Closed
Bug 1757145
Opened 3 years ago
Closed 3 years ago
ASSERTION: nsHttpConnection::PushBack only one buffer supported in test_strict_native_fallback
Categories
(Core :: Networking: DNS, defect, P2)
Core
Networking: DNS
Tracking
()
RESOLVED
FIXED
99 Branch
Tracking | Status | |
---|---|---|
firefox99 | --- | fixed |
People
(Reporter: valentin, Assigned: kershaw)
References
(Blocks 1 open bug)
Details
(Whiteboard: [necko-triaged])
Attachments
(1 file)
diff --git a/testing/xpcshell/moz-http2/moz-http2.js b/testing/xpcshell/moz-http2/moz-http2.js
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -417,7 +417,7 @@ function handleRequest(req, res) {
// DNS response header is 12 bytes, we check for this minimum length
// at the start of decoding so this is the simplest way to force
// a decode error.
- return "<12bytes";
+ return "\xFF\xFF\xFF\xFF";
}
function responseData() {
Running ./mach test netwerk/test/unit/test_trr.js
with the patch above triggers the following assertion:
0:20.42 pid:3600195 [Parent 3600195, Socket Thread] ###!!! ASSERTION: nsHttpConnection::PushBack only one buffer supported: 'Error', file /home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:1472
Initializing stack-fixing for the first stack frame, this may take a while...
0:40.35 pid:3600195 #01: NS_DebugBreak [/home/icecold/mozilla-central/xpcom/base/nsDebugImpl.cpp:0]
0:40.35 pid:3600195 #02: mozilla::net::nsHttpConnection::PushBack(char const*, unsigned int) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:0]
0:40.35 pid:3600195 #03: mozilla::net::nsHttpTransaction::ProcessData(char*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpTransaction.cpp:2444]
0:40.35 pid:3600195 #04: mozilla::net::nsHttpTransaction::WritePipeSegment(nsIOutputStream*, void*, char*, unsigned int, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpTransaction.cpp:827]
0:40.35 pid:3600195 #05: nsPipeOutputStream::WriteSegments(nsresult (*)(nsIOutputStream*, void*, char*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/xpcom/io/nsPipe3.cpp:0]
0:40.35 pid:3600195 #06: mozilla::net::nsHttpTransaction::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpTransaction.cpp:938]
0:40.36 pid:3600195 #07: mozilla::net::Http2Stream::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/Http2Stream.cpp:332]
0:40.36 pid:3600195 #08: mozilla::net::Http2Session::WriteSegmentsAgain(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*, bool*) [/home/icecold/mozilla-central/netwerk/protocol/http/Http2Session.cpp:3298]
0:40.36 pid:3600195 #09: mozilla::net::nsHttpConnection::OnSocketReadable() [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:2007]
0:40.36 pid:3600195 #10: mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:2362]
0:40.36 pid:3600195 #11: {virtual override thunk({offset(-224)}, mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*))} [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:0]
0:40.36 pid:3600195 #12: mozilla::net::nsSocketInputStream::OnSocketReady(nsresult) [/home/icecold/mozilla-central/netwerk/base/nsSocketTransport2.cpp:0]
0:40.36 pid:3600195 #13: mozilla::net::nsSocketTransport::OnSocketReady(PRFileDesc*, short) [/home/icecold/mozilla-central/netwerk/base/nsSocketTransport2.cpp:2080]
0:40.36 pid:3600195 #14: mozilla::net::nsSocketTransportService::DoPollIteration(mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) [/home/icecold/mozilla-central/netwerk/base/nsSocketTransportService2.cpp:0]
0:40.36 pid:3600195 #15: mozilla::net::nsSocketTransportService::Run() [/home/icecold/mozilla-central/netwerk/base/nsSocketTransportService2.cpp:1152]
0:40.36 pid:3600195 #16: {virtual override thunk({offset(-32)}, mozilla::net::nsSocketTransportService::Run())} [/home/icecold/mozilla-central/netwerk/base/nsSocketTransportService2.cpp:0]
0:40.36 pid:3600195 #17: nsThread::ProcessNextEvent(bool, bool*) [/home/icecold/mozilla-central/xpcom/threads/nsThread.cpp:1168]
0:40.36 pid:3600195 #18: NS_ProcessNextEvent(nsIThread*, bool) [/home/icecold/mozilla-central/xpcom/threads/nsThreadUtils.cpp:467]
0:40.36 pid:3600195 #19: mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) [/home/icecold/mozilla-central/ipc/glue/MessagePump.cpp:301]
0:40.36 pid:3600195 #20: MessageLoop::RunInternal() [/home/icecold/mozilla-central/ipc/chromium/src/base/message_loop.cc:0]
0:40.36 pid:3600195 #21: MessageLoop::Run() [/home/icecold/mozilla-central/ipc/chromium/src/base/message_loop.cc:307]
0:40.36 pid:3600195 #22: nsThread::ThreadFunc(void*) [/home/icecold/mozilla-central/xpcom/threads/nsThread.cpp:391]
0:40.37 pid:3600195 #23: _pt_root [/home/icecold/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:204]
0:40.45 pid:3600195 #24: set_alt_signal_stack_and_start(PthreadCreateParams*) [/home/icecold/mozilla-central/toolkit/crashreporter/pthread_create_interposer/pthread_create_interposer.cpp:80]
0:40.45 pid:3600195 #25: ??? [/lib/x86_64-linux-gnu/libpthread.so.0 + 0x9450]
0:40.45 pid:3600195 #26: clone [/lib/x86_64-linux-gnu/libc.so.6 + 0x117d53]
0:40.45 pid:3600195 #27: ??? (???:???)
This seems to be triggered by the connection retry logic, but I haven't looked into it much further.
Likely not a security issue, but should be marked as such until we confirm.
Assignee | ||
Comment 1•3 years ago
|
||
This is not related to the connection retry logic.
This crash is caused by the inconsistence of the number of bytes sent from our test h2 server and the value in Content-Length
header.
When the server sends \xFF\xFF\xFF\xFF
, the actual data we received is c3bfc3bfc3bfc3bf
and the Content-Length
is 4.
I think the reason is that we use the string length (4) as Content-Length
, but the length of data is 8.
Assignee: nobody → kershaw
Group: network-core-security
Severity: -- → S4
Priority: -- → P2
Whiteboard: [necko-triaged]
Assignee | ||
Comment 2•3 years ago
|
||
Pushed by kjang@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/caa625040f89
Make sure content-length is consistent with the actrual data bytes, r=necko-reviewers,valentin
Comment 4•3 years ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox99:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•