Open Bug 1553241 Opened 11 months ago Updated 20 days ago

Assertion failure: uint64_t(aDest) >= uint64_t(aArg), at /builds/worker/workspace/build/src/dom/quota/ActorsParent.cpp:1468

Categories

(Core :: Storage: IndexedDB, defect, P3)

defect

Tracking

()

Tracking Status
firefox69 --- affected

People

(Reporter: jkratzer, Unassigned)

References

(Blocks 2 open bugs)

Details

(Keywords: assertion, testcase)

Attachments

(1 file)

Attached file testcase.html

Testcase found while fuzzing mozilla-central rev b74e5737da64.

Assertion failure: uint64_t(aDest) >= uint64_t(aArg), at /builds/worker/workspace/build/src/dom/quota/ActorsParent.cpp:1468

rax = 0x0000565403f99e40   rdx = 0x0000000000000000
rcx = 0x00007fe3a4d494e3   rbx = 0x00007fe37be602e0
rsi = 0x00007fe3afd1f8b0   rdi = 0x00007fe3afd1e680
rbp = 0x00007fe37b5bd480   rsp = 0x00007fe37b5bd480
r8 = 0x00007fe3afd1f8b0    r9 = 0x00007fe37b5be700
r10 = 0x0000000000000002   r11 = 0x0000000000000000
r12 = 0x00007fe3804057a0   r13 = 0x0000000000000001
r14 = 0x00000000cb57767b   r15 = 0x00007fe39a8fcdf0
rip = 0x00007fe3a0f3bfc9
OS|Linux|0.0.0 Linux 4.18.0-17-generic #18~18.04.1-Ubuntu SMP Fri Mar 15 15:27:12 UTC 2019 x86_64
CPU|amd64|family 6 model 94 stepping 3|1
GPU|||
Crash|SIGSEGV|0x0|73
73|0|libxul.so|AssertNoUnderflow<long unsigned int, long unsigned int>|hg:hg.mozilla.org/mozilla-central:dom/quota/ActorsParent.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|1468|0x16
73|1|libxul.so|mozilla::dom::quota::QuotaObject::LockedMaybeUpdateSize(long, bool)|hg:hg.mozilla.org/mozilla-central:dom/quota/ActorsParent.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|2842|0x7
73|2|libxul.so|mozilla::dom::quota::QuotaObject::MaybeUpdateSize(long, bool)|hg:hg.mozilla.org/mozilla-central:dom/quota/ActorsParent.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|2776|0xf
73|3|libxul.so|mozilla::dom::quota::FileQuotaStream<nsFileStream>::SetEOF()|hg:hg.mozilla.org/mozilla-central:dom/quota/FileStreams.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|24|0x5
73|4|libxul.so|mozilla::dom::TruncateOp::DoFileWork(mozilla::dom::FileHandle*)|hg:hg.mozilla.org/mozilla-central:dom/filehandle/ActorsParent.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|2135|0x11
73|5|libxul.so|mozilla::dom::NormalFileHandleOp::RunOnThreadPool()|hg:hg.mozilla.org/mozilla-central:dom/filehandle/ActorsParent.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|1796|0xd
73|6|libxul.so|mozilla::dom::FileHandleThreadPool::FileHandleQueue::Run()|hg:hg.mozilla.org/mozilla-central:dom/filehandle/ActorsParent.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|933|0x14
73|7|libxul.so|nsThreadPool::Run()|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadPool.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|244|0x15
73|8|libxul.so|nsThread::ProcessNextEvent(bool, bool*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|1175|0x15
73|9|libxul.so|NS_ProcessNextEvent(nsIThread*, bool)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThreadUtils.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|486|0x11
73|10|libxul.so|mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*)|hg:hg.mozilla.org/mozilla-central:ipc/glue/MessagePump.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|303|0xa
73|11|libxul.so|MessageLoop::RunInternal()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:b74e5737da64a7af28ab4f81f996950917aa71c5|315|0x17
73|12|libxul.so|MessageLoop::Run()|hg:hg.mozilla.org/mozilla-central:ipc/chromium/src/base/message_loop.cc:b74e5737da64a7af28ab4f81f996950917aa71c5|290|0x8
73|13|libxul.so|nsThread::ThreadFunc(void*)|hg:hg.mozilla.org/mozilla-central:xpcom/threads/nsThread.cpp:b74e5737da64a7af28ab4f81f996950917aa71c5|454|0x38
73|14|libnspr4.so|_pt_root|hg:hg.mozilla.org/mozilla-central:nsprpub/pr/src/pthreads/ptthread.c:b74e5737da64a7af28ab4f81f996950917aa71c5|201|0x7
73|15|libpthread-2.27.so||||0x76db
73|16|libc-2.27.so||||0x12188f
Flags: in-testsuite?
Priority: -- → P3
Assignee: nobody → ssengupta
Assignee: ssengupta → nobody
You need to log in before you can comment on or make changes to this bug.