Closed Bug 1525527 Opened 5 years ago Closed 5 years ago

Crash in OOM | large | NS_ABORT_OOM | mozilla::dom::WebSocket::CreateAndDispatchMessageEvent

Categories

(Core :: DOM: Networking, defect, P1)

Product:
Core
Component:
DOM: Networking
Version:
60 Branch
Platform:
x86
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla67
Tracking Flags:
Tracking Status
firefox67 --- fixed

People

(Reporter: emma.mason20, Assigned: michal)

Details

(Whiteboard: [necko-triaged])

Crash Data

Attachments

(1 file, 1 obsolete file)

patch v2 - throws NS_ERROR_OUT_OF_MEMORY
1020 bytes, patch
michal
: review+
Details | Diff | Splinter Review

This bug is for crash report bp-67595ec5-0ed0-46ee-acde-b85090190131.

Top 10 frames of crashing thread:

0 xul.dll NS_ABORT_OOM xpcom/base/nsDebugImpl.cpp:628
1 xul.dll nsresult mozilla::dom::WebSocket::CreateAndDispatchMessageEvent dom/websocket/WebSocket.cpp:2017
2 xul.dll nsresult mozilla::dom::WebSocketImpl::DoOnMessageAvailable dom/websocket/WebSocket.cpp:693
3 xul.dll mozilla::dom::WebSocketImpl::OnMessageAvailable dom/websocket/WebSocket.cpp:718
4 xul.dll void mozilla::net::WebSocketChannelChild::OnMessageAvailable netwerk/protocol/websocket/WebSocketChannelChild.cpp:366
5 xul.dll mozilla::net::WrappedChannelEvent::Run netwerk/protocol/websocket/WebSocketChannelChild.cpp:147
6 xul.dll mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:337
7 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1246
8 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:530
9 xul.dll mozilla::ipc::MessagePump::Run ipc/glue/MessagePump.cpp:97
Component: General → DOM: Networking

Do we have a fallible conversion API for this [1]? Michal, can you look at this?

[1] https://hg.mozilla.org/releases/mozilla-release/annotate/c58ea2229c337e9981ab9d3650b04fd3d249b141/dom/websocket/WebSocket.cpp#l2017

P1 only because this is impactful content-controlled crash and potentially easy to fix.

Assignee: nobody → michal.novotny
Status: UNCONFIRMED → NEW
Ever confirmed: true
Priority: -- → P1
Whiteboard: [necko-triaged]
Attached patch patch (obsolete) — Splinter Review
Attachment #9044889 - Flags: review?(honzab.moz)
Comment on attachment 9044889 [details] [diff] [review]
patch

Review of attachment 9044889 [details] [diff] [review]:
-----------------------------------------------------------------

::: dom/websocket/WebSocket.cpp
@@ +1851,5 @@
>    } else {
>      // JS string
> +    nsAutoString utf16Data;
> +    if (!AppendUTF8toUTF16(aData, utf16Data, mozilla::fallible)) {
> +      return NS_ERROR_FAILURE;

maybe NS_ERROR_OUT_OF_MEMORY?
Attachment #9044889 - Flags: review?(honzab.moz) → review+
Attachment #9044889 - Attachment is obsolete: true
Attachment #9044971 - Flags: review+
Keywords: checkin-needed

Pushed by dluca@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/57c4b2afc95b
Crash in OOM | large | NS_ABORT_OOM | mozilla::dom::WebSocket::CreateAndDispatchMessageEvent, r=michal

Keywords: checkin-needed

https://hg.mozilla.org/mozilla-central/rev/57c4b2afc95b

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox67: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla67
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: