DNS_TIMING causes segfault in nsDnsService.cpp

RESOLVED WORKSFORME

Status

()

Core
Networking
--
critical
RESOLVED WORKSFORME
15 years ago
8 years ago

People

(Reporter: Nathan Kurz, Unassigned)

Tracking

({crash})

Trunk
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686; Nav)
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021029 Phoenix/0.4

I'm trying to track down a DNS problem in Phoenix 0.4 where many otherwise
successful lookups hang for 5-10 seconds, and I've run into a SEGV bug in
nsDnsService.cpp.  If compiled with DNS_TIMING defined and run with DNS_TIMING
set in the environment, a segfault occurs.  

Reproducible: Always

Steps to Reproduce:
The problem is a straightforward bug in the code, and looks to have been
introduced with a patch to bug #30917.  

391 nsDNSRequest::FireStop(nsresult  status)
392 {
393     nsresult rv;
394     const char *  hostName = nsnull;
395     nsHostEnt *   hostEnt  = nsnull;
396     mStatus = status;
397     NS_ASSERTION(mLookup, "FireStop called with no mLookup.");
398     if (mLookup) {
399         hostName = mLookup->HostName();
400         hostEnt  = mLookup->HostEntry();
401     } else if (NS_SUCCEEDED(mStatus)) {
402         mStatus = NS_ERROR_FAILURE;  // skip calling OnFound()
403     }
404     mLookup  = nsnull;
405     
406     NS_ASSERTION(mUserListener, "calling FireStop more than once");
407     if (mUserListener == nsnull)
408         return NS_ERROR_FAILURE;
409 
410     if (NS_SUCCEEDED(mStatus)) {
411         rv = mUserListener->OnFound(mUserContext, hostName, hostEnt);
412         NS_ASSERTION(NS_SUCCEEDED(rv), "OnFound failed");
413     }
414     rv = mUserListener->OnStopLookup(mUserContext, hostName, mStatus);
415     NS_ASSERTION(NS_SUCCEEDED(rv), "OnStopLookup failed");
416 
417     mUserListener = nsnull;
418     mUserContext  = nsnull;
419 #ifdef DNS_TIMING
420     if (nsDNSService::gService->mOut) {
421         PRIntervalTime stopTime = PR_IntervalNow();
422         double duration = PR_IntervalToMicroseconds(stopTime - mStartTime);
423         nsDNSService::gService->mCount++;
424         nsDNSService::gService->mTimes += duration;
425         nsDNSService::gService->mSquaredTimes += duration * duration;
426         fprintf(nsDNSService::gService->mOut, "DNS time #%d: %u us for
%s\n", 
427                 (PRInt32)nsDNSService::gService->mCount,
428                 (PRInt32)duration, mLookup->HostName());
429     }
430 #endif
431     return NS_OK;
432 }

In line 404, mLookup is set to nsnull.  In line 428, it is being used again to
print the hostname to a log file.



Expected Results:  
The solution would either be to move line 404 to after the DNS_TIMING ifdef, or
to change line 428 to use the local variable "hostname".  Or perhaps the problem
is that DNS_TIMING is dead and needs to be removed?  It seems like it might be
useful for my purposes, though.
nice catch.  ;)
Assignee: new-network-bugs → darin
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash

Comment 2

15 years ago
-> gordon
Assignee: darin → gordon

Comment 3

15 years ago
By the definitions on <http://bugzilla.mozilla.org/bug_status.html#severity> and
<http://bugzilla.mozilla.org/enter_bug.cgi?format=guided>, crashing and dataloss
bugs are of critical or possibly higher severity.  Only changing open bugs to
minimize unnecessary spam.  Keywords to trigger this would be crash, topcrash,
topcrash+, zt4newcrash, dataloss.
Severity: normal → critical
Assignee: gordon → nobody
QA Contact: benc → networking

Comment 4

8 years ago
I don't think any of this code still exists.  (Searched for nsDNSRequest::FireStop, DNS_TIMING, mSquaredTimes.)
Status: NEW → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.