Closed Bug 1499412 Opened 5 years ago Closed 2 years ago

Assertion failure: mOffset == mSize, at /builds/worker/workspace/build/src/dom/filehandle/ActorsParent.cpp:2234

Categories

(Core :: Storage: IndexedDB, defect, P3)

Product:
Core
Component:
Storage: IndexedDB
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1614360
Tracking Flags:
Tracking Status
firefox64 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase, Whiteboard: [bugmon:confirmed])

Attachments

(1 file)

testcase.html
474 bytes, text/html
Details
Attached file testcase.html 
Testcase found while fuzzing mozilla-central rev 9079bbe83718.  Please note that the testcase must be served via a local webserver in order to reproduce.

Assertion failure: mOffset == mSize, at /builds/worker/workspace/build/src/dom/filehandle/ActorsParent.cpp:2234


rax = 0x0000000000000000   rdx = 0x0000000000000000
rcx = 0x0000000000000b40   rbx = 0x00007ff8a77e1700
rsi = 0x00007ff8e2a0e8b0   rdi = 0x00007ff8e2a0d680
rbp = 0x00007ff8a67fe670   rsp = 0x00007ff8a67f65d0
r8 = 0x00007ff8e2a0e8b0    r9 = 0x00007ff8a67ff700
r10 = 0x0000000000000002   r11 = 0x0000000000000000
r12 = 0x00007ff8a67f6640   r13 = 0x00007ff8a67f6620
r14 = 0x00007ff8a67f6628   r15 = 0x0000000000000000
rip = 0x00007ff8d292b8d0
OS|Linux|0.0.0 Linux 4.15.0-36-generic #39-Ubuntu SMP Mon Sep 24 16:19:09 UTC 2018 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV /SEGV_MAPERR|0x0|65
65|0|libxul.so|mozilla::dom::CopyFileHandleOp::DoFileWork(mozilla::dom::FileHandle*)|hg:hg.mozilla.org/mozilla-central:dom/filehandle/ActorsParent.cpp:9079bbe837184ed183b133a374753865b6768bc4|2169|0x18
Flags: in-testsuite?
Jan, could you please assess how serious this is?
Flags: needinfo?(jvarga)
Priority: -- → P2
FileHandle is going to be removed in bug 1500343, so this is a low priority or wontfix.
Flags: needinfo?(jvarga)
Depends on: 1500343
Priority: P2 → P3

Bugmon Analysis:
Unable to reproduce bug using the following builds:

mozilla-central 20210224162107-27f574662450
mozilla-central 20200226092757-7f41334e1044

Whiteboard: [bugmon:confirmed]

Hmm, we did not fix the blocking bug 1500343, but it seems to be ok now for more than a year.

Status: NEW → RESOLVED
Closed: 2 years ago
No longer depends on: 1500343
Resolution: --- → WORKSFORME
See Also: → 1500343
Resolution: WORKSFORME → DUPLICATE
You need to log in before you can comment on or make changes to this bug.