Closed Bug 1898700 Opened 10 months ago Closed 10 months ago

Crash in [@ nsTArray_Impl<T>::AppendElementsInternal<T> | nsTArray<T>::AppendElement | mozilla::net::CookieServiceParent::SerializeCookieListTable]

Categories

(Core :: Networking: Cookies, defect)

Product:
Core
Component:
Networking: Cookies
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1896241
Tracking Flags:
Tracking Status
firefox-esr115 --- unaffected
firefox127 --- disabled
firefox128 --- fixed

People

(Reporter: jsnajdr, Unassigned)

References

(Regression)

Details

(4 keywords)

Crash Data

Crash report: https://crash-stats.mozilla.org/report/index/f7c0f5a9-46fd-4305-8e66-0e8830240522

Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS

Top 10 frames:

0  XUL  nsTArray_base<nsTArrayInfallibleAllocator, nsTArray_RelocateUsingMemutils>::L...  xpcom/ds/nsTArray.h:397
0  XUL  nsTArray_Impl<mozilla::net::CookieStruct, nsTArrayInfallibleAllocator>::Appen...  xpcom/ds/nsTArray.h:1782
1  XUL  nsTArray<mozilla::net::CookieStruct>::AppendElement()  xpcom/ds/nsTArray.h:2843
1  XUL  mozilla::net::CookieServiceParent::SerializeCookieListTable(nsTArray<mozilla:...  netwerk/cookie/CookieServiceParent.cpp:218
2  XUL  mozilla::net::CookieServiceParent::TrackCookieLoad(nsIChannel*)  netwerk/cookie/CookieServiceParent.cpp:179
3  XUL  mozilla::dom::ContentParent::UpdateCookieStatus(nsIChannel*)  dom/ipc/ContentParent.cpp:6377
3  XUL  mozilla::dom::ContentParent::AboutToLoadHttpDocumentForChild(nsIChannel*, bool*)  dom/ipc/ContentParent.cpp:6437
4  XUL  mozilla::net::HttpChannelParent::OnStartRequest(nsIRequest*)  netwerk/protocol/http/HttpChannelParent.cpp:1183
5  XUL  mozilla::net::ForwardStreamListenerFunctions(nsTArray<mozilla::Variant<mozill...  netwerk/ipc/NeckoCommon.cpp:23
5  XUL  mozilla::detail::VariantImplementation<unsigned char, (unsigned long)0, mozil...  mfbt/Variant.h:309

A very frequent crash that has been occuring for me in Nightly. Mostly when visiting wordpress.com sites as a logged-in user -- they are using nested iframes with 3rd party cookies. Stops happening when I disable the optInPartitioning pref.

No longer blocks: chips
Group: network-core-security

Tim, could you take a look?
This looks like a recent regression and also a sec-high bug.

Flags: needinfo?(tihuang)
Keywords: sec-high

Maybe dupe of Bug 1896241

I have a WIP patch here that "might" fix the crash.
Could you try this build to see if it fixes the crash for you? https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/WrUVuJwETsi01bVs6otRGQ/runs/0/artifacts/public/build/target.dmg

Flags: needinfo?(jsnajdr)
See Also: → 1896241
Duplicate of this bug: 1899256

As I commented in https://bugzilla.mozilla.org/show_bug.cgi?id=1884648#c5, at some point last week, about May 21-24, the latest Nightly stopped crashing for me. I can no longer reproduce the crash neither on Nightly nor on the custom build you shared.

Something else must have changed on the AboutToLoadHttpDocumentForChild code path that also fixed the crash.

Flags: needinfo?(tihuang)
Flags: needinfo?(jsnajdr)
Status: NEW → RESOLVED
Closed: 10 months ago
Duplicate of bug: 1896241
Resolution: --- → DUPLICATE
Keywords: regression
Regressed by: 1874174
Group: network-core-security → core-security-release
status-firefox128: affectedfixed
No longer duplicate of this bug: 1899256
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.