Closed
Bug 1474701
Opened 7 years ago
Closed 7 years ago
Shutdown profiles underflow the JSONWriter leading to infinite writing
Categories
(Core :: Gecko Profiler, enhancement, P1)
Tracking
()
RESOLVED
FIXED
mozilla63
| Tracking | Status | |
|---|---|---|
| firefox63 | --- | fixed |
People
(Reporter: jesup, Assigned: jesup)
Details
Attachments
(1 file)
|
2.64 KB,
patch
|
mstange
:
review+
n.nethercote
:
review+
|
Details | Diff | Splinter Review |
In saving meta blocks of profiler JSON at shutdown (via MOZ_PROFILER_SHUTDOWN=file), the code unbalances the JSONWriter tree.
Also, there are no safety checks in the JSONWriter code, even in debug builds, against underflow.
|
Assignee | |
Comment 1•7 years ago
|
||
Attachment #8991103 -
Flags: review?(n.nethercote)
Attachment #8991103 -
Flags: review?(mstange)
|
||
Comment 2•7 years ago
|
||
Comment on attachment 8991103 [details] [diff] [review]
Fix shutdown profile-save (fix imbalance) and add JSONWriter assertions
Review of attachment 8991103 [details] [diff] [review]:
-----------------------------------------------------------------
::: mfbt/JSONWriter.h
@@ +247,5 @@
> size_t mDepth; // the current nesting depth
>
> void Indent()
> {
> + MOZ_ASSERT(mDepth >= 0);
`mDepth` is a `size_t`, so this assertion will never fail. No need for it.
@@ +335,3 @@
> } else {
> mDepth--;
> + MOZ_ASSERT(mDepth >= 0);
`mDepth` is a `size_t`, so please move the assertion before the decrement and change it to `mDepth > 0`.
Attachment #8991103 -
Flags: review?(n.nethercote) → review+
|
||
Comment 3•7 years ago
|
||
Comment on attachment 8991103 [details] [diff] [review]
Fix shutdown profile-save (fix imbalance) and add JSONWriter assertions
Review of attachment 8991103 [details] [diff] [review]:
-----------------------------------------------------------------
What Nick said. Also, yikes. I wonder what kind of API would have prevented this. Probably something RAII-based... but I don't think C++ has the right capabilities to make it impossible to have two overlapping objects at the same time, for example.
Attachment #8991103 -
Flags: review?(mstange) → review+
|
|
||
Comment 4•7 years ago
|
||
> I wonder what kind of API would have prevented this
Yeah: https://searchfox.org/mozilla-central/source/mfbt/JSONWriter.h#23-30... though this bug shows that the last sentence of that comment is over-optimistic :(
|
||
Updated•7 years ago
|
Priority: -- → P1
Pushed by rjesup@wgate.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/d323d133324b
Fix shutdown profile-save (fix imbalance) and add JSONWriter assertions r=mstange,njn
|
|
Assignee | |
Updated•7 years ago
|
Flags: needinfo?(rjesup)
|
|
||
Comment 7•7 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 7 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in
before you can comment on or make changes to this bug.
Description
•