Closed Bug 1652140 Opened 4 years ago Closed 4 years ago

Crash in [@ mozilla::CacheAwareZipReader::GetPersistentHandle]

Categories

(Core :: XPCOM, defect)

Product:
Core
Component:
XPCOM
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla80
Tracking Flags:
Tracking Status
firefox-esr68 --- unaffected
firefox-esr78 --- unaffected
firefox78 --- unaffected
firefox79 --- unaffected
firefox80 + fixed

People

(Reporter: mccr8, Assigned: alexical)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1652140 - Check for null data from zip before trying to cache it r?froydnj
47 bytes, text/x-phabricator-request
Details | Review

This bug is for crash report bp-779d13af-48c0-48d9-ab76-cf3f80200710.

Top 10 frames of crashing thread:

0 xul.dll mozilla::CacheAwareZipReader::GetPersistentHandle xpcom/build/Omnijar.cpp:367
1 xul.dll nsJARInputStream::InitFile modules/libjar/nsJARInputStream.cpp:70
2 xul.dll nsJAR::GetInputStreamWithSpec modules/libjar/nsJAR.cpp:283
3 xul.dll nsJARInputThunk::Init modules/libjar/nsJARChannel.cpp:107
4 xul.dll nsJARChannel::CreateJarInput modules/libjar/nsJARChannel.cpp:274
5 xul.dll nsJARChannel::Open modules/libjar/nsJARChannel.cpp:844
6 xul.dll NS_MaybeOpenChannelUsingOpen netwerk/base/nsNetUtil.cpp:2543
7 xul.dll ReadScript js/xpconnect/loader/mozJSComponentLoader.cpp:681
8 xul.dll mozJSComponentLoader::ObjectForLocation js/xpconnect/loader/mozJSComponentLoader.cpp:804
9 xul.dll mozJSComponentLoader::Import js/xpconnect/loader/mozJSComponentLoader.cpp:1275

This looks like a regression from bug 1627075.

[Tracking Requested - why for this release]: crash regression

status-firefox79: --- → unaffected
status-firefox80: --- → affected
tracking-firefox80: --- → ?
Flags: needinfo?(dothayer)

These have the crash reason MOZ_RELEASE_ASSERT((!elements && extentSize == 0) || (elements && extentSize != dynamic_extent))

Rather strange. Trying to find where a Span<...> is anywhere around here - can't find one.

Assignee: nobody → dothayer
Flags: needinfo?(dothayer)

Ah - think it's actually here - and it's likely getting null data with a non-zero size due to fault reading the memory mapped file here? EDIT: or due to a corrupt omnijar or whatever else. In any case we just need to be checking for null before making a span.

We're crashing occasionally here due to an assertion in Span.h. We would
also likely have problems down the road if we tried to cache nullptrs in
the startup cache. I think this is all we need to handle this as gracefully
as we are able - at least, this should make it so the recent StartupCache
changes are no longer making failure any less graceful.

Crash Signature: [@ mozilla::CacheAwareZipReader::GetPersistentHandle] → [@ mozilla::CacheAwareZipReader::GetPersistentHandle] [@ memcpy | mozilla::CacheAwareZipReader::PutBufferIntoCache]

Tracking for 80 given the crash volume (release owner CCed)

Crash Signature: [@ mozilla::CacheAwareZipReader::GetPersistentHandle] [@ memcpy | mozilla::CacheAwareZipReader::PutBufferIntoCache] → [@ mozilla::CacheAwareZipReader::GetPersistentHandle] [@ memcpy | mozilla::CacheAwareZipReader::PutBufferIntoCache]
tracking-firefox80: ?+
Pushed by dothayer@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/70fe46e4a0b3
Check for null data from zip before trying to cache it r=froydnj

https://hg.mozilla.org/mozilla-central/rev/70fe46e4a0b3

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox80: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla80
See Also: → 1657205
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: