Closed
Bug 1510022
Opened 5 years ago
Closed 5 years ago
Hit MOZ_CRASH(index out of bounds: the len is 1024 but the index is 1024) at third_party/rust/encoding_rs/src/utf_8.rs:408
Categories
(Core :: Internationalization, defect)
Core
Internationalization
Tracking
()
RESOLVED
DUPLICATE
of bug 1509507
People
(Reporter: bc, Unassigned)
References
()
Details
(Keywords: crash, regression, reproducible)
1. https://net.jogtar.hu/jogszabaly?docid=A1200020.EMM May need to reload, maybe not. ymmv. Linux/Windows Nightly 65 but not Beta 64. Hit MOZ_CRASH(index out of bounds: the len is 1024 but the index is 1024) at third_party/rust/encoding_rs/src/utf_8.rs:408 #01: MOZ_CrashOOL(char const*, int, char const*) (firefox-debug/dist/include/mozilla/Assertions.h:306) #02: gkrust_shared::panic_hook (toolkit/library/rust/shared/lib.rs:234) #03: core::ops::function::Fn::call (4ngih35gr3b6n1xc:?) #04: core::sync::atomic::atomic_sub (/rustc/1433507eba7d1a114e4c6f27ae0e1a74f60f20de/src/libcore/sync/atomic.rs:2007) #05: std::panicking::continue_panic_fmt (std.89gdwp76-cgu.11:?) #06: rust_begin_unwind (/rustc/1433507eba7d1a114e4c6f27ae0e1a74f60f20de/src/libstd/panicking.rs:326) #07: core::panicking::panic_fmt (/rustc/1433507eba7d1a114e4c6f27ae0e1a74f60f20de/src/libcore/panicking.rs:77) #08: core::panicking::panic_bounds_check (/rustc/1433507eba7d1a114e4c6f27ae0e1a74f60f20de/src/libcore/panicking.rs:59) #09: encoding_rs::utf_8::Utf8Decoder::decode_to_utf16_raw (firefox-debug/dist/bin/libxul.so) #10: encoding_rs::variant::VariantDecoder::decode_to_utf16_raw (:?) #11: encoding_rs::Decoder::decode_to_utf16_checking_end (third_party/rust/encoding_rs/src/macros.rs:1613) #12: encoding_rs::Decoder::decode_to_utf16 (third_party/rust/encoding_rs/src/lib.rs:4154) #13: decoder_decode_to_utf16 (third_party/rust/encoding_c/src/lib.rs:830) #14: nsHtml5StreamParser::WriteStreamBytes(unsigned char const*, unsigned int, unsigned int*) (:?) #15: nsHtml5StreamParser::DoDataAvailable(unsigned char const*, unsigned int) (:?) #16: nsHtml5StreamParser::CopySegmentsToParser(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*) (parser/html/nsHtml5StreamParser.cpp:1320) #17: nsStringInputStream::ReadSegments(nsresult (*)(nsIInputStream*, void*, char const*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) (xpcom/io/nsStringStream.cpp:275) #18: nsHtml5StreamParser::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned long, unsigned int) (parser/html/nsHtml5StreamParser.cpp:1299) #19: mozilla::net::nsHTTPCompressConv::do_OnDataAvailable(nsIRequest*, nsISupports*, unsigned long, char const*, unsigned int) (netwerk/streamconv/converters/nsHTTPCompressConv.cpp:528) #20: mozilla::net::nsHTTPCompressConv::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned long, unsigned int) (netwerk/streamconv/converters/nsHTTPCompressConv.cpp:443) #21: mozilla::net::HttpChannelChild::DoOnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned long, unsigned int) (netwerk/protocol/http/HttpChannelChild.cpp:1103) #22: mozilla::net::HttpChannelChild::OnTransportAndData(nsresult const&, nsresult const&, unsigned long const&, unsigned int const&, nsTString<char> const&) (netwerk/protocol/http/HttpChannelChild.cpp:984) #23: mozilla::net::ChannelEventQueue::FlushQueue() (netwerk/ipc/ChannelEventQueue.cpp:93) #24: mozilla::net::ChannelEventQueue::ResumeInternal()::CompleteResumeRunnable::Run() (firefox-debug/dist/include/mozilla/net/ChannelEventQueue.h:329) #25: nsThread::ProcessNextEvent(bool, bool*) (xpcom/threads/nsThread.cpp:1231) #26: NS_ProcessNextEvent(nsIThread*, bool) (xpcom/threads/nsThreadUtils.cpp:530) #27: mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) (ipc/glue/MessagePump.cpp:334) #28: MessageLoop::AutoRunState::~AutoRunState() (ipc/chromium/src/base/message_loop.cc:598) #29: nsThread::ThreadFunc(void*) (xpcom/threads/nsThread.cpp:505) #30: _pt_root (nsprpub/pr/src/pthreads/ptthread.c:204) #31: start_thread (pthread_create.c:?) #32: __GI___clone (:?)
Comment 1•5 years ago
|
||
I see a bunch of crashes in crash stats today with the crash reason in this bug: https://bit.ly/2SexcTP (all but one has that Moz Crash reason).
Comment 2•5 years ago
|
||
Henri: this looks to be an issue in encoding_rs, can you take a look?
Flags: needinfo?(hsivonen)
Updated•5 years ago
|
Group: core-security → dom-core-security
Keywords: regression
Comment 3•5 years ago
|
||
Not a security bug, since this is a Rust panic. (And, yes, I'll take a look.) Thanks for the repro URL!
Status: NEW → RESOLVED
Closed: 5 years ago
Flags: needinfo?(hsivonen)
Resolution: --- → DUPLICATE
Updated•5 years ago
|
Group: dom-core-security
Keywords: regressionwindow-wanted
You need to log in
before you can comment on or make changes to this bug.
Description
•