Closed Bug 1578177 Opened 4 months ago Closed 2 months ago

Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]

Categories

(Core :: Storage: Quota Manager, defect, P2, critical)

Product:
Core
Component:
Storage: Quota Manager
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox-esr68 --- disabled
firefox70 --- fixed
firefox71 --- fixed
firefox72 --- fixed

People

(Reporter: gsvelto, Assigned: janv)

References

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

Bug 1578177 - Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]; r=asuth
47 bytes, text/x-phabricator-request
pascalc
: approval-mozilla-beta+
lizzard
: approval-mozilla-release+
Details | Review

This bug is for crash report bp-169ad429-70f6-47b4-b2f1-fa72c0190901.

Top 10 frames of crashing thread:

0 xul.dll mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized dom/quota/ActorsParent.cpp:6714
1 xul.dll mozilla::dom::quota::QuotaManager::EnsureOriginIsInitializedInternal dom/quota/ActorsParent.cpp:6629
2 xul.dll mozilla::dom::quota::QuotaManager::EnsureOriginIsInitialized dom/quota/ActorsParent.cpp:6594
3 xul.dll nsresult mozilla::dom::indexedDB::`anonymous namespace'::OpenDatabaseOp::DoDatabaseWork dom/indexedDB/ActorsParent.cpp:20009
4 xul.dll nsresult mozilla::dom::indexedDB::`anonymous namespace'::FactoryOp::Run dom/indexedDB/ActorsParent.cpp:19840
5 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1225
6 xul.dll NS_ProcessNextEvent xpcom/threads/nsThreadUtils.cpp:486
7 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:333
8 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:308
9 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:290

The crash is happening here:

https://hg.mozilla.org/mozilla-central/annotate/b3cc8963e8718dbd40761f14664f45320c258bbd/dom/quota/ActorsParent.cpp#l6714

GetTemporaryStorageLimit() contains a division where the code doesn't ensure that the divisor is non-zero so this might be a valid bug:

https://searchfox.org/mozilla-central/rev/9415ecf29ba1acbef9381335e0ecde5916ca4073/dom/quota/ActorsParent.cpp#2601

Priority: -- → P1
See Also: → 1563023
Priority: P1 → P2
Assignee: nobody → jvarga
Blocks: 1592136

This is now required for disabling LSNG in 70.

Pushed by bugmail@asutherland.org:
https://hg.mozilla.org/integration/autoland/rev/3246619112cf
Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]; r=asuth

Comment on attachment 9104965 [details]
Bug 1578177 - Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]; r=asuth

Beta/Release Uplift Approval Request

  • User impact if declined: This makes some tests happy with the disabling of LSNG in release in bug 1592136.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Covered by unit tests (that it fixes) amongst other automated tests.
  • String changes made/needed:
Attachment #9104965 - Flags: approval-mozilla-release?

Comment on attachment 9104965 [details]
Bug 1578177 - Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]; r=asuth

OK to uplift to m-r for the 70.0.1 build.

Attachment #9104965 - Flags: approval-mozilla-release? → approval-mozilla-release+

https://hg.mozilla.org/mozilla-central/rev/3246619112cf

Status: NEW → RESOLVED
Closed: 2 months ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72

Change the status for beta to have the same as nightly and release.
For more information, please visit auto_nag documentation.

status-firefox71: --- → fixed

Hm, I think we need to uplift this to beta too. So I believe it's not fixed in 71.

Comment on attachment 9104965 [details]
Bug 1578177 - Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]; r=asuth

Beta/Release Uplift Approval Request

  • User impact if declined: This is desired on beta to correct test failures if we disable LSNG on beta.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Covered by unit tests (that it fixes) amongst other automated tests.
  • String changes made/needed: none
Attachment #9104965 - Flags: approval-mozilla-beta?

Comment on attachment 9104965 [details]
Bug 1578177 - Crash in [@ mozilla::dom::quota::QuotaManager::EnsureTemporaryStorageIsInitialized]; r=asuth

Crash fix and test updates, uplift approved for 71 beta 6, thanks.

Attachment #9104965 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
You need to log in before you can comment on or make changes to this bug.