Closed
Bug 1474701
Opened 6 years ago
Closed 6 years ago
Shutdown profiles underflow the JSONWriter leading to infinite writing
Categories
(Core :: Gecko Profiler, enhancement, P1)
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox63 | --- | fixed |
People
(Reporter: jesup, Assigned: jesup)
Details
Attachments
(1 file)
|
2.64 KB,
patch
|
mstange
:
review+
n.nethercote
:
review+
|
Details | Diff | Splinter Review |
In saving meta blocks of profiler JSON at shutdown (via MOZ_PROFILER_SHUTDOWN=file), the code unbalances the JSONWriter tree. Also, there are no safety checks in the JSONWriter code, even in debug builds, against underflow.
|
Assignee | |
Comment 1•6 years ago
|
||
Attachment #8991103 -
Flags: review?(n.nethercote)
Attachment #8991103 -
Flags: review?(mstange)
|
||
Comment 2•6 years ago
|
||
Comment on attachment 8991103 [details] [diff] [review] Fix shutdown profile-save (fix imbalance) and add JSONWriter assertions Review of attachment 8991103 [details] [diff] [review]: ----------------------------------------------------------------- ::: mfbt/JSONWriter.h @@ +247,5 @@ > size_t mDepth; // the current nesting depth > > void Indent() > { > + MOZ_ASSERT(mDepth >= 0); `mDepth` is a `size_t`, so this assertion will never fail. No need for it. @@ +335,3 @@ > } else { > mDepth--; > + MOZ_ASSERT(mDepth >= 0); `mDepth` is a `size_t`, so please move the assertion before the decrement and change it to `mDepth > 0`.
Attachment #8991103 -
Flags: review?(n.nethercote) → review+
|
||
Comment 3•6 years ago
|
||
Comment on attachment 8991103 [details] [diff] [review] Fix shutdown profile-save (fix imbalance) and add JSONWriter assertions Review of attachment 8991103 [details] [diff] [review]: ----------------------------------------------------------------- What Nick said. Also, yikes. I wonder what kind of API would have prevented this. Probably something RAII-based... but I don't think C++ has the right capabilities to make it impossible to have two overlapping objects at the same time, for example.
Attachment #8991103 -
Flags: review?(mstange) → review+
|
|
||
Comment 4•6 years ago
|
||
> I wonder what kind of API would have prevented this Yeah: https://searchfox.org/mozilla-central/source/mfbt/JSONWriter.h#23-30... though this bug shows that the last sentence of that comment is over-optimistic :(
|
||
Updated•6 years ago
|
Priority: -- → P1
Pushed by rjesup@wgate.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/d323d133324b Fix shutdown profile-save (fix imbalance) and add JSONWriter assertions r=mstange,njn
|
|
Assignee | |
Updated•6 years ago
|
Flags: needinfo?(rjesup)
|
||
Comment 7•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/d323d133324b
Status: NEW → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•