Closed Bug 1824674 Opened 2 years ago Closed 2 years ago

Crash in [@ mozilla::dom::cache::db::(anonymous namespace)::DeleteAllCacheEntries::$::operator()<T>]

Categories

(Core :: Storage: Cache API, defect)

Product:
Core
Component:
Storage: Cache API
Platform:
Unspecified
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
115 Branch
Tracking Flags:
Tracking Status
firefox-esr102 --- unaffected
firefox111 --- wontfix
firefox112 --- disabled
firefox113 --- disabled
firefox114 --- disabled
firefox115 --- fixed

People

(Reporter: gsvelto, Assigned: hsingh)

References

(Regression)

Details

(Keywords: crash, regression)

Crash Data

Attachments

(1 file)

Bug 1824674: Fixing the wrong assertion in DeleteAllCacheEntries.r=#dom-storage-reviewers
48 bytes, text/x-phabricator-request
Details | Review

Crash report: https://crash-stats.mozilla.org/report/index/84b529f3-32cb-4568-b656-fd5c30230325

MOZ_CRASH Reason: MOZ_DIAGNOSTIC_ASSERT(paddingSize + deletedPaddingSize <= 2147483647)

Top 10 frames of crashing thread:

0  XUL  mozilla::dom::cache::db:: const  dom/cache/DBSchema.cpp:1380
0  XUL  mozilla::dom::quota::CollectWhileHasResult<mozilla::dom::cache::db:: const  dom/quota/QuotaCommon.h:1481
0  XUL  mozilla::CollectWhile<mozilla::dom::quota::CollectWhileHasResult<mozilla::dom::cache::db:: const  dom/quota/QuotaCommon.h:1199
0  XUL  mozilla::CollectEach<mozilla::dom::quota::CollectWhileHasResult<mozilla::dom::cache::db::  dom/quota/QuotaCommon.h:1129
0  XUL  mozilla::CollectWhile<mozilla::dom::quota::CollectWhileHasResult<mozilla::dom::cache::db::  dom/quota/QuotaCommon.h:1199
0  XUL  mozilla::dom::quota::CollectWhileHasResult<mozilla::dom::cache::db::  dom/quota/QuotaCommon.h:1477
0  XUL  mozilla::dom::cache::db::  dom/cache/DBSchema.cpp:1380
0  XUL  mozilla::dom::cache::db::DeleteCacheId  dom/cache/DBSchema.cpp:636
1  XUL  mozilla::dom::cache:: const  dom/cache/Manager.cpp:108
1  XUL  mozilla::ReduceEach<mozilla::Reduce<AutoTArray<long long,  const  dom/quota/QuotaCommon.h:1146

We're triggering a diagnostic assertion but I don't know enough about this code to be able to tell why. The signatures on Windows and macOS are slightly different.

That assertion has been introduced (together with the surrounding code) by bug 1784700.

Flags: needinfo?(hsingh)
Keywords: regression
Regressed by: 1784700

Set release status flags based on info from the regressing bug 1784700

status-firefox111: --- → affected
status-firefox112: --- → affected
status-firefox113: --- → affected
status-firefox-esr102: --- → unaffected

The regression was introduced with patch: https://phabricator.services.mozilla.com/D156184, specifically, in the assertion line MOZ_DIAGNOSTIC_ASSERT(paddingSize + deletedPaddingSize <= INT_MAX).

R.H.S of the above comparison should be INT64_MAX instead of INT_MAX. Assertion would only trigger if the total cache padding size becomes greater than INT_MAX.

Looking at the crash stat, it seems like this happened in nightly, are diagnostic assertion enabled by-default on nightly builds? How about release? This is an issue with assertion statement itself, so probably there would not be any problems with release builds.

Flags: needinfo?(hsingh)
Assignee: nobody → hsingh

Diagnostic assertions are enabled on nightly and early beta (see here)

Severity: -- → S3

Set release status flags based on info from the regressing bug 1784700

status-firefox114: --- → affected
Pushed by hsingh@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/a5d752115f2a Fixing the wrong assertion in DeleteAllCacheEntries.r=dom-storage-reviewers,asuth

https://hg.mozilla.org/mozilla-central/rev/a5d752115f2a

Status: NEW → RESOLVED
Closed: 2 years ago
status-firefox115: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → 115 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: