 in main /mozilla-central/browser/app/nsBrowserApp.cpp:304
    #14 0x7fd6d600d1c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308
    #15 0x41f7c9 in _start (/mozilla-central/objdir-ff-ubsan/dist/bin/firefox+0x41f7c9)

        Attachment #8924481 -
        Flags: review?(honzab.moz)

    
  
Priority: -- → P3
Whiteboard: [necko-triaged]

        Attachment #8924481 -
        Flags: review?(honzab.moz) → review+

    
  
Assignee: nobody → dd.mozilla
Status: NEW → ASSIGNED
Keywords: checkin-needed

    
    

    
  
Pushed by ryanvm@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c773790077bf
Del with zero during logging. r=mayhemer
Keywords: checkin-needed

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/c773790077bf
Status: ASSIGNED → RESOLVED
Closed: 7 years ago

          status-firefox58:
          affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla58

    
    

    
  
I am still seeing this issue.

/mozilla-central/netwerk/cache/nsCacheService.cpp:3069:58: runtime error: division by zero
    #0 0x7f62dc382eab in nsCacheService::LogCacheStatistics() /mozilla-central/netwerk/cache/nsCacheService.cpp:3069:58
    #1 0x7f62dc37c73e in nsCacheService::Shutdown() /mozilla-central/netwerk/cache/nsCacheService.cpp:1262:9
    #2 0x7f62dc37a152 in nsCacheProfilePrefObserver::Observe(nsISupports*, char const*, char16_t const*) /mozilla-central/netwerk/cache/nsCacheService.cpp
    #3 0x7f62db977982 in nsObserverList::NotifyObservers(nsISupports*, char const*, char16_t const*) /mozilla-central/xpcom/ds/nsObserverList.cpp:112:19
    #4 0x7f62db9797e7 in nsObserverService::NotifyObservers(nsISupports*, char const*, char16_t const*) /mozilla-central/xpcom/ds/nsObserverService.cpp:296:19
    #5 0x7f62dbafe9d1 in mozilla::ShutdownXPCOM(nsIServiceManager*) /mozilla-central/xpcom/build/XPCOMInit.cpp:865:26
    #6 0x7f62e7470b17 in ScopedXPCOMStartup::~ScopedXPCOMStartup() /mozilla-central/toolkit/xre/nsAppRunner.cpp:1516:5
    #7 0x7f62e748355d in mozilla::DefaultDelete<ScopedXPCOMStartup>::operator()(ScopedXPCOMStartup*) const /mozilla-central/objdir-ff-ubsan/dist/include/mozilla/UniquePtr.h:528:5
    #8 0x7f62e7482107 in mozilla::UniquePtr<ScopedXPCOMStartup, mozilla::DefaultDelete<ScopedXPCOMStartup> >::operator=(decltype(nullptr)) /mozilla-central/objdir-ff-ubsan/dist/include/mozilla/UniquePtr.h:313:5
    #9 0x7f62e747dadf in XREMain::XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4865:16
    #10 0x7f62e747e711 in XRE_main(int, char**, mozilla::BootstrapConfig const&) /mozilla-central/toolkit/xre/nsAppRunner.cpp:4932:21
    #11 0x518958 in do_main(int, char**, char**) /mozilla-central/browser/app/nsBrowserApp.cpp:231:22
    #12 0x5181da in main /mozilla-central/browser/app/nsBrowserApp.cpp:304:16
    #13 0x7f63108181c0 in __libc_start_main /build/glibc-CxtIbX/glibc-2.26/csu/../csu/libc-start.c:308
    #14 0x420ca9 in _start (/mozilla-central/objdir-ff-ubsan/dist/bin/firefox+0x420ca9)
Status: RESOLVED → REOPENED
Resolution: FIXED → ---

    
    

    
  


  
I do not know why it is happening, except the variables are access from different thread. Anyway the old cache is going to go soon so need to spend too much time investigating.

        Attachment #8928207 -
        Flags: review?(honzab.moz)

    
    

    
  
Comment on attachment 8928207 [details] [diff] [review]
bug_1413622_v2.patch

Review of attachment 8928207 [details] [diff] [review]:
-----------------------------------------------------------------

thanks.  this is more clear.

        Attachment #8928207 -
        Flags: review?(honzab.moz) → review+

    
    

    
  
Pushed by dd.mozilla@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/7137557138c4
Add a check to avoid a division by zero. r=mayhemer

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/7137557138c4
Status: REOPENED → RESOLVED
Closed: 7 years ago7 years ago

          status-firefox59:
          --- → fixed
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: