Closed Bug 1757145 Opened 3 years ago Closed 3 years ago

ASSERTION: nsHttpConnection::PushBack only one buffer supported in test_strict_native_fallback

Categories

(Core :: Networking: DNS, defect, P2)

defect

Tracking

()

RESOLVED FIXED
99 Branch
Tracking Status
firefox99 --- fixed

People

(Reporter: valentin, Assigned: kershaw)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 file)

diff --git a/testing/xpcshell/moz-http2/moz-http2.js b/testing/xpcshell/moz-http2/moz-http2.js
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -417,7 +417,7 @@ function handleRequest(req, res) {
       // DNS response header is 12 bytes, we check for this minimum length
       // at the start of decoding so this is the simplest way to force
       // a decode error.
-      return "<12bytes";
+      return "\xFF\xFF\xFF\xFF";
     }
 
     function responseData() {

Running ./mach test netwerk/test/unit/test_trr.js with the patch above triggers the following assertion:

0:20.42 pid:3600195 [Parent 3600195, Socket Thread] ###!!! ASSERTION: nsHttpConnection::PushBack only one buffer supported: 'Error', file /home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:1472
Initializing stack-fixing for the first stack frame, this may take a while...
 0:40.35 pid:3600195 #01: NS_DebugBreak [/home/icecold/mozilla-central/xpcom/base/nsDebugImpl.cpp:0]
 0:40.35 pid:3600195 #02: mozilla::net::nsHttpConnection::PushBack(char const*, unsigned int) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:0]
 0:40.35 pid:3600195 #03: mozilla::net::nsHttpTransaction::ProcessData(char*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpTransaction.cpp:2444]
 0:40.35 pid:3600195 #04: mozilla::net::nsHttpTransaction::WritePipeSegment(nsIOutputStream*, void*, char*, unsigned int, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpTransaction.cpp:827]
 0:40.35 pid:3600195 #05: nsPipeOutputStream::WriteSegments(nsresult (*)(nsIOutputStream*, void*, char*, unsigned int, unsigned int, unsigned int*), void*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/xpcom/io/nsPipe3.cpp:0]
 0:40.35 pid:3600195 #06: mozilla::net::nsHttpTransaction::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpTransaction.cpp:938]
 0:40.36 pid:3600195 #07: mozilla::net::Http2Stream::WriteSegments(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*) [/home/icecold/mozilla-central/netwerk/protocol/http/Http2Stream.cpp:332]
 0:40.36 pid:3600195 #08: mozilla::net::Http2Session::WriteSegmentsAgain(mozilla::net::nsAHttpSegmentWriter*, unsigned int, unsigned int*, bool*) [/home/icecold/mozilla-central/netwerk/protocol/http/Http2Session.cpp:3298]
 0:40.36 pid:3600195 #09: mozilla::net::nsHttpConnection::OnSocketReadable() [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:2007]
 0:40.36 pid:3600195 #10: mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*) [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:2362]
 0:40.36 pid:3600195 #11: {virtual override thunk({offset(-224)}, mozilla::net::nsHttpConnection::OnInputStreamReady(nsIAsyncInputStream*))} [/home/icecold/mozilla-central/netwerk/protocol/http/nsHttpConnection.cpp:0]
 0:40.36 pid:3600195 #12: mozilla::net::nsSocketInputStream::OnSocketReady(nsresult) [/home/icecold/mozilla-central/netwerk/base/nsSocketTransport2.cpp:0]
 0:40.36 pid:3600195 #13: mozilla::net::nsSocketTransport::OnSocketReady(PRFileDesc*, short) [/home/icecold/mozilla-central/netwerk/base/nsSocketTransport2.cpp:2080]
 0:40.36 pid:3600195 #14: mozilla::net::nsSocketTransportService::DoPollIteration(mozilla::BaseTimeDuration<mozilla::TimeDurationValueCalculator>*) [/home/icecold/mozilla-central/netwerk/base/nsSocketTransportService2.cpp:0]
 0:40.36 pid:3600195 #15: mozilla::net::nsSocketTransportService::Run() [/home/icecold/mozilla-central/netwerk/base/nsSocketTransportService2.cpp:1152]
 0:40.36 pid:3600195 #16: {virtual override thunk({offset(-32)}, mozilla::net::nsSocketTransportService::Run())} [/home/icecold/mozilla-central/netwerk/base/nsSocketTransportService2.cpp:0]
 0:40.36 pid:3600195 #17: nsThread::ProcessNextEvent(bool, bool*) [/home/icecold/mozilla-central/xpcom/threads/nsThread.cpp:1168]
 0:40.36 pid:3600195 #18: NS_ProcessNextEvent(nsIThread*, bool) [/home/icecold/mozilla-central/xpcom/threads/nsThreadUtils.cpp:467]
 0:40.36 pid:3600195 #19: mozilla::ipc::MessagePumpForNonMainThreads::Run(base::MessagePump::Delegate*) [/home/icecold/mozilla-central/ipc/glue/MessagePump.cpp:301]
 0:40.36 pid:3600195 #20: MessageLoop::RunInternal() [/home/icecold/mozilla-central/ipc/chromium/src/base/message_loop.cc:0]
 0:40.36 pid:3600195 #21: MessageLoop::Run() [/home/icecold/mozilla-central/ipc/chromium/src/base/message_loop.cc:307]
 0:40.36 pid:3600195 #22: nsThread::ThreadFunc(void*) [/home/icecold/mozilla-central/xpcom/threads/nsThread.cpp:391]
 0:40.37 pid:3600195 #23: _pt_root [/home/icecold/mozilla-central/nsprpub/pr/src/pthreads/ptthread.c:204]
 0:40.45 pid:3600195 #24: set_alt_signal_stack_and_start(PthreadCreateParams*) [/home/icecold/mozilla-central/toolkit/crashreporter/pthread_create_interposer/pthread_create_interposer.cpp:80]
 0:40.45 pid:3600195 #25: ??? [/lib/x86_64-linux-gnu/libpthread.so.0 + 0x9450]
 0:40.45 pid:3600195 #26: clone [/lib/x86_64-linux-gnu/libc.so.6 + 0x117d53]
 0:40.45 pid:3600195 #27: ??? (???:???)

This seems to be triggered by the connection retry logic, but I haven't looked into it much further.
Likely not a security issue, but should be marked as such until we confirm.

This is not related to the connection retry logic.
This crash is caused by the inconsistence of the number of bytes sent from our test h2 server and the value in Content-Length header.

When the server sends \xFF\xFF\xFF\xFF, the actual data we received is c3bfc3bfc3bfc3bf and the Content-Length is 4.
I think the reason is that we use the string length (4) as Content-Length, but the length of data is 8.

Assignee: nobody → kershaw
Group: network-core-security
Severity: -- → S4
Priority: -- → P2
Whiteboard: [necko-triaged]
Pushed by kjang@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/caa625040f89 Make sure content-length is consistent with the actrual data bytes, r=necko-reviewers,valentin
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 99 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: