Closed Bug 1480354 Opened Last year Closed Last year

constructed Blob freezes tab on download


(Core :: XPCOM, defect)

60 Branch
Not set



Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- verified
firefox61 --- wontfix
firefox62 --- verified
firefox63 --- verified


(Reporter: co, Assigned: baku)



(Keywords: hang, regression)


(2 files)

Attached file PoC.htm
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
Build ID: 20180704003137

Steps to reproduce:

1. Create an empty Blob
2. Add 512 KB blocks to the Blob until it has a size of 25 MB
3. create URL to Blob
4. Try downloading via anker with download attribute
5. "save as" dialog appears, choose "save"

Actual results:

Download never finishes; after some time, tab doesn't respond to input anymore either.
Please note that if the steps to reproduce are slightly changed (i.e. if we're adding 1 KB blocks instead of 512 KB blocks), then the tab crashes instead of freezing.

Expected results:

Download succeeds (i.e. finishes).
Also note that when we're adding bigger blocks (i.e. 1 MB blocks instead of 512 KB blocks), then everything works just fine.
Regression window:

Regressed by: Bug 1371699

Fixed range:

Fixed by: Bug 1460561 in Firefox 62

Your bunch of patch seems to cause the problem, could you look into this?
Blocks: 1371699
Component: Untriaged → XPCOM
Depends on: 1460561
Ever confirmed: true
Flags: needinfo?(amarchesini)
Keywords: hang, regression
Product: Firefox → Core
Version: 61 Branch → 60 Branch
Let's avoid a super complex tree of nested blobs.
Assignee: nobody → amarchesini
Flags: needinfo?(amarchesini)
Attachment #8997094 - Flags: review?(bugs)
I'm a bit lost here, comment 2 says Bug 1460561 fixed this.
Comment on attachment 8997094 [details] [diff] [review]

I was thinking if there was some way to access subblobs, like using FormData or so, but couldn't find any way.

Please add a crashtest like test here too, something which crashes without the patch. Assuming that is done, r+
Attachment #8997094 - Flags: review?(bugs) → review+
Pushed by
Better approach for nested blobs construction, r=smaug
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to add dom/file/tests/crashtests/crashtests.list to the main crashtest manifest in testing/crashtest/crashtests.list or the new test won't be run (and I've confirmed that it currently isn't as expected).

Also, is this something we should consider backporting?
Flags: needinfo?(amarchesini)
Pushed by
Add the new crashtest manifest to the master one. r=me
Comment on attachment 8997094 [details] [diff] [review]

Approval Request Comment
[Feature/Bug causing the regression]: Blob in general
[User impact if declined]: a malicious website can make the browser to freeze
[Is this code covered by automated tests?]: n/a
[Has the fix been verified in Nightly?]: yes
[Needs manual test from QE? If yes, steps to reproduce]: follow the bug description 
[List of other uplifts needed for the feature/fix]: none
[Is the change risky?]: no
[Why is the change risky/not risky?]: stable on central for weeks, it doesn't break any existing test.
[String changes made/needed]: none
Flags: needinfo?(amarchesini)
Attachment #8997094 - Flags: approval-mozilla-beta?
Comment on attachment 8997094 [details] [diff] [review]

It's a bit late in the cycle for this, but it's very well-baked on Nightly and I think the severity of the issue warrants a late landing. Approved for 62 RC1.
Attachment #8997094 - Flags: approval-mozilla-beta? → approval-mozilla-release+
Flags: qe-verify+
Comment on attachment 8997094 [details] [diff] [review]

And ESR 60.2.
Attachment #8997094 - Flags: approval-mozilla-esr60+
I tried reproducing the following issue with no success on a affected Nightly build (2018-07-04) under Windows 10 (x64). Christian , could you please see if the issue is reproducing on the affected build and provide some detailed steps if it does?
Flags: needinfo?(co)
2018-07-04 is version 61.0.1, isn't it? I checked it in three versions again:

61.0.1: Could reproduce the issue:
  - open the PoC attached in the original post
  - click the link
  - choose "Save File"
  => "Download" never finishes, web content freezes.
  => After I clicked "cancel" the download could be cancelled correctly, but the web content stayed frozen.

61.0.2: Could reproduce with the same steps

63.0a1 (current nightly): Could *not* reproduce, issue is fixed there :-)
Flags: needinfo?(co)
I successfully reproduced the issue on Firefox 61.0.1 under Windows 10 (x64) using the STR from Comment 17.
The issue is verified fixed on Latest Nightly 63.0a1, Firefox 62.0 and ESR 60.2.0 (65bfaed52818, build from threeherder) under Windows 10 (x64), macOS 10.12 and Ubuntu 16.04 (x64). Thanks for the reply Christian. I took a Nightly build from that date and that's why it wasn't reproducing for me.
Flags: qe-verify+
You need to log in before you can comment on or make changes to this bug.