Closed Bug 1507229 Opened 6 years ago Closed 5 years ago

Assertion failure: false (), at /builds/worker/workspace/build/src/dom/indexedDB/ActorsParent.cpp:14138

Categories

(Core :: Storage: IndexedDB, defect, P3)

Product:
Core
Component:
Storage: IndexedDB
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox-esr60 --- wontfix
firefox65 --- wontfix
firefox66 --- wontfix
firefox67 --- wontfix
firefox68 --- fixed

People

(Reporter: jkratzer, Assigned: violet.bugreport)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(2 files)

testcase.html
467 bytes, text/html
Details
Bug 1507229 - Argument sanity check at CreateMutableFile() to avoid assertion failure
47 bytes, text/x-phabricator-request
Details | Review
Attached file testcase.html 
Testcase found while fuzzing mozilla-central rev 073045259e75.

Assertion failure: false (), at /builds/worker/workspace/build/src/dom/indexedDB/ActorsParent.cpp:14138

rax = 0x0000000000000000   rdx = 0x0000000000000000
rcx = 0x0000000000000b40   rbx = 0x00007fba2310f400
rsi = 0x00007fba4f9358b0   rdi = 0x00007fba4f934680
rbp = 0x00007fba34884500   rsp = 0x00007fba348844d0
r8 = 0x00007fba4f9358b0    r9 = 0x00007fba34885700
r10 = 0x0000000000000002   r11 = 0x0000000000000000
r12 = 0x00007fba34884560   r13 = 0x00007fba2310f400
r14 = 0x00007fba34884540   r15 = 0x00007fba23120268
rip = 0x00007fba3fa4dc19
OS|Linux|0.0.0 Linux 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64
CPU|amd64|family 6 model 78 stepping 3|1
GPU|||
Crash|SIGSEGV /SEGV_MAPERR|0x0|21
21|0|libxul.so|Database::AllocPBackgroundIDBDatabaseRequestParent|hg:hg.mozilla.org/mozilla-central:dom/indexedDB/ActorsParent.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|14126|0x18
21|1|libxul.so|mozilla::dom::indexedDB::PBackgroundIDBDatabaseParent::OnMessageReceived(IPC::Message const&)|s3:gecko-generated-sources:8650916e0dda42b999f0f17f9079b7b7de235435356661780ee29a93e05a0e2771aed4e16bcf1f7ba0b856380a43c46b737d4f9f5977ac485950fa7a3eaeb7f5/ipc/ipdl/PBackgroundIDBDatabaseParent.cpp:|550|0xc
21|2|libxul.so|mozilla::ipc::MessageChannel::DispatchAsyncMessage(IPC::Message const&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|2244|0x6
21|3|libxul.so|mozilla::ipc::MessageChannel::DispatchMessage(IPC::Message&&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|2171|0xb
21|4|libxul.so|mozilla::ipc::MessageChannel::RunMessage(mozilla::ipc::MessageChannel::MessageTask&)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|2008|0xb
21|5|libxul.so|mozilla::ipc::MessageChannel::MessageTask::Run()|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessageChannel.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|2041|0xc
21|6|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|1244|0x11
21|7|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|530|0x11
21|8|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|364|0xd
21|9|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|325|0x17
21|10|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|318|0x8
21|11|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|503|0x8
21|12|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:073045259e75e0c8f7b8ffcd5e4bf72570f98f3e|201|0x7
21|13|libpthread-2.27.so||||0x76db
21|14|libc-2.27.so||||0x12188f
Flags: in-testsuite?
Priority: -- → P3
Assignee: nobody → violet.bugreport

CreateMutableFile() doesn't allow empty name, we should check it before
further processing to avoid assertion failure.

Keywords: checkin-needed

Pushed by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/02b7484f316b
Argument sanity check at CreateMutableFile() to avoid assertion failure r=janv

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/02b7484f316b

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox68: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
https://hg.mozilla.org/projects/ash/rev/02b7484f316b1936479d4e28789c9c6dbf3fad9c
Bug 1507229 - Argument sanity check at CreateMutableFile() to avoid assertion failure r=janv
status-firefox65: affectedwontfix
status-firefox66: --- → wontfix
status-firefox67: --- → wontfix
status-firefox-esr60: --- → wontfix
Flags: in-testsuite? → in-testsuite+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: