Closed
Bug 1515375
Opened 5 years ago
Closed 5 years ago
Crash in PLDHashTable::Search | mozilla::SandboxBroker::LaunchApp
Categories
(Core :: Security: Process Sandboxing, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla66
Tracking | Status | |
---|---|---|
firefox-esr60 | --- | unaffected |
firefox64 | --- | unaffected |
firefox65 | + | fixed |
firefox66 | + | fixed |
People
(Reporter: marcia, Assigned: bobowen)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(1 file)
1.65 KB,
patch
|
handyman
:
review+
RyanVM
:
approval-mozilla-beta+
|
Details | Diff | Splinter Review |
[Tracking Requested - why for this release]: New crash which just surfaced in 65 but is also in nightly in small volume. We should try to figure out what the root cause may be. This bug was filed from the Socorro interface and is report bp-c0791583-19d8-4120-bfe5-800e70181219. ============================================================= Seen while looking at 65 beta crash stats, present in 66 nightly as well: https://bit.ly/2LqtV1B. Windows only crash which doesn't appear to be present in previous 65 betas and doesn't affect 64. Startup crash, with almost 98% of crashes happening at startup. Top 10 frames of crashing thread: 0 xul.dll PLDHashTable::Search xpcom/ds/PLDHashTable.cpp:497 1 xul.dll mozilla::SandboxBroker::LaunchApp security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp:238 2 xul.dll bool mozilla::ipc::GeckoChildProcessHost::PerformAsyncLaunch ipc/glue/GeckoChildProcessHost.cpp:1045 3 xul.dll bool mozilla::ipc::GeckoChildProcessHost::RunPerformAsyncLaunch ipc/glue/GeckoChildProcessHost.cpp:464 4 xul.dll nsresult mozilla::detail::RunnableMethodImpl<mozilla::ipc::GeckoChildProcessHost*, bool xpcom/threads/nsThreadUtils.h:1158 5 xul.dll bool MessageLoop::DeferOrRunPendingTask ipc/chromium/src/base/message_loop.cc:449 6 xul.dll MessageLoop::DoWork ipc/chromium/src/base/message_loop.cc:522 7 xul.dll base::MessagePumpForIO::DoRunLoop ipc/chromium/src/base/message_pump_win.cc:421 8 xul.dll base::MessagePumpWin::Run ipc/chromium/src/base/message_pump_win.h:80 9 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:307 =============================================================
Comment 1•5 years ago
|
||
Bug 1513101 seems like the most likely candidate.
Assignee | ||
Comment 2•5 years ago
|
||
I'm going to add a null check, to at least stop this crash.
Assignee: nobody → bobowencode
Status: NEW → ASSIGNED
Priority: -- → P1
Assignee | ||
Comment 3•5 years ago
|
||
Attachment #9032753 -
Flags: review?(davidp99)
Assignee | ||
Comment 4•5 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=43dfc4b1c4ab9f03eeeb36daa592715780e4a829
Updated•5 years ago
|
Attachment #9032753 -
Flags: review?(davidp99) → review+
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/7cbd48e23581 Null check sLaunchErrors in SandboxBroker and always accumulate if not created. r=handyman
Assignee | ||
Comment 6•5 years ago
|
||
Comment on attachment 9032753 [details] [diff] [review] Null check sLaunchErrors in SandboxBroker and always accumulate if not created [Beta/Release Uplift Approval Request] Feature/Bug causing the regression: Bug 1395952 User impact if declined: Users who have an RDD process that fails to start, will experience a browser crash. Is this code covered by automated tests?: No Has the fix been verified in Nightly?: No Needs manual test from QE?: No If yes, steps to reproduce: No test, but should see this disappear from crash stats. List of other uplifts needed: None Risk to taking this patch: Low Why is the change risky/not risky? (and alternatives if risky): Fairly simple null check to prevent the crash. String changes made/needed: None
Attachment #9032753 -
Flags: approval-mozilla-beta?
Comment 8•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/7cbd48e23581
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
Updated•5 years ago
|
Flags: needinfo?(mfroman)
Updated•5 years ago
|
status-firefox-esr60:
--- → unaffected
Comment 9•5 years ago
|
||
Comment on attachment 9032753 [details] [diff] [review] Null check sLaunchErrors in SandboxBroker and always accumulate if not created [Triage Comment] Adds a null check to hopefully resolve a new topcrash on Beta. Approved for 65.0b7.
Attachment #9032753 -
Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment 10•5 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-beta/rev/93e2cfcc400d
Assignee | ||
Comment 11•5 years ago
|
||
(In reply to Bob Owen (:bobowen) from comment #6) ... > If yes, steps to reproduce: No test, but should see this disappear from > crash stats. As expected this crash has disappeared in 65.0b7.
You need to log in
before you can comment on or make changes to this bug.
Description
•