Closed Bug 1717619 Opened 4 years ago Closed 3 years ago

Crash in [@ mozilla::ipc::MessageChannel::Send | mozilla::dom::PContentChild::SendSetURITitle | IPC_Message_Name=PContent::Msg_SetURITitle]

Categories

(Core :: DOM: Navigation, defect, P3)

Product:
Core
Component:
DOM: Navigation
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox-esr78 --- wontfix
firefox89 --- wontfix
firefox90 --- wontfix
firefox91 --- affected

People

(Reporter: gsvelto, Assigned: peterv)

References

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/e6bfd70e-658d-43a5-9e10-36bb90210614

MOZ_CRASH Reason: MOZ_CRASH(IPC message size is too large)

Top 10 frames of crashing thread:

0 libxul.so mozilla::ipc::MessageChannel::Send ipc/glue/MessageChannel.cpp:974
1 libxul.so mozilla::dom::PContentChild::SendSetURITitle ipc/ipdl/PContentChild.cpp:3110
2 libxul.so mozilla::places::History::SetURITitle toolkit/components/places/History.cpp:1891
3 libxul.so nsDocShell::SetTitle docshell/base/nsDocShell.cpp:5104
4 libxul.so {virtual override thunk} 
5 libxul.so mozilla::dom::Document::DoNotifyPossibleTitleChange dom/base/Document.cpp:8914
6 libxul.so mozilla::detail::RunnableMethodImpl<mozilla::dom::Document*, void  xpcom/threads/nsThreadUtils.h:1203
7 libxul.so mozilla::SchedulerGroup::Runnable::Run xpcom/threads/SchedulerGroup.cpp:143
8 libxul.so mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:782
9 libxul.so nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1159

This is one of many crashes of this type though I wonder what could be in a page title so large to overflow IPC?

Severity: -- → S2
Assignee: nobody → peterv
Status: NEW → ASSIGNED

We should ignore or truncate URI titles that are too long instead of crashing in IPC. Is the maximum URI title length defined in a spec? Ignoring long URI titles is probably safer than passing around truncated data.

Bug 1605371 has two-year-old STR for a debug assertion in this Msg_SetURITitle code.

Crash Signature: [@ mozilla::ipc::MessageChannel::Send | mozilla::dom::PContentChild::SendSetURITitle | IPC_Message_Name=PContent::Msg_SetURITitle] → [@ mozilla::ipc::MessageChannel::Send | mozilla::ipc::IProtocol::ChannelSend | IPC_Message_Name=PContent::Msg_SetURITitle] [@ mozilla::ipc::MessageChannel::Send | mozilla::dom::PContentChild::SendSetURITitle | IPC_Message_Name=PContent::Msg_SetURITitle] …
status-firefox89: --- → affected
status-firefox90: --- → affected
status-firefox91: --- → affected
status-firefox-esr91: --- → affected
Priority: -- → P3
See Also: → 1605371
Severity: S2 → S3

Closing because no crashes reported for 12 weeks.

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.