Closed Bug 1753946 Opened 3 years ago Closed 3 years ago

Crash in [@ mozilla::ipc::IProtocol::ChannelSend | mozilla::dom::PMessagePortParent::SendEntangled | IPC_Message_Name=PMessagePort::Msg_Entangled]

Categories

(Core :: DOM: postMessage, defect)

Product:
Core
Component:
DOM: postMessage
Platform:
Unspecified
Windows 10
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: gsvelto, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/504154fe-92c4-415d-acd3-c8efa0220206

MOZ_CRASH Reason: MOZ_CRASH(IPC message size is too large)

Top 10 frames of crashing thread:

0 xul.dll mozilla::ipc::IProtocol::ChannelSend ipc/glue/ProtocolUtils.cpp:483
1 xul.dll mozilla::dom::PMessagePortParent::SendEntangled ipc/ipdl/PMessagePortParent.cpp:81
2 xul.dll mozilla::dom::MessagePortService::RequestEntangling dom/messagechannel/MessagePortService.cpp:156
3 xul.dll mozilla::ipc::BackgroundParentImpl::RecvPMessagePortConstructor ipc/glue/BackgroundParentImpl.cpp:1024
4 xul.dll mozilla::ipc::PBackgroundParent::OnMessageReceived ipc/ipdl/PBackgroundParent.cpp:4525
5 xul.dll mozilla::ipc::MessageChannel::MessageTask::Run ipc/glue/MessageChannel.cpp:1480
6 xul.dll nsThread::ProcessNextEvent xpcom/threads/nsThread.cpp:1189
7 xul.dll mozilla::ipc::MessagePumpForNonMainThreads::Run ipc/glue/MessagePump.cpp:300
8 xul.dll MessageLoop::RunHandler ipc/chromium/src/base/message_loop.cc:324
9 xul.dll MessageLoop::Run ipc/chromium/src/base/message_loop.cc:306

All URLs in this crash are under the https://www.realeye.io/test but they appear like non-public invites to a eye-tracking test. As such I won't put them here as they contain tokens which might be private. NI? me if you need access to them. I tried a few ones on nightly but couldn't reproduce this crash.

Any idea how we could get a IPC message size too large here?

Flags: needinfo?(nika)
Flags: needinfo?(bugs)

The message is declared like this: async Entangled(MessageData[] messages);
so it looks like there could be an arbitrary amount of data in there.

That's correct. I believe that this is a known issue which I've mentioned to :asuth before. It can contain an arbitrary number of messages all sent within a single IPC message, and these messages can also contain an arbitrary amount of data, leading to crashes like this (among other issues). This may be more likely to cause crashes on slower computers, as they may take longer before the ports become entangled, leading to a larger message being sent.

ni? :asuth to add more context.

Flags: needinfo?(nika) → needinfo?(bugmail)

xref-ing related bugs in this space. A band-aid is to be size aware and drop the messages if we exceed size limits to eliminate the crash at the cost of data-loss/correctness. The immediate mitigations would be to change the IPDL state machine setup here to send the messages one by one or at least be size-aware of the sizes. Longer term fixes include leveraging the endpoint mechanism to send things in a more point-to-point fashion and maybe involving DataPipe.

Flags: needinfo?(bugmail)
See Also: → 1750497, 1754400

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
Flags: needinfo?(smaug)
You need to log in before you can comment on or make changes to this bug.