Closed Bug 309459 Opened 20 years ago Closed 19 years ago

Crash when using cacheService.visitEntries [@ nsMemoryCacheDevice::Visit]

Categories

(Core :: Networking: Cache, defect)

Product:
Core
Component:
Networking: Cache
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: ispiked)

References

(
URL
)

Details

(Keywords: crash, fixed1.8.1, testcase)

Crash Data

Attachments

(6 files, 1 obsolete file)

testcase
506 bytes, text/html
Details
testcase2 (from forum thread)
656 bytes, text/html
Details
stacktrace from testcase
6.45 KB, text/plain
Details
make sure visitors is not null
805 bytes, patch
darin.moz
: review+
darin.moz
: superreview+
darin.moz
: approval-branch-1.8.1+
Details | Diff | Splinter Review
null check mStream v2
1.52 KB, patch
darin.moz
: review+
darin.moz
: superreview+
darin.moz
: approval-branch-1.8.1+
Details | Diff | Splinter Review
combined branch patch
2.39 KB, patch
Details | Diff | Splinter Review
Well, don't know if this is a bug, or maybe the way it is intended, but just to be sure: The testcase that i'll attach, crashes Mozilla when clicking on the button. The testcase needs to be viewed locally, and you need to allow the security warning. This came from: http://xulplanet.com/forum/viewtopic.php?t=1123
Attached file testcase
I wish people stopped abusing mozilla components. I have no account on that forum, could you reply stating that the visitor is supposed to be implemented by the caller of the interface (the extension, I assume)? its methods will be called for each cache entry. passing the about:cache handler here is a very bad idea.
(In reply to comment #2) > I wish people stopped abusing mozilla components. Probably they are abusing mozilla components, because they don't know how to use it. > I have no account on that forum, could you reply ... Done. But my question is, should the testcase crash or not? If it should crash, then this bug is invalid, I guess.
Crashing is always a bug. In this case, visitEntries should be null-checking its argument.
it seems to me that the testcase attached here is not the same as the one in the forum article... the forum one does not pass null, so a null check wouldn't catch it.
Yes, the first testcase is slightly different from the forum thread (with null argument). This one is from the original forum thread.
Keywords: crash
Summary: Crash when using cacheService.visitEntries → Crash when using cacheService.visitEntries [@ nsMemoryCacheDevice::Visit]
the public api should protect the private function from crashes
URL: http://xulplanet.com/forum/viewtopic....http://bonsai.mozilla.org/cvsblame.cg...
This fixes it for cases where visitors is null. It still crashes with the second testcase, but I'm not sure how to fix it in that case. Might need a different implementation, even...
Attachment #204266 - Flags: superreview?(darin)
Attachment #204266 - Flags: review?(darin)
the crash for second testcase has this stack: #6 0x00c04bbe in nsAboutCache::VisitDevice (this=0x93b9de8, deviceID=0xc62ea1 "memory", deviceInfo=0x91e7250, visitEntries=0xbff1f060) at /build/andrew/moz-debug/mozilla/netwerk/protocol/about/src/nsAboutCache.cpp:197 #7 0x00bf9bf8 in nsMemoryCacheDevice::Visit (this=0x8c7ee10, visitor=0x93b9dec) at /build/andrew/moz-debug/mozilla/netwerk/cache/src/nsMemoryCacheDevice.cpp:404 #8 0x00bf4fa7 in nsCacheService::VisitEntries (this=0x8bef628, visitor=0x93b9dec) at /build/andrew/moz-debug/mozilla/netwerk/cache/src/nsCacheService.cpp:735 mStream is null. It seems to only be initialized from NewChannel which is never called.
Comment on attachment 204266 [details] [diff] [review] make sure visitors is not null ok, r+sr=darin
Attachment #204266 - Flags: superreview?(darin)
Attachment #204266 - Flags: superreview+
Attachment #204266 - Flags: review?(darin)
Attachment #204266 - Flags: review+
Assignee: darin → ispiked
First patch has been checked in, and the first testcase doesn't crash. Leaving this open till we fix the crash in the second testcase.
Attached patch null check mStream (obsolete) — Splinter Review
mStream is never initialized because newChannel is not called (like ajschult said), so just null check it to prevent people from crashing things because of their ignorance.
Attachment #222577 - Flags: superreview?(darin)
Attachment #222577 - Flags: review?(darin)
Bail earlier.
Attachment #222577 - Attachment is obsolete: true
Attachment #222580 - Flags: superreview?(darin)
Attachment #222580 - Flags: review?(darin)
Attachment #222577 - Flags: superreview?(darin)
Attachment #222577 - Flags: review?(darin)
Attachment #222580 - Flags: superreview?(darin)
Attachment #222580 - Flags: superreview+
Attachment #222580 - Flags: review?(darin)
Attachment #222580 - Flags: review+
Whiteboard: [checkin needed]
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 19 years ago
OS: Windows 2000 → All
Hardware: PC → All
Resolution: --- → FIXED
Whiteboard: [checkin needed]
Attachment #204266 - Flags: approval-branch-1.8.1?(darin)
Attachment #222580 - Flags: approval-branch-1.8.1?(darin)
Attachment #204266 - Flags: approval-branch-1.8.1?(darin) → approval-branch-1.8.1+
Attachment #222580 - Flags: approval-branch-1.8.1?(darin) → approval-branch-1.8.1+
Whiteboard: [checkin needed (1.8 branch)]
Keywords: fixed1.8.1
Whiteboard: [checkin needed (1.8 branch)]
Crash Signature: [@ nsMemoryCacheDevice::Visit]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: