Closed Bug 1499412 Opened 7 years ago Closed 5 years ago

Assertion failure: mOffset == mSize, at /builds/worker/workspace/build/src/dom/filehandle/ActorsParent.cpp:2234

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1614360

Tracking Flags:

Tracking

Status

firefox64

---

affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase, Whiteboard: [bugmon:confirmed])

Attachments

(1 file)

testcase.html 7 years ago Jason Kratzer [:jkratzer] 474 bytes, text/html		Details

Jason Kratzer [:jkratzer]

Reporter

Description

•

7 years ago

Attached file testcase.html — Details

Testcase found while fuzzing mozilla-central rev 9079bbe83718. Please note that the testcase must be served via a local webserver in order to reproduce. Assertion failure: mOffset == mSize, at /builds/worker/workspace/build/src/dom/filehandle/ActorsParent.cpp:2234 rax = 0x0000000000000000 rdx = 0x0000000000000000 rcx = 0x0000000000000b40 rbx = 0x00007ff8a77e1700 rsi = 0x00007ff8e2a0e8b0 rdi = 0x00007ff8e2a0d680 rbp = 0x00007ff8a67fe670 rsp = 0x00007ff8a67f65d0 r8 = 0x00007ff8e2a0e8b0 r9 = 0x00007ff8a67ff700 r10 = 0x0000000000000002 r11 = 0x0000000000000000 r12 = 0x00007ff8a67f6640 r13 = 0x00007ff8a67f6620 r14 = 0x00007ff8a67f6628 r15 = 0x0000000000000000 rip = 0x00007ff8d292b8d0 OS|Linux|0.0.0 Linux 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64 CPU|amd64|family 6 model 78 stepping 3|1 GPU||| Crash|SIGSEGV /SEGV_MAPERR|0x0|65 65|0|libxul.so|mozilla::dom::CopyFileHandleOp::DoFileWork(mozilla::dom::FileHandle*)|hg:hg.mozilla.org/mozilla-central:dom/filehandle/ActorsParent.cpp:9079bbe837184ed183b133a374753865b6768bc4|2169|0x18

Flags: in-testsuite?

Yaron Tausky [:ytausky]

Comment 1

•

7 years ago

Jan, could you please assess how serious this is?

Flags: needinfo?(jvarga)

Priority: -- → P2

Jan Varga [:janv]

Comment 2

•

7 years ago

FileHandle is going to be removed in bug 1500343, so this is a low priority or wontfix.

Flags: needinfo?(jvarga)

Simon Giesecke [:sg] [he/him]

Updated

•

6 years ago

Depends on: 1500343

Jens Stutte [:jstutte]

Updated

•

6 years ago

Priority: P2 → P3

Bugmon [:jkratzer for issues]

Comment 3

•

5 years ago

Bugmon Analysis:
Unable to reproduce bug using the following builds:

mozilla-central 20210224162107-27f574662450
mozilla-central 20200226092757-7f41334e1044

Whiteboard: [bugmon:confirmed]

Jens Stutte [:jstutte]

Comment 4

•

5 years ago

Hmm, we did not fix the blocking bug 1500343, but it seems to be ok now for more than a year.

Status: NEW → RESOLVED

Closed: 5 years ago

No longer depends on: 1500343

Resolution: --- → WORKSFORME

Updated

•

5 years ago

Resolution: WORKSFORME → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Assertion failure: mOffset == mSize, at /builds/worker/workspace/build/src/dom/filehandle/ActorsParent.cpp:2234

Categories

(Core :: Storage: IndexedDB, defect, P3)

Tracking

()

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase, Whiteboard: [bugmon:confirmed])

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Updated

Updated

Comment 3

Comment 4

Updated

Attachment

General

Description

File Name

Content Type